Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[seafile-pro-server-5.1.10] Virus scan fails when the keystone token has expired #1737

Closed
rabb1t opened this issue Aug 11, 2016 · 3 comments

Comments

@rabb1t
Copy link

commented Aug 11, 2016

Hi,

We're using Openstack/Swift as a storage backend for our data.
By default the keystone token expiration time is set to 5 minutes.

As you can see from the logs below the scan is successfully working for the first five minutes:

[2016-08-10 18:36:54,476] [INFO] Start to scan virus for repo 00121d01.
[2016-08-10 18:36:55,625] [DEBUG] File /sys.a/EAP virus scan by /opt/kav4fs_scan.sh: OK.
[2016-08-10 18:36:56,553] [DEBUG] File /sys.a/SAO virus scan by /opt/kav4fs_scan.sh: OK.
[2016-08-10 18:36:57,482] [DEBUG] File /sys.a/NAR virus scan by /opt/kav4fs_scan.sh: OK.
[2016-08-10 18:36:58,409] [DEBUG] File /sys.a/CAN virus scan by /opt/kav4fs_scan.sh: OK.
[2016-08-10 18:36:59,321] [DEBUG] File /sys.b/ZBA virus scan by /opt/kav4fs_scan.sh: OK.
[2016-08-10 18:37:00,267] [DEBUG] File /sys.b/FBO virus scan by /opt/kav4fs_scan.sh: OK.

After five minutes we get the '401 Unauthorized' error:

[2016-08-10 18:41:52,121] [WARNING] Virus scan for file /b2b.msp/like.html encounter error: HTTP Error 401: Unauthorized.
[2016-08-10 18:41:52,122] [DEBUG] File /b2b.msp/like.html virus scan by /opt/kav4fs_scan.sh: Failed.
[2016-08-10 18:41:52,125] [WARNING] Virus scan for file /b2b.msp/jquery.cookie.js encounter error: HTTP Error 401: Unauthorized.
[2016-08-10 18:41:52,125] [DEBUG] File /b2b.msp/jquery.cookie.js virus scan by /opt/kav4fs_scan.sh: Failed.
[2016-08-10 18:41:52,128] [WARNING] Virus scan for file /b2b.msp/print.css encounter error: HTTP Error 401: Unauthorized.
[2016-08-10 18:41:52,128] [DEBUG] File /b2b.msp/print.css virus scan by /opt/kav4fs_scan.sh: Failed.

and so on..

Here is some of the openstack/swift log file records:

keystone.log

2016-08-10 18:41:52.530 28069 WARNING keystone.common.wsgi [req-3c24089f-0791-4f91-82cd-6e8ba75dc7ac d672d7d3db864b5bbd0e683c9e39340b 36a0059a27264a2b8cbe78a7f5fd892a - default default] Could not find token: 36ee52b62fa24f28a3a9751b101b9abe

proxy-server.log

Aug 10 18:41:52 sf110 proxy-server: 192.168.X.XX 192.168.X.XX 10/Aug/2016/15/41/52 GET /v1/AUTH_36a0059a27264a2b8cbe78a7f5fd892a/seafile-fs/00121d01-242a-4a52-3ead-e7453f3fdb9e/672de6b476da27aeddadab98e77821ea50f9a772 HTTP/1.0 401 - Python-urllib/2.7 36ee52b62fa24f28... - 23 - txbfbcbb7c81d6472283fd0-0057ab4b40 - 0.0012 - - 1470843712.512155056 1470843712.513333082 -
Aug 10 18:41:52 sf110 proxy-server: Authorization failed for token
Aug 10 18:41:52 sf110 proxy-server: Identity response: {"error": {"message": "Could not find token: 36ee52b62fa24f28a3a9751b101b9abe", "code": 404, "title": "Not Found"}}
Aug 10 18:41:52 sf110 proxy-server: Authorization failed for token
Aug 10 18:41:52 sf110 proxy-server: Invalid user token
Aug 10 18:41:52 sf110 proxy-server: Rejecting request

I think that you should handle this type of exception. For example in this part of /pro/python/seafevents/virus_scanner/virus_scan.py file:

        except Exception as e:
            logging.warning('Virus scan for file %s encounter error: %s.',
                            file_path, e)
            return -1

and try to get the keystone authorization token once again.

Thank you!

@killing

This comment has been minimized.

Copy link
Member

commented Aug 12, 2016

This is actually a bug in our swift python backend. The code doesn't re-authenticate when it finds the token expired. Thanks for reporting.

@rabb1t

This comment has been minimized.

Copy link
Author

commented Sep 16, 2016

Hi, JFYI bug is still present in seafile-pro-server-6.0.1 beta version.

@killing

This comment has been minimized.

Copy link
Member

commented Oct 10, 2016

@killing killing closed this Oct 10, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.