#8445 Provide newer versions of python-kerberos and python-requests-kerberos in epel7-infra-stg
Opened 4 months ago by mprahl. Modified a month ago

Describe what you would like us to do:

In MBS, we often encounter a "too many open files" error due to a file descriptor leak (e.g. #7652). In recent months, we've discovered two leaks in the internal MBS instance that contributed to this issue. One of which was https://pagure.io/koji/issue/1652. The fix for that was deployed within the last couple of weeks in Fedora. That was the worst of the two leaks.

The other leak relates to python-krbv leaking several file descriptors relating to the Kerberos replay cache. For example, lsof -a -p <pid> on the MBS backend shows several entries in the format of "/var/tmp/krb5_RC* (deleted)". python-krbv is used when performing Kerberos authentication with Brew.

In the internal MBS stage instance, we updated python-requests-kerberos to an internal build of v0.10.0 and python-kerberos to an internal build of v1.2.5. This causes the Kerberos authentication with Brew to use the newer "GSSAPI login". We've been meaning to do this anyways so that MBS can be fully Python 3 compliant since python-krbv is not supported on Python 3. Since this change, the leak has not reappeared.

Could the Fedora Infrastructure team please provide newer builds of python-kerberos and python-requests-kerberos in epel7-infra-stg so that MBS in stage can install them to get rid of this file descriptor leak? If it helps, I can attach the SRPMs used for those builds internally.

After testing in stage, we can do the same in production.

When do you need this to be done by? (YYYY/MM/DD)

No particular date, but doing this soon is appreciated.

Please let us know which versions of these packages were used (and src.rpm etc if possible). This will help make sure we don't add more misery.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: mbs

4 months ago

Metadata Update from @smooge:
- Issue assigned to smooge

4 months ago

I got sidelined before my PTO with some 'important projects'. I hope to look at this when I get back next week from my parents.

Thanks @smooge! If possible, it'd be nice to have this done by January 10th. No rush on this though.

Hi @smooge, do you think you'll be able to get to this soon?

Metadata Update from @mohanboddu:
- Issue assigned to mohanboddu (was: smooge)

a month ago

Login to comment on this ticket.