Hi, It took me nearly a week to figure this out, as I'm not really an expert in Eventlet, OpenSSL and all, but now I've pin-pointed a big problem.
My tests were around Glance, which I was trying to run over SSL and Eventlet, though it seems a general issue with SSL + Python 3. In the normal setup, when I do: openstack image list then I get: Unable to establish connection to https://127.0.0.1:9292/v2/images: ('Connection aborted.', OSError(0, 'Error')) (more detailed stack dump at the end of this message [1]) Though, with Eventlet 0.20.0, if in /usr/lib/python3/dist-packages/eventlet/green/ssl.py line 352, I comment out set_nonblocking(newsock) in the accept() function of the GreenSSLSocket, then everything works. Note that: - This also happens with latest Eventlet 0.23.0 - There's no problem without SSL - There's no commit on top of 0.23.0 relevant to the issue The issue has been reported here 2 years ago: https://github.com/eventlet/eventlet/issues/308 it's marked with "importance-bug" and "need-contributor", but nobody did anything about it. I also tried running with libapache2-mod-wsgi-py3, but then I'm hitting another bug: https://bugs.launchpad.net/glance/+bug/1518431 what's going on is that glanceclient spit out a 411 error complaining about content lenght. That issue is seen *only* when using Apache and mod_wsgi. So, I'm left with no solution here: Glance never works over SSL and Python 3. Something's really wrong should be fixed. Please help! This also pinpoints something: our CI is *not* covering the SSL case, or mod_wsgi, when really, it should. We should be having tests with: - mod_wsgi - eventlet - uwsgi and all of the above with and without SSL, plus Python 2 and 3, plus with file or swift backend. That's 24 possibility of problems, which we should IMO all cover. We don't need to run all tests, but maybe just make sure that at least the daemon works, which isn't the case at the moment for most of these use cases. The only setup that works are: - eventlet with or without SSL, using Python 2 - eventlet without SSL with Python 3 - apache with or without SSL without swift backend As much as I understand, we're only testing with eventlet with Python 2 and 3 without SSL and file backend. That's 2 setups out of 24... Can someone works on fixing this? Cheers, Thomas Goirand (zigo) [1] Unable to establish connection to https://127.0.0.1:9292/v2/images: ('Connection aborted.', OSError(0, 'Error')) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen chunked=chunked) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect ssl_context=context) File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.5/ssl.py", line 385, in wrap_socket _context=self) File "/usr/lib/python3.5/ssl.py", line 760, in __init__ self.do_handshake() File "/usr/lib/python3.5/ssl.py", line 996, in do_handshake self._sslobj.do_handshake() File "/usr/lib/python3.5/ssl.py", line 641, in do_handshake self._sslobj.do_handshake() OSError: [Errno 0] Error __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev