nova services fail after enabling ssl connection between nova and rabbitmq server

asked 2019-02-09 13:46:21 -0500

Sheetal gravatar image

Hi,

I am using RDO Queens ,Rabbitmq version ,"3.6.5 ,Erlang/OTP SSL application","8.1.3.1 .

I want to configure RabbitMq on SSL port 5671 and later configure all openstack services to rabbitmq server over SSL port.

So far Rabbitmq is configured on SSL port 5671, cinder service is connected to Rabbitmq over SSL successfully. I can create volumes successfully post SSL changes.

I am facing problems during nova and rabbitmq SSL connection.

command lsof-i:5671 displays nova connection established, even rabbitmq logs show this :

=INFO REPORT==== 9-Feb-2019::13:01:00 === accepting AMQP connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671)

=INFO REPORT==== 9-Feb-2019::13:01:00 === Connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671) has a client-provided name: nova-compute:19350:5de34d19-9e14-4761-b604-5174bb9acb50

I also saw these errors in rabbitmq.log , not sure if these are significant errors :

=INFO REPORT==== 9-Feb-2019::13:01:20 === accepting AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672)

=ERROR REPORT==== 9-Feb-2019::13:01:20 === closing AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672): {bad_header,<<22,3,1,2,0,1,0,1>>}

When I try to spawn instance , nova-conductor.log has below error, my instance doesn't spawn :

2019-02-09 13:27:10.010 20180 ERROR oslo.messaging._drivers.impl_rabbit [req-2968e847-7e65-4dbd-ac05-d56fd7708df0 - - - - -] [83b06e31-5df0-4ece-b48b-d369c6fd19a0] AMQP server on 1172.xx.xx.xx:5672 is unreachable: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579). Trying again in 32 seconds. Client port: None: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579)

I am really clueless what could be causing this error? where is the missing link ?

snippet from nova.conf :

transport_url=rabbit://guest:guest@172.xx.xx.xx:5671//

[oslo_messaging_rabbit]

#

From oslo.messaging

#

Use durable queues in AMQP. (boolean value)

Deprecated group;name - DEFAULT;amqp_durable_queues

Deprecated group;name - DEFAULT;rabbit_durable_queues

amqp_durable_queues=false

amqp_durable_queues=true

Auto-delete queues in AMQP. (boolean value)

amqp_auto_delete=false

Enable SSL (boolean value)

ssl=<none>

ssl=True

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and

SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some

distributions. (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_version

ssl_version =

SSL key file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_keyfile

ssl_key_file =

SSL cert file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_certfile

ssl_cert_file =

SSL certification authority file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs

ssl_ca_file = /etc/pki/tls/rabbitmq/testca/cacertificate.pem

I did not mention values for fields ssl_key_file and ssl_cert_file since I was getting same UNKNOWN PROTOCOL error with/without values for these fields.

Help of any kind will be really great !!

If this is in-coorect group to post this question, please let me know the correct group to post it.

Thanks in advance !!

Sheetal

edit retag flag offensive close merge delete

Comments

Does it really say

AMQP server on 1172.xx.xx.xx:5672 is unreachable

i.e. 1172, not 172?

By the way, you may want to review the formatting of your question.

Bernd Bausch gravatar imageBernd Bausch ( 2019-02-09 16:47:41 -0500 )edit