yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1285833] Re: CertificateConfigError: Unable to load certificate. Ensure your system is configured properly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Fri, 28 Feb 2014 14:06:31 -0000
Reply-to: Bug 1285833 <1285833@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
   Importance: Undecided => Critical

** Summary changed:

- CertificateConfigError: Unable to load certificate. Ensure your system is configured properly
+ Keystone client racing on certificate lookups - CertificateConfigError: Unable to load certificate. Ensure your system is configured properly

** Changed in: cinder
   Importance: Undecided => High

** No longer affects: heat

** Summary changed:

- Keystone client racing on certificate lookups - CertificateConfigError: Unable to load certificate. Ensure your system is configured properly
+ Keystone client racing on certificate lookups causing 404 Unauthorized on API calls

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1285833

Title:
  Keystone client racing on certificate lookups causing 404 Unauthorized
  on API calls

Status in Cinder:
  Confirmed
Status in Python client library for Keystone:
  New

Bug description:
  DEBUG keystoneclient.middleware.auth_token [-] Token validation failure. _validate_user_token /opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py:849
  TRACE keystoneclient.middleware.auth_token Traceback (most recent call last):
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 836, in _validate_user_token 
  TRACE keystoneclient.middleware.auth_token     verified = self.verify_signed_token(user_token)
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 1275, in verify_signed_token 
  TRACE keystoneclient.middleware.auth_token     if self.is_signed_token_revoked(signed_text):
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 1233, in is_signed_token_revoked
  TRACE keystoneclient.middleware.auth_token     revocation_list = self.token_revocation_list 
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 1329, in token_revocation_list
  TRACE keystoneclient.middleware.auth_token     self.token_revocation_list = self.fetch_revocation_list() 
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 1366, in fetch_revocation_list
  TRACE keystoneclient.middleware.auth_token     return self.cms_verify(data['signed'])
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 1257, in cms_verify
  TRACE keystoneclient.middleware.auth_token     self.signing_ca_file_name)   
  TRACE keystoneclient.middleware.auth_token   File "/opt/stack/new/python-keystoneclient/keystoneclient/common/cms.py", line 134, in cms_verify
  TRACE keystoneclient.middleware.auth_token     raise exceptions.CertificateConfigError(err)
  TRACE keystoneclient.middleware.auth_token CertificateConfigError: Unable to load certificate. Ensure your system is configured properly.
  TRACE keystoneclient.middleware.auth_token 
  DEBUG keystoneclient.middleware.auth_token [-] Marking token a961b45e3f117dd58b4afc6564d556fa as unauthorized in memcache _cache_store_invalid /opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py:1170
  WARNING keystoneclient.middleware.auth_token [-] Authorization failed for token a961b45e3f117dd58b4afc6564d556fa
  INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request
  INFO eventlet.wsgi.server [-] 127.0.0.1 - - [27/Feb/2014 16:50:36] "POST /v1/4ef47f119bc04d6dae054a5035359641/volumes HTTP/1.1" 401 191 0.299349


  http://logs.openstack.org/35/75535/1/gate/gate-grenade-
  dsvm/3c8e07e/logs/new/screen-c-api.txt.gz?#_2014-02-27_16_50_36_158

  logstash query:  message:"CertificateConfigError: Unable to load
  certificate. Ensure your system is configured properly." AND NOT
  filename:"logs/screen-n-api.txt"

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1285833/+subscriptions

References

[Bug 1285833] [NEW] CertificateConfigError: Unable to load certificate. Ensure your system is configured properly
From: Joe Gordon, 2014-02-27