cinder api re-reads ssl cert on every connection

Fix proposed to branch: master
Review: https://review.openstack.org/105073

According the https://docs.python.org/2/library/ssl.html#ssl.wrap_socket, it seems the cause of re-reading SSL cert is due to ' For server-side sockets, if the socket has no remote peer, it is assumed to be a listening socket, and the server-side SSL wrapping is automatically performed on client connections accepted via the accept() method', which seems like expected behavior. Thoughts?

I digged a bit more into this ssl cert issue. When cinder configure option: ssl_ca_file, ssl_cert_file, ssl_key_file are set to NONE (default value), I do saw file accesses to '/var/cache/cinder/cacert.epm' and '/var/cache/cinder/signing_cert.pem' on every request. These files are generated by keystoneclient.auth_token middleware. And they are read when Cinder verifies user token against Keystone. So this is quite likely not a Cinder issue.

Given the original bug description is too simple, I am not sure what I observed above is what Duncan was talking about. Duncan, could you clarify?

I guess that these are not the files Duncan is referring to. He mentioned the SSL cert file, which I'm assuming is CONF.ssl_cert_file, which you've set to None.

I was talking about CONF.ssl_cert_file, but I'd say that we should not be reading *any* file on every request - it is unnecessary overhead. If there's a separate middleware bug then sure we can raise that too.

Change abandoned by Duncan Thomas (<email address hidden>) on branch: master
Review: https://review.openstack.org/105073
Reason: Abandoning change: No update for more than 14 days

Closing stale bug. If this is still an issue please reopen.