← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1816399] Re: The periodic task to clean up expired console_auth tokens is invalid

 

Reviewed:  https://review.opendev.org/637716
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=57112a7174945cdcd9f395d20fd6a242cecf5072
Submitter: Zuul
Branch:    master

commit 57112a7174945cdcd9f395d20fd6a242cecf5072
Author: Takashi NATSUME <natsume.takashi@xxxxxxxxxxxxx>
Date:   Fri May 3 22:19:17 2019 +0900

    Fix cleaning up console tokens
    
    The periodic task to clean up expired console_auth tokens
    does not work properly because there are cases that 'host'
    in the 'console_auth_tokens' table is different from
    hosts where nova-compute processes run.
    
    So make the periodic task to clear all expired console tokens
    regardless of hosts where nova-compute processes run.
    
    Change-Id: I61cee4245e612b4bef1ffaacc634a8302cf836e9
    Closes-Bug: #1816399


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1816399

Title:
  The periodic task to clean up expired console_auth tokens is invalid

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Description
  ===========
  In compute node, the periodic task to clean up expired console_auth tokens is invalid, can't remove expired console auth tokens for this host.

  Steps to reproduce
  ==================
  1.In controller node, config nova-novncproxy using database to store novnc auth tokens.
  enable_consoleauth=false

  2.In compute node, config vnc server address and token_ttl.
  server_proxyclient_address=10.43.203.225
  token_ttl=60

  3.Restart nova-compute and nova-novncproxy.

  4.Using nova command to get novncproxy_base_url and token.

  Expected result
  ===============
  The periodic task can remove expired console auth tokens in database.

  Actual result
  =============

  This periodic task is invalid.

  
  Environment
  ===========
  1. Exact version of OpenStack you are running. See the following
  master

  2. Which hypervisor did you use?
  Libvirt + KVM

  3. Which networking type did you use?
  Neutron with OpenVSwitch

  Logs & Configs
  ==============
  1. In console_auth_tokens table, host's value is CONF.vnc.server_proxyclient_address.

      def get_vnc_console(self, context, instance):
          def get_vnc_port_for_instance(instance_name):
              guest = self._host.get_guest(instance)

              xml = guest.get_xml_desc()
              xml_dom = etree.fromstring(xml)

              graphic = xml_dom.find("./devices/graphics[@type='vnc']")
              if graphic is not None:
                  return graphic.get('port')
              # NOTE(rmk): We had VNC consoles enabled but the instance in
              # question is not actually listening for connections.
              raise exception.ConsoleTypeUnavailable(console_type='vnc')

          port = get_vnc_port_for_instance(instance.name)
          host = CONF.vnc.server_proxyclient_address

          return ctype.ConsoleVNC(host=host, port=port)

  
  2. In periodic task, the host's value is hostname.

      @periodic_task.periodic_task(spacing=CONF.instance_delete_interval)
      def _cleanup_expired_console_auth_tokens(self, context):
          """Remove expired console auth tokens for this host.

          Console authorization tokens and their connection data are stored
          in the database when a user asks for a console connection to an
          instance. After a time they expire. We periodically remove any expired
          tokens from the database.
          """
          # If the database backend isn't in use, don't bother looking for
          # expired tokens. The database backend is not supported for cells v1.
          if not CONF.cells.enable:
              objects.ConsoleAuthToken.\
                  clean_expired_console_auths_for_host(context, self.host)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1816399/+subscriptions


References