Reauthenticate to OpenStack periodically

It appears that gophercloud's "AllowReauth" AuthOption doesn't actually do anything, and the keystone/auth token is never refreshed. Eventually it expires and all OpenStack calls receive HTTP 401 responses. This change reauthenticates every time the Instances() or TCPLoadBalancer() API object is requested. This is more frequently than required, but exposing token expiry information will require gophercloud surgery.
2025-09-11 14:11:14 +00:00 · 2014-12-30 15:47:04 +11:00
parent 762225ed47
commit e14b73bd30
1 changed files with 21 additions and 2 deletions
--- a/pkg/cloudprovider/openstack/openstack.go
+++ b/pkg/cloudprovider/openstack/openstack.go
@@ -71,6 +71,7 @@ type LoadBalancerOpts struct {
 // OpenStack is an implementation of cloud provider Interface for OpenStack.
 type OpenStack struct {
 	provider *gophercloud.ProviderClient
+	authOpts gophercloud.AuthOptions
 	region   string
 	lbOpts   LoadBalancerOpts
 }
@@ -111,7 +112,11 @@ func (cfg Config) toAuthOptions() gophercloud.AuthOptions {
 		TenantID:         cfg.Global.TenantId,
 		TenantName:       cfg.Global.TenantName,

-		// Persistent service, so we need to be able to renew tokens
+		// Persistent service, so we need to be able to renew
+		// tokens.
+		// (gophercloud doesn't appear to actually reauth yet,
+		// hence the explicit openstack.Authenticate() calls
+		// below)
 		AllowReauth: true,
 	}
 }
@@ -128,13 +133,15 @@ func readConfig(config io.Reader) (Config, error) {
 }

 func newOpenStack(cfg Config) (*OpenStack, error) {
-	provider, err := openstack.AuthenticatedClient(cfg.toAuthOptions())
+	authOpts := cfg.toAuthOptions()
+	provider, err := openstack.AuthenticatedClient(authOpts)
 	if err != nil {
 		return nil, err
 	}

 	os := OpenStack{
 		provider: provider,
+		authOpts: authOpts,
 		region:   cfg.Global.Region,
 		lbOpts:   cfg.LoadBalancer,
 	}
@@ -150,6 +157,11 @@ type Instances struct {
 func (os *OpenStack) Instances() (cloudprovider.Instances, bool) {
 	glog.V(4).Info("openstack.Instances() called")

+	if err := openstack.Authenticate(os.provider, os.authOpts); err != nil {
+		glog.Warningf("Failed to reauthenticate: %v", err)
+		return nil, false
+	}
+
 	compute, err := openstack.NewComputeV2(os.provider, gophercloud.EndpointOpts{
 		Region: os.region,
 	})
@@ -360,6 +372,13 @@ type LoadBalancer struct {
 }

 func (os *OpenStack) TCPLoadBalancer() (cloudprovider.TCPLoadBalancer, bool) {
+	glog.V(4).Info("openstack.TCPLoadBalancer() called")
+
+	if err := openstack.Authenticate(os.provider, os.authOpts); err != nil {
+		glog.Warningf("Failed to reauthenticate: %v", err)
+		return nil, false
+	}
+
 	// TODO: Search for and support Rackspace loadbalancer API, and others.
 	network, err := openstack.NewNetworkV2(os.provider, gophercloud.EndpointOpts{
 		Region: os.region,