0acfc345e1
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22 uses RPCUseSSL only and misses the NotifyUseSSL variable. The reason this is a problem is that commands/services that will kick off a notification are likely to hang due to this. Imagine the following scenario: 1. TLS configured everywhere 2. keystone-manage bootstrap actually hangs The reason for this is that the messaging string in the keystone container will look like the following: [oslo_messaging_notifications] transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0 By gdb-ing on to the keystone-manage process (thanks Damien, for the idea) we can see that we are stuck in oslo calls connecting to rabbit without tls Closes-Bug: #1795462 Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8 |
||
---|---|---|
.. | ||
enable-internal-tls.yaml | ||
enable-tls.yaml | ||
inject-trust-anchor-hiera.yaml | ||
inject-trust-anchor.yaml | ||
no-tls-endpoints-public.yaml | ||
tls-endpoints-public-dns.yaml | ||
tls-endpoints-public-ip.yaml | ||
tls-everywhere-endpoints-dns.yaml |