Keystone cannot listen on IPv6

Bug #856887 reported by Kevin Mancuso
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Medium
Adam Young

Bug Description

When supplying IPv6 address via the service_host configuration flag, the following exception gets raised on keystone start:

Traceback (most recent call last):
  File "/usr/local/bin/keystone", line 5, in <module>
    pkg_resources.run_script('keystone==1.0', 'keystone')
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 467, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1200, in run_script
    execfile(script_filename, namespace, namespace)
  File "/usr/local/lib/python2.7/dist-packages/keystone-1.0-py2.7.egg/EGG-INFO/scripts/keystone", line 74, in <module>
    server.start(app, int(conf['service_port']), conf['service_host'])
  File "/usr/local/lib/python2.7/dist-packages/keystone-1.0-py2.7.egg/keystone/common/wsgi.py", line 95, in start
    socket = eventlet.listen((host, port), backlog=backlog)
  File "/usr/local/lib/python2.7/dist-packages/eventlet-0.9.17.dev-py2.7.egg/eventlet/convenience.py", line 38, in listen
    sock.bind(addr)
  File "/usr/lib/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.gaierror: [Errno -9] Address family for hostname not supported

Changed in keystone:
status: New → Confirmed
importance: Undecided → High
milestone: none → essex-4
Changed in keystone:
milestone: essex-4 → essex-3
Joe Savak (jsavak)
Changed in keystone:
assignee: nobody → Ziad Sawalha (ziad-sawalha)
Revision history for this message
Kevin L. Mitchell (klmitch) wrote :

I should point out that this is a missing feature in eventlet itself; see https://bitbucket.org/which_linden/eventlet/issue/105/name-resolution-needs-to-support-ipv6 for details.

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

This is not a a "bug" per se for keystone only, it's a problem with event let that is shared by all OpenStack projects. We'll work on this and try to provide a work-around, but may not have a solution by E3.

Changed in keystone:
importance: High → Medium
status: Confirmed → In Progress
Adam Young (ayoung)
Changed in keystone:
assignee: Ziad Sawalha (ziad-sawalha) → Adam Young (ayoung)
Revision history for this message
Adam Young (ayoung) wrote :

Once the Eventlet change is committed upstream, Keystone (and others, I assume) Require the following change in order to listen on IPv6 instead of only accpeting IPv4.

commit 22b8910d2be4d3a1b87aa6eb41e7de8abc0b4093
Author: Adam <adam@ubuntu-openstack.(none)>
Date: Tue Jan 24 17:08:11 2012 -0500

    Start server for IPv6 if address is a V6 address

diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py
index fa83b7d..be11181 100755
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -25,12 +25,12 @@ import json
 import logging
 import sys
 import datetime
-
 import eventlet.wsgi
 eventlet.patcher.monkey_patch(all=False, socket=True)
 import routes.middleware
 from webob import Response
 import webob.dec
+from eventlet.green import socket

 def find_console_handler(logger):
@@ -92,8 +92,15 @@ class Server(object):

     def start(self, application, port, host='0.0.0.0', backlog=128):
         """Run a WSGI server with the given application."""
- socket = eventlet.listen((host, port), backlog=backlog)
- self.pool.spawn_n(self._run, application, socket)
+ #test for IPv6, otherwise fall back to V4
+ try:
+ socket.inet_pton(socket.AF_INET6, host)
+ family = socket.AF_INET6
+ except Exception:
+ family = socket.AF_INET
+
+ sock = eventlet.listen((host, port), family, backlog=backlog)
+ self.pool.spawn_n(self._run, application, sock)

     def wait(self):
         """Wait until all servers have completed running."""

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

Feels like this should wait till E4, but if you submit disagree submit a patch and we can get it in (just)...

Changed in keystone:
milestone: essex-3 → essex-4
Revision history for this message
Adam Young (ayoung) wrote :

Agreed it should be E4. The patch I posted up above will only work once the Eventlet changes are in, and the developer has more work to do before he is ready to push it. From his email:

"my todo list before submitting a pull request for
this is roughly:

* Check/fix/test socket.gaierror errno and msg values
* Add aliases to gethostbyname_ex()
* Add AAAA/IPv6 support to getnameinfo()
* Test on more python versions, I assume at least 2.5-2.7?
* Convert tests to nose"

Joseph Heck (heckj)
Changed in keystone:
milestone: essex-4 → folsom-1
Joseph Heck (heckj)
tags: added: legacy
Revision history for this message
Joseph Heck (heckj) wrote :

tagged to become a blueprint : "enable IPv6 support in Keystone"

tags: added: blueprint
Revision history for this message
Joseph Heck (heckj) wrote :
Changed in keystone:
status: In Progress → Invalid
milestone: folsom-1 → none
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

Additional Links :

https://bugs.launchpad.net/nova/+bug/850443 ("Nova API does not listen on IPv6")

Which points to an open issue in eventlet :

https://bitbucket.org/which_linden/eventlet/issue/105/name-resolution-needs-to-support-ipv6

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers