[openstack-dev] [all] Eventlet + SSL + Python 3 = broken monkey patching leading to completely broken glance-api
Ben Nemec
openstack at nemebean.com
Fri May 18 14:43:21 UTC 2018
This is a known problem:
https://bugs.launchpad.net/oslo.service/+bug/1482633 There have been
some discussions on what to do about it but I don't think we have a
definite plan yet.
It also came up in the Python 3 support thread for some more context:
http://lists.openstack.org/pipermail/openstack-dev/2018-May/130274.html
On 05/18/2018 08:01 AM, Thomas Goirand wrote:
> Hi,
>
> It took me nearly a week to figure this out, as I'm not really an expert
> in Eventlet, OpenSSL and all, but now I've pin-pointed a big problem.
>
> My tests were around Glance, which I was trying to run over SSL and
> Eventlet, though it seems a general issue with SSL + Python 3.
>
> In the normal setup, when I do:
> openstack image list
>
> then I get:
> Unable to establish connection to https://127.0.0.1:9292/v2/images:
> ('Connection aborted.', OSError(0, 'Error'))
>
> (more detailed stack dump at the end of this message [1])
>
> Though, with Eventlet 0.20.0, if in
> /usr/lib/python3/dist-packages/eventlet/green/ssl.py line 352, I comment
> out set_nonblocking(newsock) in the accept() function of the
> GreenSSLSocket, then everything works.
>
> Note that:
> - This also happens with latest Eventlet 0.23.0
> - There's no problem without SSL
> - There's no commit on top of 0.23.0 relevant to the issue
>
> The issue has been reported here 2 years ago:
> https://github.com/eventlet/eventlet/issues/308
>
> it's marked with "importance-bug" and "need-contributor", but nobody did
> anything about it.
>
> I also tried running with libapache2-mod-wsgi-py3, but then I'm hitting
> another bug: https://bugs.launchpad.net/glance/+bug/1518431
>
> what's going on is that glanceclient spit out a 411 error complaining
> about content lenght. That issue is seen *only* when using Apache and
> mod_wsgi.
>
> So, I'm left with no solution here: Glance never works over SSL and
> Python 3. Something's really wrong should be fixed. Please help!
>
> This also pinpoints something: our CI is *not* covering the SSL case, or
> mod_wsgi, when really, it should. We should be having tests with:
> - mod_wsgi
> - eventlet
> - uwsgi
> and all of the above with and without SSL, plus Python 2 and 3, plus
> with file or swift backend. That's 24 possibility of problems, which we
> should IMO all cover. We don't need to run all tests, but maybe just
> make sure that at least the daemon works, which isn't the case at the
> moment for most of these use cases. The only setup that works are:
> - eventlet with or without SSL, using Python 2
> - eventlet without SSL with Python 3
> - apache with or without SSL without swift backend
>
> As much as I understand, we're only testing with eventlet with Python 2
> and 3 without SSL and file backend. That's 2 setups out of 24... Can
> someone works on fixing this?
>
> Cheers,
>
> Thomas Goirand (zigo)
>
> [1]
>
> Unable to establish connection to https://127.0.0.1:9292/v2/images:
> ('Connection aborted.', OSError(0, 'Error'))
> Traceback (most recent call last):
> File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 601, in urlopen
> chunked=chunked)
> File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 346, in _make_request
> self._validate_conn(conn)
> File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 852, in _validate_conn
> conn.connect()
> File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326,
> in connect
> ssl_context=context)
> File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 329,
> in ssl_wrap_socket
> return context.wrap_socket(sock, server_hostname=server_hostname)
> File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket
> _context=self)
> File "/usr/lib/python3.5/ssl.py", line 760, in __init__
> self.do_handshake()
> File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake
> self._sslobj.do_handshake()
> File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake
> self._sslobj.do_handshake()
> OSError: [Errno 0] Error
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list