Bug #1813739 “auth_token does not updated when endpoint is updat...” : Bugs : keystonemiddleware

OpenStack Infra (hudson-openstack) on 2019-01-29

Changed in keystonemiddleware:
assignee:	nobody → Yang Youseok (ileixe)
status:	New → In Progress

Revision history for this message

Colleen Murphy (krinkle) wrote on 2019-02-02:

#1

Could you include the traceback that you are seeing when this happens?

Revision history for this message

Yang Youseok (ileixe) wrote on 2019-02-04:

#2

Download full text (14.1 KiB)

@Collen Sure. This is nova-api.log

2019-02-04 15:57:30.257 3569 DEBUG keystonemiddleware.auth_token [-] Identity endpoint not found. fetch_token /opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py:780
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token Traceback (most recent call last):
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 762, in fetch_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 219, in verify_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 108, in verify_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 110, in validate
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 89, in get_token_data
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token resp, body = self._client.get(url, headers=headers)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 217, in get
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token return self.request(url, 'GET', **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 374, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 142, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token return self.session.request(url, method, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token File "/opt/openstack/lib/python2...

@Collen Sure. This is nova-api.log

2019-02-04 15:57:30.257 3569 DEBUG keystonemiddleware.auth_token [-] Identity endpoint not found. fetch_token /opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py:780
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token Traceback (most recent call last):
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 762, in fetch_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 219, in verify_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 108, in verify_token
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 110, in validate
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     allow_expired=allow_expired)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 89, in get_token_data
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     resp, body = self._client.get(url, headers=headers)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 217, in get
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return self.request(url, 'GET', **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 374, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 142, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return self.session.request(url, method, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 142, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return self.session.request(url, method, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/session.py", line 513, in request
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     **endpoint_filter)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/session.py", line 856, in get_endpoint
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return auth.get_endpoint(self, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 216, in get_endpoint
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     service_name=service_name)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/access/service_catalog.py", line 228, in url_for
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token     raise exceptions.EndpointNotFound(msg)
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token EndpointNotFound: admin endpoint for identity service in devel-r2 region not found
2019-02-04 15:57:30.257 3569 ERROR keystonemiddleware.auth_token
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack [-] Caught error: admin endpoint for identity service in devel-r2 region not found
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack Traceback (most recent call last):
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/nova/nova/api/openstack/__init__.py", line 88, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return req.get_response(self.application)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/request.py", line 1299, in send
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     application, catch_exc_info=False)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/request.py", line 1263, in call_application
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     app_iter = application(self.environ, start_response)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return resp(environ, start_response)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     resp = self.call_func(req, *args, **self.kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return self.func(req, *args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/osprofiler/web.py", line 108, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return request.get_response(self.application)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/request.py", line 1299, in send
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     application, catch_exc_info=False)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/request.py", line 1263, in call_application
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     app_iter = application(self.environ, start_response)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     resp = self.call_func(req, *args, **self.kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return self.func(req, *args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 332, in __call__
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     response = self.process_request(req)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 623, in process_request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     resp = super(AuthProtocol, self).process_request(request)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 405, in process_request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     allow_expired=allow_expired)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 435, in _do_fetch_token
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     data = self.fetch_token(token, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/__init__.py", line 762, in fetch_token
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     allow_expired=allow_expired)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 219, in verify_token
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     allow_expired=allow_expired)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/src/keystonemiddleware/keystonemiddleware/auth_token/_identity.py", line 108, in verify_token
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     allow_expired=allow_expired)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 110, in validate
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     allow_expired=allow_expired)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 89, in get_token_data
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     resp, body = self._client.get(url, headers=headers)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 217, in get
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return self.request(url, 'GET', **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 374, in request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 142, in request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return self.session.request(url, method, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 142, in request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return self.session.request(url, method, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/session.py", line 513, in request
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     **endpoint_filter)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/session.py", line 856, in get_endpoint
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return auth.get_endpoint(self, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 216, in get_endpoint
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     service_name=service_name)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     return wrapped(*args, **kwargs)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack   File "/opt/openstack/lib/python2.7/site-packages/keystoneauth1/access/service_catalog.py", line 228, in url_for
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack     raise exceptions.EndpointNotFound(msg)
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack EndpointNotFound: admin endpoint for identity service in devel-r2 region not found
2019-02-04 15:57:30.264 3569 ERROR nova.api.openstack
2019-02-04 15:57:30.276 3569 INFO nova.api.openstack [-] http://devel-api-r2.9rum.cc:8774/v2.1/2bffaae34181438aacea99a4554ed1cb/servers?status=Active&host=r2compute001&all_tenants=True returned with HTTP 500
2019-02-04 15:57:30.278 3569 DEBUG nova.api.openstack.wsgi [-] Returning 500 to user: The server has either erred or is incapable of performing the requested operation. __call__ /opt/openstack/src/nova/nova/api/openstack/wsgi.py:1039
2019-02-04 15:57:30.280 3569 INFO nova.osapi_compute.wsgi.server [-] 10.252.20.61,10.252.20.62 "GET /v2.1/2bffaae34181438aacea99a4554ed1cb/servers?status=Active&host=r2compute001&all_tenants=True HTTP/1.1" status: 500 len: 335 time: 0.2817941
2

Revision history for this message

Yang Youseok (ileixe) wrote on 2019-02-04:

#3

Traceback pastebin above: https://pastebin.com/75a7zjfg

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-13: Fix merged to keystonemiddleware (master)

#4

Reviewed: https://review.openstack.org/633695
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=4e51cb8e6b4968fcb68903dce7e773b218f85bb7
Submitter: Zuul
Branch: master

commit 4e51cb8e6b4968fcb68903dce7e773b218f85bb7
Author: Yang Youseok <email address hidden>
Date: Tue Jan 29 18:59:12 2019 +0900

Add auth invalidation in auth_token for identity endpoint update

    Currently auth_token middleware does not concern identity endpoint
    update since service catalog is not updated after service having
    auth_token middleware started.

    Add invalidation logic when EndpointNotfound exception occurs so
    that auth_token middleware can be notified of sevice catalog update
    without restart.

Change-Id: I631ee1538883d732fe3987b172d987f703dad5c0
Closes-Bug: #1813739

Changed in keystonemiddleware:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-28: Fix included in openstack/keystonemiddleware 6.0.0

#5

This issue was fixed in the openstack/keystonemiddleware 6.0.0 release.

keystonemiddleware

auth_token does not updated when endpoint is updated

Bug Description

Other bug subscribers

Remote bug watches