kolla

Murano needs dedicated rabbitmq

Bug #1620374 reported by Bartłomiej Daca on 2016-09-05

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	High	Bartłomiej Daca	kolla pike-3 "pike"

Bug Description

When using separate networks for api calls and for VMs traffic, the murano agents installed on VMs are unable to communicate to the murano engine. This way none of the environments can be properly deployed.

Communication between murano agents and murano engine is realised by the rabbitmq. Kolla configures murano to use the rabbitmq that carries all the communication between OpenStack components. This rabbitmq is limited to work only in api network and api network is isolated from the network that VMs use. This is good in terms of security.

There are two options to allow murano agents to communicate with murano engine:
1. Expose rabbitmq to the external network
2. Install separate rabbitmq and expose it to the external network to handle the communication for murano.

Option 1. is considered unsafe, option 2. is suggested by the murano installation instructions.

zhubingbing (zhubingbing) on 2016-09-18

Changed in kolla:
milestone:	none → newton-rc2
status:	New → Triaged

zhubingbing (zhubingbing) on 2016-09-18

Changed in kolla:
importance:	Undecided → Low
importance:	Low → Medium
importance:	Medium → Critical

Revision history for this message

zhubingbing (zhubingbing) wrote on 2016-09-19:

You can refer to this link.
http://www.gossamer-threads.com/lists/openstack/operators/57816

Changed in kolla:
status:	Triaged → Won't Fix

Revision history for this message

Bartłomiej Daca (bartek-daca) wrote on 2016-09-19:

Ok, thanks for this info!

Shouldn't still kolla take care of creating the separate vhosts and users for murano? Because without this murano still simply doesn't work in multinode deployment.

zhubingbing (zhubingbing) on 2016-09-19

Changed in kolla:
status:	Won't Fix → Opinion
milestone:	newton-rc2 → ocata-1

Revision history for this message

zhubingbing (zhubingbing) wrote on 2016-09-19:

hi bdaca, now we did't know to do with it either, so We can wait until the next version(coata-1) to see if there is any good solution，you can talk more with pbourke, he look familiar with murano

Changed in kolla:
status:	Opinion → Confirmed
importance:	Critical → Low

Bartłomiej Daca (bartek-daca) on 2016-09-19

Changed in kolla:
assignee:	nobody → Bartłomiej Daca (bartek-daca)

Revision history for this message

Paul Bourke (pauldbourke) wrote on 2016-09-19:

Had a chat with bdaca, he's helpfully going to take on adding a separate rabbitmq instance for murano. We may also want to support the vhost route also, but going the ML thread linked above a separate instance seems a good idea in order to avoid impacting the stability of the entire cluster.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-22: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/374525

Changed in kolla:
status:	Confirmed → In Progress

Jeffrey Zhang (jeffrey4l) on 2016-11-18

Changed in kolla:
milestone:	ocata-1 → ocata-2

Revision history for this message

Vladislav Belogrudov (vlad-belogrudov) wrote on 2016-12-13:

this is a security hole, how come this is low priority??

Paul Bourke (pauldbourke) on 2016-12-15

Changed in kolla:
importance:	Low → High

Jeffrey Zhang (jeffrey4l) on 2016-12-16

Changed in kolla:
milestone:	ocata-2 → ocata-3

Jeffrey Zhang (jeffrey4l) on 2017-01-29

Changed in kolla:
milestone:	ocata-3 → ocata-rc1

Jeffrey Zhang (jeffrey4l) on 2017-02-16

Changed in kolla:
milestone:	ocata-rc1 → pike-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-05: Change abandoned on kolla (master)

Change abandoned by Paul Bourke (pbourke) (<email address hidden>) on branch: master
Review: https://review.openstack.org/374525
Reason: Picking up this work under kolla-ansible at https://review.openstack.org/#/c/453724/

Jeffrey Zhang (jeffrey4l) on 2017-06-14

Changed in kolla:
milestone:	pike-2 → pike-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-15: Fix merged to kolla (master)

Reviewed: https://review.openstack.org/453735
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=329293b182ba5e72e633a66d767a888ed201058c
Submitter: Jenkins
Branch: master

commit 329293b182ba5e72e633a66d767a888ed201058c
Author: Paul Bourke <email address hidden>
Date: Wed Apr 5 17:16:58 2017 +0100

Make rabbitmq log dir configurable

Change-Id: I020eb6219f89a310451becde41f6f1c7f54baadd
Partial-Bug: #1620374

Eduardo Gonzalez (egonzalez90) on 2017-06-16

Changed in kolla:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix included in openstack/kolla-ansible 5.0.0.0b3

This issue was fixed in the openstack/kolla-ansible 5.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.