containerized rabbitmq does not use SSL when enable_internal_tls is set to true

Bug #1709558 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Damien Ciabrini

Bug Description

With the "TLS everywhere" work, rabbitmq can now use TLS for to serve and mirror traffic.

This works on non-containerized deployment, but containerized rabbitmq deployment do not get configured as expected, they keep using plain unencrypted sockets.

Tags: containers
Changed in tripleo:
assignee: nobody → Damien Ciabrini (dciabrin)
status: New → In Progress
Changed in tripleo:
importance: Undecided → Critical
milestone: none → pike-rc1
Changed in tripleo:
importance: Critical → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/491600
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=86a3261b4d08e2d8f8393b73ae3d481b8ac736fd
Submitter: Jenkins
Branch: master

commit 86a3261b4d08e2d8f8393b73ae3d481b8ac736fd
Author: Damien Ciabrini <email address hidden>
Date: Mon Aug 7 20:32:51 2017 +0000

    Enable TLS configuration for containerized RabbitMQ

    In non-containerized deployments, RabbitMQ can be configured to use TLS for
    serving and mirroring traffic.

    Fix the creation of the rabbitmq bundle resource to enable TLS when configured.
    The key and cert are passed as other configuration files and must be copied by
    Kolla at container startup.

    Change-Id: Ia64d79462de7012e5bceebf0ffe478a1cccdd6c9
    Partial-Bug: #1709558

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/491604
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=4e5d43196a4da7b2bad23cf6e8ad1e720429bfe3
Submitter: Jenkins
Branch: master

commit 4e5d43196a4da7b2bad23cf6e8ad1e720429bfe3
Author: Damien Ciabrini <email address hidden>
Date: Mon Aug 7 20:39:52 2017 +0000

    Enable TLS configuration for containerized RabbitMQ

    In non-containerized deployments, RabbitMQ can be configured to use TLS for
    serving and mirroring traffic.

    Fix the creation of the rabbitmq bundle resource to enable TLS when configured.
    The key and cert are passed as other configuration files and must be copied by
    Kolla at container startup.

    Change-Id: I8af63a1cb710e687a593505c0202d717842d5496
    Depends-On: Ia64d79462de7012e5bceebf0ffe478a1cccdd6c9
    Closes-Bug: #1709558

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 7.0.0.0rc1

This issue was fixed in the openstack/tripleo-heat-templates 7.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.