New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alternator's health-check request doesn't work properly with HTTPS #8691
Comments
This is most likely a recent regression - the test |
Bisection shows that the offending commit is f41dac2 (by me):
This is a new commit, which did not reach 4.4 or earlier, but the fix will need to be backported to 4.5. |
It turns out that two Seastar bugs conspire to create this problem (@wmitros who's the expert in that new Seastar code):
Note that although we can circumvent both Seastar bugs in Scylla by simply using |
I analyzed the two issues listed above and opened two Seastar issues scylladb/seastar#907 and scylladb/seastar#906 respectively. Note that although fixing scylladb/seastar#906 will solve this issue, fixing that issue alone is not enough. The test will start working, but we won't notice that the connection got closed without reason. To fix that remaining problem we must either fix scylladb/seastar#907 or do a fix in Scylla: Scylla can do a If we do this workaround in Scylla, fixing the two Seastar issues will be good, but not necessary for solving this bug. HOWEVER, this is one extra complication - one of the tests, |
I sent a patch to the Seastar mailing list, titled "httpd: allow handler to not read an empty content", fixing Seastar issue 907 and making all the broken HTTPS tests involving empty request bodies to work again. |
Starting in commit 4fa0e4b, an HTTP handler can read a request's body using an input stream instead of as a string. If the handler does not read the entire request body, the client can not send any further requests on this socket, so the server needs to close it. Conversely, if the handler *did* read the content, the server may keep the socket open. To check whether the handler read the content we checked the content stream's eof() state. However, this may only become true after a read() noticed the content has reached its end (specified by content-length or chunked encoding). But one interesting case we missed is a simple handler which assumes an empty request body, and doesn't bother to read it at all. In this case, even though the request is empty, and the handler didn't miss any content by not reading it, we close the connection. The solution in this patch is to replace the check for eof() by an attempt to read() from the content stream. In the typical case the handler either read the entire content or there was nothing to read in the first place, so this read() will return nothing immediately - and we allow reusing the connection. If anything is returned by the read(), it is ignored, and the connection is closed (we may still not read the entire content). Fixes #907 Refs scylladb/scylladb#8691 Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20210523184038.425954-1-nyh@scylladb.com>
I confirmed that the Alternator tests with HTTPS work on master now. Thanks @avikivity for the commits. |
Starting in commit 4fa0e4b, an HTTP handler can read a request's body using an input stream instead of as a string. If the handler does not read the entire request body, the client can not send any further requests on this socket, so the server needs to close it. Conversely, if the handler *did* read the content, the server may keep the socket open. To check whether the handler read the content we checked the content stream's eof() state. However, this may only become true after a read() noticed the content has reached its end (specified by content-length or chunked encoding). But one interesting case we missed is a simple handler which assumes an empty request body, and doesn't bother to read it at all. In this case, even though the request is empty, and the handler didn't miss any content by not reading it, we close the connection. The solution in this patch is to replace the check for eof() by an attempt to read() from the content stream. In the typical case the handler either read the entire content or there was nothing to read in the first place, so this read() will return nothing immediately - and we allow reusing the connection. If anything is returned by the read(), it is ignored, and the connection is closed (we may still not read the entire content). Fixes #907 Refs scylladb/scylladb#8691 Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20210523184038.425954-1-nyh@scylladb.com> (cherry picked from commit f0f28d0)
* seastar dadd299e7d...dab10ba6ad (1): > httpd: allow handler to not read an empty content Fixes #8691.
Backported to 4.5. |
Thanks @avikivity ! |
When Alternator is configured to listen to HTTPS, the health-check service should work with HTTPS as well. This works in Amazon DynamoDB:
We have a unit test for this, but to run the test in HTTPS mode we need to do it explicitly, and we don't do it in Jenkins, so this appears to be a regression:
test/alternator/run --https test_health.py
now fails. When running all tests on https (test/alternator/run --https
), most pass, but we have alltest_health.py
tests fail, and alsotest_cors.py
tests fail andtest_scylla.py
. We need to fix all of those!Also noticed by @bhalevy in dtests: https://github.com/scylladb/scylla-dtest/pull/2138.
The text was updated successfully, but these errors were encountered: