1084229 – Add support for configuring SSL for RabbitMQ

Bug 1084229 - Add support for configuring SSL for RabbitMQ

Summary: Add support for configuring SSL for RabbitMQ

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-foreman-installer
Sub Component:
Version:	Foreman (RHEL 6)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ga
Target Release:	Installer
Assignee:	Rob Crittenden
QA Contact:	Udi Kalifon
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1126599 (view as bug list)
Depends On:	1128170 1141357 1146136
Blocks:	1126599
TreeView+	depends on / blocked

Reported:	2014-04-03 23:19 UTC by Nathan Kinder
Modified:	2019-07-11 07:55 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-foreman-installer-3.0.1-1.el6ost
Doc Type:	Enhancement
Doc Text:	Red Hat Enterprise Linux OpenStack Platform Installer 6.0 supports SSL for the RabbitMQ AMQP server. Support was available for Qpid but RabbitMQ used a different configuration, which meant enabling SSL did not configure the server or clients properly. Now RabbitMQ uses SSL if the installer's ssl flag is set to "true".
Clone Of:
Clones:	1126599 (view as bug list)
Environment:
Last Closed:	2015-02-09 15:14:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0156	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Installer Bug Fix Advisory	2015-02-09 20:13:39 UTC

Description Nathan Kinder 2014-04-03 23:19:41 UTC

With the switch from Qpid to RabbitMQ, we need to add support for configuring RabbitMQ for SSL/TLS in the Foreman installer.  This might require changes to the puppet modules as well, which will need to be determined when we start working on this.

Comment 1 Rob Crittenden 2014-04-08 14:40:09 UTC

The openstack-puppet-modules is using this upstream commit, https://github.com/puppetlabs/puppetlabs-rabbitmq/tree/015bd788ccb495051a2db48e344a3a6aa3381076

Based on a reading of this we should be good puppet-wise for this upstream module. Changes in the controller module will be required to configure rabbitmq instead, with the biggest change switching from NSS to OpenSSL for the certificate tracking when freeipa == True.

Comment 3 Mike Burns 2014-10-10 12:49:55 UTC

*** Bug 1126599 has been marked as a duplicate of this bug. ***

Comment 4 Rob Crittenden 2014-10-10 17:40:30 UTC

https://github.com/redhat-openstack/astapor/pull/390

Comment 5 Jason Guiditta 2014-11-17 22:01:46 UTC

Merged with comments, there is probably a follow-on patch needed for this to be really complete

Comment 8 errata-xmlrpc 2015-02-09 15:14:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0156.html

Note You need to log in before you can comment on or make changes to this bug.