search

HewlettPackard / oneview-puppet

This project is no longer being developed and has limited support. In the near future this repository will be fully deprecated. Please consider using other OneView projects, such as Terraform and Ansible Collection
https://forge.puppet.com/hewlettpackard/oneview
Apache License 2.0
8 stars 17 forks source link

Number of active-sessions increased by resource instances #310

Closed riconem closed 3 years ago

riconem commented 3 years ago

Scenario

Hey there again. Yesterday I've got a new problem. I am testing your code on our test synergy infrastructure every day. So normally it works fine but after the catalog compilation the following error pops up. 

Error: Munging failed for value :synergy in class provider: 400 BAD REQUEST {"errorCode":"AUTHN_SESSION_CLIENT_LIMIT_CROSSED","message":"Login denied. The client x.x.x.x has too many active sessions.","details":"The client x.x.x.x has the maximum number of active sessions allowed.","recommendedActions":["Do one of the following: log out of existing sessions. Log in from a different IP address. Contact the administrator to increase the maximum number of sessions per client IP address. Wait 24 hours for idle sessions created by scripts to time out and then retry logging in."],"errorSource":null,"nestedErrors":[],"data":{"clientip":"x.x.x.x"}}

Before that I created 160 oneview_ethernet_network resources with puppet. I did that several times. Because of that and the limit of client sessions I was getting the error from above.

To check if this comes from oneview-puppet module I've logged in on another client and made the following rest call to get all active-user-sessions. So I found 960 active sessions from the x.x.x.x IP adress from the above error. This is the exact limit in the session-settings but I can increase this number to be able to make more puppet runs.

image image

Question

Is this the right way to do it? I don't understand why the session has to be active after one puppet run is completed because every new resource creates a new session in oneview with a different sessionID. You can see that in the oneview_resourceclass. The number of sessions increasing by the oneview resource instances and never really reused. https://github.com/HewlettPackard/oneview-puppet/blob/308bf34e644f1ea3359cd025cf4ddfdc3307f5be/lib/puppet/provider/oneview_resource.rb#L34

Suggestion

I found the following snippet in the ruby-sdk client class to delete an active-session. This maybe could terminate the unused active-session after a resource is created, updated or destroyed. I don't know how to implement that but mabe you have some ideas :)

    # Delete the session on the appliance, invalidating the client's token.
    # To generate a new token after calling this method, use the refresh_login method.
    # Call this after a token expires or the user and/or password is updated on the client object.
    # @return [OneviewSDK::Client] self
    def destroy_session
      response_handler(rest_delete('/rest/login-sessions'))
      self
    end

https://github.com/HewlettPackard/oneview-sdk-ruby/blob/2dbb0e028da6b158dbccf276e011201a779f1c06/lib/oneview-sdk/client.rb#L165

Environment Details

VenkateshRavula commented 3 years ago

@riconem , we will look into this issue and provide a solution for session logout at the end of every execution.

VenkateshRavula commented 3 years ago

This SDK has limited support and will not be actively developed for the foreseeable future.