docker-keystone
docker-keystone copied to clipboard
int32bit
Invalid user token error accured while using admin token
Description
While using --os-token=ADMIN_TOKEN rather than admin user credentials fails with error message.
Error log
WARNING keystone.middleware.auth [req-1c30ec74-7ef3-4d2b-8982-a6e36b402e58 - - - - -] Invalid token contents.
ERROR keystone.middleware.auth Traceback (most recent call last):
ERROR keystone.middleware.auth File "/usr/local/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 540, in _do_fetch_token
ERROR keystone.middleware.auth return data, access.create(body=data, auth_token=token)
ERROR keystone.middleware.auth File "/usr/local/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
ERROR keystone.middleware.auth return wrapped(*args, **kwargs)
ERROR keystone.middleware.auth File "/usr/local/lib/python2.7/site-packages/keystoneauth1/access/access.py", line 49, in create
ERROR keystone.middleware.auth raise ValueError('Unrecognized auth response')
ERROR keystone.middleware.auth ValueError: Unrecognized auth response
ERROR keystone.middleware.auth
INFO keystone.middleware.auth [req-1c30ec74-7ef3-4d2b-8982-a6e36b402e58 - - - - -] Invalid user token
Environment
uname -a
Linux int32bit-keystone 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
keystone version: 10.0.0.0b1
Configuration
[DEFAULT]
admin_token = 294a4c8a8a475f9b9836
[database]
connection = sqlite:///keystone.db
[token]
provider = fernet
Reproduce
git clone https://github.com/int32bit/docker-keystone.git
cd docker-keystone
make
make run
make log
Yep, it seems work well, but i can't stand the error message in the docker log. Is there any way to get rid of those error from the log ?
Which message specifically? I didnt see the first one you posted above.
Hi @matthewfischer, I found your blog https://www.mattfischer.com/blog/?p=665, and I wonder why keystone fernet token validation operations are much slower than uuid operations. The performance is up to 14x slower which makes other openstack API calls slower too.
| Token Type | Response Time | Requests per second |
|---|---|---|
| UUID | 494.045 ms | 202.41 req/s |
| Fernet | 6965.615 ms (1409% slower) | 14.36 req/s (1400% slower) |
In addition, I found that the Mitaka Keystone is a bit slower than the Liberty.
The crypto operations are I think the slow down. However I never saw anything like a 14x slowdown that looks pretty extreme. 6 seconds to validate a token is a long time so I wonder if you have something else going on?
Also If you use fernet you should always use token caching for validations. I talk about it some more here: https://www.youtube.com/watch?v=702SRZHdNW8