forked from canonical/hotsos
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
scenarios/ost/keystone/lp1896125: better detection of the LP#1896125
the previous revision of the scenario was tied to the specific keystone versions which impedes the scenario's ability to detect the bug in other keystone versions. the new revision will detect the bug regardless of the keystone version. Closes canonical#756 Signed-off-by: Mustafa Kemal Gilor <mustafa.gilor@canonical.com>
- Loading branch information
Showing
2 changed files
with
30 additions
and
49 deletions.
There are no files selected for viewing
47 changes: 14 additions & 33 deletions
47
hotsos/defs/scenarios/openstack/keystone/bugs/lp1896125.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,40 +1,21 @@ | ||
| checks: | ||
| has_1896125: | ||
| apt: | ||
| keystone: | ||
| # Train | ||
| - min: 2:16.0.0 | ||
| max: 2:16.0.1 | ||
| # Ussuri | ||
| - min: 2:17.0.0 | ||
| max: 2:17.0.0-99 | ||
| # Victoria | ||
| - min: 2:18.0.0 | ||
| max: 2:18.0.0-99 | ||
| config: | ||
| handler: hotsos.core.plugins.openstack.OpenstackConfig | ||
| # keystone ldap config be defined globally or per-domain | ||
| path: [etc/keystone/keystone.conf, etc/keystone/domains/*] | ||
| assertions: | ||
| - key: url | ||
| section: ldap | ||
| ops: [[truth]] # i.e. does the setting have a value | ||
| allow-unset: False | ||
| has_maxconn_reached_error: | ||
| input: | ||
| path: 'var/log/keystone/keystone.log' | ||
| expr: 'ldappool.MaxConnectionReachedError:.*' | ||
| conclusions: | ||
| lp1896125: | ||
| decision: has_1896125 | ||
| decision: has_maxconn_reached_error | ||
| raises: | ||
| type: LaunchpadBug | ||
| bug-id: 1896125 | ||
| message: >- | ||
| Installed package '{package}' with version {version} has a known bug | ||
| that causes memory leak over time and causes LDAP logins to fail. It | ||
| is recommended to upgrade to the next point release available for the | ||
| package. To workaround LDAP login failure problem, disable LDAP pooling | ||
| by setting `ldap-use-pool` to `false` for all deployed `keystone-ldap` | ||
| applications in charmed deployments. For non-charmed deployments, set | ||
| `use_pool` to `false` in the LDAP domain /etc/keystone/domains/*.conf | ||
| file. | ||
| format-dict: | ||
| package: '@checks.has_1896125.requires.package' | ||
| version: '@checks.has_1896125.requires.version' | ||
| Known Keystone bug identified that causes Denial-of-Service when | ||
| LDAP connection pooling is enabled via use_pool=True. This bug may | ||
| manifest itself in LDAP operations such as OpenStack dashboard login | ||
| failures. It is recommended to upgrade to the next point release | ||
| available for the package. To workaround LDAP login failure problem, | ||
| disable LDAP pooling by setting `ldap-use-pool` to `false` for *all* | ||
| deployed `keystone-ldap` applications in charmed deployments. For | ||
| non-charmed deployments, set `use_pool` to `false` in the LDAP domain | ||
| /etc/keystone/domains/*.conf file. |
32 changes: 16 additions & 16 deletions
32
hotsos/defs/tests/scenarios/openstack/keystone/bugs/lp1896125.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,20 @@ | ||
| data-root: | ||
| files: | ||
| sos_commands/dpkg/dpkg_-l: | | ||
| ii keystone 2:17.0.0-0ubuntu0.20.04.1 amd64 | ||
| etc/keystone/keystone.conf: | | ||
| [DEBUG] | ||
| debug = True | ||
| etc/keystone/domains/domainX.conf: | | ||
| [ldap] | ||
| url = ldap://10.0.0.1 | ||
| var/log/keystone/keystone.log: | | ||
| Traceback (most recent call last): | ||
| File "/usr/lib/python3.10/contextlib.py", line 135, in __enter__ | ||
| return next(self.gen) | ||
| File "/usr/lib/python3/dist-packages/ldappool/__init__.py", line 391, in connection | ||
| raise MaxConnectionReachedError(self.uri) | ||
| ldappool.MaxConnectionReachedError: ldaps://ldapserver.example.com | ||
| raised-bugs: | ||
| https://bugs.launchpad.net/bugs/1896125: >- | ||
| Installed package 'keystone' with version 2:17.0.0-0ubuntu0.20.04.1 has a known bug | ||
| that causes memory leak over time and causes LDAP logins to fail. It | ||
| is recommended to upgrade to the next point release available for the | ||
| package. To workaround LDAP login failure problem, disable LDAP pooling | ||
| by setting `ldap-use-pool` to `false` for all deployed `keystone-ldap` | ||
| applications in charmed deployments. For non-charmed deployments, set | ||
| `use_pool` to `false` in the LDAP domain /etc/keystone/domains/*.conf | ||
| file. | ||
| Known Keystone bug identified that causes Denial-of-Service when | ||
| LDAP connection pooling is enabled via use_pool=True. This bug may | ||
| manifest itself in LDAP operations such as OpenStack dashboard login | ||
| failures. It is recommended to upgrade to the next point release | ||
| available for the package. To workaround LDAP login failure problem, | ||
| disable LDAP pooling by setting `ldap-use-pool` to `false` for *all* | ||
| deployed `keystone-ldap` applications in charmed deployments. For | ||
| non-charmed deployments, set `use_pool` to `false` in the LDAP domain | ||
| /etc/keystone/domains/*.conf file. |