OpenStack Identity (keystone)

Bug #1392264
Activity log

Activity log for bug #1392264

Date	Who	What changed	Old value	New value	Message
2014-11-13 10:42:00	Eamonn O'Toole	bug			added bug
2014-11-14 16:57:55	Morgan Fainberg	bug task added		keystonemiddleware
2014-11-14 16:58:20	Morgan Fainberg	keystone: status	New	Invalid
2014-11-17 00:21:24	Morgan Fainberg	description	We've come across the following issue when deploying standalone Swift servers using TripleO, where we've enabled auth token memcache with encryption. We get this error from the Swift proxy: Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar e/catch_errors.py", line 41, in handle_request#012 resp = self._app_call(env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012 resp = self.app(env, self._start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012 return self.app(env, gatekeeper_response)#012 File "/opt/stack /venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012 iterable = self.app(env, my_start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py ", line 85, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012 return self.app(e nv, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/ope nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem iddleware/auth_token.py", line 710, in __call__#012 token_info = self._validate_token(user_token, env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in _validate_token#012 self._token_cache.store_invalid(token_id)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012 self._cache_store(t oken_id, self._INVALID_INDICATOR)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012 data_to_store = memcache_crypt.protect_data(keys, s erialized_data)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012 data = encrypt_data(keys['ENCRYPTION'], data)#012 File "/opt/sta ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012 raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899) Looking in the _memcache_crypt.py code the problem is that pycrypto isn't installed in the Swift venv. pycrypto isn't listed in the Keystonemiddleware requirements.txt file. Since memcache encryption in Keystone middleware relies on pycrypto, and to avoid this issue where the Swift proxy errors out, we believe that pyrcypto should be added to Keystonemiddleware's requirements.txt file.	We've come across the following issue when deploying standalone Swift servers using TripleO, where we've enabled auth token memcache with encryption. We get this error from the Swift proxy: Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar e/catch_errors.py", line 41, in handle_request#012 resp = self._app_call(env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012 resp = self.app(env, self._start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012 return self.app(env, gatekeeper_response)#012 File "/opt/stack /venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012 iterable = self.app(env, my_start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py ", line 85, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012 return self.app(e nv, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/ope nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem iddleware/auth_token.py", line 710, in __call__#012 token_info = self._validate_token(user_token, env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in _validate_token#012 self._token_cache.store_invalid(token_id)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012 self._cache_store(t oken_id, self._INVALID_INDICATOR)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012 data_to_store = memcache_crypt.protect_data(keys, s erialized_data)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012 data = encrypt_data(keys['ENCRYPTION'], data)#012 File "/opt/sta ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012 raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899) Looking in the _memcache_crypt.py code the problem is that pycrypto isn't installed in the Swift venv. pycrypto isn't listed in the Keystonemiddleware requirements.txt file. Since memcache encryption in Keystone middleware relies on pycrypto, and to avoid this issue where the Swift proxy errors out, we believe that pyrcypto should be added to Keystonemiddleware's requirements.txt file. --- (morganfainberg): This is a documentation bug, see my comment #2
2014-11-17 00:21:31	Morgan Fainberg	tags		documentation
2014-11-17 00:21:43	Morgan Fainberg	keystonemiddleware: importance	Undecided	Low
2014-11-17 00:21:43	Morgan Fainberg	keystonemiddleware: status	New	Triaged
2014-11-17 16:16:01	OpenStack Infra	keystonemiddleware: status	Triaged	In Progress
2014-11-17 16:16:01	OpenStack Infra	keystonemiddleware: assignee		Rodrigo Duarte (rodrigodsousa)
2015-01-12 22:41:09	OpenStack Infra	keystonemiddleware: status	In Progress	Fix Committed
2015-01-23 01:38:27	Morgan Fainberg	keystonemiddleware: milestone		1.4.0
2015-02-10 23:09:41	Morgan Fainberg	keystonemiddleware: status	Fix Committed	Fix Released