[openstack-dev] [Nova] Tokens in memcache become unauthorized
Nadya Privalova
nprivalova at mirantis.com
Mon Dec 2 12:54:44 UTC 2013
Hi guys,
I've faced with nova+memcache issue on the cluster in HA-mode.
Issue is related to nova in case of using REST (that includes Horizon):
it's impossible to use auth-token several times because it became
unauthorized in cache.
Logs:
Nov 13 06:58:49 controller-1461 nova keystoneclient.middleware.auth_token
DEBUG Token validation failure.
Traceback (most recent call last):
File
"/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py",
line 684, in _validate_u
ser_token
cached = self._cache_get(token_id)
File
"/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py",
line 898, in _cache_get
raise InvalidUserToken('Token authorization failed')
InvalidUserToken: Token authorization failed
Nov 13 06:58:49 controller-1461 nova keystoneclient.middleware.auth_token
DEBUG Marking token 211b590c4ba94d62a3981fbf91e934dc as unauthorized in
memcache
Issue was fixed after the following was added to [keystone_authtoken]
section in nova.conf to all controller's nodes:
memcache_security_strategy=ENCRYPT
memcache_secret_key=any_key
But from docs I see that these configs are not required. The issue does not
appear with any other services but all of them have
memcache_security_strategy empty. So is it a nova-bug or for HA-mode I
should configure this params? May the issue be caused by the fact that
memcaches are not syncked on controllers?
Thanks,
Nadya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131202/3d214796/attachment.html>
More information about the OpenStack-dev
mailing list