[Openstack] Adding User to Roles invalidates current token?

Joe Topjian joe.topjian at cybera.ca
Thu Aug 29 13:49:18 UTC 2013


Hi Julie,

Thanks so much - that's definitely the issue I'm seeing.

It's a huge coincidence, but late yesterday I ended up modifying
identity/controllers.py and removing the delete token call just like in the
patch -- so I guess I was on the right path.

It doesn't look like 2013.1.3 is available in the Ubuntu cloud repository
yet, so I'll keep my local modifications. But good to know that the
backport will be coming soon.

Thanks again,
Joe


On Thu, Aug 29, 2013 at 1:23 AM, Julie Pichon <jpichon at redhat.com> wrote:

> Hi Joe,
>
> "Joe Topjian" <joe.topjian at cybera.ca> wrote:
> > I'm running through some Folsom to Grizzly upgrade tests and have noticed
> > an odd issue with Keystone and Horizon:
> >
> > If I'm logged into Horizon as the admin user and then (on the command
> line)
> > add a role to the admin user to a tenant, my Horizon session is now
> invalid
> > and I have to logout and log back in.
> >
> > Logs are showing this error:
> >
> > Unauthorized: Unable to communicate with identity service: {"error":
> > {"message": "Could not find token: 80429dc1ca214b39ad3ef17a71ac5915",
> > "code": 401, "title": "Not Authorized"}}. (HTTP 401)
> >
> > If I use MySQL as the token store, I can see that the token in question
> has
> > indeed become invalid.
> >
> > I'm not sure if something broke or is misconfigured from the upgrade or
> if
> > this is a new characteristic of Keystone?
>
> This sounds like https://bugs.launchpad.net/keystone/+bug/1170186 which
> should have been backported to Grizzly 2013.1.3 (Aug 8th stable release).
>
> Julie
>
> >
> > Any ideas?
> >
> > Thanks,
> > Joe
> >
> > --
> > Joe Topjian
> > Systems Architect
> > Cybera Inc.
> >
> > www.cybera.ca
> >
> > Cybera is a not-for-profit organization that works to spur and support
> > innovation, for the economic benefit of Alberta, through the use
> > of cyberinfrastructure.
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
>



-- 
Joe Topjian
Systems Architect
Cybera Inc.

www.cybera.ca

Cybera is a not-for-profit organization that works to spur and support
innovation, for the economic benefit of Alberta, through the use
of cyberinfrastructure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130829/cfd1e529/attachment.html>


More information about the Openstack mailing list