Bug 35760 - AppCenter(Updater) missing timeout handling
AppCenter(Updater) missing timeout handling
Status: NEW
Product: UCS Test
Classification: Unclassified
Component: App Center
unspecified
Other Linux
: P5 normal (vote)
: ---
Assigned To: App Center maintainers
http://tools.ietf.org/html/rfc2616#se...
:
Depends on: 32935
Blocks:
  Show dependency treegraph
 
Reported: 2014-09-01 11:18 CEST by Philipp Hahn
Modified: 2016-10-21 18:50 CEST (History)
8 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-09-01 11:18:38 CEST
+++ This bug was initially created as a clone of Bug #32935 comment 8 +++
I'd suggest to specify HTTPSConnection(..., timeout=60)  # seconds
to prevent infinite downloads.

The Jenkins test is now stalled for 1½ day, probably doing a "python-apt.update()" or "python-apt.install()" from /usr/share/ucs-test/20_appcenter/20_can_apps_be_installed:
# ps xfu
root     19725  0.0  1.3 368284 51056 ?        Sl   Aug30   0:24  |           \_ /usr/bin/python 20_can_apps_be_inst
root     21030  0.0  0.2  36136  9244 ?        S    Aug30   0:00  |               \_ /usr/bin/python

# stat -c %z /proc/21030
2014-08-30 19:45:03.652000000 -0400
# lsof -p 21030
python  21030 root  cwd    DIR  202,1     4096 424431 /usr/share/ucs-test/20_appcenter
python  21030 root    3u  IPv4 266637      0t0    TCP backup092.autotest092.local:40019->download2.software-univention.de:www (ESTABLISHED)

# gdb -p 21030
...
/usr/lib/pymodules/python2.6/univention/updater/tools.py:437
  res = UCSHttpServer.opener.open(req)

Perhaps <https://docs.python.org/2.6/library/signal.html#signal.alarm> should be used to setup a global timeout to prevent infinite hangs?
Comment 1 Philipp Hahn univentionstaff 2014-09-01 11:35:43 CEST
Two occurrences:
1st was on S3,backup
2nd is on s4,backup
Comment 2 Philipp Hahn univentionstaff 2014-09-01 11:46:53 CEST
A new http connection to our downloadserver stalls from the VM:

# host updates.software-univention.de
updates.software-univention.de has address 176.9.114.147
updates.software-univention.de has IPv6 address 2a01:4f8:151:6489::2

# telnet 176.9.114.147 80
Trying 176.9.114.147...
GET /

After a very long time (~2 min) an answer arrived, but this is the / directory and not the APT repository:
<HTML>
<HEAD>
<TITLE>Directory /</TITLE>
<BASE HREF="file:/">
</HEAD>
<BODY>
<H1>Directory listing of /</H1>
<UL>
<LI><A HREF="./">./</A>
<LI><A HREF="../">../</A>
<LI><A HREF=".rnd">.rnd</A>
<LI><A HREF="bin/">bin/</A>
<LI><A HREF="boot/">boot/</A>
<LI><A HREF="cdrom/">cdrom/</A>
<LI><A HREF="dev/">dev/</A>
<LI><A HREF="etc/">etc/</A>
<LI><A HREF="floppy/">floppy/</A>
<LI><A HREF="home/">home/</A>
<LI><A HREF="initrd.img">initrd.img</A>
<LI><A HREF="initrd.img.install">initrd.img.install</A>
<LI><A HREF="initrd.img.old">initrd.img.old</A>
<LI><A HREF="lib/">lib/</A>
<LI><A HREF="lib32/">lib32/</A>
<LI><A HREF="lib64/">lib64/</A>
<LI><A HREF="lost%2Bfound/">lost+found/</A>
<LI><A HREF="media/">media/</A>
<LI><A HREF="mnt/">mnt/</A>
<LI><A HREF="opt/">opt/</A>
<LI><A HREF="proc/">proc/</A>
<LI><A HREF="root/">root/</A>
<LI><A HREF="sbin/">sbin/</A>
<LI><A HREF="selinux/">selinux/</A>
<LI><A HREF="srv/">srv/</A>
<LI><A HREF="sys/">sys/</A>
<LI><A HREF="tmp/">tmp/</A>
<LI><A HREF="usr/">usr/</A>
<LI><A HREF="var/">var/</A>
<LI><A HREF="vmlinuz">vmlinuz</A>
<LI><A HREF="vmlinuz.install">vmlinuz.install</A>
<LI><A HREF="vmlinuz.old">vmlinuz.old</A>
</UL>
</BODY>
</HTML>
Comment 3 Florian Best univentionstaff 2014-09-01 12:04:30 CEST
(In reply to Philipp Hahn from comment #2)
> A new http connection to our downloadserver stalls from the VM:
> 
> # host updates.software-univention.de
> updates.software-univention.de has address 176.9.114.147
> updates.software-univention.de has IPv6 address 2a01:4f8:151:6489::2
> 
> # telnet 176.9.114.147 80
> Trying 176.9.114.147...
> GET /

