yahoo-eng-team team mailing list archive

[Matthias Runge <1324984@xxxxxxxxxxxxxxxxxx>]

I agree, this is an issue; sadly, Horizon can't do anything about it. The same situation happens, if the keystone token is revoked on the console.
And not revoking the token on log-out is not an option as well.

** Changed in: horizon
       Status: New => Invalid

** Also affects: cinder
   Importance: Undecided
       Status: New

** Also affects: glance
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1324984

Title:
  Sign out break long-runing Cinder backup (token revoked) (Glance
  snapshot also)

Status in Cinder:
  New
Status in OpenStack Image Registry and Delivery Service (Glance):
  New
Status in OpenStack Dashboard (Horizon):
  Invalid

Bug description:
  
  If you initiate a long-running operation (such as a Cinder volume backup) and then sign out, the operation will fail. The reason it fails is that Cinder is using the token to authenticate it's requests with Swift. When you sign out, Horizon revokes the token. The next time Cinder attempts to PUT an object, it gets 401.

  There may be better ways for Cinder/Glance to handle bearer tokens
  (e..g, trusts). Note, Cinder's behavior is similar to Glance (when
  used in multi-tenant backing store mode). IHowever, Cinder/Glance's
  behavior with long-running actions (or more specifically when they
  make multiple requests to Swift) pre-dates Horizon.

  It would also break Swift static large object (SLO) downloads...though
  that will soon be fixed by a re-org of the pipeline.

  (BTE: I fudged "the next time Cinder attempts o PUT" a bit; Swift
  caches the token for 10 minutes, so if all PUTs complete within 10
  minutes, then you are ok)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1324984/+subscriptions