← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1423165] Re: https: client can cause nova/cinder to leak sockets for 'get' 'show' 'delete' 'update'

 

Going to close it for Cinder as well, as I don't know of a way to fix a
broken glanceclient from the consumer end.

If you're interested however I did throw together a patched version of 0.14.2 here:
https://github.com/j-griffith/python-glanceclient/tree/stable/icehouse

Maybe you or somebody else could test it out, and we could convince the
glance folks to push a branch for it; or people that need it can maybe
just use it.

Thanks

** Changed in: cinder
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1423165

Title:
  https: client can cause nova/cinder to leak sockets for 'get' 'show'
  'delete' 'update'

Status in Cinder:
  Invalid
Status in OpenStack Compute (Nova):
  Invalid
Status in Python client library for Glance:
  Fix Released

Bug description:
  
      Other OpenStack services which instantiate a 'https' glanceclient using
      ssl_compression=False and insecure=False (eg Nova, Cinder) are leaking
      sockets due to glanceclient not closing the connection to the Glance
      server.
      
      This could happen for a sub-set of calls, eg 'show', 'delete', 'update'.
      
      netstat -nopd would show the sockets would hang around forever:
      
      ... 127.0.0.1:9292          ESTABLISHED 9552/python      off (0.00/0/0)
      
      urllib's ConnectionPool relies on the garbage collector to tear down
      sockets which are no longer in use. The 'verify_callback' function used to
      validate SSL certs was holding a reference to the VerifiedHTTPSConnection
      instance which prevented the sockets being torn down.

  
  ------------------

  to reproduce, set up devstack with nova talking to glance over https (must be performing full cert verification) and
  perform a nova operation such as:

  
   $ nova image-meta 53854ea3-23ed-4682-abf7-8415f2d6b7d9 set foo=bar

  you will see connections from nova to glance which have no timeout
  (off):

   $ netstat -nopd | grep 9292

   tcp        0      0 127.0.0.1:34204         127.0.0.1:9292
  ESTABLISHED 9552/python      off (0.00/0/0)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1423165/+subscriptions