Bug 917208 - PKI tokens are broken after 24 hours
Summary: PKI tokens are broken after 24 hours
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 2.0 (Folsom)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: snapshot5
: 2.1
Assignee: Adam Young
QA Contact: Pavel Sedlák
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-02 03:21 UTC by Adam Young
Modified: 2022-07-09 06:03 UTC (History)
2 users (show)

Fixed In Version: openstack-keystone-2012.2.3-5.el6ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-04 20:23:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1074172 0 None None None Never
OpenStack gerrit 23334 0 None None None Never
Red Hat Product Errata RHSA-2013:0708 0 normal SHIPPED_LIVE Moderate: openstack-keystone security and bug fix update 2013-04-05 00:19:06 UTC

Description Adam Young 2013-03-02 03:21:22 UTC 
Description of problem:

After 24 hours of being up the auth_token_middleware attempts to retrieve the certificate_revocation_list but fails because the admin token is expired. There is no retry logic in this code path like there is with the uuid tokens to generate a new admin token.

Fixed upstream.

Backport patch on launchpad is here:
https://review.openstack.org/#/c/23334/
Comment 2 Adam Young 2013-03-05 02:42:40 UTC 
https://review.openstack.org/#/c/23334/ Has been updated and now passes the tests.  It should be considered a candidate for backport.  It depends on the patch https://review.openstack.org/#/c/23468/1  which should also be backported.
Comment 8 errata-xmlrpc 2013-04-04 20:23:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0708.html
Note You need to log in before you can comment on or make changes to this bug.