[openstack-dev] [all] Eventlet + SSL + Python 3 = broken monkey patching leading to completely broken glance-api

Ben Nemec openstack at nemebean.com
Fri May 18 14:43:21 UTC 2018


This is a known problem: 
https://bugs.launchpad.net/oslo.service/+bug/1482633  There have been 
some discussions on what to do about it but I don't think we have a 
definite plan yet.

It also came up in the Python 3 support thread for some more context: 
http://lists.openstack.org/pipermail/openstack-dev/2018-May/130274.html

On 05/18/2018 08:01 AM, Thomas Goirand wrote:
> Hi,
> 
> It took me nearly a week to figure this out, as I'm not really an expert
> in Eventlet, OpenSSL and all, but now I've pin-pointed a big problem.
> 
> My tests were around Glance, which I was trying to run over SSL and
> Eventlet, though it seems a general issue with SSL + Python 3.
> 
> In the normal setup, when I do:
> openstack image list
> 
> then I get:
> Unable to establish connection to https://127.0.0.1:9292/v2/images:
> ('Connection aborted.', OSError(0, 'Error'))
> 
> (more detailed stack dump at the end of this message [1])
> 
> Though, with Eventlet 0.20.0, if in
> /usr/lib/python3/dist-packages/eventlet/green/ssl.py line 352, I comment
> out set_nonblocking(newsock) in the accept() function of the
> GreenSSLSocket, then everything works.
> 
> Note that:
> - This also happens with latest Eventlet 0.23.0
> - There's no problem without SSL
> - There's no commit on top of 0.23.0 relevant to the issue
> 
> The issue has been reported here 2 years ago:
> https://github.com/eventlet/eventlet/issues/308
> 
> it's marked with "importance-bug" and "need-contributor", but nobody did
> anything about it.
> 
> I also tried running with libapache2-mod-wsgi-py3, but then I'm hitting
> another bug: https://bugs.launchpad.net/glance/+bug/1518431
> 
> what's going on is that glanceclient spit out a 411 error complaining
> about content lenght. That issue is seen *only* when using Apache and
> mod_wsgi.
> 
> So, I'm left with no solution here: Glance never works over SSL and
> Python 3. Something's really wrong should be fixed. Please help!
> 
> This also pinpoints something: our CI is *not* covering the SSL case, or
> mod_wsgi, when really, it should. We should be having tests with:
> - mod_wsgi
> - eventlet
> - uwsgi
> and all of the above with and without SSL, plus Python 2 and 3, plus
> with file or swift backend. That's 24 possibility of problems, which we
> should IMO all cover. We don't need to run all tests, but maybe just
> make sure that at least the daemon works, which isn't the case at the
> moment for most of these use cases. The only setup that works are:
> - eventlet with or without SSL, using Python 2
> - eventlet without SSL with Python 3
> - apache with or without SSL without swift backend
> 
> As much as I understand, we're only testing with eventlet with Python 2
> and 3 without SSL and file backend. That's 2 setups out of 24... Can
> someone works on fixing this?
> 
> Cheers,
> 
> Thomas Goirand (zigo)
> 
> [1]
> 
> Unable to establish connection to https://127.0.0.1:9292/v2/images:
> ('Connection aborted.', OSError(0, 'Error'))
> Traceback (most recent call last):
>    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 601, in urlopen
>      chunked=chunked)
>    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 346, in _make_request
>      self._validate_conn(conn)
>    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line
> 852, in _validate_conn
>      conn.connect()
>    File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326,
> in connect
>      ssl_context=context)
>    File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 329,
> in ssl_wrap_socket
>      return context.wrap_socket(sock, server_hostname=server_hostname)
>    File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket
>      _context=self)
>    File "/usr/lib/python3.5/ssl.py", line 760, in __init__
>      self.do_handshake()
>    File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake
>      self._sslobj.do_handshake()
>    File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake
>      self._sslobj.do_handshake()
> OSError: [Errno 0] Error
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list