Comment 1 for bug 1761050
Revision history for this message
| Juan Antonio Osorio Robles (juan-osorio-robles) wrote Re: Failures to get tokens when undercloud is containerized | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
I don't think it's a token provider configuration issue, since we only have 2 keys by default. And the deployment seems to start and go forward for quite a while: https:/
from there I can see it goes up to step 5, and in the end it fails with this exception: No JSON object could be decoded
which I guess comes from mistral client.
At some point in the zaqar logs I can see that it fails with authorization failed:
https:/
which gets reflected in the mistral executor logs here https:/
which is what Emilien reported.
I think that the issue is that mistral (server) is not refreshing the token that zaqar is using. The token works for a while and expires after an hour (which is what we configure). The theory has backup data because of the log timings:
The deploy starts at 0:55
https:/
And we see the error at 1:55
https:/
So ultimately it seems to me that it's an issue on how mistral creates the client (in a way that doesn't refresh the keystone tokens). This should have been handled already though, and it does seem to me that mistral is using sessions correctly (as far as I can tell). Are we using an old mistral container?
This would have usually gotten handled by the session object from keystoneauth1, which I thought was being used in zaqar