OpenStack Compute (nova)

Set socket options in correct way

Bug #1369414 reported by Abhishek Kekane on 2014-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Abhishek Kekane	OpenStack Compute (nova) 2015.1.0 "kilo"

Bug Description

Currently socket options, socket.SO_REUSEADDR, socket.TCP_KEEPIDLE and
socket.SO_KEEPALIVE are set only if SSL is enabled.
Ref: https://github.com/openstack/nova/blob/master/nova/wsgi.py#L188

The above socket options should be set no matter SSL is enabled or not.

This issue is introduced in patch https://review.openstack.org/#/c/104099/

Tags:

Abhishek Kekane (abhishek-kekane) on 2014-09-15

Changed in nova:
assignee:	nobody → Abhishek Kekane (abhishek-kekane)

Revision history for this message

Sean Dague (sdague) wrote on 2014-09-15:

The above patch doesn't actually introduce this issue.

I also expect there might be differences in the default socket settings under SSL vs. not. I know, for instance, that the eventlet call that creates the server turns keepalive on (even though there is no direct socket calls).

Changed in nova:
status:	New → Incomplete
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-15: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/121525

Changed in nova:
status:	Incomplete → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-29: Fix merged to nova (master)

Reviewed: https://review.openstack.org/121525
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=0e3f85352c370230903fda2eff3e4950a56aa6f4
Submitter: Jenkins
Branch: master

commit 0e3f85352c370230903fda2eff3e4950a56aa6f4
Author: abhishekkekane <email address hidden>
Date: Fri Sep 12 02:59:08 2014 -0700

Set socket options in correct way

Currently socket options, socket.SO_REUSEADDR, socket.TCP_KEEPIDLE and
socket.SO_KEEPALIVE are set only if SSL is enabled.

    socket.SO_REUSEADDR:
    This socket option tells the kernel that even if this port is busy
    (in the TIME_WAIT state), go ahead and reuse it anyway. It is useful if your
    server has been shut down, and then restarted right away while sockets are
    still active on its port.

    socket.SO_KEEPALIVE:
    To confirm that an idle connection is still active, these implementations
    send a probe segment designed to elicit a response from the peer TCP. The the
    probe causes the receiver to return an acknowledgement segment, confirming
    that the connection is still live. If the peer has dropped the connection due
    to a network partition or a crash, it will respond with a RST instead of an
    acknowledgement segment.

    socket.TCP_KEEPIDLE:
    It is useful to set this socket option, because if the other peers lose their
    connection (for example by rebooting) you will notice that the connection is
    broken, even if you don't have traffic on it. If the probes are not replied
    to by your peer, you can assert that the connection cannot be considered valid
    and then take the correct action.

IMO, these options are useful in both the cases, whether SSL is enabled or not.

Made provision to set socket.SO_REUSEADDR, socket.TCP_KEEPIDLE and
socket.SO_KEEPALIVE socket options if SSL is enabled or not.

Closes-Bug: #1369414

Change-Id: I25b353dcf1ca6eba1c54d297994d56c0064daca5

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-02-05

Changed in nova:
milestone:	none → kilo-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in nova:
milestone:	kilo-2 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.