Enabling API rate limits with provided filter causes nova-api to fail
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Mirantis OpenStack | Status tracked in 10.0.x | |||||
10.0.x |
Fix Committed
|
High
|
Sergii Rizvan | |||
7.0.x |
Fix Committed
|
High
|
Sergii Rizvan | |||
8.0.x |
Fix Released
|
High
|
Sergii Rizvan | |||
9.x |
Fix Released
|
High
|
Max Yatsenko |
Bug Description
Environment = Mitaka MOS 9.2
Reproducible = yes
Enabling API rate limits by adding the ratelimit filter in the nova api-paste.ini configuration to the pipeline causes nova-api to produces errors and fail to serve api requests. This happens when using the default limits filter present since MOS 5.1 in the /etc/nova/
The default filter example present is:
[filter:ratelimit]
limits=(POST, *, .*, 100000 , MINUTE); (POST, %(*/servers), ^/servers, 100000 , DAY);(PUT, %(*) , .*, 1000 , MINUTE);(GET, %(*changes-since*), .*changes-since.*, 100000, MINUTE);(DELETE, %(*), .*, 100000 , MINUTE)
paste.filter_
The syntax using % symbols causes errors upon restart of nova-api. Replacing the % and parentheses with double quotes allows the api to start without error. However, the proper syntax for deployment with puppet must be reviewed further to ensure correctness.
Errors seen using the provided values look like:
2017-04-17 17:57:50.101 18354 CRITICAL nova [-] InterpolationMi
section: [filter:ratelimit]
option : limits
key : */servers
rawval : (POST, *, .*, 100000 , MINUTE); (POST, %(*/servers), ^/servers, 100000 , DAY);(PUT, %(*) , .*, 1000 , MINUTE);(GET, %(*changes-since*), .*changes-since.*, 100000, MINUTE);(DELETE, %(*), .*, 100000 , MINUTE)
2017-04-17 17:57:50.101 18354 ERROR nova Traceback (most recent call last):
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/bin/
2017-04-17 17:57:50.101 18354 ERROR nova sys.exit(main())
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova server = service.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova self.app = self.loader.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return deploy.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return loadobj(APP, uri, name=name, **kw)
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return context.create()
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return self.object_
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova **context.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova val = callable(*args, **kw)
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova app = loader.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova name=name, global_
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
n create
2017-04-17 17:57:50.101 18354 ERROR nova return self.object_
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova **context.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova val = callable(*args, **kw)
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return _load_pipeline(
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova filters = [loader.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova name=name, global_
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova FILTER, name=name, global_
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova local_conf[option] = self.parser.
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova return self._interpola
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova self, section, option, rawval, vars)
2017-04-17 17:57:50.101 18354 ERROR nova File "/usr/lib/
2017-04-17 17:57:50.101 18354 ERROR nova option, section, rawval, e.args[0])
2017-04-17 17:57:50.101 18354 ERROR nova InterpolationMi
2017-04-17 17:57:50.101 18354 ERROR nova section: [filter:ratelimit]
2017-04-17 17:57:50.101 18354 ERROR nova option : limits
2017-04-17 17:57:50.101 18354 ERROR nova key : */servers
2017-04-17 17:57:50.101 18354 ERROR nova rawval : (POST, *, .*, 100000 , MINUTE); (POST, %(*/servers), ^/servers, 100000 , DAY);(PUT, %(*) , .*, 1000 , MINUTE);(GET, %(*changes-since*), .*changes-since.*, 100000, MINUTE);(DELETE, %(*), .*, 100000 , MINUTE)
2017-04-17 17:57:50.101 18354 ERROR nova
2017-04-17 17:57:50.101 18354 ERROR nova
Changed in mos: | |
milestone: | none → 9.x-updates |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Sergii Rizvan (srizvan) |
Changed in mos: | |
status: | Confirmed → In Progress |
Note for QA engineers: openstack_ compute_ api_v21] section (for mitaka) in the nova api-paste.ini:
Before reproducing the bug, API rate limits should be enabled by adding the ratelimit filter in [composite:
... openstack_ compute_ api_v21] api.auth: pipeline_ factory_ v21 app_v21 app_v21
[composite:
use = call:nova.
noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_
keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_
...
For outher versions 'ratelimit' filter may need additions to other sections of the nova api-paste.ini