registry team mailing list archive

Thread
Date

[Bug 637805] [NEW] keypairs shouldn't be in LDAP

To: registry@xxxxxxxxxxxxxxxxxxx
From: anotherjesse <637805@xxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Sep 2010 06:09:59 -0000
Reply-to: Bug 637805 <637805@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Keypairs were stored in LDAP for historical reasons (in nova 0.1, LDAP
was the only persistent datastore)

Now that we've got a more solid datastore, it would be nice to move them
to where the rest of the non-user data resides.

Storing the keys in LDAP added complexity and brittleness to the code
(since we had to add a custom LDAP schema, and LDAP seems to throw
exceptions 0.5% of the time when we launch instances:

ERROR:root:instance i-1470: Failed to spawn
Traceback (most recent call last):
 File "/srv/cloud/nova/nova/compute/manager.py", line 86, in run_instance
   yield self.driver.spawn(instance_ref)
 File "/usr/local/lib/python2.6/dist-packages/twisted/internet/defer.py", line 821, in _inlineCallbacks
   result = result.throwExceptionIntoGenerator(g)
 File "/usr/local/lib/python2.6/dist-packages/twisted/python/failure.py", line 338, in throwExceptionIntoGenerator
   return g.throw(self.type, self.value, self.tb)
 File "/srv/cloud/nova/nova/virt/libvirt_conn.py", line 217, in spawn
   yield self._create_image(instance, xml)
 File "/usr/local/lib/python2.6/dist-packages/twisted/internet/defer.py", line 823, in _inlineCallbacks
   result = g.send(result)
 File "/srv/cloud/nova/nova/virt/libvirt_conn.py", line 267, in _create_image
   project = manager.AuthManager().get_project(inst['project_id'])
 File "/srv/cloud/nova/nova/auth/manager.py", line 484, in get_project
   with self.driver() as drv:
 File "/srv/cloud/nova/nova/auth/ldapdriver.py", line 82, in __enter__
   self.conn.simple_bind_s(FLAGS.ldap_user_dn, FLAGS.ldap_password)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 207, in simple_bind_s
   return self.result(msgid,all=1,timeout=self.timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 436, in result
   res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 440, in result2
   res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 446, in result3
   ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
 File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
   result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}

** Affects: nova
     Importance: Low
         Status: New

** Branch linked: lp:~vishvananda/nova/orm_deux

** Changed in: nova
   Importance: Undecided => Low

-- 
keypairs shouldn't be in LDAP
https://bugs.launchpad.net/bugs/637805
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.

Follow ups

[Bug 637805] Re: keypairs shouldn't be in LDAP
From: Eric Day, 2010-10-25
[Bug 637805] Re: keypairs shouldn't be in LDAP
From: anotherjesse, 2010-09-21
[Bug 637805] Re: keypairs shouldn't be in LDAP
From: anotherjesse, 2010-09-21
[Bug 637805] Re: keypairs shouldn't be in LDAP
From: Jay Pipes, 2010-09-14
[Bug 637805] [NEW] keypairs shouldn't be in LDAP
From: anotherjesse, 2010-09-14

References

[Bug 637805] [NEW] keypairs shouldn't be in LDAP
From: anotherjesse, 2010-09-14