Bug 1066683

Summary: OpenSSL.SSL.SysCallError: (9, 'Bad file descriptor')
Product: [Fedora] Fedora Reporter: Pete Zaitcev <zaitcev>
Component: python-swiftclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: apevec, jruzicka, p, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-swiftclient-2.0.2-1.fc20 Doc Type: Bug Fix
Doc Text:
Cause: A bug in swiftclient. Consequence: `swift list` errored with a traceback. Fix: Rebase swiftclient to upstream 2.0.2 which includes fix. Result: `swift list` and other swiftclient commands work.
 Story Points: ---
Clone Of:
: 1067133 (view as bug list) Environment:
Last Closed: 2014-03-21 09:33:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1067133    

Description Pete Zaitcev 2014-02-18 21:57:36 UTC 
Description of problem:

After the fix for CVE-2013-6396 in bug 1031653, "swift list foo"
started tracebacking with EBADF.

Version-Release number of selected component (if applicable):

python-swiftclient-1.8.0-1.fc20

How reproducible:

Appears always

Steps to Reproduce:
1. Find an OpenStack cloud with Object storage, set up OS_AUTHURL etc.
2. swift post foo
3. swift list foo  ---> tracebacks in the end

Actual results:

Traceback (see below)

Expected results:

Working

Additional info:

[zaitcev@guren python-swiftclient-fetch]$ swift (redacted) --insecure list
container
public
testcont
Traceback (most recent call last):
  File "/usr/bin/swift", line 1445, in <module>
    globals()['st_%s' % args[0]](parser, argv[1:], thread_manager)
  File "/usr/bin/swift", line 541, in st_list
    conn.get_account(marker=marker, prefix=options.prefix)[1]
  File "/usr/lib/python2.7/site-packages/swiftclient/client.py", line 1154, in get_account
    full_listing=full_listing)
  File "/usr/lib/python2.7/site-packages/swiftclient/client.py", line 1108, in _retry
    rv = func(self.url, self.token, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/swiftclient/client.py", line 376, in get_account
    conn.request(method, full_path, '', headers)
  File "/usr/lib/python2.7/site-packages/swiftclient/client.py", line 165, in request_escaped
    func(method, url, body=body, headers=headers or {})
  File "/usr/lib64/python2.7/httplib.py", line 973, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.7/httplib.py", line 1007, in _send_request
    self.endheaders(body)
  File "/usr/lib64/python2.7/httplib.py", line 969, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 829, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 805, in send
    self.sock.sendall(data)
OpenSSL.SSL.SysCallError: (9, 'Bad file descriptor')
[zaitcev@guren python-swiftclient-fetch]$ 

I fixed it up temporarily in Rawhide's python-swiftclient-1.8.0-2.fc21,
using the upstream review https://review.openstack.org/33473 .
We used its itermediate iteration to fix the CVE, and I picked fixes
made since our release.

Note that review 33473 is abandoned in favour of review
https://review.openstack.org/69187 , which is merged now. However,
that one had its own issues cropped up. They are being resolved,
but I'm not 100% confident. It may be better to make my fix-ups
official for now. I'll leave the determination to Jakub. Strategically
it's probably better to follow upstream.
Comment 1 Pete Zaitcev 2014-02-19 18:33:26 UTC 
I have verified that python-swiftclient 2.0.2 includes fixes for the
following 3 issues encountered since the move to python-requests:
 - Glance failing due to object length not set correctly
 - Plumbing for --insecure not complete for auth v1
 - Objects read into memory on upload

There aren't any known issues with 2.0.2 (using Requests), except
that we know that Requests blows 100-continue and thus wastes
cycles transferring object bodies in case of an error on PUT.
Comment 3 Jakub Ruzicka 2014-02-19 21:15:59 UTC 
After a discussion with Pete, we decided to update to latest upstream 2.0.2 which includes switch to python-requests which is already used by other client libraries. Changes introduced after 1.8.0 seem less significant then introduction of backward incompatible --insecure in 1.8.0 update.
Comment 4 Jakub Ruzicka 2014-02-24 16:43:03 UTC 
I pushed rebased 2.0.2 to RDO Havana.
Comment 5 Fedora Update System 2014-02-24 16:44:06 UTC 
python-swiftclient-2.0.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/python-swiftclient-2.0.2-1.fc20
Comment 6 Fedora Update System 2014-02-25 07:53:53 UTC 
Package python-swiftclient-2.0.2-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing python-swiftclient-2.0.2-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-3054/python-swiftclient-2.0.2-1.fc20
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2014-03-21 09:33:57 UTC 
python-swiftclient-2.0.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.