Lance Bragstad lbragstad

## Troubleshooting Revocation Caching
TOKEN_ID: gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0
R0sCoeYA

unmangled key: 'keystone.token.provider:_validate_token|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSG
jOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA'
mangled key: '2a40538b1ae86e0914ff94e5238fb89ad83a5381'

unmangled key: 'keystone.token.provider:validate_non_persistent_token|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-f
UASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA'
mangled key: 'e7e56c9ef2718e445c8cd52597c7f5e6312eefca'

## adminrc
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_PROJECT_NAME=admin
export OS_DEFAULT_DOMAIN=default
export OS_AUTH_URL=http://localhost:35357/v3/
export OS_IDENTITY_API_VERSION=3

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                lbragstad
                / README.md
            
            
              Last active
              August 2, 2017 22:39
            
          
    Unassigning Bugs

This script has moved the launchpad-toolkit repository.

  
## README.md

      
              6 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                lbragstad
                / README.md
            
            
              Last active
              October 24, 2016 17:07
            
              
                Newton Rolling Upgrades
              
          
    Problem Context

We had an operator come to us with an interesting issue regarding rolling upgrades from Mitaka to Newton. The conversation was logged in #openstack-keystone. This notepad is my attempt to recreate the issue and document whatever I find.
Setup

I documented most of the installation process while testing the migration for encrypted credentials. I'm going to essentially use the same steps to install keystone. The steps after setup are specific to creating test data for credentials. Here we are going to document the upgrade process separately since it doesn't have to be specific to credentials.
Once we have Mitaka up and running - we can go ahead and populate it with some data:

  
## basic-commands.sh
sudo apt-get update; sudo apt-get dist-upgrade
reboot

## crypt.py
import os
import six
import uuid

from Crypto.Cipher import AES
from cryptography.hazmat import backends
from cryptography.hazmat.primitives import ciphers
from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.ciphers import modes
from cryptography.hazmat.primitives import padding

## example_usage.py
endpoint_schema = Endpoint(required=True)
resource_to_validate = endpoint_schema.__class__.__name__.lower()
@validation.validated(endpoint_schema.json(), resource_to_validate)

## rotate-1
$ keystone-manage fernet_rotate
2528 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 2 key files: ['/etc/keystone/fernet-keys/0', '/etc/keystone/fernet-keys/1']
2528 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 1
2528 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 2
2528 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 2
2528 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
2528 INFO keystone.token.providers.fernet.utils [-] Excess keys to purge: []
$ ls /etc/keystone/fernet-keys/
0  1  2

## bootstrap
$ git clone https://gist.github.com/02c6d37f49596b3f4298.git
$ cd 02c6d37f49596b3f4298/
$ pip install -r requirements.txt
$ export KEYSTONE_ENDPOINT=http://<keystone-1-ip>:35357
$ python bootstrap.py

## log
May 05 21:39:48 laptop mcelog[905]: mcelog: Family 6 Model 8e CPU: only decoding architectural errors
May 05 21:39:48 laptop mcelog[905]: Hardware event. This is not a software error.
May 05 21:39:48 laptop mcelog[905]: MCE 0
May 05 21:39:48 laptop mcelog[905]: CPU 2 THERMAL EVENT TSC 2fcfe2b50638
May 05 21:39:48 laptop mcelog[905]: TIME 1494038388 Fri May  5 21:39:48 2017
May 05 21:39:48 laptop mcelog[905]: Processor 2 heated above trip temperature. Throttling enabled.
May 05 21:39:48 laptop mcelog[905]: Please check your system cooling. Performance will be impacted
May 05 21:39:48 laptop mcelog[905]: STATUS 8819080b MCGSTATUS 0
May 05 21:39:48 laptop mcelog[905]: MCGCAP c08 APICID 1 SOCKETID 0
May 05 21:39:48 laptop mcelog[905]: CPUID Vendor Intel Family 6 Model 142
	TOKEN_ID: gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0
	R0sCoeYA

	unmangled key: 'keystone.token.provider:_validate_token\|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSG
	jOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA'
	mangled key: '2a40538b1ae86e0914ff94e5238fb89ad83a5381'

	unmangled key: 'keystone.token.provider:validate_non_persistent_token\|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-f
	UASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA'
	mangled key: 'e7e56c9ef2718e445c8cd52597c7f5e6312eefca'
	export OS_USERNAME=admin
	export OS_PASSWORD=password
	export OS_PROJECT_NAME=admin
	export OS_DEFAULT_DOMAIN=default
	export OS_AUTH_URL=http://localhost:35357/v3/
	export OS_IDENTITY_API_VERSION=3
	import os
	import six
	import uuid

	from Crypto.Cipher import AES
	from cryptography.hazmat import backends
	from cryptography.hazmat.primitives import ciphers
	from cryptography.hazmat.primitives.ciphers import algorithms
	from cryptography.hazmat.primitives.ciphers import modes
	from cryptography.hazmat.primitives import padding
	endpoint_schema = Endpoint(required=True)
	resource_to_validate = endpoint_schema.__class__.__name__.lower()
	@validation.validated(endpoint_schema.json(), resource_to_validate)
	$ keystone-manage fernet_rotate
	2528 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 2 key files: ['/etc/keystone/fernet-keys/0', '/etc/keystone/fernet-keys/1']
	2528 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 1
	2528 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 2
	2528 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 2
	2528 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
	2528 INFO keystone.token.providers.fernet.utils [-] Excess keys to purge: []
	$ ls /etc/keystone/fernet-keys/
	0 1 2
	$ git clone https://gist.github.com/02c6d37f49596b3f4298.git
	$ cd 02c6d37f49596b3f4298/
	$ pip install -r requirements.txt
	$ export KEYSTONE_ENDPOINT=http://<keystone-1-ip>:35357
	$ python bootstrap.py
	May 05 21:39:48 laptop mcelog[905]: mcelog: Family 6 Model 8e CPU: only decoding architectural errors
	May 05 21:39:48 laptop mcelog[905]: Hardware event. This is not a software error.
	May 05 21:39:48 laptop mcelog[905]: MCE 0
	May 05 21:39:48 laptop mcelog[905]: CPU 2 THERMAL EVENT TSC 2fcfe2b50638
	May 05 21:39:48 laptop mcelog[905]: TIME 1494038388 Fri May 5 21:39:48 2017
	May 05 21:39:48 laptop mcelog[905]: Processor 2 heated above trip temperature. Throttling enabled.
	May 05 21:39:48 laptop mcelog[905]: Please check your system cooling. Performance will be impacted
	May 05 21:39:48 laptop mcelog[905]: STATUS 8819080b MCGSTATUS 0
	May 05 21:39:48 laptop mcelog[905]: MCGCAP c08 APICID 1 SOCKETID 0
	May 05 21:39:48 laptop mcelog[905]: CPUID Vendor Intel Family 6 Model 142