ceilometermiddleware should read oslo configs

Bug #1673738 reported by Colleen Murphy on 2017-03-17
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description


The ceilometer integration with swift connects with rabbitmq using the transport URL given in the [filter:ceilometer] section in the swift-proxy.conf config file. For most OpenStack projects, the connection parameters are additionally configured in an [oslo_messaging_*] section of the config file. However, ceilometermiddleware does not seem to read this section and instead takes the defaults from the registered oslo.messaging options. Relevant code is:



The rabbit driver in oslo.messaging uses separate SSL configs that cannot be provided in the transport URL and are instead, in general, provided in that [oslo_messaging_rabbit] section. If that section is not configurable, deployers cannot secure traffic between the swift-proxy server and their rabbitmq instance.

Steps to reproduce:

1. Configure rabbitmq to use ssl and enable ssl_listeners on port 5671. Set verify to verify_peer and fail_if_no_peer_cert to false and set up a cacert and pki pair.
2. Change the [filter:ceilometer]/url parameter in swift-proxy.conf to use port 5671.
3. Add the section in swift-proxy.conf (I've also tried adding it in swift.conf and ceilometer.conf): [oslo_messaging_rabbit]/rabbit_use_ssl = true

Expected behavior:

Swift operates normally and can make a successful connection to rabbitmq.

Actual behavior:

The swift-proxy server starts but contains errors in the logs:

 AMQP server closed the connection. Check login credentials: Socket closed (txn: tx8938279ce51d405d8fd97-0058cba3d4)

Rabbitmq logs confirm that this isn't an issue with the password:

 =ERROR REPORT==== 17-Mar-2017::10:26:42 ===
 Error on AMQP connection <0.3416.0>:
 {ssl_upgrade_error,{tls_alert,"record overflow"}}

Command line operations on objects and containers never finish.

It's possible I'm just missing a configuration step and misplacing the config, in which case this could just be a documentation bug :)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers