https://bugzilla.novell.com/show_bug.cgi?id=637481 https://bugzilla.novell.com/show_bug.cgi?id=637481#c0 Summary: ichain proxy: connections get stuck Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: All OS/Version: Linux Status: NEW Severity: Major Priority: P5 - None Component: Infrastructure AssignedTo: mrueckert@novell.com ReportedBy: jengelh@medozas.de QAContact: lrupp@novell.com Found By: Beta-Customer Blocker: --- I have my own BS instance at ares.medozas.de[134.76.83.5], running schedulers for four architectures, and ~8000 package links (osc linkpac'd) to the openSUSE: namespace. When the schedulers start up, they do a /getprojpack on the local bs_srcserver, which in turn contacts api.opensuse.org due to <remoteurl>ing. This creates four connections, handled by srcserver child processes that are visible with `rcobssrcserver status`. It may take 20–25 minutes for one scheduler to do a cold start. The problem now is that the iChain proxy or any other security hardware that secretly sits between the Novell perimeter and api.opensuse.org causes _all but one_ of the connections to get stuck after 5–10 minutes. Running strace -p on one or more of the PIDs as returned by `rcobssrcserver status` sits "read(4, ", which is the socket to 195.135.221.33:443. Only one bssrc subprocess does continue scanning the projects and have constantly flowing open/read output I am aware that there is a "silent period", but it would be _at the end_ of project scanning, which I can be certain is not reached yet once it gets stuck. Since these connections are open for more than 15 minutes in general, it may not seem far fetched that it looks like a Slowloris proceeding to the proxy (but you can't really blame me for that, can you?). If this were however the case, the proxy should close the connection (scheduler will automatically retry later), not sit on it and do nothing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.