Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22
uses RPCUseSSL only and misses the NotifyUseSSL variable.
The reason this is a problem is that commands/services that will kick
off a notification are likely to hang due to this. Imagine the
following scenario:
1. TLS configured everywhere
2. keystone-manage bootstrap actually hangs
The reason for this is that the messaging string in the keystone container will look like the following:
[oslo_messaging_notifications]
transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0
By gdb-ing on to the keystone-manage process (thanks Damien, for the
idea) we can see that we are stuck in oslo calls connecting to rabbit
without tls
Closes-Bug: #1795462
Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8
(cherry picked from commit 0acfc345e1
)
This commit is contained in:
parent
e3b140e010
commit
43b27a36f3
|
@ -17,6 +17,10 @@ parameter_defaults:
|
|||
# Type: boolean
|
||||
EnableInternalTLS: True
|
||||
|
||||
# Messaging Notification client subscriber parameter to specify an SSL connection to the messaging host.
|
||||
# Type: string
|
||||
NotifyUseSSL: True
|
||||
|
||||
# Messaging client subscriber parameter to specify an SSL connection to the messaging host.
|
||||
# Type: string
|
||||
RpcUseSSL: True
|
||||
|
|
|
@ -33,16 +33,21 @@ environments:
|
|||
puppet/services/nova-base.yaml:
|
||||
parameters:
|
||||
- RpcUseSSL
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyUseSSL
|
||||
overcloud.yaml:
|
||||
parameters:
|
||||
- ServerMetadata
|
||||
static:
|
||||
- EnableInternalTLS
|
||||
- RpcUseSSL
|
||||
- NotifyUseSSL
|
||||
- ServerMetadata
|
||||
sample_values:
|
||||
EnableInternalTLS: True
|
||||
RpcUseSSL: True
|
||||
NotifyUseSSL: True
|
||||
ServerMetadata: |-2
|
||||
|
||||
ipa_enroll: True
|
||||
|
|
Loading…
Reference in New Issue