Sahara

Create big cluster failed because token expired

Bug #1486653 reported by Sergey Reshetnyak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Sahara
Fix Released
High
Vitalii Gridnev
Sahara mitaka-2 "m2"

Bug Description

Big Sahara cluster creation is failed because of Keystone token expiration.

Steps to reproduce:
- Create big enough Sahara cluster (400 workers).
- Check that cluster creation time is bigger than Keystone token expiration time (1 hour by default)

Expected result:
- Sahara cluster is created successfully without any errors

Actual result:
- Sahara cluster creation is failed after the token expiration time due to the Keystone authentication error

Solution: introduce token creation from the trusts for all clusters resources operations.

Sergey Reshetnyak (sreshetniak)
Changed in sahara:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Sergey Reshetnyak (sreshetniak)
milestone: none → liberty-3
Sergey Lukjanov (slukjanov)
Changed in sahara:
milestone: liberty-3 → liberty-rc1
Sergey Lukjanov (slukjanov)
Changed in sahara:
milestone: liberty-rc1 → next
Vitalii Gridnev (vgridnev)
Changed in sahara:
milestone: next → mitaka-2
assignee: Sergey Reshetnyak (sreshetniak) → Vitaly Gridnev (vgridnev)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (master)

Reviewed: https://review.openstack.org/251488
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=90587a7efbe892ee95b3f56310f70f0158fc9e73
Submitter: Jenkins
Branch: master

commit 90587a7efbe892ee95b3f56310f70f0158fc9e73
Author: Vitaly Gridnev <email address hidden>
Date: Mon Nov 30 20:45:44 2015 +0300

    rewrite heat client calls

    rewriting heat client calls logic to avoid
    problems with tokens.

    Closes-bug: 1486653
    Change-Id: Ied6cb0755a059f64bb403769e682703306fd2152

Changed in sahara:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/251835
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=dd85b5d78d2ac97be91afc074dc8e4b3b4d93091
Submitter: Jenkins
Branch: master

commit dd85b5d78d2ac97be91afc074dc8e4b3b4d93091
Author: Vitaly Gridnev <email address hidden>
Date: Tue Dec 1 15:26:11 2015 +0300

    Add ability to get auth token from auth plugin

    This implements ability to get auth token from auth plugin
    to allow refreshing auth token in case of auth plugin with
    trusts.

    Partial-bug: 1486653
    Change-Id: I2381750a5a5d667780e2354a7b99e49f0d5e3aa7

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to sahara (master)

Reviewed: https://review.openstack.org/251813
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=47bd10fff83933ddb0a241a1fc73e09ff4cce6bb
Submitter: Jenkins
Branch: master

commit 47bd10fff83933ddb0a241a1fc73e09ff4cce6bb
Author: Vitaly Gridnev <email address hidden>
Date: Tue Dec 1 14:46:13 2015 +0300

    Trust usage improvements in sahara

    There are several improvements in usage trusts.
     * create trust always and without expiry to allow
       provisioning of large clusters
     * fix issues with auth_plugin setup during cluster
       provisioning, so that we can use trusts to
       refresh auth_token
     * enable redelegation for cluster trusts, because
       heat also will create trusts during heat stack
       creation
     * refreshing cluster before create/delete trusts
       to check to be sure that correct trust applied
       to cluster.
     * removing config option for expiry since it unused now.

    SecurityImpact

    Closes-bug: 1521992
    Related-bug: 1486653
    Change-Id: Ic5ab5a875754c09aae59d0313d5726f2bd4f7282

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.