yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #05176
[Bug 1221087] Re: Memcached token backend should work with any timezone
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1221087
Title:
Memcached token backend should work with any timezone
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
In configuration document, it looks like following configuration are
required with memcache token backend.
- Memcached server's timezone is set to UTC.
- Timezone of both Memcached and Keystone server should be same.
So Keystone server's timezone is also set to UTC.
http://docs.openstack.org/developer/keystone/configuration.html
#memcached-and-system-time
I guess this limitation is caused by incorrect expiration time is set
when tokens are generated.
backends/memcache.py call utils.unixtime() and it calls time.mktime().
time.mktime() return localtime, not UTC, so its value depends on time zone.
In my tests, if keystone server runs with UTC + N (N>=1), token
authorization failed.
# run keystone server with UTC+1
> env TZ='UTC-1' tools/with_venv.sh bin/keystone-all
# get token
> env TZ=UTC tools/with_venv.sh keystone .. token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2013-09-05T08:38:14Z |
| id | fecd5f9e1c1842f0a60d86a07584fca4 |
| tenant_id | 7b1abdb5213a4962bcaf04a7e0881a91 |
| user_id | 03a2d2e23ff94bfa908856d2c1081110 |
+-----------+----------------------------------+
# use token
> env TZ=UTC curl -H "X-Auth-Token:$TOKEN" http://localhost:5000/v2.0/tenants
{"error": {"message": "Could not find token, fecd5f9e1c1842f0a60d86a07584fca4.", "code": 401, "title": "Unauthorized"}}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1221087/+subscriptions