Public bug reported: This logic in being run far too often: https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py#L253-L281
resulting in logs like the following: 2015-09-16 23:34:04.261007 108719 INFO keystone.middleware.core [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:04.265523 108719 DEBUG keystone.middleware.core [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:04.304670 108719 INFO keystone.common.wsgi [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] GET http://172.16.240.136:35357/v2.0/ 2015-09-16 23:34:04.454396 108722 INFO keystone.middleware.core [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:04.460344 108722 DEBUG keystone.middleware.core [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:04.501183 108722 INFO keystone.common.wsgi [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] POST http://172.16.240.136:35357/v2.0/tokens 2015-09-16 23:34:05.002308 108721 INFO keystone.middleware.core [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:05.006774 108721 DEBUG keystone.middleware.core [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:05.053912 108721 INFO keystone.common.wsgi [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] POST http://172.16.240.136:35357/v2.0/tokens 2015-09-16 23:34:05.290813 108720 INFO keystone.common.wsgi [req-9b96e50a-f4c9-4dc0-b3bf-7fc26f44c59a - - - - -] GET http://172.16.240.136:35357/ 2015-09-16 23:34:05.304653 108718 DEBUG keystone.middleware.core [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'b95ea3fcaf8a49309ee2b406c02f383e', 'roles': [u'anotherrole', u'Member'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=yQcilB0WSMa9Ys6OejFAjg, audit_chain_id=yQcilB0WSMa9Ys6OejFAjg) at 0x7fef3e216990>, 'project_id': u'ae819f8aeda04d8488b4412baed1730b', 'trust_id': None} process_request /opt/stack/keystone/keystone/middleware/core.py:311 2015-09-16 23:34:05.306174 108718 INFO keystone.common.wsgi [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] GET http://172.16.240.136:35357/v2.0/users 2015-09-16 23:34:05.306694 108718 DEBUG keystone.policy.backends.rules [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] enforce admin_required: {'user_id': u'b95ea3fcaf8a49309ee2b406c02f383e', u'is_admin': 0, u'roles': [u'anotherrole', u'Member'], 'tenant_id': u'ae819f8aeda04d8488b4412baed1730b'} enforce /opt/stack/keystone/keystone/policy/backends/rules.py:76 2015-09-16 23:34:05.331264 108718 WARNING keystone.common.wsgi [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] You are not authorized to perform the requested action: admin_required (Disable debug mode to suppress these details.) ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1497132 Title: tokenless auth is being too chatty on every call Status in Keystone: New Bug description: This logic in being run far too often: https://github.com/openstack/keystone/blob/master/keystone/middleware/core.py#L253-L281 resulting in logs like the following: 2015-09-16 23:34:04.261007 108719 INFO keystone.middleware.core [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:04.265523 108719 DEBUG keystone.middleware.core [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:04.304670 108719 INFO keystone.common.wsgi [req-f715dbbe-8dac-490e-a02c-4a430eefb1a0 - - - - -] GET http://172.16.240.136:35357/v2.0/ 2015-09-16 23:34:04.454396 108722 INFO keystone.middleware.core [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:04.460344 108722 DEBUG keystone.middleware.core [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:04.501183 108722 INFO keystone.common.wsgi [req-3c130a0f-8147-46bd-83d3-c55d873ed3a6 - - - - -] POST http://172.16.240.136:35357/v2.0/tokens 2015-09-16 23:34:05.002308 108721 INFO keystone.middleware.core [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN. 2015-09-16 23:34:05.006774 108721 DEBUG keystone.middleware.core [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/core.py:307 2015-09-16 23:34:05.053912 108721 INFO keystone.common.wsgi [req-feba423f-afb7-4650-a6cc-a83242d69d39 - - - - -] POST http://172.16.240.136:35357/v2.0/tokens 2015-09-16 23:34:05.290813 108720 INFO keystone.common.wsgi [req-9b96e50a-f4c9-4dc0-b3bf-7fc26f44c59a - - - - -] GET http://172.16.240.136:35357/ 2015-09-16 23:34:05.304653 108718 DEBUG keystone.middleware.core [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'b95ea3fcaf8a49309ee2b406c02f383e', 'roles': [u'anotherrole', u'Member'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=yQcilB0WSMa9Ys6OejFAjg, audit_chain_id=yQcilB0WSMa9Ys6OejFAjg) at 0x7fef3e216990>, 'project_id': u'ae819f8aeda04d8488b4412baed1730b', 'trust_id': None} process_request /opt/stack/keystone/keystone/middleware/core.py:311 2015-09-16 23:34:05.306174 108718 INFO keystone.common.wsgi [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] GET http://172.16.240.136:35357/v2.0/users 2015-09-16 23:34:05.306694 108718 DEBUG keystone.policy.backends.rules [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] enforce admin_required: {'user_id': u'b95ea3fcaf8a49309ee2b406c02f383e', u'is_admin': 0, u'roles': [u'anotherrole', u'Member'], 'tenant_id': u'ae819f8aeda04d8488b4412baed1730b'} enforce /opt/stack/keystone/keystone/policy/backends/rules.py:76 2015-09-16 23:34:05.331264 108718 WARNING keystone.common.wsgi [req-ff998f4d-0df5-4bc8-9ad5-dbc498b04dc7 - - - - -] You are not authorized to perform the requested action: admin_required (Disable debug mode to suppress these details.) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1497132/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
