Description of problem: Current QDR configuration on SAF client side (overcloud) is without SSL. This creates requirement on server side to enable external router IP in OpenShift and basically disables HA. We need to backport following patches to be able to use SSL in the message bus. https://review.openstack.org/#/c/639423 https://review.openstack.org/#/c/631297
puppet-qdr-2.3.1-2.el7ost puppet-tripleo-8.4.1-5.el7ost were also tracked as part of this fix but these were already released as part of last batch update.
2019-06-03 19:00:02.651037 +0000 ROUTER (info) Finalizing core module: address_lookup_client 2019-06-03 19:00:02.651107 +0000 ROUTER (info) Finalizing core module: edge_router 2019-06-03 19:00:03.125291 +0000 SERVER (info) Container Name: Router.controller-0.localdomain 2019-06-03 19:00:03.125453 +0000 ROUTER (info) Router started in Edge mode 2019-06-03 19:00:03.125467 +0000 ROUTER (info) Version: Red Hat AMQ Interconnect 1.4.1 (qpid-dispatch 1.7.0) 2019-06-03 19:00:03.140503 +0000 AGENT (info) Activating management agent on $_management_internal 2019-06-03 19:00:03.140615 +0000 ROUTER (info) Core module enabled: edge_router 2019-06-03 19:00:03.140646 +0000 ROUTER (info) Core module present but disabled: core_test_hooks 2019-06-03 19:00:03.140662 +0000 ROUTER (info) Core module present but disabled: edge_addr_tracking 2019-06-03 19:00:03.140671 +0000 ROUTER (info) Core module present but disabled: address_lookup_server 2019-06-03 19:00:03.140682 +0000 ROUTER (info) Core module enabled: address_lookup_client 2019-06-03 19:00:03.140691 +0000 ROUTER (info) Router Core thread running. 0/Router.controller-0.localdomain 2019-06-03 19:00:03.140701 +0000 ROUTER (info) In-process subscription M/$management 2019-06-03 19:00:03.140754 +0000 ROUTER (info) In-process subscription L/$management 2019-06-03 19:00:03.140801 +0000 ROUTER (info) In-process subscription L/$_management_internal 2019-06-03 19:00:03.141311 +0000 POLICY (info) Policy configured maxConnections: 65535, policyDir: '',access rules enabled: 'false', use hostname patterns: 'false' 2019-06-03 19:00:03.142311 +0000 POLICY (info) Policy fallback defaultVhost is defined: '$default' 2019-06-03 19:00:03.142460 +0000 CONN_MGR (info) Created SSL Profile with name tlsProfile 2019-06-03 19:00:03.143326 +0000 CONN_MGR (info) Configured Listener: 172.17.1.11:5666 proto=any, role=normal 2019-06-03 19:00:03.144939 +0000 CONN_MGR (info) Configured Connector: qdr-white-port-5671-sa-telemetry.apps.dev7.nfvpe.site:443 proto=any, role=edge, sslProfile=tlsProfile 2019-06-03 19:00:03.150026 +0000 SERVER (notice) Operational, 4 Threads Running (process ID 1) 2019-06-03 19:00:03.151138 +0000 SERVER (notice) Listening on 172.17.1.11:5666 2019-06-03 19:00:03.279176 +0000 ROUTER (info) [C1] Connection Opened: dir=out host=qdr-white-port-5671-sa-telemetry.apps.dev7.nfvpe.site:443 vhost= encrypted=TLSv1/SSLv3 auth=ANONYMOUS user=(null) container_id=Router.qdr-white-666579c8d4-dvhnh props={:product="qpid-dispatch-router", :version="1.6.0", :"qd.conn-id"=9} 2019-06-03 19:00:03.279284 +0000 ROUTER (info) Edge connection (id=1) to interior established 2019-06-03 19:00:03.653922 +0000 SERVER (info) [C2] Accepted connection to 172.17.1.11:5666 from 172.17.1.11:56342 2019-06-03 19:00:03.654911 +0000 ROUTER (info) [C2] Connection Opened: dir=in host=172.17.1.11:56342 vhost= encrypted=no auth=ANONYMOUS user=anonymous container_id=metrics props= 2019-06-03 19:00:03.655348 +0000 ROUTER (info) [C2][L13] Link attached: dir=in source={<none> expire:sess} target={<none> expire:sess}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1401