You missed the Host header in your HTTP request.
echo -en 'GET / HTTP/1.1\r\nHost: updates.software-univention.de\r\n\r\n' | nc 176.9.114.147 80
Comment 4 Philipp Hahn univentionstaff 2014-09-01 12:48:02 CEST
(In reply to Florian Best from comment #3)
> (In reply to Philipp Hahn from comment #2)
> You missed the Host header in your HTTP request.
> echo -en 'GET / HTTP/1.1\r\nHost: updates.software-univention.de\r\n\r\n' |
> nc 176.9.114.147 80

I also tries a HTTP/1.1 query, which is even stranger - notice the timeout message and the "GET ..." passed to my shell:

# telnet 176.9.114.147 80
Trying 176.9.114.147...
GET / HTTP/1.1
Host: updates.software-univention.de

telnet: connect to address 176.9.114.147: Connection timed out <---------------
# GET / HTTP/1.1 <--------------------------------
<HTML>
...
<H1>Directory listing of /</H1>
...
</HTML>
<html>
<head>
<title>Linkfehler</title>
<meta http-equiv="refresh" content="12; URL=http://portal.http.de/">
</head>
<body>

Sie sehen diese Seite weil Sie einem Link gefolgt sind der einen Fehler 
enth&#65533;lt. Der Link beinhaltetet ein "&lt;zeichenkette&gt;.http.de/&lt;zeichenkette&gt;"
mit der Folge das Sie unsere Domain http.de besuchen. Sie sind nat&#65533;rlich 
herzlich willkommen. Wir w&#65533;rden uns freuen, wenn Sie sich das folgende einmal ansehen: 
<hr>

<center>
<iframe src="http://portal.http.de/" width="100%" height="100%" name="Angbot">
  <p>Ihr Browser kann leider keine eingebetteten Frames anzeigen:
  Sie k&ouml;nnen die eingebettete Seite &uuml;ber den folgenden Verweis
  aufrufen: <a href="http://portal.http.de/">Link</a></p>
</iframe>
</center>
</body>
</html>

So either our download server is severely over-loaded or something is mitm our server.
Comment 5 Philipp Hahn univentionstaff 2014-09-01 14:59:47 CEST
(In reply to Philipp Hahn from comment #1)
> Two occurrences:
> 1st was on S3,backup
> 2nd is on s4,backup

3rd: s4,master
Comment 6 Stefan Gohmann univentionstaff 2015-06-25 06:53:23 CEST
This is only for the test case, right? I think it is not top priority because we do recognize these problems in Jenkins already. Florian, feel free to reset the target milestone to 4.0-x.
Comment 7 Florian Best univentionstaff 2015-06-26 10:52:31 CEST
(In reply to Stefan Gohmann from comment #6)
> This is only for the test case, right? I think it is not top priority
> because we do recognize these problems in Jenkins already. Florian, feel
> free to reset the target milestone to 4.0-x.
currently better, yes.