[openstack-dev] [all] [clients] [keystone] lack of retrying tokens leads to overall OpenStack fragility

Sean Dague sean at dague.net
Wed Sep 10 14:40:00 UTC 2014


Do we know which versions of the clients do that?

	-Sean

On 09/10/2014 10:22 AM, Endre Karlson wrote:
> I think at least clients supporting keystone sessions that are
> configured to use the auth.Password mech supports this since re-auth is
> done by the session rather then the service client itself.
> 
> 2014-09-10 16:14 GMT+02:00 Sean Dague <sean at dague.net
> <mailto:sean at dague.net>>:
> 
>     Going through the untriaged Nova bugs, and there are a few on a similar
>     pattern:
> 
>     Nova operation in progress.... takes a while
>     Crosses keystone token expiration time
>     Timeout thrown
>     Operation fails
>     Terrible 500 error sent back to user
> 
>     It seems like we should have a standard pattern that on token expiration
>     the underlying code at least gives one retry to try to establish a new
>     token to complete the flow, however as far as I can tell *no* clients do
>     this.
> 
>     I know we had to add that into Tempest because tempest runs can exceed 1
>     hr, and we want to avoid random fails just because we cross a token
>     expiration boundary.
> 
>     Anyone closer to the clients that can comment here?
> 
>             -Sean
> 
>     --
>     Sean Dague
>     http://dague.net
> 
>     _______________________________________________
>     OpenStack-dev mailing list
>     OpenStack-dev at lists.openstack.org
>     <mailto:OpenStack-dev at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 


-- 
Sean Dague
http://dague.net



More information about the OpenStack-dev mailing list