ssl issue systemd-journal-remote and libmicrohttpd #927

kayrus · 2015-10-15T15:40:57Z

libmicrohttpd 0.9.44 (yes, I've compiled latest lib with debug messages just to be sure it is not fixed in latest release) fails on huge amount of data when HTTPS is enabled. I've already filed a bug at libmicrohttpd bugtracker: https://gnunet.org/bugs/view.php?id=4007

Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Opened output file /var/log/journal/remote/remote-coreos1.journal
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Creating source for passive fd:9 (coreos1)
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Added RemoteSource as connection metadata 0x56278f394b20
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Queing response 202: OK.
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: microhttpd: Not enough memory for write!
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: microhttpd: Closing connection (failed to create response header)
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Cleaning up connection metadata 0x56278f394b20
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Writer ref count 1
Oct 15 15:25:24 coreos1 systemd-journal-remote[13614]: Closing journal file /var/log/journal/remote/remote-coreos1.journal.

The text was updated successfully, but these errors were encountered:

kayrus · 2015-10-18T16:22:36Z

libmicrohttpd developers has answered that it is not lib issue. have to debug systemd-journal-remote here.

btw, there are other issues with systemd-journal-remote systemd/systemd#1387 systemd/systemd#1386

Introduce a new option --mhd-conn-memory-limit of systemd-journal-remote to allow users to set maximum amount of memory per HTTP(S) connection. e.g.: # systemd-journal-remote --mhd-conn-memory-limit 65536 ... Its equivalent option can be also set in /etc/systemd/journal-remote.conf, as MhdConnMemoryLimit, which defaults to 65536. This way systemd-journal-remote can now prevent microhttpd from failing in creating response headers with messages like "Not enough memory for write", especially when lots of HTTPS requests arrive. That's precisely because MHD_OPTION_CONNECTION_MEMORY_LIMIT in libmicrohttpd defaults to 32768, which is in practice insufficient in this case. See also https://gnunet.org/bugs/view.php?id=4007 for more details. Fixes: coreos/bugs#927

…with HTTPS Explicitly set MHD_OPTION_CONNECTION_MEMORY_LIMIT to a larger value, when setting up microhttpd, to give more memory per HTTP(S) connection. This way systemd-journal-remote can now prevent microhttpd from failing in creating response headers with messages like "Not enough memory for write", especially when lots of HTTPS requests arrive. That's precisely because MHD_OPTION_CONNECTION_MEMORY_LIMIT in libmicrohttpd defaults to 32768, which is in practice insufficient in this case. See also https://gnunet.org/bugs/view.php?id=4007 for more details. Fixes: coreos/bugs#927

dongsupark · 2015-10-30T15:02:49Z

Hopefully it's fixed by systemd/systemd#1729, merged into systemd:master.

…with HTTPS Explicitly set MHD_OPTION_CONNECTION_MEMORY_LIMIT to a larger value, when setting up microhttpd, to give more memory per HTTP(S) connection. This way systemd-journal-remote can now prevent microhttpd from failing in creating response headers with messages like "Not enough memory for write", especially when lots of HTTPS requests arrive. That's precisely because MHD_OPTION_CONNECTION_MEMORY_LIMIT in libmicrohttpd defaults to 32768, which is in practice insufficient in this case. See also https://gnunet.org/bugs/view.php?id=4007 for more details. Fixes: coreos/bugs#927

mischief · 2015-12-14T23:28:09Z

@dongsupark backported your fix into coreos. @kayrus this should be solved now.

kayrus · 2015-12-15T10:22:04Z

There is another ticket: systemd/systemd#1766 + #962

Just for the history.

This was referenced Oct 15, 2015

Enabled epoll for libmicrohttpd and systemd-journal-remote coreos/coreos-overlay#1587

Merged

systemd: make systemd-journal-upload and systemd-journal-remote work #919

Closed

crawford added kind/bug component/systemd labels Oct 15, 2015

crawford added the team/os label Oct 19, 2015

dongsupark mentioned this issue Oct 21, 2015

journal-remote: introduce new option mhd-conn-memory-limit systemd/systemd#1634

Closed

crawford added the priority/P1 label Oct 22, 2015

dongsupark mentioned this issue Oct 28, 2015

journal-remote: increase memory limit per connection to avoid errors … systemd/systemd#1704

Closed

dongsupark mentioned this issue Oct 30, 2015

journal-remote: increase memory limit per connection to avoid errors … systemd/systemd#1729

Merged

alban closed this as completed in alban/systemd@5e3efcc Dec 4, 2015

crawford reopened this Dec 4, 2015

mischief self-assigned this Dec 14, 2015

mischief mentioned this issue Dec 14, 2015

journal-remote: increase memory limit per connection to avoid errors … coreos/systemd#29

Merged

mischief added this to the CoreOS 898.0.0 milestone Dec 14, 2015

mischief mentioned this issue Dec 14, 2015

sys-apps/systemd: include systemd-journal-remote memory limit fix coreos/coreos-overlay#1692

Merged

mischief closed this as completed in coreos/coreos-overlay#1692 Dec 14, 2015

mischief removed their assignment Dec 15, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ssl issue systemd-journal-remote and libmicrohttpd #927

ssl issue systemd-journal-remote and libmicrohttpd #927

kayrus commented Oct 15, 2015

kayrus commented Oct 18, 2015

dongsupark commented Oct 30, 2015

mischief commented Dec 14, 2015

kayrus commented Dec 15, 2015

ssl issue systemd-journal-remote and libmicrohttpd #927

ssl issue systemd-journal-remote and libmicrohttpd #927

Comments

kayrus commented Oct 15, 2015

kayrus commented Oct 18, 2015

dongsupark commented Oct 30, 2015

mischief commented Dec 14, 2015

kayrus commented Dec 15, 2015