[Openstack-operators] Ubuntu Kernel with Meltdown mitigation SSL issues

Thierry Carrez thierry at openstack.org
Fri Jan 19 10:51:17 UTC 2018

Sam Morrison wrote:
> We updated our control infrastructure to the latest Ubuntu Xenial Kernel (4.4.0-109) which includes the meltdown fixes.
> We have found this kernel to have issues with SSL connections with python and have since downgraded. We get errors like:
> SSLError: SSL exception connecting to https://keystone.example.com:35357/v3/auth/tokens: ("bad handshake: Error([('', 'osrandom_rand_bytes', 'getrandom() initialization failed.')],)”,)
> Full trace:  http://paste.openstack.org/show/646803/
> This was affecting glance mainly but all API services were having issues.
> Our controllers are running inside KVM VMs and the guests see the CPU as "Intel Xeon E3-12xx v2 (Ivy Bridge)”
> This isn’t an openstack issue specifically but hopefully it helps others who may be seeing similar issues.

Thanks Sam for sharing! If you can clearly narrow it down to a specific
update (kernel or microcode), can you make sure the bug is reported back
to Ubuntu ?

Distros are struggling with the stability of the Meltdown/Spectre
workarounds (especially the opaque CPU microcode updates) and can
probably use any information we can provide to them.

Thierry Carrez (ttx)

More information about the OpenStack-operators mailing list