ceilometermiddleware should read oslo configs

Bug #1673738 reported by Colleen Murphy on 2017-03-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ceilometermiddleware
Undecided
Unassigned

Bug Description

Description:

The ceilometer integration with swift connects with rabbitmq using the transport URL given in the [filter:ceilometer] section in the swift-proxy.conf config file. For most OpenStack projects, the connection parameters are additionally configured in an [oslo_messaging_*] section of the config file. However, ceilometermiddleware does not seem to read this section and instead takes the defaults from the registered oslo.messaging options. Relevant code is:

http://git.openstack.org/cgit/openstack/ceilometermiddleware/tree/ceilometermiddleware/swift.py#n124

Impact:

The rabbit driver in oslo.messaging uses separate SSL configs that cannot be provided in the transport URL and are instead, in general, provided in that [oslo_messaging_rabbit] section. If that section is not configurable, deployers cannot secure traffic between the swift-proxy server and their rabbitmq instance.

Steps to reproduce:

1. Configure rabbitmq to use ssl and enable ssl_listeners on port 5671. Set verify to verify_peer and fail_if_no_peer_cert to false and set up a cacert and pki pair.
2. Change the [filter:ceilometer]/url parameter in swift-proxy.conf to use port 5671.
3. Add the section in swift-proxy.conf (I've also tried adding it in swift.conf and ceilometer.conf): [oslo_messaging_rabbit]/rabbit_use_ssl = true

Expected behavior:

Swift operates normally and can make a successful connection to rabbitmq.

Actual behavior:

The swift-proxy server starts but contains errors in the logs:

 AMQP server 192.168.122.183:5671 closed the connection. Check login credentials: Socket closed (txn: tx8938279ce51d405d8fd97-0058cba3d4)

Rabbitmq logs confirm that this isn't an issue with the password:

 =ERROR REPORT==== 17-Mar-2017::10:26:42 ===
 Error on AMQP connection <0.3416.0>:
 {ssl_upgrade_error,{tls_alert,"record overflow"}}

Command line operations on objects and containers never finish.

It's possible I'm just missing a configuration step and misplacing the config, in which case this could just be a documentation bug :)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers