yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79395
[Bug 1816399] Re: The periodic task to clean up expired console_auth tokens is invalid
Reviewed: https://review.opendev.org/637716
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=57112a7174945cdcd9f395d20fd6a242cecf5072
Submitter: Zuul
Branch: master
commit 57112a7174945cdcd9f395d20fd6a242cecf5072
Author: Takashi NATSUME <natsume.takashi@xxxxxxxxxxxxx>
Date: Fri May 3 22:19:17 2019 +0900
Fix cleaning up console tokens
The periodic task to clean up expired console_auth tokens
does not work properly because there are cases that 'host'
in the 'console_auth_tokens' table is different from
hosts where nova-compute processes run.
So make the periodic task to clear all expired console tokens
regardless of hosts where nova-compute processes run.
Change-Id: I61cee4245e612b4bef1ffaacc634a8302cf836e9
Closes-Bug: #1816399
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1816399
Title:
The periodic task to clean up expired console_auth tokens is invalid
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Description
===========
In compute node, the periodic task to clean up expired console_auth tokens is invalid, can't remove expired console auth tokens for this host.
Steps to reproduce
==================
1.In controller node, config nova-novncproxy using database to store novnc auth tokens.
enable_consoleauth=false
2.In compute node, config vnc server address and token_ttl.
server_proxyclient_address=10.43.203.225
token_ttl=60
3.Restart nova-compute and nova-novncproxy.
4.Using nova command to get novncproxy_base_url and token.
Expected result
===============
The periodic task can remove expired console auth tokens in database.
Actual result
=============
This periodic task is invalid.
Environment
===========
1. Exact version of OpenStack you are running. See the following
master
2. Which hypervisor did you use?
Libvirt + KVM
3. Which networking type did you use?
Neutron with OpenVSwitch
Logs & Configs
==============
1. In console_auth_tokens table, host's value is CONF.vnc.server_proxyclient_address.
def get_vnc_console(self, context, instance):
def get_vnc_port_for_instance(instance_name):
guest = self._host.get_guest(instance)
xml = guest.get_xml_desc()
xml_dom = etree.fromstring(xml)
graphic = xml_dom.find("./devices/graphics[@type='vnc']")
if graphic is not None:
return graphic.get('port')
# NOTE(rmk): We had VNC consoles enabled but the instance in
# question is not actually listening for connections.
raise exception.ConsoleTypeUnavailable(console_type='vnc')
port = get_vnc_port_for_instance(instance.name)
host = CONF.vnc.server_proxyclient_address
return ctype.ConsoleVNC(host=host, port=port)
2. In periodic task, the host's value is hostname.
@periodic_task.periodic_task(spacing=CONF.instance_delete_interval)
def _cleanup_expired_console_auth_tokens(self, context):
"""Remove expired console auth tokens for this host.
Console authorization tokens and their connection data are stored
in the database when a user asks for a console connection to an
instance. After a time they expire. We periodically remove any expired
tokens from the database.
"""
# If the database backend isn't in use, don't bother looking for
# expired tokens. The database backend is not supported for cells v1.
if not CONF.cells.enable:
objects.ConsoleAuthToken.\
clean_expired_console_auths_for_host(context, self.host)
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1816399/+subscriptions
References