Bug 2297453

Summary: [CEE] Error 401 on some RGW servers
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Yuka Ariyama <yariyama>
Component: RGWAssignee: Marcus Watts <mwatts>
Status: CLOSED ERRATA QA Contact: Hemanth Sai <hmaheswa>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: bkunal, ceph-eng-bugs, cephqe-warriors, ckulal, dwalveka, kjosy, mbenjamin, mwatts, qshi, rpollack, tserlin, vereddy
Target Milestone: ---   
Target Release: 7.1z2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-18.2.1-250.el9cp Doc Type: Bug Fix
Doc Text:
Cause: Currently the "admin token" is cached and upon checking the cache we verify the expiration on the token before using it but we have no logic to invalidate the cache if the response from the Keystone API says that the "admin token" is invalid. Consequence: Swift API requests for clients are dropped causing Error 401 on some RGW servers until service is restarted. Fix: There is probably multiple places in Keystone where it invalidates tokens, but one example where the "admin token" would be invalidated and return HTTP 401 status code is if the user that is configured in rgw_keystone_admin_user has it's password changed (even if it's the same password as the current one) then Keystone will invalidate it's cache and invalidated existing tokens even if they have not expired yet Result: Keystone is now able to invalidate it's cache and invalidated existing tokens even if they have not expired yet
 Story Points: ---
Clone Of:
: 2313170 2314213 (view as bug list) Environment:
Last Closed: 2024-11-07 14:39:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2315068, 2313170, 2314213    

Comment 8 shiqi 2024-08-29 05:35:56 UTC 
hello Yuka Ariyama
I find the bug fix in community ceph(Ceph - v17.2.8)
But redhat ceph6.1 equal to community ceph-17.2.6 
see link: 
https://tracker.ceph.com/issues/64094
https://tracker.ceph.com/issues/64495

it fixed 7 days ago

So I think the fix haven't backport form upstream to downstream. I can't find this fix in redhat errata and release note.
Comment 44 errata-xmlrpc 2024-11-07 14:39:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:9010
Comment 45 Red Hat Bugzilla 2025-03-08 04:25:08 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days