[openstack-dev] [Nova] Tokens in memcache become unauthorized

Nadya Privalova nprivalova at mirantis.com
Mon Dec 2 12:54:44 UTC 2013

Hi guys,

I've faced with nova+memcache issue on the cluster in HA-mode.

Issue is related to nova in case of using REST (that includes Horizon):
it's impossible to use auth-token several times because it became
unauthorized in cache.


Nov 13 06:58:49 controller-1461 nova keystoneclient.middleware.auth_token
DEBUG Token validation failure.
Traceback (most recent call last):
line 684, in _validate_u
    cached = self._cache_get(token_id)
line 898, in _cache_get
    raise InvalidUserToken('Token authorization failed')
InvalidUserToken: Token authorization failed
Nov 13 06:58:49 controller-1461 nova keystoneclient.middleware.auth_token
DEBUG Marking token 211b590c4ba94d62a3981fbf91e934dc as unauthorized in

Issue was fixed after the following was added to [keystone_authtoken]
section in nova.conf to all controller's nodes:

But from docs I see that these configs are not required. The issue does not
appear with any other services but all of them have
memcache_security_strategy empty. So is it a nova-bug or for HA-mode I
should configure this params? May the issue be caused by the fact that
memcaches are not syncked on controllers?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131202/3d214796/attachment.html>

More information about the OpenStack-dev mailing list