OpenContrail

svc_monitor causes Unable to find authentication token in headers errors in vnc_cfg_api_server.py

Bug #1302197 reported by Noel Burton-Krahn on 2014-04-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenContrail	New	Undecided	Praneet Bachheti

Bug Description

The svc_monitor is pinging the api_server without adding an X-Auth-Token header. (strace from svc_monitor.py below). The question is how to fix it: make svc_monitor send an auth header, or make the api_server ignore the absence for the "/" url?

[pid 14246] connect(11, {sa_family=AF_INET, sin_port=htons(8082), sin_addr=inet_addr("10.14.2.11")}, 16) = 0
[pid 14246] sendto(11, "GET / HTTP/1.1\r\nHost: 10.14.2.11:8082\r\nX-Tenant-Name: service\r\nContent-type: application/json; charset=\"UTF-8\"\r\nAccept-Encoding: gzip, deflate, compress\r\nAccept: */*\r\nUser-Agent: python-requests/1.2.3 CPython/2.7.5 Linux/3.10.35\r\n\r\n", 232, 0, NULL, 0) = 232

The api server log is full of this:

contrail-api.log: WARNING:keystoneclient.middleware.auth_token:Unable to find authentication token in headers
contrail-api.log: 10.14.2.4 - - [2014-04-03 17:02:39] "GET / HTTP/1.1" 401 565 0.000491

I straced vnc_cfg_api_server.py. It looks like the api server is actually doing an HTTP request to itself, but its not passing keystone creds. Why?

  [pid 3915] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 124
  [pid 3915] connect(124, {sa_family=AF_INET, sin_port=htons(8082), sin_addr=inet_addr("10.14.2.11")}, 16) = 0
  [pid 3915] sendto(124, "GET / HTTP/1.1\r\nHost: 10.14.2.11:8082\r\nX-Tenant-Name: service\r\nContent-type: application/json; charset=\"UTF-8\"\r\nAccept-Encoding: gzip, deflate, compress\r\nAccept: */*\r\nUser-Agent: python-requests/1.2.3 CPython/2.7.5 Linux/3.10.35\r\n\r\n", 232, 0, NULL, 0) = 232
  [pid 3915] accept(24, {sa_family=AF_INET, sin_port=htons(62900), sin_addr=inet_addr("10.14.2.4")}, [16]) = 126
  [pid 3915] recvfrom(126, "GET / HTTP/1.1\r\nHost: 10.14.2.11:8082\r\nX-Tenant-Name: service\r\nContent-type: application/json; charset=\"UTF-8\"\r\nAccept-Encoding: gzip, deflate, compress\r\nAccept: */*\r\nUser-Agent: python-requests/1.2.3 CPython/2.7.5 Linux/3.10.35\r\n\r\n", 8192, 0, NULL, NULL) = 232
  [pid 3915] write(2, "WARNING:keystoneclient.middleware.auth_token:Unable to find authentication token in headers\n", 92) = 92
  [pid 3915] sendto(126, "HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Keystone uri='http://10.14.2.3:35357'\r\nContent-Length: 381\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Thu, 03 Apr 2014 16:54:48 GMT\r\n\r\n<html>\n <head>\n <title>401 Unauthorized</title>\n </head>\n <body>\n <h1>401 Unauthorized</h1>\n This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />\nAuthentication required\n\n\n </body>\n</html>", 565, 0, NULL, 0) = 565

Tags:

Revision history for this message

Pedro Marques (5-roque) wrote on 2014-04-03:

Please also see: https://bugs.launchpad.net/opencontrail/+bug/1301600

Changed in opencontrail:
assignee:	nobody → Rudra Rugge (rudrarugge)
assignee:	Rudra Rugge (rudrarugge) → nobody
assignee:	nobody → Praneet Bachheti (praneetb)

Revision history for this message

Martin Gerhard Loschwitz (martin-loschwitz) wrote on 2014-10-23:

Pedro, what does the link you have mentioned have to do with the actual problem described in this bug report? I think we are running into the same issue with 1.06; what is the actual solution for this? We see exactly the same error message until we restart contrail-api, then thngs start to work.

Nagabhushana R (bhushana) on 2014-10-29

tags:

added: config

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.