yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #28364
[Bug 1392264] Re: Keystonemiddleware crashes when memcache encryption is enabled with Swift
** Changed in: keystonemiddleware
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1392264
Title:
Keystonemiddleware crashes when memcache encryption is enabled with
Swift
Status in OpenStack Identity (Keystone):
Invalid
Status in OpenStack Identity (Keystone) Middleware:
Fix Released
Bug description:
We've come across the following issue when deploying standalone Swift
servers using TripleO, where we've enabled auth token memcache with
encryption. We get this error from the Swift proxy:
Nov 11 15:17:49 overcloud-swiftstorage1-ohdtremvbiw3 proxy-server: Error: An error occurred: #012Traceback (most recent call last):#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middlewar
e/catch_errors.py", line 41, in handle_request#012 resp = self._app_call(env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/wsgi.py", line 582, in _app_call#012 resp = self.app(env,
self._start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/gatekeeper.py", line 90, in __call__#012 return self.app(env, gatekeeper_response)#012 File "/opt/stack
/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/healthcheck.py", line 57, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packag
es/swift/common/middleware/proxy_logging.py", line 289, in __call__#012 iterable = self.app(env, my_start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/memcache.py
", line 85, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/crossdomain.py", line 82, in __call__#012 return self.app(e
nv, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/swift/common/middleware/tempurl.py", line 295, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/ope
nstack/local/lib/python2.7/site-packages/swift/common/middleware/formpost.py", line 231, in __call__#012 return self.app(env, start_response)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonem
iddleware/auth_token.py", line 710, in __call__#012 token_info = self._validate_token(user_token, env)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 891, in
_validate_token#012 self._token_cache.store_invalid(token_id)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1714, in store_invalid#012 self._cache_store(t
oken_id, self._INVALID_INDICATOR)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/auth_token.py", line 1822, in _cache_store#012 data_to_store = memcache_crypt.protect_data(keys, s
erialized_data)#012 File "/opt/stack/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 166, in protect_data#012 data = encrypt_data(keys['ENCRYPTION'], data)#012 File "/opt/sta
ck/venvs/openstack/local/lib/python2.7/site-packages/keystonemiddleware/_memcache_crypt.py", line 80, in wrapper#012 raise CryptoUnavailableError()#012CryptoUnavailableError (txn: tx9bf0c765e603404e8a776-0054622899)
Looking in the _memcache_crypt.py code the problem is that pycrypto
isn't installed in the Swift venv. pycrypto isn't listed in the
Keystonemiddleware requirements.txt file. Since memcache encryption
in Keystone middleware relies on pycrypto, and to avoid this issue
where the Swift proxy errors out, we believe that pyrcypto should be
added to Keystonemiddleware's requirements.txt file.
--- (morganfainberg): This is a documentation bug, see my comment #2
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1392264/+subscriptions
References
