Unauthorized message when uploading a large image with openstack cli
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Won't Fix
|
Wishlist
|
Oleksiy Molchanov |
Bug Description
Drop number-- "Drop2019w15"
When we upload a large image using openstack cli, If the image upload time is more than token expiration time, the image getting uploaded successfully but getting below message at the end.
401 Unauthorized: This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. (HTTP 401)
The message is coming when we try to upload an image which takes more upload time than the token expiration time in keystone.conf.
This is happening when we use openstack cli. We did not check uploading images from Horizon.
Please verify the atatched file <trail2.txt>, We tried 3 scenarios in there. It contains steps for issue reproduction.
1. Upload of optimum size image with openstack cli
2. Upload of big image which takes lot of time, using openstack cli(here we got message)
3. Upload of same size image in step 2 using glance cli
In this test we reduced expiration time to 300sec.
Changed in mos: | |
milestone: | none → 9.2-mu-12 |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
importance: | Undecided → Critical |
importance: | Critical → High |
status: | New → Confirmed |
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Oleksiy Molchanov (omolchanov) |
Changed in mos: | |
status: | Confirmed → In Progress |
Changed in mos: | |
status: | In Progress → Confirmed |
I assume that the OpenStack CLI (which is an alternative to the glance native CLI in this case) is just failing in this part https:/ /github. com/openstack/ python- openstackclient /blob/mitaka- eol/openstackcl ient/image/ v2/image. py#L349 where it tries to get image info after uploading. This is just a cosmetic problem that is not worth inventing re-authorization mechanics in the CLI. There are plenty of workarounds and they all are well known:
1) Increase token's lifetime
2) Use the glance native CLI
3) Ignore this error
I'm going to close this report as Won't Fix.