1021537 – Setting Qpid SSL protocol sets wrong variable

Bug 1021537 - Setting Qpid SSL protocol sets wrong variable

Summary: Setting Qpid SSL protocol sets wrong variable

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-quantum
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	3.0
Assignee:	Assaf Muller
QA Contact:	Nir Magnezi
Docs Contact:
URL:
Whiteboard:
Depends On:	996766
Blocks:	1021536 1055616
TreeView+	depends on / blocked

Reported:	2013-10-21 13:21 UTC by Xavier Queralt
Modified:	2019-09-09 14:17 UTC (History)
CC List:	13 users (show)
Fixed In Version:	openstack-quantum-2013.1.4-4.el6ost
Doc Type:	Bug Fix
Doc Text:	By default, QPID uses TCP as a connection transport instead of a connection protocol. Previously, the procedure for enabling SSL in QPID connections was to set 'qpid_protocol = ssl' in /etc/glance/glance-api.conf. This setting, however, sets connection protocol; the python-qpid client, on the other hand, expects a connection transport type. The mismatch prevented QPID from actually establishing an SSL connection. With this release, the 'qpid_protocol = ssl' setting now enables SSL for the connection transport instead of the connection protocol. As such, QPID can now successfully establish SSL connections.
Clone Of:	996766
Environment:
Last Closed:	2014-01-30 19:49:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	56994	None	None	None	Never
Launchpad	1158807	None	None	None	Never
OpenStack gerrit	47574	None	None	None	Never
Red Hat Product Errata	RHBA-2014:0110	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform 3 bug fix advisory	2014-01-31 00:48:26 UTC

Comment 2 Assaf Muller 2013-12-31 15:20:04 UTC

There's a patch in review to backport the fix to neutron's stable/grizzly branch:
https://review.openstack.org/#/c/56994/

Comment 4 Scott Lewis 2014-01-21 19:59:05 UTC

Adding >=POST to next async release

Comment 6 Nir Magnezi 2014-01-27 11:14:26 UTC

Verified NVR: 
openstack-quantum-2013.1.4-4.el6ost.noarch
python-quantum-2013.1.4-4.el6ost.noarch

1. Verified that the new code is present, as specified in: https://review.openstack.org/#/c/56994/3/quantum/openstack/common/rpc/impl_qpid.py

# grep self.conf.qpid_protocol  /usr/lib/python2.6/site-packages/quantum/openstack/common/rpc/impl_qpid.py
        self.connection.transport = self.conf.qpid_protocol

2. tested qpid with SSL:
   - Cofigured qpid with SSL, grizzly version of packstack does not support such installation, I used:
     a. https://github.com/dprince/puppet-qpid/blob/master/templates/qpidd.conf.erb
     b. openstack.redhat.com/Securing_services

Result:
INFO [quantum.openstack.common.rpc.impl_qpid] Connected to AMQP server on 10.35.160.29:5671

Comment 8 errata-xmlrpc 2014-01-30 19:49:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0110.html

Note You need to log in before you can comment on or make changes to this bug.