Bug 1021537 - Setting Qpid SSL protocol sets wrong variable
Summary: Setting Qpid SSL protocol sets wrong variable
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-quantum
Version: 3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: z4
: 3.0
Assignee: Assaf Muller
QA Contact: Nir Magnezi
Depends On: 996766
Blocks: 1021536 1055616
TreeView+ depends on / blocked
Reported: 2013-10-21 13:21 UTC by Xavier Queralt
Modified: 2019-09-09 14:17 UTC (History)
13 users (show)

Fixed In Version: openstack-quantum-2013.1.4-4.el6ost
Doc Type: Bug Fix
Doc Text:
By default, QPID uses TCP as a connection transport instead of a connection protocol. Previously, the procedure for enabling SSL in QPID connections was to set 'qpid_protocol = ssl' in /etc/glance/glance-api.conf. This setting, however, sets connection protocol; the python-qpid client, on the other hand, expects a connection transport type. The mismatch prevented QPID from actually establishing an SSL connection. With this release, the 'qpid_protocol = ssl' setting now enables SSL for the connection transport instead of the connection protocol. As such, QPID can now successfully establish SSL connections.
Clone Of: 996766
Last Closed: 2014-01-30 19:49:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 56994 0 None None None Never
Launchpad 1158807 0 None None None Never
OpenStack gerrit 47574 0 None None None Never
Red Hat Product Errata RHBA-2014:0110 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform 3 bug fix advisory 2014-01-31 00:48:26 UTC

Comment 2 Assaf Muller 2013-12-31 15:20:04 UTC
There's a patch in review to backport the fix to neutron's stable/grizzly branch:

Comment 4 Scott Lewis 2014-01-21 19:59:05 UTC
Adding >=POST to next async release

Comment 6 Nir Magnezi 2014-01-27 11:14:26 UTC
Verified NVR: 

1. Verified that the new code is present, as specified in: https://review.openstack.org/#/c/56994/3/quantum/openstack/common/rpc/impl_qpid.py

# grep self.conf.qpid_protocol  /usr/lib/python2.6/site-packages/quantum/openstack/common/rpc/impl_qpid.py
        self.connection.transport = self.conf.qpid_protocol

2. tested qpid with SSL:
   - Cofigured qpid with SSL, grizzly version of packstack does not support such installation, I used:
     a. https://github.com/dprince/puppet-qpid/blob/master/templates/qpidd.conf.erb
     b. openstack.redhat.com/Securing_services

INFO [quantum.openstack.common.rpc.impl_qpid] Connected to AMQP server on

Comment 8 errata-xmlrpc 2014-01-30 19:49:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.