OpenStack Compute (nova)

Xenapi glance plugin should not try uploading when the auth token in invalid

Bug #1238393 reported by Sridevi Koushik on 2013-10-11

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Opinion	Wishlist	Unassigned

Bug Description

The glance plugin tries to upload for invalid auth token.
In nova/image/glance, the X-Auth-Token is taken from the context, and passed on to upload. And in the upload_tarball method, the plugin starts to put the headers and upload the image, and only after all the chunks are uploaded it will receive an UnAuthorized response.

Suggested fix:
Suggested approach: Have a "HEAD" call made with the X-Auth-Token. If that returns a 401, then abandon the upload process.
Otherwise, continue with the upload.

See original description

Sridevi Koushik (sridevik) on 2013-10-11

description:	updated
description:	updated

Sridevi Koushik (sridevik) on 2013-10-11

description:	updated
Changed in nova:
assignee:	nobody → Sridevi Koushik (sridevik)

Revision history for this message

Zhi Yan Liu (lzy-dev) wrote on 2013-10-11:

#1

Good catch, after talking with basha in irc I know you found this problem in LOG and can't exactly know of the scenarios which caused these, so IMO the first thinking is let's try to reproduce this issue and make sure what's root cause about it? and then make sure why nova using a wrong token to upload image? Is it just since image upload operation take a long time and token expired during the progress? Thanks.

Amala Basha (amalabasha) on 2013-10-11

Changed in nova:
status:	New → In Progress

Revision history for this message

Sridevi Koushik (sridevik) wrote on 2013-10-24:

#2

Zhi,

One of the common scenarios in which this occurs is when an image upload is retried.
For eg.
1 Upload returns a 500 and raises a retry able error.
2 While retrying, the auth token has expired. But, it's not identified before hand. Only after the whole upload process finishes, it raises a Unauthorised response.

Revision history for this message

Joe Gordon (jogo) wrote on 2014-09-09:

#3

"Dead hack is a dead hack" https://review.openstack.org/#/c/51132/

Changed in nova:
status:	In Progress → Incomplete

Revision history for this message

Sean Dague (sdague) wrote on 2014-09-18:

#4

There is actually an ML thread now about the general architecture issue here. It's way more complicated than a simple bug and probably a bit change to keystone auth protocol

Changed in nova:
status:	Incomplete → Opinion
importance:	Undecided → Wishlist
assignee:	Sridevi Koushik (sridevik) → nobody

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-01: Change abandoned on nova (master)

#5

Change abandoned by Dan Prince (<email address hidden>) on branch: master
Review: https://review.openstack.org/51132

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.