[Bug 1987355] Re: Error validating X-Service-Token
Edward Hope-Morley
1987355 at bugs.launchpad.net
Tue Aug 8 14:16:37 UTC 2023
** Also affects: python-keystonemiddleware (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python-keystonemiddleware (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: python-keystonemiddleware (Ubuntu Mantic)
Importance: Undecided
Status: New
** Also affects: python-keystonemiddleware (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: python-keystonemiddleware (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: cloud-archive
Importance: Undecided
Status: New
** Also affects: cloud-archive/yoga
Importance: Undecided
Status: New
** Also affects: cloud-archive/wallaby
Importance: Undecided
Status: New
** Also affects: cloud-archive/victoria
Importance: Undecided
Status: New
** Also affects: cloud-archive/zed
Importance: Undecided
Status: New
** Also affects: cloud-archive/bobcat
Importance: Undecided
Status: New
** Also affects: cloud-archive/antelope
Importance: Undecided
Status: New
** Also affects: cloud-archive/ussuri
Importance: Undecided
Status: New
** Also affects: cloud-archive/xena
Importance: Undecided
Status: New
** Changed in: cloud-archive/bobcat
Status: New => Fix Released
** Changed in: python-keystonemiddleware (Ubuntu Mantic)
Status: New => Fix Released
** Changed in: python-keystonemiddleware (Ubuntu Lunar)
Status: New => Fix Released
** Changed in: cloud-archive/antelope
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1987355
Title:
Error validating X-Service-Token
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive antelope series:
Fix Released
Status in Ubuntu Cloud Archive bobcat series:
Fix Released
Status in Ubuntu Cloud Archive ussuri series:
New
Status in Ubuntu Cloud Archive victoria series:
New
Status in Ubuntu Cloud Archive wallaby series:
New
Status in Ubuntu Cloud Archive xena series:
New
Status in Ubuntu Cloud Archive yoga series:
New
Status in Ubuntu Cloud Archive zed series:
New
Status in keystonemiddleware:
Fix Released
Status in python-keystonemiddleware package in Ubuntu:
Fix Released
Status in python-keystonemiddleware source package in Focal:
New
Status in python-keystonemiddleware source package in Jammy:
New
Status in python-keystonemiddleware source package in Lunar:
Fix Released
Status in python-keystonemiddleware source package in Mantic:
Fix Released
Bug description:
I found this issue when nova calls cinder with an expired X-Auth-Token
but it is configured to also send a X-Service-Token. The traffic goes
like this:
nova-compute -> cinder: post with X-Auth-Token and X-Service-Token
cinder -> keystone: validate X-Auth-Token
keystone -> cinder: returns 404
cinder -> nova-compute: returns 401
nova-compute -> cinder: retry post with new X-Service-Token
cinder -> keystone: validate X-Service-Token
keystone -> cinder: returns 200 showing that the token is valid
cinder -> nova-compute: returns 401
As I understand Cinder should return 200 in the last message as the
token is valid.
My test client is a long running service that uses the same token to
communicate to nova until it receives a 401 and then generates a new
one. Sometimes the token is invalidated in the middle of a transaction
and nova returns 200 to the client but cinder returns 401 to nova.
I have managed to reproduce this both on ussuri and yoga (the code I
mentioned has not been changed in 7 years).
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1987355/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list