2297453 – [CEE] Error 401 on some RGW servers

Bug 2297453 - [CEE] Error 401 on some RGW servers

Summary: [CEE] Error 401 on some RGW servers

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	7.1z2
Assignee:	Marcus Watts
QA Contact:	Hemanth Sai
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2315068 2313170 2314213
TreeView+	depends on / blocked

Reported:	2024-07-12 07:48 UTC by Yuka Ariyama
Modified:	2025-03-08 04:25 UTC (History)
CC List:	12 users (show)
Fixed In Version:	ceph-18.2.1-250.el9cp
Doc Type:	Bug Fix
Doc Text:	Cause: Currently the "admin token" is cached and upon checking the cache we verify the expiration on the token before using it but we have no logic to invalidate the cache if the response from the Keystone API says that the "admin token" is invalid. Consequence: Swift API requests for clients are dropped causing Error 401 on some RGW servers until service is restarted. Fix: There is probably multiple places in Keystone where it invalidates tokens, but one example where the "admin token" would be invalidated and return HTTP 401 status code is if the user that is configured in rgw_keystone_admin_user has it's password changed (even if it's the same password as the current one) then Keystone will invalidate it's cache and invalidated existing tokens even if they have not expired yet Result: Keystone is now able to invalidate it's cache and invalidated existing tokens even if they have not expired yet
Clone Of:
Clones:	2313170 2314213 (view as bug list)
Environment:
Last Closed:	2024-11-07 14:39:48 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-9317	0	None	None	None	2024-07-12 07:49:26 UTC
Red Hat Product Errata	RHBA-2024:9010	0	None	None	None	2024-11-07 14:40:09 UTC

Comment 8 shiqi 2024-08-29 05:35:56 UTC

hello Yuka Ariyama
I find the bug fix in community ceph(Ceph - v17.2.8)
But redhat ceph6.1 equal to community ceph-17.2.6 
see link: 
https://tracker.ceph.com/issues/64094
https://tracker.ceph.com/issues/64495

it fixed 7 days ago

So I think the fix haven't backport form upstream to downstream. I can't find this fix in redhat errata and release note.

Comment 44 errata-xmlrpc 2024-11-07 14:39:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:9010

Comment 45 Red Hat Bugzilla 2025-03-08 04:25:08 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.