OpenStack-Ansible

Keystone token flush running simultaneously on all containers

Bug #1663297 reported by Bjoern
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Andy McCrae

Bug Description

It seems that the token flush job is running on all keystone containers at the same time, unlike it used to be in older versions, where it was installed only on the first container :

# ansible keystone_container -m shell -a 'cat /var/spool/cron/crontabs/keystone'infra02_keystone_container-716331e7 | success | rc=0 >>
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontabTWwI1U installed on Tue Sep 27 15:56:15 2016)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
#Ansible: Clear out stale keystone tokens
0 * * * * /openstack/venvs/keystone-13.3.4/bin/keystone-manage token_flush

infra03_keystone_container-e2e3aa57 | success | rc=0 >>
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontabCaRbz2 installed on Tue Sep 27 15:56:15 2016)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
#Ansible: Clear out stale keystone tokens
0 * * * * /openstack/venvs/keystone-13.3.4/bin/keystone-manage token_flush

infra01_keystone_container-6af0127b | success | rc=0 >>
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab0qdmRZ installed on Tue Sep 27 15:56:15 2016)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
#Ansible: Clear out stale keystone tokens
0 * * * * /openstack/venvs/keystone-13.3.4/bin/keystone-manage token_flush

Why was this changed ? To overcome HA issues in case on container is not operational ?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/433744

Changed in openstack-ansible:
assignee: nobody → Andy McCrae (andrew-mccrae)
status: New → In Progress
Jean-Philippe Evrard (jean-philippe-evrard)
Changed in openstack-ansible:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_keystone (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/433797

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_keystone (master)

Reviewed: https://review.openstack.org/433744
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=aa80b5588f23e762980cc14e60da602bc1effbb0
Submitter: Jenkins
Branch: master

commit aa80b5588f23e762980cc14e60da602bc1effbb0
Author: Andy McCrae <email address hidden>
Date: Tue Feb 14 16:06:03 2017 +0000

    Only run token_flush on 1 host

    The token_flush should only run on 1 host, not all keystone hosts.

    Change-Id: Ibb689431f288190f3a8451b52cd77a4167d6945c
    Closes-Bug: #1663297

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_keystone (stable/ocata)

Reviewed: https://review.openstack.org/433797
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=5b5aa1e2f2685b82e8622d28ae41c6f5b0672885
Submitter: Jenkins
Branch: stable/ocata

commit 5b5aa1e2f2685b82e8622d28ae41c6f5b0672885
Author: Andy McCrae <email address hidden>
Date: Tue Feb 14 16:06:03 2017 +0000

    Only run token_flush on 1 host

    The token_flush should only run on 1 host, not all keystone hosts.
    Unclean backport - for Ocata and before, we need to clean up the old
    cron entries.

    Change-Id: Ibb689431f288190f3a8451b52cd77a4167d6945c
    Closes-Bug: #1663297
    (cherry picked from commit a956a14b566964330ea8681dd22b55c1bf62e01e)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_keystone (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/435301

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_keystone (stable/newton)

Reviewed: https://review.openstack.org/435301
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=b0398c68f43bb4d0df825843628bc3b627d6b8b7
Submitter: Jenkins
Branch: stable/newton

commit b0398c68f43bb4d0df825843628bc3b627d6b8b7
Author: Andy McCrae <email address hidden>
Date: Tue Feb 14 16:06:03 2017 +0000

    Only run token_flush on 1 host

    The token_flush should only run on 1 host, not all keystone hosts.
    Unclean backport - for Ocata and before, we need to clean up the old
    cron entries.

    Change-Id: Ibb689431f288190f3a8451b52cd77a4167d6945c
    Closes-Bug: #1663297
    (cherry picked from commit 5b5aa1e2f2685b82e8622d28ae41c6f5b0672885)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_keystone 15.0.0.0rc2

This issue was fixed in the openstack/openstack-ansible-os_keystone 15.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_keystone 14.1.1

This issue was fixed in the openstack/openstack-ansible-os_keystone 14.1.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_keystone 16.0.0.0b1

This issue was fixed in the openstack/openstack-ansible-os_keystone 16.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.