On 2015-05-27 19:04, Morgan Fainberg wrote:
Hi Hans,
Thanks for the heads up on this. Let me take a closer look and make sure we
have this addressed
(and tested for) in the upstream code base.
I think I know where this came from. I'll check to make sure we don't already
have a bug on this
and/or if you have an open bug in launchpad. If this is still outstanding I'll
make sure we
https://bugs.launchpad.net/keystone/+bug/1459412
Please let me know if you want more logs or want me to try a patch.
Thanks,
Hans
prioritize getting this cleaned up appropriately. Having Fernet (non-persistent
tokens) as a
solid option for Keystone deployment is really important to us (the upstream
team) since it
solves a major scaling issue with Keystone.
--Morgan
Sent via mobile
On May 27, 2015, at 05:46, Hans Feldt <hans.fe...@ericsson.com> wrote:
Hi,
When playing with some keystone deployment alternatives I stumble on a keystone
issue:
2015-05-27 12:11:52.946 57 DEBUG keystone.common.ldap.core [-] LDAP search:
base=ou=Groups,dc=acme,dc=org scope=1
filterstr=(&(&(objectClass=groupOfNames)(member=uid=john,ou=Users,dc=acme,dc=org))(objectClass=groupOfNames))
attrs=['ou', 'cn', 'description'] attrsonly=0 search_s
/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:931 2015-05-27
12:11:52.946 57
DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s
/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:904 2015-05-27
12:11:52.946 57
DEBUG keystone.identity.core [-] ID Mapping - Domain ID: default, Default
Driver: True,
Domains: False, UUIDs: False, Compatible IDs: True _set_domain_id_and_mapping
/usr/lib/python2.7/dist-packages/keystone/identity/core.py:492 2015-05-27
12:11:52.955 57
ERROR keystone.token.providers.fernet.token_formatters [-] john 2015-05-27
12:11:52.955 57
ERROR keystone.common.wsgi [-] badly formed hexadecimal UUID string 2015-05-27
12:11:52.955
57 TRACE keystone.common.wsgi Traceback (most recent call last): 2015-05-27
12:11:52.955 57
TRACE keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py",
line 239, in __call__ 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
result =
method(context, **params) 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
File
"/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 397, in
authenticate_for_token 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
parent_audit_id=token_audit_id) 2015-05-27 12:11:52.955 57 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/token/provider.py", line 344, in
issue_v3_token
2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi parent_audit_id)
2015-05-27
12:11:52.955 57 TRACE keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/core.py",
line 198, in
issue_v3_token 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
federated_info=federated_dict) 2015-05-27 12:11:52.955 57 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/token_formatters.py",
line
133, in create_token 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
audit_ids)
2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/token_formatters.py",
line
416, in assemble 2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi
b_user_id =
cls.convert_uuid_hex_to_bytes(user_id) 2015-05-27 12:11:52.955 57 TRACE
keystone.common.wsgi
File
"/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/token_formatters.py",
line 239, in convert_uuid_hex_to_bytes 2015-05-27 12:11:52.955 57 TRACE
keystone.common.wsgi
uuid_obj = uuid.UUID(uuid_string) 2015-05-27 12:11:52.955 57 TRACE
keystone.common.wsgi
File "/usr/lib/python2.7/uuid.py", line 134, in __init__ 2015-05-27
12:11:52.955 57 TRACE
keystone.common.wsgi raise ValueError('badly formed hexadecimal UUID
string') 2015-05-27
12:11:52.955 57 TRACE keystone.common.wsgi ValueError: badly formed hexadecimal
UUID string
2015-05-27 12:11:52.955 57 TRACE keystone.common.wsgi 2015-05-27 12:11:52.958
57 INFO
eventlet.wsgi.server [-] 172.17.0.26 - - [27/May/2015 12:11:52] "POST
/v3/auth/tokens
HTTP/1.1" 500 490 0.029590
Switching to UUID tokens it works. Switching to SQL Identity backend and fernet
tokens works.
The combination of LDAP identity backend and fernet tokens gives me the above
log for any
request with name/password. Reproducable always.
I have a very minimalistic "cloud" setup with only 2 or 3 docker containers.
One with the SQL
DB, one for Keystone and optionally one for LDAP.
I use Ubuntu 15.04 as base image for my containers that includes Kilo. I've
patched keystone
with the following changeset to make it work (with LDAP):
commit 2c6db4a3bb9e1718744b0e5b03af050fd2866182 Author: Edmund Rhudy
<erh...@bloomberg.net>
Date: Thu May 21 12:42:40 2015 -0400
Make sure LDAP filter is constructed correctly
Thanks, Hans
_______________________________________________ Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :
openstack@lists.openstack.org Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
