consoleauth cannot be run in HA configuration without external memcache
Bug #1243306 reported by
Stanislaw Pitucha
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Low
|
Unassigned |
Bug Description
Running more than one consoleauth service causes silent failures where tokens simply don't get authenticated, because only one of the processes has it cached.
There are two ways to fix this:
- process sending the new token has to use the fanout queue rather than a direct message, so that all consoleauth services are updated
- token can be sent to the database, rather than consoleauth directly - this allows restarting services and adding new ones without creating new problems
Ideally both ways could be implemented at the same time.
Changed in nova: | |
assignee: | nobody → Yaguang Tang (heut2008) |
tags: | added: consoleauth |
Changed in nova: | |
assignee: | Yaguang Tang (heut2008) → nobody |
Changed in nova: | |
assignee: | nobody → Stanislaw Pitucha (stanislaw-pitucha) |
Changed in nova: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
tags: |
added: console removed: consoleauth |
Changed in nova: | |
assignee: | Stanislaw Pitucha (stanislaw-pitucha) → David McNally (dave-mcnally) |
Changed in nova: | |
status: | Incomplete → In Progress |
Changed in nova: | |
assignee: | nobody → Alex Xu (xuhj) |
Changed in nova: | |
assignee: | Alex Xu (xuhj) → Eli Qiao (taget-9) |
To post a comment you must log in.
I don't this think this is a bug at all, you can already use a shared memcache instance so that tokens are shared between consoleauth services. You just need to define memcached_servers for each consoleauth process ie.
memcached_ server= sharedhost1: 11211, sharedhost2:11211
The memcache client will take care of hashing keys to the different memcache instances.