Ask Your Question

Sheetal's profile - activity

2019-02-09 13:46:21 -0600 asked a question nova services fail after enabling ssl connection between nova and rabbitmq server

Hi,

I am using RDO Queens ,Rabbitmq version ,"3.6.5 ,Erlang/OTP SSL application","8.1.3.1 .

I want to configure RabbitMq on SSL port 5671 and later configure all openstack services to rabbitmq server over SSL port.

So far Rabbitmq is configured on SSL port 5671, cinder service is connected to Rabbitmq over SSL successfully. I can create volumes successfully post SSL changes.

I am facing problems during nova and rabbitmq SSL connection.

command lsof-i:5671 displays nova connection established, even rabbitmq logs show this :

=INFO REPORT==== 9-Feb-2019::13:01:00 === accepting AMQP connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671)

=INFO REPORT==== 9-Feb-2019::13:01:00 === Connection <0.15415.1> (172.xx.xx.xx:38434 -> 172.xx.xx.xx:5671) has a client-provided name: nova-compute:19350:5de34d19-9e14-4761-b604-5174bb9acb50

I also saw these errors in rabbitmq.log , not sure if these are significant errors :

=INFO REPORT==== 9-Feb-2019::13:01:20 === accepting AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672)

=ERROR REPORT==== 9-Feb-2019::13:01:20 === closing AMQP connection <0.15589.1> (172.xx.xx.xx:43172 -> 172.xx.xx.xx:5672): {bad_header,<<22,3,1,2,0,1,0,1>>}

When I try to spawn instance , nova-conductor.log has below error, my instance doesn't spawn :

2019-02-09 13:27:10.010 20180 ERROR oslo.messaging._drivers.impl_rabbit [req-2968e847-7e65-4dbd-ac05-d56fd7708df0 - - - - -] [83b06e31-5df0-4ece-b48b-d369c6fd19a0] AMQP server on 1172.xx.xx.xx:5672 is unreachable: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579). Trying again in 32 seconds. Client port: None: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:579)

I am really clueless what could be causing this error? where is the missing link ?

snippet from nova.conf :

transport_url=rabbit://guest:guest@172.xx.xx.xx:5671//

[oslo_messaging_rabbit]

#

From oslo.messaging

#

Use durable queues in AMQP. (boolean value)

Deprecated group;name - DEFAULT;amqp_durable_queues

Deprecated group;name - DEFAULT;rabbit_durable_queues

amqp_durable_queues=false

amqp_durable_queues=true

Auto-delete queues in AMQP. (boolean value)

amqp_auto_delete=false

Enable SSL (boolean value)

ssl=<none>

ssl=True

SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and

SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some

distributions. (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_version

ssl_version =

SSL key file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_keyfile

ssl_key_file =

SSL cert file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_certfile

ssl_cert_file =

SSL certification authority file (valid only if SSL enabled). (string value)

Deprecated group;name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs

ssl_ca_file = /etc/pki/tls/rabbitmq/testca/cacertificate.pem

I did not mention values for fields ssl_key_file and ssl_cert_file since I was getting same UNKNOWN PROTOCOL error with/without values for these fields.

Help of any kind will be really great !!

If this is in-coorect group to post this question, please let me know the correct group to post it.

Thanks in advance !!

Sheetal

2018-06-25 23:34:45 -0600 received badge  Famous Question (source)
2018-04-10 05:30:50 -0600 received badge  Notable Question (source)
2018-04-04 10:53:58 -0600 received badge  Popular Question (source)
2018-04-03 11:52:53 -0600 asked a question Instance deployed on flat network is not accessible from outside

Hi, I have installed RDO queens via packstack , My VM has single NIC = ens192 (172.16.82.224) and it is all-in-one topology (controller and compute on same node).

I used below command for installation:

nohup packstack --allinone --provision-demo=n --os-neutron-ovs-bridge-mappings=extnet:br-ex --os-neutron-ovs-bridge-interfaces=br-ex:ens192 \
--os-neutron-ml2-type-drivers=vxlan,flat,vlan --os-neutron-ml2-flat-networks=extnet --os-heat-install=y --keystone-admin-passwd=password &

Post installation, bridge br-ex is created.

I want to create flat network so that instances created can be accessible from outside and vice versa.

So I made below changes in ml2_conf.ini and openvswitch_agent.ini

file : ml2_conf.ini

type_drivers = local,flat,vlan
flat_networks = physnet1

File : openvswitch_agent.ini

integration_bridge=br-int
tenant_network_type = local,flat,vlan
network_vlan_ranges = physnet1
enable_tunneling = True
bridge_mappings = physnet1:br-ex
physical_interface_mappings = physnet1:br-ex

I created external network of type flat with subnet allocation pool start : 172.16.82.30, end: 172.16.82.35, dhcp_enabled=true (Note : If dhcp_enabled=false, deployed instance does not get IP)

I deployed a instance on this created external n/w , ifconfig command in instance shows the IP but I can not ping this IP from my machine,

This deployed instance can only ping controller node (172.16.82.224), it can not ping gateway IP : 172.16.82.1

I have applied security rules to deployed instance.

Can some one help me what should I do to reach IP from outside ?