You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Amogh Vasekar (JIRA)" <ji...@apache.org> on 2013/07/17 02:14:49 UTC

[jira] [Commented] (CLOUDSTACK-3426) UCS: Session cookie refresh must be supported.

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-3426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13710513#comment-13710513 ] 

Amogh Vasekar commented on CLOUDSTACK-3426:
-------------------------------------------

Added refresh mechanism.
Current timeouts for cookie refresh are 10 mins, and maximum TTL of cookie is 100 mins
                
> UCS: Session cookie refresh must be supported.
> ----------------------------------------------
>
>                 Key: CLOUDSTACK-3426
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3426
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, Management Server
>    Affects Versions: 4.2.0
>         Environment: Master with UCS and Baremetal
>            Reporter: Parth Jagirdar
>            Assignee: Amogh Vasekar
>            Priority: Blocker
>
> A stale cookie will raise authentication error and subsequent API calls will fail.
> We need a mechanism to refresh cookie based on recommendations below.
> While executing listUCSProfiles::
> { "listucsprofileresponse" : {"uuidList":[],"errorcode":530,"cserrorcode":9999,"errortext":"ucs call failed:\nsubmitted doc:<configFindDnsByClassId cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" classId=\"lsServer\" />\nresponse: <configFindDnsByClassId cookie=\"1372458054/13f7441f-5f86-4668-911f-8cad3f9be693\" response=\"yes\" errorCode=\"552\" invocationResult=\"service-unavailable\" errorDescr=\"Authorization required\"> </configFindDnsByClassId>\n"} }
> Here is the description from UCS API programming guide. (Full version here:: http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/api/overview.html#wp1127584)
> Failed Requests
> The response to a failed request includes XML attributes for errorCode and errorDescr. The following is an example of a response to a failed request:
> <configConfMo dn="fabric/server"
>           cookie="<real_cookie>"
>           response="yes"
>           errorCode="103"
>           invocationResult="unidentified-fail"
>           errorDescr="can't create; object already exists.">
> </configConfMo>
> From forums (http://developer.cisco.com/web/unifiedcomputing/community/-/message_boards/message/2774526?p_p_auth=iBnpvD2j)
> And from here (http://developer.cisco.com/web/unifiedcomputing/blogroll/-/blogs/ucs-xml-api-hello-world)
> We have an authentication cookie but this cookie will expire in two hours, the output from the aaaLogin recommends a cookie refresh every 10 minutes. To refresh the authentication cookie use the aaaRefresh method.
> So basically we need a mechanism for cookie refresh. Which we do not have for now.
> When I tried to add a new manager (so that cookie is fresh ??) ListProfiles succeeded. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira