tripleo-heat-templates/environments/ssl
Michele Baldessari 0acfc345e1 Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22
uses RPCUseSSL only and misses the NotifyUseSSL variable.
The reason this is a problem is that commands/services that will kick
off a notification are likely to hang due to this.  Imagine the
following scenario:

1. TLS configured everywhere
2. keystone-manage bootstrap actually hangs

The reason for this is that the messaging string in the keystone container will look like the following:
[oslo_messaging_notifications]
transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0

By gdb-ing on to the keystone-manage process (thanks Damien, for the
idea) we can see that we are stuck in oslo calls connecting to rabbit
without tls

Closes-Bug: #1795462
Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8
2018-10-01 18:39:14 +02:00
..
enable-internal-tls.yaml Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml 2018-10-01 18:39:14 +02:00
enable-tls.yaml Manage public certificate with ansible 2018-05-31 14:50:00 +02:00
inject-trust-anchor-hiera.yaml Add nested sample environments for inject-trust-anchor 2017-06-12 15:02:50 -05:00
inject-trust-anchor.yaml Add nested sample environments for inject-trust-anchor 2017-06-12 15:02:50 -05:00
no-tls-endpoints-public.yaml HA support for OpenShift 2018-07-11 07:41:51 +02:00
tls-endpoints-public-dns.yaml HA support for OpenShift 2018-07-11 07:41:51 +02:00
tls-endpoints-public-ip.yaml HA support for OpenShift 2018-07-11 07:41:51 +02:00
tls-everywhere-endpoints-dns.yaml HA support for OpenShift 2018-07-11 07:41:51 +02:00