Neutron can't connect rabbitmq via ssl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo-incubator |
Invalid
|
Undecided
|
Unassigned | ||
oslo.messaging |
Fix Released
|
High
|
Mehdi Abaakouk |
Bug Description
Recently, we update oslo_messaging from 1.4 to 1.6, then neutron and nova can't connect rabbitmq via ssl. I checked rabbitmq-server status, it works well. I can establish ssl connection by openssl. After some investigation, I decided to specify kombu_ssl_version in neutron.conf, then neutron server can connect rabbitmq by ssl, both of TLSv1, SSLv23 work for neutron.
It seems openstack components like nova and neutron has to specify kombu_ssl_version before ssl connection with rabbitmq,
but in oslo_messaging 1.4, it doesn't.
Do we have to explicitly specify kombu_ssl_version now ?
Neutron server error log:
2015-02-05 00:51:09.324 22999 ERROR oslo_messaging.
rabbitmq config:
# cat rabbitmq.config
[
{kernel, [
]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,
{tcp_
{default_user, <<"guest">>},
{default_pass, <<"guest">>}
]}
].
Changed in oslo-incubator: | |
status: | New → Invalid |
Changed in oslo.messaging: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in oslo.messaging: | |
assignee: | nobody → Mehdi Abaakouk (sileht) |
status: | Confirmed → In Progress |
Changed in oslo.messaging: | |
milestone: | none → next-kilo |
Changed in oslo.messaging: | |
status: | Fix Committed → Fix Released |
In rabbitmq log, we found those ssl error :
=ERROR REPORT==== 5-Feb-2015: :00:52: 37 === error,{ tls_alert, "record overflow"}}
error on AMQP connection <0.912.21>:
{ssl_upgrade_
=ERROR REPORT==== 5-Feb-2015: :00:52: 37 === error,{ tls_alert, "record overflow"}}
error on AMQP connection <0.916.21>:
{ssl_upgrade_
=ERROR REPORT==== 5-Feb-2015: :00:52: 37 === error,{ tls_alert, "record overflow"}}
error on AMQP connection <0.920.21>:
{ssl_upgrade_