starlingx/utilities
Code Issues Proposed changes

Improve cephclient's SSL error handling

Browse Source 
When making requests to the Ceph client API, the SSL error
'CERTIFICATE_VERIFY_FAILED' causes the client to invoke an unnecessary
_get_service_url method.

This change adds specific handling for requests.exceptions.SSLError. If
the error is related to certificate verification failure
(CERTIFICATE_VERIFY_FAILED), the client will only refresh the session.
For other SSL errors, the client will keep the previous behavior.

Test Plan:
1. Scenarios with a Valid Certificate:
  - PASS: Valid restful URL. Expect 'Ceph Storage Healthy: [OK]' in
          'system health-query-kube-upgrade' cmd. No errors should be
          logged.
  - PASS: Invalid restful URL. Expect 'Ceph Storage Healthy: [Fail]' in
          'system health-query-kube-upgrade' cmd. A "Response Error"
          must be logged.
  - PASS: Empty restful URL. Expect 'Ceph Storage Healthy: [Fail]' in
          'system health-query-kube-upgrade' cmd. A "Response Error"
          must be logged.

2. Scenarios with an Invalid Certificate:
  - PASS: Valid restful URL. Expect 'Ceph Storage Healthy: [OK]' in
          'system health-query-kube-upgrade' cmd. A "Response SSL Error"
          must be logged.
  - PASS: Invalid restful URL. Expect 'Ceph Storage Healthy: [Fail]' in
          'system health-query-kube-upgrade' cmd. A "Response Error"
          must be logged.
  - PASS: Empty restful URL. Expect 'Ceph Storage Healthy: [Fail]' in
          'system health-query-kube-upgrade' cmd. A "Response Error"
          must be logged.

NOTE: All tests were performend on SX, DX and Standard environments

Partial-bug: 2125192

Depends-On: https://review.opendev.org/c/starlingx/config/+/961693

Change-Id: Id3cdb934228791194b594e059cb0014ae2bb0c9e
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
This commit is contained in:
Gustavo Ornaghi Antunes
2025-09-18 12:13:34 -03:00
parent 6438dc0017
commit 2c03790059
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ceph/python-cephclient/python-cephclient/cephclient/client.py
View File

@@ -250,6 +250,16 @@ class CephClient(object):
'and retry.'.format(self.username))
self._get_password()
self._refresh_session()
except requests.exceptions.SSLError as e:
if "CERTIFICATE_VERIFY_FAILED" in str(e):
LOG.warning("Request SSL error: %s. Refresh session and retring...", e, exc_info=0)
self._refresh_session()
else:
LOG.warning(
'Request SSL error: %s. '
'Refresh restful service URL and retry', e, exc_info=0)
self._get_service_url()
self._refresh_session()
except (requests.ConnectionError,
requests.Timeout,
requests.HTTPError) as e: