Ask Your Question
0

Trying to connect Neutron (Network Node) to the QPID AMQP (Controller Node): SASL(-4): no mechanism available

asked 2014-10-02 15:29:01 -0500

simonalsa gravatar image

Using: RHEL7 + Icehouse Openstack

I am following the guide published at http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron-ml2-network-node.html (http://docs.openstack.org/icehouse/in...) to try to deploy the Neutron service inside standalone virtual machine named as Network node.

After configuring the /etc/neutron/*.conf files and started the services i am getting the following looping message

Unable to connect to AMQP server: Error in sasl_client_start (-4) SASL(-4): no mechanism available: No worthy mechs found. Sleeping 4 seconds ... ...

I selected QPID as my AMPQ server. My QPID is deployed inside another virtual machine named as Controller node. Im using SSL authentication. Its working sucessfull with the other services Cinder, Glance, KeyStone, ... deployed in the same host.

I have checked and disabled the iptables firewall rules. They are Ok.

But if... i disable que QPID SSL authentication about the AMPQ inside the Controller the Network Node can connect sucessfully with the QPID.

I do not understand what is happening... Seems that it is something related the SSL Certificate.

My QPID configuration at /etc/neutron/neutron.conf [DEFAULT] auth_strategy = keystone

QPID configuration

rpc_backend = neutron.openstack.common.rpc.impl_qpid qpid_hostname = 192.168.100.10 qpid_username = qpidauth qpid_password = openstack qpid_protocol = ssl qpid_port = 5671

Space separated list of SASL mechanisms to use for auth

qpid_sasl_mechanisms = 'DIGEST-MD5 CRAM-MD5 GSSAPI'

My Keystone configuration at /etc/neutron/neutron.conf

[keystone_authtoken] auth_uri = http://192.168.100.10:5000 auth_host = 192.168.100.10 auth_protocol = http auth_port = 35357 admin_tenant_name = services admin_user = neutron admin_password = openstack ... ...

Then, i followed the instructions about to export the SSL Certificate (that it is using the QPID) from the Controller node to import it inside the Network node inside the /etc/pki/nnsd...

From the documentation... the certificates listed in the cert8.db database are the subsystem certificates used for subsystem operations. User certificates are stored with the user entries in the LDAP internal database.

[root@controller qpid]# cd /etc/pki/tls/qpid [root@controller qpid]# ls -la total 76 drwx------. 2 qpidd root 51 Sep 29 11:00 . drwxr-xr-x. 6 root root 87 Oct 1 22:58 .. -rw-------. 1 qpidd root 65536 Sep 29 11:00 cert8.db -rw-------. 1 qpidd root 16384 Sep 29 11:00 key3.db -rw-------. 1 qpidd root 16384 Sep 29 11:00 secmod.db ?

To view the certificates in the subsystem database using certutil, open the instance's certificate database directory, and run the certutil with the -L option. For example: [root@controller qpid]# certutil -L -d . Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI

controller CTu,u,u

To view the keys stored in the subsystem databases using certutil, run the certutil with the -K option. For example: [root@controller qpid]# certutil -K -d . certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" Enter Password or Pin for "NSS Certificate DB": < 0> rsa 4d43fa140a94f5e92e3b70b0543091442d6a455e NSS Certificate DB:controller

Exporting an SSL Certificate for Clients When SSL is enabled on a server, the clients require a copy ... (more)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-10-02 15:49:35 -0500

simonalsa gravatar image

Fixed.

yum install -y cyrus-sasl-md5

2014-10-02 22:45:53.674 8804 INFO neutron.agent.dhcp_agent [req-be7dadb8-2a18-4bd5-bd96-1ee8d3fe51ba None] DHCP agent started 2014-10-02 22:45:53.788 8804 INFO neutron.openstack.common.rpc.impl_qpid [req-be7dadb8-2a18-4bd5-bd96-1ee8d3fe51ba None] Connected to AMQP server on 192.168.100.10:5671

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-10-02 15:29:01 -0500

Seen: 356 times

Last updated: Oct 02 '14