Glance Client

glanceclient should not overwrite the https adapter

Bug #1350251 reported by Flavio Percoco on 2014-07-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance Client	Fix Released	High	Flavio Percoco

Bug Description

It looks like the switch to requests in python-glanceclient
(https://review.openstack.org/#/c/78269/) has broken nova when SSL is
enabled.

I think it is related to the custom object that the glanceclient uses.
If another connection gets pushed into the pool then things fail because
the object isn't a glanceclient VerifiedHTTPSConnection object.

The error seen is:

2014-07-22 16:20:57.571 ERROR nova.api.openstack
req-e9a94169-9af4-45e8-ab95-1ccd3f8caf04 admin admin Caught error:
VerifiedHTTPSConnection instance has no attribute 'insecure'

What I see is that nova works until glance is invoked.

These all work:

$ nova flavor-list
$ glance image-list
$ nova net-list

Now make it go boom:

$ nova image-list
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID:
req-ee964e9a-c2a9-4be9-bd52-3f42c805cf2c)

Now that a bad object is now in the pool nothing in nova works:

$ nova list
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID:
req-f670db83-c830-4e75-b29f-44f61ae161a1)

A restart of nova gets things back to normal.

I'm working on enabling SSL everywhere
(https://bugs.launchpad.net/devstack/+bug/1328226) either directly or
using TLS proxies (stud).
I'd like to eventually get SSL testing done as a gate job which will
help catch issues like this in advance.

Flavio Percoco (flaper87) on 2014-07-30

Changed in python-glanceclient:
status:	New → Confirmed
assignee:	nobody → Flavio Percoco (flaper87)
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-30: Fix proposed to python-glanceclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/110574

Changed in python-glanceclient:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-05: Fix merged to python-glanceclient (master)

Reviewed: https://review.openstack.org/110574
Committed: https://git.openstack.org/cgit/openstack/python-glanceclient/commit/?id=052904ba32f6e6075b023065bff684042c640c6a
Submitter: Jenkins
Branch: master

commit 052904ba32f6e6075b023065bff684042c640c6a
Author: Flavio Percoco <email address hidden>
Date: Wed Jul 30 10:57:46 2014 +0200

Don't replace the https handler in the poolmanager

    In order to keep the support for `--ssl-nocompression` it was decided to
    overwrite the https HTTPAdapter in `requests` poolmanager. Although this
    seemed to work correctly, it was causing some issues when using
    glanceclient from other services that rely on requests and that were
    also configured to use TLS.

THis patch changes implements a different strategy by using
`glance+https` as the scheme to use when `no-compression` is requested.

    Closes-bug: #1350251
    Closes-bug: #1347150
    Closes-bug: #1362766

Change-Id: Ib25237ba821ee20a561a163b79402d1375ebed0b

Changed in python-glanceclient:
status:	In Progress → Fix Committed

Louis Taylor (kragniz) on 2014-11-10

Changed in python-glanceclient:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.