Created attachment 942615 [details] answer file packstack and nova logs. Description of problem: When installing AIO with SSL enabled for Horizon and AMQP, Nova service fails to start, looks like it can't reach rabbitmq SSL port, rabbitmq port is open and listening. Review related bz 1147224 (installing amqp with SSL issue), used new version from gerrit, got rabbitmq working over ssl, then got stuck on Nova service startup problem. https://bugzilla.redhat.com/show_bug.cgi?id=1147224 Version-Release number of selected component (if applicable): RHEL7 openstack-packstack-2014.1.1-0.41.dev1251.el7ost.noarch openstack-packstack-puppet-2014.1.1-0.41.dev1251.el7ost.noarch python-nova-2014.1.2-1.el7ost.noarch openstack-nova-compute-2014.1.2-1.el7ost.noarch python-novaclient-2.17.0-2.el7ost.noarch openstack-nova-api-2014.1.2-1.el7ost.noarch How reproducible: Not sure only tested this once. Steps to Reproduce: 1. Install AIO, enabled on answer file: CONFIG_HORIZON_SSL=y CONFIG_AMQP_ENABLE_SSL=y 2. See BZ 1147224, use new manifest amqp.pp, else rabbitmq won't start 3. Setup later fails on starting Nova-compute service Could not start Service[nova-compute]: Execution of '/usr/bin/systemctl start openstack-nova-compute' 4. Verified rabbitmq service up listening on ssl port 5671: [root@cougar08 rabbitmq]# systemctl -t service -a | grep rabbit rabbitmq-server.service loaded active running RabbitMQ broker [root@cougar08 rabbitmq]# netstat -lnp | grep 5671 tcp6 0 0 :::5671 :::* LISTEN 13589/beam.smp [root@cougar08 rabbitmq]# firewall rule in place: -A INPUT -s 10.35.160.137/32 -p tcp -m multiport --dports 5671,5672 -m comment --comment "001 amqp incoming amqp_10.35.160.137" -j ACCEPT Actual results: Failed to start nova service 2014-09-28 11:41:42::DEBUG::sequences::40::root:: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/packstack/installer/core/sequences.py", line 38, in run self.function(config, messages) File "/usr/lib/python2.7/site-packages/packstack/plugins/puppet_950.py", line 216, in apply_puppet_manifest wait_for_puppet(currently_running, messages) File "/usr/lib/python2.7/site-packages/packstack/plugins/puppet_950.py", line 112, in wait_for_puppet validate_logfile(log) File "/usr/lib/python2.7/site-packages/packstack/modules/puppet.py", line 91, in validate_logfile raise PuppetError(message) PuppetError: Error appeared during Puppet run: 10.35.160.137_nova.pp Error: Could not start Service[nova-compute]: Execution of '/usr/bin/systemctl start openstack-nova-compute' returned 1: Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details. You will find full trace in log /var/tmp/packstack/20140928-113749-okiaSM/manifests/10.35.160.137_nova.pp.log ... Expected results: Packstack should successfully install and start Nova compute service, on SSL based deployments.
Sadly ssl with rabbitmq won't work because of two outstanding issues that are being worked on, first one is our own configuration of rabbitmq (BZ 1147224) and the second one is reuqirement of kombu_ssl by puppet modules which is in progress for icehouse https://bugs.launchpad.net/puppet-neutron/+bug/1356083
https://review.openstack.org/167452 is now merged.
can i have pm and qe acks please? Thanks!
To verify this bug: 1. Install AIO, enabled on answer file: CONFIG_HORIZON_SSL=y CONFIG_AMQP_ENABLE_SSL=y 2. Check if nova starts properly (a succesfull instllation will be enough)
Verified ======== openstack-packstack-2014.1.1-0.46.dev1280.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0831.html