Merge pull request #32373 from cachedout/issue_32201

Resolve memory leak in authentication
2025-04-17 10:10:20 +00:00 · 2016-04-06 09:19:55 -06:00 · 2016-04-06 09:19:55 -06:00 · b706d3aa4d
commit b706d3aa4d
parent 097aa7ccfc d9e4a0f372
2 changed files with 13 additions and 6 deletions
--- a/salt/crypt.py
+++ b/salt/crypt.py
@ -431,9 +431,12 @@ class AsyncAuth(object):
        if not acceptance_wait_time_max:
            acceptance_wait_time_max = acceptance_wait_time
        creds = None
+        channel = salt.transport.client.AsyncReqChannel.factory(self.opts,
+                                                                crypt='clear',
+                                                                io_loop=self.io_loop)
        while True:
            try:
-                creds = yield self.sign_in()
+                creds = yield self.sign_in(channel=channel)
            except SaltClientError:
                break
            if creds == 'retry':
@ -464,7 +467,7 @@ class AsyncAuth(object):
            self._authenticate_future.set_result(True)  # mark the sign-in as complete

    @tornado.gen.coroutine
-    def sign_in(self, timeout=60, safe=True, tries=1):
+    def sign_in(self, timeout=60, safe=True, tries=1, channel=None):
        '''
        Send a sign in request to the master, sets the key information and
        returns a dict containing the master publish interface to bind to
@ -496,7 +499,8 @@ class AsyncAuth(object):

        auth['master_uri'] = self.opts['master_uri']

-        channel = salt.transport.client.AsyncReqChannel.factory(self.opts,
+        if not channel:
+            channel = salt.transport.client.AsyncReqChannel.factory(self.opts,
                                                                crypt='clear',
                                                                io_loop=self.io_loop)

@ -960,10 +964,11 @@ class SAuth(AsyncAuth):
        '''
        acceptance_wait_time = self.opts['acceptance_wait_time']
        acceptance_wait_time_max = self.opts['acceptance_wait_time_max']
+        channel = salt.transport.client.ReqChannel.factory(self.opts, crypt='clear')
        if not acceptance_wait_time_max:
            acceptance_wait_time_max = acceptance_wait_time
        while True:
-            creds = self.sign_in()
+            creds = self.sign_in(channel=channel)
            if creds == 'retry':
                if self.opts.get('caller'):
                    print('Minion failed to authenticate with the master, '
@ -980,7 +985,7 @@ class SAuth(AsyncAuth):
        self._creds = creds
        self._crypticle = Crypticle(self.opts, creds['aes'])

-    def sign_in(self, timeout=60, safe=True, tries=1):
+    def sign_in(self, timeout=60, safe=True, tries=1, channel=None):
        '''
        Send a sign in request to the master, sets the key information and
        returns a dict containing the master publish interface to bind to
@ -1012,7 +1017,8 @@ class SAuth(AsyncAuth):

        auth['master_uri'] = self.opts['master_uri']

-        channel = salt.transport.client.ReqChannel.factory(self.opts, crypt='clear')
+        if not channel:
+            channel = salt.transport.client.ReqChannel.factory(self.opts, crypt='clear')

        sign_in_payload = self.minion_sign_in_payload()
        try:
--- a/salt/transport/zeromq.py
+++ b/salt/transport/zeromq.py
@ -77,6 +77,7 @@ class AsyncZeroMQReqChannel(salt.transport.client.ReqChannel):
            new_obj = object.__new__(cls)
            new_obj.__singleton_init__(opts, **kwargs)
            loop_instance_map[key] = new_obj
+            log.trace('Inserted key into loop_instance_map id {0} for key {1} and process {2}'.format(id(loop_instance_map), key, os.getpid()))
        else:
            log.debug('Re-using AsyncZeroMQReqChannel for {0}'.format(key))
        try: