I see this message every 5 seconds in one.log.
`Fri Feb 26 12:03:21 2016 [Z0][AuM][E]: Auth Error: login token expired
Fri Feb 26 12:03:26 2016 [Z0][AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin f2ac4017d7cd1723820022b8a26a6752f686f332 ****
Fri Feb 26 12:03:26 2016 [Z0][AuM][I]: login token expired
Fri Feb 26 12:03:26 2016 [Z0][AuM][I]: ExitCode: 255
Fri Feb 26 12:03:26 2016 [Z0][AuM][E]: Auth Error: login token expired
dmolina
February 26, 2016, 12:57pm
2
Could you check if the system clock is synced in the machine that are running oned and sunstone-server?
Tokens are generated using the EXPIRE_DELTA and EXPIRE_MARGIN defined in the CloudAuth.rb file, did you modify this values?
end
# Generate a new OpenNebula client for the target User, if the username
# is nil the Client is generated for the server_admin
# username:: _String_ Name of the User
# [return] _Client_
def client(username=nil, endpoint=nil)
expiration_time = @lock.synchronize {
time_now = Time.now.to_i
if time_now > @token_expiration_time - EXPIRE_MARGIN
@token_expiration_time = time_now + EXPIRE_DELTA
end
@token_expiration_time
}
token = @server_auth.login_token(expiration_time,username)
if endpoint and endpoint != "-"
return OpenNebula::Client.new(token,endpoint)
Hello Daniel,
The error message I’m getting seems to originate from:
# auth method for auth_mad
def authenticate(srv_user,srv_pass, signed_text)
begin
@key = srv_pass
s_user, t_user, expires = decrypt(signed_text).split(':')
return "User name missmatch" if s_user != srv_user
return "login token expired" if Time.now.to_i >= expires.to_i
return true
rescue => e
return e.message
end
end
private
def encrypt(data)
How can I force the creation of a new login token ?
dmolina
March 4, 2016, 5:42pm
4
The token is generated every time you do a request through Sunstone, the only thing that changes over time is the expiration time that is injected and changed if necessary in this part of the code:
rescue => e
raise e.message
end
end
# Generate a new OpenNebula client for the target User, if the username
# is nil the Client is generated for the server_admin
# username:: _String_ Name of the User
# [return] _Client_
def client(username=nil, endpoint=nil)
expiration_time = @lock.synchronize {
time_now = Time.now.to_i
if time_now > @token_expiration_time - EXPIRE_MARGIN
@token_expiration_time = time_now + EXPIRE_DELTA
end
@token_expiration_time
}
token = @server_auth.login_token(expiration_time,username)
I don’t know what could be the problem, if I were you I would add some kind of logging in the following 2 parts of the code and check the values of the expire variables:
raise e.message
end
end
self.new(srv_user, srv_passwd)
end
# Generates a login token in the form:
# - server_user:target_user:time_expires
# The token is then encrypted with the contents of one_auth
def login_token(expire, target_user=nil)
target_user ||= @srv_user
token_txt = "#{@srv_user}:#{target_user}:#{expire}"
token = encrypt(token_txt)
token64 = Base64::encode64(token).strip.delete("\n")
return "#{@srv_user}:#{target_user}:#{token64}"
end
# Returns a valid password string to create a user using this auth driver
# Creates a ServerCipher for driver usage
def self.new_driver()
self.new("","")
end
# auth method for auth_mad
def authenticate(srv_user,srv_pass, signed_text)
begin
# truncate token to 32-bytes for Ruby >= 2.4
@key = srv_pass[0..31]
s_user, t_user, expires = decrypt(signed_text).split(':')
return "User name missmatch" if s_user != srv_user
return "login token expired" if Time.now.to_i >= expires.to_i
return true
rescue => e
return e.message