vhost use by nova fails on all non-rabbitmq backends

Bug #1706987 reported by Ken Giusti on 2017-07-27
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.messaging
Critical
Ken Giusti

Bug Description

A recent merge to nova turned on the use of virtual host for oslo.messaging.

Currently, only the rabbitmq backend supports vhosts. All other backends will no longer work with nova.

In the case of amqp1, qpidd does not support vhost, so qpidd is no longer a supported backend.

The qpid-dispatch-router's support for vhost is under development and is targeted for the next release, see:

https://issues.apache.org/jira/browse/DISPATCH-731

A patch to the amqp1 driver is pending, blocked until DISPATCH-731 is fixed and released.
https://bugs.launchpad.net/oslo.messaging/+bug/1700835

Unknown why pika is also failing, but that backend is being deprecated.

Zeromq appears to be affected as well - unknown whether or not Zeromq supports the notion of a 'vhost'.

Kafka driver may also be affected, TBD.

Changed in oslo.messaging:
assignee: nobody → Ken Giusti (kgiusti)
status: New → In Progress
Ken Giusti (kgiusti) on 2017-08-02
Changed in oslo.messaging:
importance: Undecided → Critical

Reviewed: https://review.openstack.org/478537
Committed: https://git.openstack.org/cgit/openstack/oslo.messaging/commit/?id=263dce9ea8e52632cc07d101d1859034eb3943c7
Submitter: Jenkins
Branch: master

commit 263dce9ea8e52632cc07d101d1859034eb3943c7
Author: Kenneth Giusti <email address hidden>
Date: Tue Jun 27 18:06:16 2017 -0400

    Add support for virtual hosts

    Adds the 'pseudo_vhost' option which when enabled will incorporate the
    virtual host into the address semantics. This creates a 'subnet' like
    address space for each virtual host. Use this when the messaging bus
    does not provide virtual hosting support. It is enabled by default as
    to date none of the supported AMQP 1.0 message buses natively support
    virtual hosting.

    It also updates SSL support: SSL can either use the connection
    hostname or the vhost name when validating a server's
    certificate. This is controlled by the 'ssl_verify_vhost' option.
    This option is disabled by default as it requires both vhost and SNI
    support from the server. By default SSL will use the DNS name from
    the TransportURL.

    Change-Id: I49bb99d1b19e8e7e6fded76198da92ca5f7d65ab
    Closes-Bug: #1700835
    Partial-Bug: #1706987

Reviewed: https://review.openstack.org/502472
Committed: https://git.openstack.org/cgit/openstack/oslo.messaging/commit/?id=a07d852b237d229a0f4dd55fd83379c0581e44e9
Submitter: Jenkins
Branch: stable/pike

commit a07d852b237d229a0f4dd55fd83379c0581e44e9
Author: Kenneth Giusti <email address hidden>
Date: Tue Jun 27 18:06:16 2017 -0400

    Add support for virtual hosts

    Adds the 'pseudo_vhost' option which when enabled will incorporate the
    virtual host into the address semantics. This creates a 'subnet' like
    address space for each virtual host. Use this when the messaging bus
    does not provide virtual hosting support. It is enabled by default as
    to date none of the supported AMQP 1.0 message buses natively support
    virtual hosting.

    It also updates SSL support: SSL can either use the connection
    hostname or the vhost name when validating a server's
    certificate. This is controlled by the 'ssl_verify_vhost' option.
    This option is disabled by default as it requires both vhost and SNI
    support from the server. By default SSL will use the DNS name from
    the TransportURL.

    Change-Id: I49bb99d1b19e8e7e6fded76198da92ca5f7d65ab
    Closes-Bug: #1700835
    Partial-Bug: #1706987
    (cherry picked from commit 263dce9ea8e52632cc07d101d1859034eb3943c7)

tags: added: in-stable-pike
Ken Giusti (kgiusti) on 2018-01-23
Changed in oslo.messaging:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers