Sam Morrison wrote:
> We updated our control infrastructure to the latest Ubuntu Xenial Kernel
> (4.4.0-109) which includes the meltdown fixes.
>
> We have found this kernel to have issues with SSL connections with python and
> have since downgraded. We get errors like:
>
> SSLError: SSL except
We have an F5 doing all the SSL in front of our API servers.
SSL-Session:
Protocol : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
The majority of the requests that were failing was a glance request
/v2/images?limit=20 (around 25% of requests which is around 1-2 a second)
Glance is on
We upgraded our control plane to 4.4.0-109 + intel-microcode
3.20180108.0~ubuntu16.04.2 several days ago, and are about 1/2 of the
way thru upgrading our compute hosts with these changes. We use Ocata
for all services, and no issue like this has been observed yet on our
env. Control hosts are E5-26
Hello Sam, thank you for sharing this information.
Could you please provide more information related to your specific setup.
How is Keystone API endpoint TLS terminated in your setup?
AFAIK in our OpenStack labs we haven't observed anything like this although
we terminate TLS on Nginx or HAProxy.
Hi All,
We updated our control infrastructure to the latest Ubuntu Xenial Kernel
(4.4.0-109) which includes the meltdown fixes.
We have found this kernel to have issues with SSL connections with python and
have since downgraded. We get errors like:
SSLError: SSL exception connecting to
https: