Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml
https://github.com/openstack/tripleo-heat-templates/blob/master/environments/ssl/enable-internal-tls.yaml#L22 uses RPCUseSSL only and misses the NotifyUseSSL variable. The reason this is a problem is that commands/services that will kick off a notification are likely to hang due to this. Imagine the following scenario: 1. TLS configured everywhere 2. keystone-manage bootstrap actually hangs The reason for this is that the messaging string in the keystone container will look like the following: [oslo_messaging_notifications] transport_url=rabbit://guest:AC8DjGviXCQks8MWjQdAjYW9L@overcloud-controller-0.internalapi.tripleodomain.example.com:5672/?ssl=0 By gdb-ing on to the keystone-manage process (thanks Damien, for the idea) we can see that we are stuck in oslo calls connecting to rabbit without tls Closes-Bug: #1795462 Change-Id: I0d25527131fa4cd293994a0511bba1144510c4d8
This commit is contained in:
parent
1badfc470a
commit
0acfc345e1
@ -17,6 +17,10 @@ parameter_defaults:
|
||||
# Type: boolean
|
||||
EnableInternalTLS: True
|
||||
|
||||
# Messaging Notification client subscriber parameter to specify an SSL connection to the messaging host.
|
||||
# Type: string
|
||||
NotifyUseSSL: True
|
||||
|
||||
# Messaging client subscriber parameter to specify an SSL connection to the messaging host.
|
||||
# Type: string
|
||||
RpcUseSSL: True
|
||||
|
@ -33,16 +33,21 @@ environments:
|
||||
puppet/services/nova-base.yaml:
|
||||
parameters:
|
||||
- RpcUseSSL
|
||||
puppet/services/messaging/notify-rabbitmq.yaml:
|
||||
parameters:
|
||||
- NotifyUseSSL
|
||||
overcloud.yaml:
|
||||
parameters:
|
||||
- ServerMetadata
|
||||
static:
|
||||
- EnableInternalTLS
|
||||
- RpcUseSSL
|
||||
- NotifyUseSSL
|
||||
- ServerMetadata
|
||||
sample_values:
|
||||
EnableInternalTLS: True
|
||||
RpcUseSSL: True
|
||||
NotifyUseSSL: True
|
||||
ServerMetadata: |-2
|
||||
|
||||
ipa_enroll: True
|
||||
|
Loading…
x
Reference in New Issue
Block a user