Hashar has submitted this change and it was merged.

Change subject: Do not import paramiko before daemonization
......................................................................


Do not import paramiko before daemonization

The zuul-server would hang when establishing a Gerrit ssh connection due
to Random.Crypto() failling to acquire random number from /dev/urandom.
It would block on read() and never process.

The root cause is the Zuul refactoring of Gerrit connections. The root
class of all zuul CLI imports zuul.lib.connections globally which
imports paramiko / Crypto.Random.

When the Server command line invokes the daemonization, python-daemon
close all file descriptors. Including /dev/urandom. Then the daemonized
establish the SSH connection and fail to get random number because
Random.Crypto() locks on read() on a closed file description.

See upstream issue:
https://github.com/paramiko/paramiko/issues/59

Stackoverflow answers by EarlCrapstone:
http://stackoverflow.com/questions/20636678/paramiko-inside-python-daemon-causes-ioerror

The fix is in Paramiko 1.11.6, which make it use os.urandom:
https://github.com/paramiko/paramiko/commit/6f211115f49edcea7d23b764d7cf3a84ff12f5f0

Move the zuul.lib.connections import to the method that relies on it:
ZuulApp.configure.connections().

Bug: T137525
Change-Id: Iea3288abfde6ff2b7339fae775ad5561009dc129
---
M zuul/cmd/__init__.py
1 file changed, 3 insertions(+), 2 deletions(-)

Approvals:
  Paladox: Looks good to me, but someone else must approve
  Hashar: Verified; Looks good to me, approved



diff --git a/zuul/cmd/__init__.py b/zuul/cmd/__init__.py
index 7ee7900..966d1f7 100644
--- a/zuul/cmd/__init__.py
+++ b/zuul/cmd/__init__.py
@@ -26,8 +26,6 @@
 
 yappi = extras.try_import('yappi')
 
-import zuul.lib.connections
-
 # Do not import modules that will pull in paramiko which must not be
 # imported until after the daemonization.
 # https://github.com/paramiko/paramiko/issues/59
@@ -91,5 +89,8 @@
             logging.basicConfig(level=logging.DEBUG)
 
     def configure_connections(self):
+        # See comment at top of file about zuul imports
+        import zuul.lib.connections
+
         self.connections = zuul.lib.connections.configure_connections(
             self.config)

-- 
To view, visit https://gerrit.wikimedia.org/r/299136
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iea3288abfde6ff2b7339fae775ad5561009dc129
Gerrit-PatchSet: 1
Gerrit-Project: integration/zuul
Gerrit-Branch: patch-queue/debian/precise-wikimedia
Gerrit-Owner: Hashar <has...@free.fr>
Gerrit-Reviewer: Hashar <has...@free.fr>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to