yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29519
[Bug 1423165] Re: https: client can cause nova/cinder to leak sockets for 'get' 'show' 'delete' 'update'
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1423165
Title:
https: client can cause nova/cinder to leak sockets for 'get' 'show'
'delete' 'update'
Status in Cinder:
New
Status in OpenStack Compute (Nova):
Invalid
Status in Python client library for Glance:
Fix Released
Bug description:
Other OpenStack services which instantiate a 'https' glanceclient using
ssl_compression=False and insecure=False (eg Nova, Cinder) are leaking
sockets due to glanceclient not closing the connection to the Glance
server.
This could happen for a sub-set of calls, eg 'show', 'delete', 'update'.
netstat -nopd would show the sockets would hang around forever:
... 127.0.0.1:9292 ESTABLISHED 9552/python off (0.00/0/0)
urllib's ConnectionPool relies on the garbage collector to tear down
sockets which are no longer in use. The 'verify_callback' function used to
validate SSL certs was holding a reference to the VerifiedHTTPSConnection
instance which prevented the sockets being torn down.
------------------
to reproduce, set up devstack with nova talking to glance over https (must be performing full cert verification) and
perform a nova operation such as:
$ nova image-meta 53854ea3-23ed-4682-abf7-8415f2d6b7d9 set foo=bar
you will see connections from nova to glance which have no timeout
(off):
$ netstat -nopd | grep 9292
tcp 0 0 127.0.0.1:34204 127.0.0.1:9292
ESTABLISHED 9552/python off (0.00/0/0)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1423165/+subscriptions