yahoo-eng-team team mailing list archive

[Jonathan Halterman <jhalterman@xxxxxx>]

Public bug reported:

I noticed an issue that is effected by a system clock skew that results
in keystone, via a service using keystone-middleware, to intermittently
succeed/fail/succeed/fail/etc, requests that use the same token. This
issue is related to the system clock in some way as installing ntp and
forcing a clock update immediately resolved the issue.

Output from the client's perspective (curl requests against Trove, using
keystone-middleware):

http://paste.openstack.org/show/163419/

Output from Trove's log, including middleware logging:

http://paste.openstack.org/show/163420/

Output from keystone.log:

http://paste.openstack.org/show/163421/

Steps to reproduce:

New VM (Ubuntu in my case)
Ensure that the system clock lags a few hours
Install devstack, enabling trove
Get a token from keystone for the admin tenant
curl trove /instances for the admin tenant using the token
Repeat the curl numerous times. Requests should start to succeed/fail intermittently.

To resolve, install and start ntp.

** Affects: keystone
     Importance: Undecided
         Status: New

** Affects: keystonemiddleware
     Importance: Undecided
         Status: New

** Also affects: keystonemiddleware
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1415687

Title:
  Keystone middleware intermittently rejects a token based on expiration

Status in OpenStack Identity (Keystone):
  New
Status in OpenStack Identity  (Keystone) Middleware:
  New

Bug description:
  I noticed an issue that is effected by a system clock skew that
  results in keystone, via a service using keystone-middleware, to
  intermittently succeed/fail/succeed/fail/etc, requests that use the
  same token. This issue is related to the system clock in some way as
  installing ntp and forcing a clock update immediately resolved the
  issue.

  Output from the client's perspective (curl requests against Trove,
  using keystone-middleware):

  http://paste.openstack.org/show/163419/

  Output from Trove's log, including middleware logging:

  http://paste.openstack.org/show/163420/

  Output from keystone.log:

  http://paste.openstack.org/show/163421/

  Steps to reproduce:

  New VM (Ubuntu in my case)
  Ensure that the system clock lags a few hours
  Install devstack, enabling trove
  Get a token from keystone for the admin tenant
  curl trove /instances for the admin tenant using the token
  Repeat the curl numerous times. Requests should start to succeed/fail intermittently.

  To resolve, install and start ntp.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1415687/+subscriptions