OSP 14 - TLS Everywhere - Nova conductor makes non-ssl calls if incorrect enable-internal-tls.yaml template is used for deployment

Solution In Progress - Updated -

Issue

  • If the overcloud is deployed with the deprecated template: /usr/share/openstack-tripleo-heat-templates/environments/enable-internal-tls.yaml rather than the correct template: /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml nova conductor will make non-ssl rabbitmq/rpc client requests. This issue will even occur after the correct template is referenced. Manual fix described below is needed.
  • Instance will hang in the building or scheduling state and the following errors can be seen in the nova conductor log file:
MQP server controller0:5672 closed the connection. Check login credentials: Socket closed: IO

Environment

  • Red Hat Openstack Platform 14

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content