Merge lp:~vds/charms/trusty/contrail-configuration/TLS_support_for_RabbitMQ_connection into lp:~sdn-charmers/charms/trusty/contrail-configuration/trunk
Proposed by
Vincenzo Di Somma
Status: | Merged |
---|---|
Merged at revision: | 71 |
Proposed branch: | lp:~vds/charms/trusty/contrail-configuration/TLS_support_for_RabbitMQ_connection |
Merge into: | lp:~sdn-charmers/charms/trusty/contrail-configuration/trunk |
Diff against target: |
79 lines (+14/-2) 5 files modified
hooks/contrail_configuration_utils.py (+10/-2) templates/contrail-api.conf (+1/-0) templates/contrail-device-manager.conf (+1/-0) templates/contrail-schema.conf (+1/-0) templates/contrail-svc-monitor.conf (+1/-0) |
To merge this branch: | bzr merge lp:~vds/charms/trusty/contrail-configuration/TLS_support_for_RabbitMQ_connection |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Ayres (community) | Approve | ||
Review via email: mp+330838@code.launchpad.net |
Commit message
Adding support for SSL/TLS connection to the RabittMQ connection.
Description of the change
Adding support for SSL/TLS connection to the RabittMQ connection.
To post a comment you must log in.
Thanks for the patch!
I'm struggling to make this work in testing atm. This is using trusty + Contrail 3.2.3.
I've generated certs, keys, ca-certs for rabbitmq-server unit and am using the appropriate 'ssl_*' options. I can see RabbitMQ is listening on SSL socket (5671) and the config is pointed at the right certs + keys.
However contrail-api (on contrail- configuration unit) using option 'rabbit_use_ssl = True' won't connect to it.
RabbitMQ logs show:
=ERROR REPORT==== 22-Sep- 2017::20: 27:43 ===
{certfile, {badmatch, []}}} (unknown POSIX error)
error on AMQP connection <0.19312.0>: {ssl_upgrade_error,
I've tried combinations of ports (5672, 5671) and 'kombu_ssl_*' options, but nothing gets contrail-api to connect atm.
Are you able to make it work?
The other thing to note in this patch is these contrail- configuration configs should probably also be updated with 'rabbit_use_ssl' option:
contrail- device- manager. conf svc-monitor. conf schema. conf
contrail-
contrail-