Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

New argument for OpenStack Discoverer to refresh access token #207

Closed
yutaokaz opened this issue Aug 3, 2018 · 6 comments
Closed

New argument for OpenStack Discoverer to refresh access token #207

yutaokaz opened this issue Aug 3, 2018 · 6 comments
Assignees
@stevesloka
Labels
discoverer good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v0.3

Comments

@yutaokaz
Copy link
Contributor

yutaokaz commented Aug 3, 2018

Describe the solution you'd like

I want to refresh OpenStack access token used in the OpenStack Discoverer, and my suggestion is to add OpenStack discoverer argument like token-refresh-period.
I found OpenStack discoverer will stop with error:

time="2018-08-02T06:25:09Z" level=info msg="reconciling load balancers"
time="2018-08-02T06:25:09Z" level=error msg="error listing OpenStack projects: failed to list projects: Authentication failed"
time="2018-08-02T06:25:39Z" level=info msg="reconciling load balancers"
time="2018-08-02T06:25:39Z" level=error msg="error listing OpenStack projects: failed to list projects: Authentication failed"
time="2018-08-02T06:26:09Z" level=info msg="reconciling load balancers"
time="2018-08-02T06:26:09Z" level=error msg="error listing OpenStack projects: failed to list projects: Authentication failed"
time="2018-08-02T06:26:39Z" level=info msg="reconciling load balancers"
2018/08/02 06:26:39 RoundTripper returned a response & error; ignoring response
time="2018-08-02T06:26:39Z" level=error msg="error listing OpenStack projects: failed to list projects: Get https://<my-openstack>:5000/v3/projects: tried to re-authenticate 3 times with no success"

in the cause of openstack token expired, I think.

Anything else you would like to add:

OpenStack Discoverer argument means https://github.com/heptio/gimbal/blob/master/docs/openstack-discoverer.md#arguments .
@alexbrand
Copy link
Contributor

alexbrand commented Aug 3, 2018
edited
Loading

Thanks @yutaokaz. We have an open issue that is related to this problem: #142.

However, I agree that we should make sure that:

  • the OpenStack library is refreshing the token properly
  • add the token-refresh-period as suggested if it is required

@alexbrand alexbrand added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. discoverer labels Aug 3, 2018
@rosskukulinski rosskukulinski added this to the v0.3 milestone Aug 6, 2018
@rosskukulinski
Copy link
Contributor

#202 was merged, so this resolves the problem where the discoverer fails to reconcile load balancers because the token expires.

Should probably still add a token-refresh-period option.

@rosskukulinski
Copy link
Contributor

@stevesloka is this something you could look to tackle next week?

@stevesloka stevesloka self-assigned this Aug 21, 2018
@stevesloka
Copy link
Member

@rosskukulinski yes I should be able to tackle this week.

This was referenced Aug 22, 2018
Closed
Merged
@alexbrand
Copy link
Contributor

@yutaokaz We fixed this in #224. The problem was that we had not enabled the re-authentication feature of the OpenStack library. As of #224, we are now enabling the OpenStack client to re-authenticate whenever it gets an Unauthorized error from the server.

@yutaokaz
Copy link
Contributor Author

yutaokaz commented Aug 24, 2018
edited
Loading

@alexbrand Thank you for the information. #224 looks good to me!

Considering re-authentication, Gimbal might as well stop LivenessProbe to OpenStack to avoid pod restarting before/while re-authentication I think.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@stevesloka stevesloka

Labels
discoverer good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
v0.3
Development

No branches or pull requests
4 participants
@alexbrand @stevesloka @rosskukulinski @yutaokaz