Univention Bugzilla – Full Text Bug Listing |
Summary: | connections not closed when 2.4 certificate expired | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Virtualization - UVMM | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | ||
Version: | UCS 3.1 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=33458 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Troubleshooting | |
Max CVSS v3 score: | |||
Bug Depends on: | 31371 | ||
Bug Blocks: |
Description
Philipp Hahn
2013-05-15 22:30:10 CEST
Some candidate patches from GIT to src/rpc/virnetclient.c: * e5a1bee07a1a50c1b9819c2ee805294e2affdc80 Ensure client is marked for close in all error paths Looks most promising. * 0f7f4b160b3a568789817ff3e9c1196877cc4fbb Add callback to virNetClient to be invoked on connection close That looks promising, since in this error the TLS socket is not closed properly. I think that patch mostly adds infrastructure, which is not used. * e10e1969d51f07cc2a5d47a59506c73461423ad9 Turn virNetTLSContext and virNetTLSSession into virObject instances There was a big rewrite in libvirt, which introduced a scheme for reference counting. Backporting that to 0.9.12 would require much work; I'd recomment an update of libvirt instead. FYI: /etc/libvirt/libvirtd.conf → max_clients = 20 limits the number of connections to 20, so after one night UVMM only had 15 connections open. For our customer with lots of broken servers, that became too much: 20 expired servers * 15 connections = 300 open TCP connections + twice that much PIPEs for libvirt internal usage + regular files > 750 max open files As UCS-2.4 is out-of-maintenance, the first part is resolved. The second part was resolved in UVMMd with Bug #33458, were the event loop implementation was switched from the broken plain-Python-variant to fixed C-variant. *** This bug has been marked as a duplicate of bug 33458 *** |