We have the same problem with pike.
The first logins get redirected to the login page, although the logs say login
was successful:
[Fri Jul 13 06:21:54.054265 2018] [wsgi:error] [pid 8324:tid 140488754718464]
DEBUG:keystoneauth.session:GET call to identity for
https://internal.:5000/v3/users/7304c7bddd624e928efc7984ff4585
cf/projects used request id req-4689361a-16bc-451a-9b7c-c7b446730f86
[Fri Jul 13 06:21:54.054786 2018] [wsgi:error] [pid 8324:tid 140488754718464]
DEBUG:keystoneauth.identity.v3.base:Making authentication request to
https://internal.:5000/v3/auth/tokens
[Fri Jul 13 06:21:54.090009 2018] [wsgi:error] [pid 8324:tid 140488754718464]
DEBUG:urllib3.connectionpool:https://internal.:5000 "POST
/v3/auth/tokens HTTP/1.1" 201 11353
[Fri Jul 13 06:21:54.091301 2018] [wsgi:error] [pid 8324:tid 140488754718464]
DEBUG:keystoneauth.identity.v3.base:{"token": ...
[Fri Jul 13 06:21:54.097652 2018] [wsgi:error] [pid 8324:tid 140488754718464]
Login successful for user "christian.zunker", remote address 172.20.2.125.
[Fri Jul 13 06:21:54.247158 2018] [wsgi:info] [pid 8330:tid 140488754718464]
[remote 172.20.2.125:25117] mod_wsgi (pid=8330, process='horizon',
application=''): Loading WSGI script
'/openstack/venvs/horizon-16.0.8/lib/python2.7/dist-packages/openstack_dashboard/wsgi/django.wsgi'.
This is an openstack-ansible installation. I tried the SESSION_ENGINE with
three different settings:
- memcached only (3 servers)
- DB only (Galera cluster)
- cached_db
All three settings have the same problem.
This is the context I'm calling: /auth/login/?next=/identity/
Taking a look at the requests:
POST /auth/login/ => HTTP 302
GET /identity/ => HTTP 302
GET /auth/login/?next=/identity/ => HTTP 200
And this repeats. After three lognis, I get:
You do not have permission to access the resource: /identity/
Login in again, it works (sometimes it needs a second time here):
POST /auth/login/ => HTTP 302
GET /identity/ => HTTP 200
access log:
172.20.2.125 - - [13/Jul/2018:06:38:45 +] "GET /identity/ HTTP/1.1" 302
3844 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101
Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:38:48 +] "GET /auth/login/?next=/identity/
HTTP/1.1" 200 3920 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0)
Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:00 +] "POST /auth/login/ HTTP/1.1" 302
1059 "https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:02 +] "GET /identity/ HTTP/1.1" 302 364
"https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11; Ubuntu;
Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:05 +] "GET /auth/login/?next=/identity/
HTTP/1.1" 200 3921 "https://172.20.243.234/auth/login/?next=/identity/;
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:15 +] "POST /auth/login/ HTTP/1.1" 302
906 "https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:18 +] "GET /identity/ HTTP/1.1" 302 364
"https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11; Ubuntu;
Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:20 +] "GET /auth/login/?next=/identity/
HTTP/1.1" 200 3918 "https://172.20.243.234/auth/login/?next=/identity/;
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:29 +] "POST /auth/login/ HTTP/1.1" 302
906 "https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:32 +] "GET /identity/ HTTP/1.1" 302 364
"https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11; Ubuntu;
Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:35 +] "GET /auth/login/?next=/identity/
HTTP/1.1" 200 4184 "https://172.20.243.234/auth/login/?next=/identity/;
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:43 +] "POST /auth/login/ HTTP/1.1" 302
1059 "https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:44 +] "GET /identity/ HTTP/1.1" 302 364
"https://172.20.243.234/auth/login/?next=/identity/; "Mozilla/5.0 (X11; Ubuntu;
Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125 - - [13/Jul/2018:06:39:47 +] "GET /auth/login/?next=/identity/
HTTP/1.1" 200 4184 "https://172.20.243.234/auth/login/?next=/identity/;
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"
172.20.2.125