OpenStack Identity (keystone)

Keystone cannot listen on IPv6

Bug #856887 reported by Kevin Mancuso
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Medium
Adam Young

Bug Description

When supplying IPv6 address via the service_host configuration flag, the following exception gets raised on keystone start:

Traceback (most recent call last):
  File "/usr/local/bin/keystone", line 5, in <module>
    pkg_resources.run_script('keystone==1.0', 'keystone')
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 467, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1200, in run_script
    execfile(script_filename, namespace, namespace)
  File "/usr/local/lib/python2.7/dist-packages/keystone-1.0-py2.7.egg/EGG-INFO/scripts/keystone", line 74, in <module>
    server.start(app, int(conf['service_port']), conf['service_host'])
  File "/usr/local/lib/python2.7/dist-packages/keystone-1.0-py2.7.egg/keystone/common/wsgi.py", line 95, in start
    socket = eventlet.listen((host, port), backlog=backlog)
  File "/usr/local/lib/python2.7/dist-packages/eventlet-0.9.17.dev-py2.7.egg/eventlet/convenience.py", line 38, in listen
    sock.bind(addr)
  File "/usr/lib/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.gaierror: [Errno -9] Address family for hostname not supported

Ziad Sawalha (ziad-sawalha)
Changed in keystone:
status: New → Confirmed
importance: Undecided → High
milestone: none → essex-4
Ziad Sawalha (ziad-sawalha)
Changed in keystone:
milestone: essex-4 → essex-3
Joe Savak (jsavak)
Changed in keystone:
assignee: nobody → Ziad Sawalha (ziad-sawalha)
Revision history for this message
Kevin L. Mitchell (klmitch) wrote :

I should point out that this is a missing feature in eventlet itself; see https://bitbucket.org/which_linden/eventlet/issue/105/name-resolution-needs-to-support-ipv6 for details.

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

This is not a a "bug" per se for keystone only, it's a problem with event let that is shared by all OpenStack projects. We'll work on this and try to provide a work-around, but may not have a solution by E3.

Changed in keystone:
importance: High → Medium
status: Confirmed → In Progress
Adam Young (ayoung)
Changed in keystone:
assignee: Ziad Sawalha (ziad-sawalha) → Adam Young (ayoung)
Revision history for this message
Adam Young (ayoung) wrote :

Once the Eventlet change is committed upstream, Keystone (and others, I assume) Require the following change in order to listen on IPv6 instead of only accpeting IPv4.

commit 22b8910d2be4d3a1b87aa6eb41e7de8abc0b4093
Author: Adam <adam@ubuntu-openstack.(none)>
Date: Tue Jan 24 17:08:11 2012 -0500

    Start server for IPv6 if address is a V6 address

diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py
index fa83b7d..be11181 100755
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -25,12 +25,12 @@ import json
 import logging
 import sys
 import datetime
-
 import eventlet.wsgi
 eventlet.patcher.monkey_patch(all=False, socket=True)
 import routes.middleware
 from webob import Response
 import webob.dec
+from eventlet.green import socket

 def find_console_handler(logger):
@@ -92,8 +92,15 @@ class Server(object):

     def start(self, application, port, host='0.0.0.0', backlog=128):
         """Run a WSGI server with the given application."""
- socket = eventlet.listen((host, port), backlog=backlog)
- self.pool.spawn_n(self._run, application, socket)
+ #test for IPv6, otherwise fall back to V4
+ try:
+ socket.inet_pton(socket.AF_INET6, host)
+ family = socket.AF_INET6
+ except Exception:
+ family = socket.AF_INET
+
+ sock = eventlet.listen((host, port), family, backlog=backlog)
+ self.pool.spawn_n(self._run, application, sock)

     def wait(self):
         """Wait until all servers have completed running."""

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

Feels like this should wait till E4, but if you submit disagree submit a patch and we can get it in (just)...

Ziad Sawalha (ziad-sawalha)
Changed in keystone:
milestone: essex-3 → essex-4
Revision history for this message
Adam Young (ayoung) wrote :

Agreed it should be E4. The patch I posted up above will only work once the Eventlet changes are in, and the developer has more work to do before he is ready to push it. From his email:

"my todo list before submitting a pull request for
this is roughly:

* Check/fix/test socket.gaierror errno and msg values
* Add aliases to gethostbyname_ex()
* Add AAAA/IPv6 support to getnameinfo()
* Test on more python versions, I assume at least 2.5-2.7?
* Convert tests to nose"

Joseph Heck (heckj)
Changed in keystone:
milestone: essex-4 → folsom-1
Joseph Heck (heckj)
tags: added: legacy
Revision history for this message
Joseph Heck (heckj) wrote :

tagged to become a blueprint : "enable IPv6 support in Keystone"

tags: added: blueprint
Revision history for this message
Joseph Heck (heckj) wrote :

Converted to blueprint: https://blueprints.launchpad.net/keystone/+spec/keystone-ipv6-support

Changed in keystone:
status: In Progress → Invalid
milestone: folsom-1 → none
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

Additional Links :

https://bugs.launchpad.net/nova/+bug/850443 ("Nova API does not listen on IPv6")

Which points to an open issue in eventlet :

https://bitbucket.org/which_linden/eventlet/issue/105/name-resolution-needs-to-support-ipv6

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.