Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5691

SSL downgrade support will leak sockets in CLOSE_WAIT status

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0
    • 0.28.3, 1.0.0
    • libprocess

    Description

      Repro steps:
      1) Start a master:

      bin/mesos-master.sh --work_dir=/tmp/master
      

      2) Start an agent with SSL and downgrade enabled:

      # Taken from http://mesos.apache.org/documentation/latest/ssl/
      openssl genrsa -des3 -f4 -passout pass:some_password -out key.pem 4096
      openssl req -new -x509 -passin pass:some_password -days 365 -key key.pem -out cert.pem
      
      SSL_KEY_FILE=key.pem SSL_CERT_FILE=cert.pem SSL_ENABLED=true SSL_SUPPORT_DOWNGRADE=true sudo -E bin/mesos-agent.sh --master=localhost:5050 --work_dir=/tmp/agent
      

      3) Start a framework that launches lots of executors, one after another:

      sudo src/balloon-framework --master=localhost:5050 --task_memory=64mb --task_memory_usage_limit=256mb --long_running
      

      4) Check FDs, repeatedly

      sudo lsof -i | grep mesos | grep CLOSE_WAIT | wc -l
      

      The number of sockets in CLOSE_WAIT will increase linearly with the number of launched executors.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            kaysoky Joseph Wu
            kaysoky Joseph Wu
            Benjamin Mahler Benjamin Mahler
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Agile

                Completed Sprint:
                Mesosphere Sprint 37 ended 27/Jun/16
                View on Board

                Slack

                  Issue deployment