I've been having some problems getting access to rabbitmq to work.
It turns out that rabbitmq is a bit sucky, but add in some cluelessness on my part and you have a recipe for frustration.
For the last couple of days, I had been stuck on getting the searchlight-listener to actually connect to rabbitmq via oslo.messaging.
I was seeing lots of lines in /var/log/searchlight/searchlight-lister.log along the lines of:
2016-11-02 00:05:49.096 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 2016-11-02 00:06:21.137 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 2016-11-02 00:06:53.172 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 2016-11-02 00:07:25.209 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 2016-11-02 00:07:57.246 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None
I looked at all sorts of things - permissions, user_secrets, networking, SSL, certificates all to no avail.
It turns out that all I actually needed to do was add the following to searchlight's configuration:
[oslo_messaging_rabbit] rabbit_use_ssl = {{ searchlight_rabbitmq_use_ssl }}
I had been setting:
searchlight_rabbitmq_use_ssl: {{ searchlight_rabbitmq_use_ssl }} in the [DEFAULT] section, but it looks like that was just magical thinking on my part.
So, in the hopes that if I ever do this again having this public admission of an id-ten-t problem will be worth the time it may save me, here's a blog post.
Somehow I have a feeling that the majority of my blog posts will be me admitting to doing something stupid.