[Bug 1648428] Re: Duplicate requests for token generation from openstack-cli

Kanika Singh kanikasingh.1490 at gmail.com
Mon Dec 26 04:00:07 UTC 2016 

Same thing also happens in glance-client

** Also affects: glance (Ubuntu)
   Importance: Undecided
       Status: New

** No longer affects: glance (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to glance in Ubuntu.
https://bugs.launchpad.net/bugs/1648428

Title:
  Duplicate requests for token generation from openstack-cli

Status in python-openstackclient:
  New

Bug description:
  Problem:
  ========
  While openstack-cli operation is performed, unnecessary POST requests are executed for token generation.

  Details:
  ========
  When openstack role create command is executed, duplicate POST request for token generation is observed.
  we can see in the logs of Keystone.

  /var/log/keystone/keystone.log:
  ----------------------------------------------
  1. 2016-12-08 16:47:39.602 7289 DEBUG keystone.middleware.auth [req-7e3b335f-657c-49c2-9c14-eee14a32e945 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. fill_context /usr/lib/python2.7/site-packages/keystone/middleware/auth.py:210
  2016-12-08 16:47:39.603 7289 INFO keystone.common.wsgi [req-7e3b335f-657c-49c2-9c14-eee14a32e945 - - - - -] GET http://10.0.2.15:5000/v2.0/

  2. 2016-12-08 16:47:39.612 7289 DEBUG keystone.middleware.auth
  [req-c9323536-1d85-4ab7-a83a-6efcbe8d4a60 - - - - -] There is either
  no auth token in the request or the certificate issuer is not trusted.
  No auth context will be set. fill_context /usr/lib/python2.7/site-
  packages/keystone/middleware/auth.py:210

  3. 2016-12-08 16:47:39.613 7289 INFO keystone.common.wsgi
  [req-c9323536-1d85-4ab7-a83a-6efcbe8d4a60 - - - - -] POST
  http://10.0.2.15:5000/v2.0/tokens

  4. 2016-12-08 16:47:39.746 7289 DEBUG keystone.middleware.auth [req-
  2d5a9a76-9fcd-47f5-ae89-53afdf8b1fac - - - - -] There is either no
  auth token in the request or the certificate issuer is not trusted. No
  auth context will be set. fill_context /usr/lib/python2.7/site-
  packages/keystone/middleware/auth.py:210

  5. 2016-12-08 16:47:39.747 7289 INFO keystone.common.wsgi [req-
  2d5a9a76-9fcd-47f5-ae89-53afdf8b1fac - - - - -] POST
  http://10.0.2.15:5000/v2.0/tokens

  6. 2016-12-08 16:47:39.887 7288 INFO keystone.common.wsgi [req-
  eba74454-70e8-4d51-bc10-6d2eb558320e 94edd5c88daf4bec84f4f8a3e8efcdd3
  8c9b125ddfb64bbe89aa0c9229f3209a - default default] GET
  http://10.0.2.15:35357/

  7. 2016-12-08 16:47:39.891 7288 DEBUG keystone.middleware.auth [req-
  eba74454-70e8-4d51-bc10-6d2eb558320e 94edd5c88daf4bec84f4f8a3e8efcdd3
  8c9b125ddfb64bbe89aa0c9229f3209a - default default] Authenticating
  user token process_request /usr/lib/python2.7/site-
  packages/keystonemiddleware/auth_token/__init__.py:346

  8. 2016-12-08 16:47:39.898 7288 DEBUG keystone.middleware.auth [req-
  3487c9be-ceeb-4961-996d-f623d0a1d3ae 94edd5c88daf4bec84f4f8a3e8efcdd3
  8c9b125ddfb64bbe89aa0c9229f3209a - default default] RBAC:
  auth_context: {'is_delegated_auth': False, 'access_token_id': None,
  'user_id': u'94edd5c88daf4bec84f4f8a3e8efcdd3', 'roles': [u'admin'],
  'user_domain_id': 'default', 'consumer_id': None, 'trustee_id': None,
  'is_domain': False, 'trustor_id': None, 'token': <KeystoneToken
  (audit_id=FBSisnC8RSy2tD6NvKgVqQ,
  audit_chain_id=FBSisnC8RSy2tD6NvKgVqQ) at 0x7fe9477f8370>,
  'project_id': u'8c9b125ddfb64bbe89aa0c9229f3209a', 'trust_id': None,
  'project_domain_id': 'default'} fill_context /usr/lib/python2.7/site-
  packages/keystone/middleware/auth.py:243

  9. 2016-12-08 16:47:39.898 7288 INFO keystone.common.wsgi [req-
  3487c9be-ceeb-4961-996d-f623d0a1d3ae 94edd5c88daf4bec84f4f8a3e8efcdd3
  8c9b125ddfb64bbe89aa0c9229f3209a - default default] POST
  http://10.0.2.15:35357/v2.0/OS-KSADM/roles

  10. 2016-12-08 16:47:39.899 7288 DEBUG keystone.policy.backends.rules
  [req-3487c9be-ceeb-4961-996d-f623d0a1d3ae
  94edd5c88daf4bec84f4f8a3e8efcdd3 8c9b125ddfb64bbe89aa0c9229f3209a -
  default default] enforce admin_required: {'user_id':
  u'94edd5c88daf4bec84f4f8a3e8efcdd3', u'is_admin': 0, u'roles':
  [u'admin'], 'tenant_id': u'8c9b125ddfb64bbe89aa0c9229f3209a'} enforce
  /usr/lib/python2.7/site-packages/keystone/policy/backends/rules.py:76

  
  In the above mentioned logs, Line number #3 and #5 is generating token twice as checked in database.

  These two POST request are an overhead.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-openstackclient/+bug/1648428/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list