OpenStack Identity (keystone)

Keystonemiddleware crashes when memcache encryption is enabled with Swift

Bug #1392264 reported by Eamonn O'Toole on 2014-11-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Undecided	Unassigned
	keystonemiddleware	Fix Released	Low	Rodrigo Duarte	keystonemiddleware 1.4.0

Bug Description

We've come across the following issue when deploying standalone Swift servers using TripleO, where we've enabled auth token memcache with encryption. We get this error from the Swift proxy:

Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar
e/catch_errors.py", line 41, in handle_request#012 resp = self._app_call(env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012 resp = self.app(env,
self._start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012 return self.app(env, gatekeeper_response)#012 File "/opt/stack
/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag
es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012 iterable = self.app(env, my_start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py
", line 85, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012 return self.app(e
nv, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/ope
nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem
iddleware/auth_token.py", line 710, in __call__#012 token_info = self._validate_token(user_token, env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in
_validate_token#012 self._token_cache.store_invalid(token_id)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012 self._cache_store(t
oken_id, self._INVALID_INDICATOR)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012 data_to_store = memcache_crypt.protect_data(keys, s
erialized_data)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012 data = encrypt_data(keys['ENCRYPTION'], data)#012 File "/opt/sta
ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012 raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899)

Looking in the _memcache_crypt.py code the problem is that pycrypto isn't installed in the Swift venv. pycrypto isn't listed in the Keystonemiddleware requirements.txt file. Since memcache encryption in Keystone middleware relies on pycrypto, and to avoid this issue where the Swift proxy errors out, we believe that pyrcypto should be added to Keystonemiddleware's requirements.txt file.

--- (morganfainberg): This is a documentation bug, see my comment #2

See original description

Tags: