[openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes
Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws an error similar to the following: [Thu Jan 16 22:27:47 2014] [info] Initial (No.1) HTTPS request received for child 231 (server d00-50-56-8e-75-82.cloudos.org:5000) [Thu Jan 16 22:27:47 2014] [info] [client 192.168.124.2] mod_wsgi (pid=24676, process='keystone', application='d00-50-56-8e-75-82.cloudos.org:5000|'): Loading WSGI script '/etc/apache2/wsgi/keystone/main'. [Thu Jan 16 22:27:48 2014] [error] [client 192.168.124.2] malformed header from script. Bad header=mVmOTdhMmUzIn0sIHsidXJsIjogImh: main [Thu Jan 16 22:27:48 2014] [debug] mod_deflate.c(615): [client 192.168.124.2] Zlib: Compressed 592 to 377 : URL /v3/auth/tokens [Thu Jan 16 22:27:48 2014] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully [Thu Jan 16 22:27:48 2014] [info] [client 192.168.124.2] Connection closed to child 231 with standard shutdown (server d00-50-56-8e-75-82.cloudos.org:5000) I really don't think that I am the first one to stumble across this problem. Has anyone else found and solved this? Regards, Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes
Yep, you should follow https://bugs.launchpad.net/keystone/+bug/1190149 and the related patches in each project. --John On Jan 16, 2014, at 10:30 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws an error similar to the following: [Thu Jan 16 22:27:47 2014] [info] Initial (No.1) HTTPS request received for child 231 (server d00-50-56-8e-75-82.cloudos.org:5000) [Thu Jan 16 22:27:47 2014] [info] [client 192.168.124.2] mod_wsgi (pid=24676, process='keystone', application='d00-50-56-8e-75-82.cloudos.org:5000|'): Loading WSGI script '/etc/apache2/wsgi/keystone/main'. [Thu Jan 16 22:27:48 2014] [error] [client 192.168.124.2] malformed header from script. Bad header=mVmOTdhMmUzIn0sIHsidXJsIjogImh: main [Thu Jan 16 22:27:48 2014] [debug] mod_deflate.c(615): [client 192.168.124.2] Zlib: Compressed 592 to 377 : URL /v3/auth/tokens [Thu Jan 16 22:27:48 2014] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully [Thu Jan 16 22:27:48 2014] [info] [client 192.168.124.2] Connection closed to child 231 with standard shutdown (server d00-50-56-8e-75-82.cloudos.org:5000) I really don't think that I am the first one to stumble across this problem. Has anyone else found and solved this? Regards, Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev signature.asc Description: Message signed with OpenPGP using GPGMail ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes
Thank you John for the response. However I am asking about another but similar problem. I am using the Apache2 WSGI front end to Keystone and not the Eventlet. Mark -Original Message- From: John Dickinson [mailto:m...@not.mn] Sent: Thursday, January 16, 2014 10:39 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes Yep, you should follow https://bugs.launchpad.net/keystone/+bug/1190149 and the related patches in each project. --John On Jan 16, 2014, at 10:30 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws an error similar to the following: [Thu Jan 16 22:27:47 2014] [info] Initial (No.1) HTTPS request received for child 231 (server d00-50-56-8e-75-82.cloudos.org:5000) [Thu Jan 16 22:27:47 2014] [info] [client 192.168.124.2] mod_wsgi (pid=24676, process='keystone', application='d00-50-56-8e-75- 82.cloudos.org:5000|'): Loading WSGI script '/etc/apache2/wsgi/keystone/main'. [Thu Jan 16 22:27:48 2014] [error] [client 192.168.124.2] malformed header from script. Bad header=mVmOTdhMmUzIn0sIHsidXJsIjogImh: main [Thu Jan 16 22:27:48 2014] [debug] mod_deflate.c(615): [client 192.168.124.2] Zlib: Compressed 592 to 377 : URL /v3/auth/tokens [Thu Jan 16 22:27:48 2014] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully [Thu Jan 16 22:27:48 2014] [info] [client 192.168.124.2] Connection closed to child 231 with standard shutdown (server d00-50-56-8e-75-82.cloudos.org:5000) I really don't think that I am the first one to stumble across this problem. Has anyone else found and solved this? Regards, Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes
It turns out that there is a bug filed against the problem we are facing: https://bugs.launchpad.net/keystone/+bug/1255321 -Original Message- From: Miller, Mark M (EB SW Cloud - RD - Corvallis) Sent: Thursday, January 16, 2014 11:09 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes Thank you John for the response. However I am asking about another but similar problem. I am using the Apache2 WSGI front end to Keystone and not the Eventlet. Mark -Original Message- From: John Dickinson [mailto:m...@not.mn] Sent: Thursday, January 16, 2014 10:39 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] Keystone Apache2 WSGI Fails when Token 8190 Bytes Yep, you should follow https://bugs.launchpad.net/keystone/+bug/1190149 and the related patches in each project. --John On Jan 16, 2014, at 10:30 PM, Miller, Mark M (EB SW Cloud - RD - Corvallis) mark.m.mil...@hp.com wrote: Hello, I have come across a bug or limitation when using an Apache2 SSL-WSGI front end for Keystone. If the returned token for a Keystone authenticate request is greater than 8190 bytes, the mod_wsgi code throws an error similar to the following: [Thu Jan 16 22:27:47 2014] [info] Initial (No.1) HTTPS request received for child 231 (server d00-50-56-8e-75-82.cloudos.org:5000) [Thu Jan 16 22:27:47 2014] [info] [client 192.168.124.2] mod_wsgi (pid=24676, process='keystone', application='d00-50-56-8e-75- 82.cloudos.org:5000|'): Loading WSGI script '/etc/apache2/wsgi/keystone/main'. [Thu Jan 16 22:27:48 2014] [error] [client 192.168.124.2] malformed header from script. Bad header=mVmOTdhMmUzIn0sIHsidXJsIjogImh: main [Thu Jan 16 22:27:48 2014] [debug] mod_deflate.c(615): [client 192.168.124.2] Zlib: Compressed 592 to 377 : URL /v3/auth/tokens [Thu Jan 16 22:27:48 2014] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully [Thu Jan 16 22:27:48 2014] [info] [client 192.168.124.2] Connection closed to child 231 with standard shutdown (server d00-50-56-8e-75-82.cloudos.org:5000) I really don't think that I am the first one to stumble across this problem. Has anyone else found and solved this? Regards, Mark ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev