From d7898b6033030be3f6b206ac6875f1cd6e60a9a8 Mon Sep 17 00:00:00 2001 From: Martin Millnert Date: Wed, 23 Dec 2015 14:19:48 +0100 Subject: [PATCH] ssl_adapter.py: Properly fix order of imports A system running RDO Kilo (on EL 7) has the following two relevant packages installed: python-requests --> /usr/lib/python2.7/site-packages/requests python-urllib3 --> /usr/lib/python2.7/site-packages/urllib3 The SSL Adapter in contrail-controller/src/config/common/ssl_adapter.py gets installed as /usr/lib/python2.7/site-packages/cfgm_common/ssl_adapter.py . When using SSL against Keystone v3 from the contrail-api, that uses this code, on a system such as the above, there will be a class loader type bug, due to a incorrect order of imports in ssl_adapter.py. The intended ImportError doesn't happen, since the native urllib3 actually exists, which leads to a mixup of name space between the Pool Manager and the requests code, when executing. The proper fix is to reverse the order of the imports, and have the fallback become the base case. Any non-RDO system will trigger the ImportError, and load the module the regular way. And an RDO-based system works, as well. Change-Id: Iba275c3521b1cdde5595fa443b449fdd962286fb Closes-Bug: 1528851 --- src/config/common/ssl_adapter.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/config/common/ssl_adapter.py b/src/config/common/ssl_adapter.py index d6c2bc5effd..c44cb22bfa2 100644 --- a/src/config/common/ssl_adapter.py +++ b/src/config/common/ssl_adapter.py @@ -1,19 +1,25 @@ +""" HTTPS Transport Adapter for python-requests, that allows configuration of + SSL version""" # -*- coding: utf-8 -*- # vim: tabstop=4 shiftwidth=4 softtabstop=4 # @author: Sanju Abraham, Juniper Networks, OpenContrail from requests.adapters import HTTPAdapter try: - from urllib3.poolmanager import PoolManager -except ImportError: - # This is required for redhat7 as it does not have - # separate urllib3 package installed + # This is required for RDO, which installs both python-requests + # and python-urllib3, but symlinks python-request's internally packaged + # urllib3 to the site installed one. from requests.packages.urllib3.poolmanager import PoolManager -import ssl +except ImportError: + # Fallback to standard installation methods + from urllib3.poolmanager import PoolManager class SSLAdapter(HTTPAdapter): - '''An HTTPS Transport Adapter that can be configured with SSL/TLS version.''' + '''An HTTPS Transport Adapter that can be configured with SSL/TLS + version.''' + def __init__(self, ssl_version=None, **kwargs): self.ssl_version = ssl_version + self.poolmanager = None super(SSLAdapter, self).__init__(**kwargs)