Bug 1220864

Summary: Make sure SSL retries are done using the exact same data buffer
Product: Red Hat OpenStack Reporter: Jon Thomas <jthomas>
Component: python-eventletAssignee: Robbie Harwood <rharwood>
Status: CLOSED ERRATA QA Contact: Ofer Blaut <oblaut>
Severity: high Docs Contact:
Priority: medium    
Version: 5.0 (RHEL 6)CC: ebarrera, jraju, jschluet, lhh, lnatapov, nlevinki, nyechiel, rbiba, rharwood, yeylon
Target Milestone: z5Keywords: ZStream
Target Release: 5.0 (RHEL 6)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: python-eventlet-0.14.0-3.el7ost python-eventlet-0.14.0-3.el6 Doc Type: Bug Fix
Doc Text:
Prior to this update, eventlet behaved incorrectly around SSL retries. As a consequence, sporadic connection failures (for example, of API calls) occurred. To fix this problem, a patch has been added in which SSL retries use the same data buffer. As a result, SSL retries now work correctly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-10 11:45:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Thomas 2015-05-12 16:03:40 UTC 
2015-05-08 13:40:56.645 6348 INFO nova.osapi_compute.wsgi.server [req-a34b1736-9976-4ca4-be9e-2633f113ce22 epg-ost-admin fb055870f64a4242ae73a7da2693ec48] 10.95.82.22 "GET /v2/fb055870f64a4242ae73a7da2693ec48/se
rvers/detail?all_tenants=1&status=ERROR HTTP/1.1" status: 200 len: 187 time: 0.2828262
2015-05-08 13:41:09.783 6353 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): prod-epg-ostlb-vip.hi.inet
2015-05-08 13:41:10.402 6353 INFO nova.osapi_compute.wsgi.server [req-1ac51877-0ed5-457d-b374-2939b33206a6 iot jenkins ost 6ca88644f0664199b8ab263e045b220c] Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 406, in handle_one_response
    write(''.join(towrite))
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 354, in write
    _writelines(towrite)
  File "/usr/lib64/python2.6/socket.py", line 334, in writelines
    self.flush()
  File "/usr/lib64/python2.6/socket.py", line 303, in flush
    self._sock.sendall(buffer(data, write_offset, buffer_size))
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 131, in sendall
    v = self.send(data[count:])
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 107, in send
    super(GreenSSLSocket, self).send, data, flags)
  File "/usr/lib/python2.6/site-packages/eventlet/green/ssl.py", line 77, in _call_trampolining
    return func(*a, **kw)
  File "/usr/lib64/python2.6/ssl.py", line 174, in send
    v = self._sslobj.write(data)
SSLError: [Errno 1] _ssl.c:1276: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry

workaround discussion
http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr


fixed:

https://github.com/eventlet/eventlet/commit/8b3ce03cbb5e7695fd4878ef7ae54db1814a9500
Comment 3 Jon Thomas 2015-05-12 16:20:49 UTC 
Also reported is that when this occurs, api calls fail.
Comment 11 Robbie Harwood 2015-07-21 15:43:04 UTC 
Apologies; please use this version instead.
Comment 17 errata-xmlrpc 2015-09-10 11:45:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1763.html