← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1427141] [NEW] console auth token timeout has no impact

 

Public bug reported:

Issue
=====
The console feature (VNC, SERIAL, ...) returns a connection with an auth
token. This connection *never* times out.

Steps to reproduce
==================

The steps below are suitable for testing with the serial console but the
behavior is the same with VNC.

* enable the console feature in nova.conf
  [serial_console]
  enabled=True
* set the token timeout value in nova.conf to a value which fits your 
  testing (e.g.)
  console_token_ttl=10
* start the nova-serialproxy service (e.g. with devstack [1])
* start an instance
* Connect to the serial console of that launched instance
  (e.g. Horizon with "console" tab or another client [2])
* Execute a command (e.g. "date")  
* Wait until the timespan defined by "console_token_ttl" elapsed
* Execute another command (e.g. "date")

Expected behavior
=================

The command in the console is refused after the timespan elapsed.

Actual behavior
===============

The connection is kept open and each command is executed after the 
defined timespan. This looks weird in the case when Horizon times out
but the console tab is still working.

Logs & Env.
===========

OpenStack is installed and started with devstack.
The logs [3] show that the expired token gets removed when a new token
is appended. The append of a new token happens only when the console
tab is reopened and the old token is expired.

Nova version
------------

pedebug@OS-CTRL:/opt/stack/nova$ git log --oneline -n5
017574e Merge "Added retries in 'network_set_host' function"
a957d56 libvirt: Adjust Nova to support FCP on System z systems
36bae5a Merge "fake: fix public API signatures to match virt driver"
13223b5 Merge "Don't assume contents of values after aggregate_update"
c4a9cc5 Merge "Fix VNC access, when reverse DNS lookups fail"


References
==========

[1] Devstack guide; Nova and devstack;
    http://docs.openstack.org/developer/devstack/guides/nova.html
[2] larsk/novaconsole; github; https://github.com/larsks/novaconsole/
[3] http://paste.openstack.org/show/184866/

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1427141

Title:
  console auth token timeout has no impact

Status in OpenStack Compute (Nova):
  New

Bug description:
  Issue
  =====
  The console feature (VNC, SERIAL, ...) returns a connection with an auth
  token. This connection *never* times out.

  Steps to reproduce
  ==================

  The steps below are suitable for testing with the serial console but the
  behavior is the same with VNC.

  * enable the console feature in nova.conf
    [serial_console]
    enabled=True
  * set the token timeout value in nova.conf to a value which fits your 
    testing (e.g.)
    console_token_ttl=10
  * start the nova-serialproxy service (e.g. with devstack [1])
  * start an instance
  * Connect to the serial console of that launched instance
    (e.g. Horizon with "console" tab or another client [2])
  * Execute a command (e.g. "date")  
  * Wait until the timespan defined by "console_token_ttl" elapsed
  * Execute another command (e.g. "date")

  Expected behavior
  =================

  The command in the console is refused after the timespan elapsed.

  Actual behavior
  ===============

  The connection is kept open and each command is executed after the 
  defined timespan. This looks weird in the case when Horizon times out
  but the console tab is still working.

  Logs & Env.
  ===========

  OpenStack is installed and started with devstack.
  The logs [3] show that the expired token gets removed when a new token
  is appended. The append of a new token happens only when the console
  tab is reopened and the old token is expired.

  Nova version
  ------------

  pedebug@OS-CTRL:/opt/stack/nova$ git log --oneline -n5
  017574e Merge "Added retries in 'network_set_host' function"
  a957d56 libvirt: Adjust Nova to support FCP on System z systems
  36bae5a Merge "fake: fix public API signatures to match virt driver"
  13223b5 Merge "Don't assume contents of values after aggregate_update"
  c4a9cc5 Merge "Fix VNC access, when reverse DNS lookups fail"

  
  References
  ==========

  [1] Devstack guide; Nova and devstack;
      http://docs.openstack.org/developer/devstack/guides/nova.html
  [2] larsk/novaconsole; github; https://github.com/larsks/novaconsole/
  [3] http://paste.openstack.org/show/184866/

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1427141/+subscriptions


Follow ups

References