[Bug 1533724] Re: [SRU] keystone-signing folders fill /tmp and seriously slow down reboots

Tue Jul 12 21:36:28 UTC 2016

Hello Matt, or anyone else affected,

Accepted python-keystonemiddleware into xenial-proposed. The package
will build now and be available at https://launchpad.net/ubuntu/+source
/python-keystonemiddleware/4.4.1-0ubuntu1 in a few hours, and then in
the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: python-keystonemiddleware (Ubuntu Xenial)
       Status: Triaged => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1533724

Title:
  [SRU] keystone-signing folders fill /tmp and seriously slow down
  reboots

Status in Ubuntu Cloud Archive:
  Triaged
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in keystonemiddleware:
  Fix Released
Status in python-keystonemiddleware package in Ubuntu:
  Fix Released
Status in python-keystonemiddleware source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

  During a night maintenance and reboot of a control (non-keystone node)
  that had been up for around 300 days, we found that we have over 144k
  keystone-signing- folders in /tmp. This caused the maintenance window
  to be missed because it took so long to clean /tmp on reboot. It is my
  understanding that these folders are for PKI. We don't use PKI and
  would like to the option to disable the creation of these folders.

  [PROD] root at control-002:/tmp# ls -al | grep keystone-sign | wc -l
  144200

  more info, the folders are owned by non-keystone services, mainly
  glance for us:

  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZocUc
  drwx------  2 glance        glance              4096 Jul 20 07:55 keystone-signing-ZZOibD
  drwx------  2 designate     designate           4096 May 26  2015 keystone-signing-ZZoKgT
  drwx------  2 glance        glance              4096 Jul 14  2015 keystone-signing-zzOmtb
  drwx------  2 glance        glance              4096 Jul 12  2015 keystone-signing-zzOubp
  drwx------  2 glance        glance              4096 Jul 15 17:22 keystone-signing-zzpD6x
  drwx------  2 designate     designate           4096 Jun  9  2015 keystone-signing-ZzPeNQ
  drwx------  2 glance        glance              4096 Jul  2  2015 keystone-signing-ZZPJ4H
  drwx------  2 glance        glance              4096 Jul  9  2015 keystone-signing-zZPnd0
  drwx------  2 designate     designate           4096 May 20  2015 keystone-signing-ZZQK3i
  drwx------  2 glance        glance              4096 Jun 30  2015 keystone-signing-ZZQmEI

  [Test Case]

  See above.

  [Regression Potential]

  The fix is contained in an upstream stable point release which we're
  releasing to ubuntu xenial. The regression potential is fairly minimal
  since upstream is very careful with what gets into stable point
  releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1533724/+subscriptions