https: client can cause nova/cinder to leak sockets for 'get' 'show' 'delete' 'update'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
Undecided
|
Unassigned | ||
Glance Client |
Fix Released
|
High
|
Stuart McLaren | ||
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Other OpenStack services which instantiate a 'https' glanceclient using
ssl_
sockets due to glanceclient not closing the connection to the Glance
server.
This could happen for a sub-set of calls, eg 'show', 'delete', 'update'.
netstat -nopd would show the sockets would hang around forever:
... 127.0.0.1:9292 ESTABLISHED 9552/python off (0.00/0/0)
urllib's ConnectionPool relies on the garbage collector to tear down
sockets which are no longer in use. The 'verify_callback' function used to
validate SSL certs was holding a reference to the VerifiedHTTPSCo
instance which prevented the sockets being torn down.
------------------
to reproduce, set up devstack with nova talking to glance over https (must be performing full cert verification) and
perform a nova operation such as:
$ nova image-meta 53854ea3-
you will see connections from nova to glance which have no timeout (off):
$ netstat -nopd | grep 9292
tcp 0 0 127.0.0.1:34204 127.0.0.1:9292 ESTABLISHED 9552/python off (0.00/0/0)
Changed in python-glanceclient: | |
assignee: | nobody → Stuart McLaren (stuart-mclaren) |
summary: |
- ttps: client can cause nova/cinder to leak sockets for 'get' 'show' + https: client can cause nova/cinder to leak sockets for 'get' 'show' 'delete' 'update' |
Changed in python-glanceclient: | |
importance: | Undecided → High |
Changed in python-glanceclient: | |
milestone: | none → v0.16.1 |
Changed in python-glanceclient: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
status: | New → Invalid |
Fix proposed to branch: master /review. openstack. org/156975
Review: https:/