nova services fail after enabling ssl connection between nova and rabbitmq server
Hi,
I am using RDO Queens ,Rabbitmq version ,"3.6.5 ,Erlang/OTP SSL application","8.1.3.1 .
I want to configure RabbitMq on SSL port 5671 and later configure all openstack services to rabbitmq server over SSL port.
So far Rabbitmq is configured on SSL port 5671, cinder service is connected to Rabbitmq over SSL successfully. I can create volumes successfully post SSL changes.
I am facing problems during nova and rabbitmq SSL connection.
command lsof-i:5671 displays nova connection established, even rabbitmq logs show this :
=INFO REPORT==== 9-Feb-2019::13:01:00 === accepting AMQP connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671)
=INFO REPORT==== 9-Feb-2019::13:01:00 === Connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671) has a client-provided name: nova-compute:19350:5de34d19-9e14-4761-b604-5174bb9acb50
I also saw these errors in rabbitmq.log , not sure if these are significant errors :
=INFO REPORT==== 9-Feb-2019::13:01:20 === accepting AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672)
=ERROR REPORT==== 9-Feb-2019::13:01:20 === closing AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672): {bad_header,<<22,3,1,2,0,1,0,1>>}
When I try to spawn instance , nova-conductor.log has below error, my instance doesn't spawn :
2019-02-09 13:27:10.010 20180 ERROR oslo.messaging._drivers.impl_rabbit [req-2968e847-7e65-4dbd-ac05-d56fd7708df0 - - - - -] [83b06e31-5df0-4ece-b48b-d369c6fd19a0] AMQP server on 1172.xx.xx.xx:5672 is unreachable: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579). Trying again in 32 seconds. Client port: None: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579)
I am really clueless what could be causing this error? where is the missing link ?
snippet from nova.conf :
transport_url=rabbit://guest:guest@172.xx.xx.xx:5671//
[oslo_messaging_rabbit]
#
From oslo.messaging
#
Use durable queues in AMQP. (boolean value)
Deprecated group;name - DEFAULT;amqp_durable_queues
Deprecated group;name - DEFAULT;rabbit_durable_queues
amqp_durable_queues=false
amqp_durable_queues=true
Auto-delete queues in AMQP. (boolean value)
amqp_auto_delete=false
Enable SSL (boolean value)
ssl=<none>
ssl=True
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and
SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some
distributions. (string value)
Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_version
ssl_version =
SSL key file (valid only if SSL enabled). (string value)
Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_keyfile
ssl_key_file =
SSL cert file (valid only if SSL enabled). (string value)
Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_certfile
ssl_cert_file =
SSL certification authority file (valid only if SSL enabled). (string value)
Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs
ssl_ca_file = /etc/pki/tls/rabbitmq/testca/cacertificate.pem
I did not mention values for fields ssl_key_file and ssl_cert_file since I was getting same UNKNOWN PROTOCOL error with/without values for these fields.
Help of any kind will be really great !!
If this is in-coorect group to post this question, please let me know the correct group to post it.
Thanks in advance !!
Sheetal
Does it really say
i.e. 1172, not 172?
By the way, you may want to review the formatting of your question.