Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 919526 - Temporary network outage results in connection refused and invalid token
Temporary network outage results in connection refused and invalid token
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
2.0 (Folsom)
Unspecified Unspecified
high Severity high
: async
: 2.1
Assigned To: Alan Pevec
Pavel Sedlák
: Triaged
Depends On: 950132
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-08 12:53 EST by Alan Pevec
Modified: 2016-04-27 00:13 EDT (History)
2 users (show)

See Also:
Fixed In Version: openstack-keystone-2012.2.4-1.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-09 14:16:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Script used for verification - sends requests during keystone restart or while traffic is rejected (1.69 KB, text/x-python)
2013-05-02 15:29 EDT, Pavel Sedlák 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1150299 None None None Never
OpenStack gerrit 23729 None None None Never
Red Hat Product Errata RHSA-2013:0806 normal SHIPPED_LIVE Low: openstack-keystone security and bug fix update 2013-05-09 18:13:52 EDT

  None (edit)
Description Alan Pevec 2013-03-08 12:53:09 EST 
Description of problem:
The auth_token middleware does not retry if it gets an http error. This means a temporary network outage or keystone restart will cause the token to be listed as invalid. The middleware should retry a few times before failing.
Comment 4 Pavel Sedlák 2013-05-02 15:29:14 EDT 
Created attachment 742897 [details]
Script used for verification - sends requests during keystone restart or while traffic is rejected

This script obtains token from keystone, then launches requests for nova servers list.

First, third and fifth are alignment tests and should always succeed.
When this bug is not fixed:
- second request should fail because keystone is restarting
- fourth request should fail because keystone traffic is rejected by iptables

Output for new version - openstack-keystone-2012.2.4-1.el6ost:
> $ ./919526-network-outage-unauth.py 
> OK
> Stopping keystone:                                         [  OK  ]
> Starting keystone:                                         [  OK  ]
> OLD SHOULD FAIL ::  OK
> OK
> OLD SHOULD FAIL ::  OK
> OK

Output for old version - openstack-keystone-2012.2.3-8.el6ost:
> OK
> Stopping keystone: OLD SHOULD FAIL ::  Failed:
> 401 Unauthorized
> 
> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
> 
>  Authentication required  
>                                                            [  OK  ]
> Starting keystone:                                         [  OK  ]
> OK
> OLD SHOULD FAIL ::  Failed:
> 401 Unauthorized
> 
> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
> 
>  Authentication required  
> OK
Comment 5 Pavel Sedlák 2013-05-02 15:30:13 EDT 
Verified - details provided with previous comment for example test script.
Comment 7 errata-xmlrpc 2013-05-09 14:16:57 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0806.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.