← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #24468

[Bug 1392264] [NEW] Keystonemiddleware crashes when memcache encryption is enabled with Swift

  Thread PreviousDate PreviousThread Next 
Public bug reported:

We've come across the following issue when deploying standalone Swift
servers using TripleO, where we've enabled auth token memcache with
encryption.  We get this error from the Swift proxy:

Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar
e/catch_errors.py", line 41, in handle_request#012    resp = self._app_call(env)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012    resp = self.app(env,
 self._start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012    return self.app(env, gatekeeper_response)#012  File "/opt/stack
/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag
es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012    iterable = self.app(env, my_start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py
", line 85, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012    return self.app(e
nv, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/ope
nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem
iddleware/auth_token.py", line 710, in __call__#012    token_info = self._validate_token(user_token, env)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in 
_validate_token#012    self._token_cache.store_invalid(token_id)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012    self._cache_store(t
oken_id, self._INVALID_INDICATOR)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012    data_to_store = memcache_crypt.protect_data(keys, s
erialized_data)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012    data = encrypt_data(keys['ENCRYPTION'], data)#012  File "/opt/sta
ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012    raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899)

Looking in the _memcache_crypt.py code the problem is that pycrypto
isn't installed in the Swift venv.  pycrypto isn't listed in the
Keystonemiddleware requirements.txt file.  Since memcache encryption in
Keystone middleware relies on pycrypto, and to avoid this issue where
the Swift proxy errors out, we believe that pyrcypto should be added to
Keystonemiddleware's requirements.txt file.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1392264

Title:
  Keystonemiddleware crashes when memcache encryption is enabled with
  Swift

Status in OpenStack Identity (Keystone):
  New

Bug description:
  We've come across the following issue when deploying standalone Swift
  servers using TripleO, where we've enabled auth token memcache with
  encryption.  We get this error from the Swift proxy:

  Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar
  e/catch_errors.py", line 41, in handle_request#012    resp = self._app_call(env)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012    resp = self.app(env,
   self._start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012    return self.app(env, gatekeeper_response)#012  File "/opt/stack
  /venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag
  es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012    iterable = self.app(env, my_start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py
  ", line 85, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012    return self.app(e
  nv, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/ope
  nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012    return self.app(env, start_response)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem
  iddleware/auth_token.py", line 710, in __call__#012    token_info = self._validate_token(user_token, env)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in 
  _validate_token#012    self._token_cache.store_invalid(token_id)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012    self._cache_store(t
  oken_id, self._INVALID_INDICATOR)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012    data_to_store = memcache_crypt.protect_data(keys, s
  erialized_data)#012  File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012    data = encrypt_data(keys['ENCRYPTION'], data)#012  File "/opt/sta
  ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012    raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899)

  Looking in the _memcache_crypt.py code the problem is that pycrypto
  isn't installed in the Swift venv.  pycrypto isn't listed in the
  Keystonemiddleware requirements.txt file.  Since memcache encryption
  in Keystone middleware relies on pycrypto, and to avoid this issue
  where the Swift proxy errors out, we believe that pyrcypto should be
  added to Keystonemiddleware's requirements.txt file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1392264/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next