tempest

The _get_ssh_connection in ssh.py retries to connect without a sleep

Bug #1180213 reported by Andrea Frittoli on 2013-05-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tempest	Fix Released	High	Andrea Frittoli	tempest havana-3

Bug Description

The code in _get_ssh_connection in ssh.py retries to connect without a sleep in case of socket error.

This can cause a SYN attack.
The retries shall be implemented as an exponential back-off.

    def _get_ssh_connection(self):
        """Returns an ssh connection to the specified host."""
        _timeout = True
(...)

        while not self._is_timed_out(self.timeout, _start_time):
            try:
                ssh.connect(self.host, username=self.username,
                            password=self.password,
                            look_for_keys=self.look_for_keys,
                            key_filename=self.key_filename,
                            timeout=self.timeout, pkey=self.pkey)
                _timeout = False
                break
            except socket.error:
                continue
            except paramiko.AuthenticationException:
                time.sleep(5)
                continue

Revision history for this message

Attila Fazekas (afazekas) wrote on 2013-05-15:

By just single tempest process probably we will not kill a system, but it cause a lot of unnecessary stress anyway.

Changed in tempest:
importance:	Undecided → High
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-15: Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/29285

Changed in tempest:
assignee:	nobody → Andrea Frittoli (andrea-frittoli)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-20: Fix merged to tempest (master)

Reviewed: https://review.openstack.org/29285
Committed: http://github.com/openstack/tempest/commit/334f1fdf581f1a77ac4ee3990997d9ddb550280c
Submitter: Jenkins
Branch: master

commit 334f1fdf581f1a77ac4ee3990997d9ddb550280c
Author: Andrea Frittoli <email address hidden>
Date: Wed May 15 06:57:43 2013 +0100

Add a sleep with back-off to retries

    The current implementation retries on socket error
    without a sleep, and on auth error with a fixed
    interval sleep. Replacing all with an exp backoff.
    Default sleep time set to 1.5, default backoff 1.01.

Fixes bug #1180213
Change-Id: I764f2aa4f2c0f8e04718d69b842a574db7aca936

Changed in tempest:
status:	In Progress → Fix Released

Sean Dague (sdague) on 2013-09-23

Changed in tempest:
milestone:	none → havana-3

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.