Tuesday, 1 November 2016

Configuring rabbitmq access in an Ansible All In One environment

I'm working on implementing an OpenStack Ansible Searchlight role.

I've been having some problems getting access to rabbitmq to work.

It turns out that rabbitmq is a bit sucky, but add in some cluelessness on my part and you have a recipe for frustration.

For the last couple of days, I had been stuck on getting the searchlight-listener to actually connect to rabbitmq via oslo.messaging.

I was seeing lots of lines in /var/log/searchlight/searchlight-lister.log along the lines of:

2016-11-02 00:05:49.096 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 
2016-11-02 00:06:21.137 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 
2016-11-02 00:06:53.172 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 
2016-11-02 00:07:25.209 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 
2016-11-02 00:07:57.246 8871 ERROR oslo.messaging._drivers.impl_rabbit [-] [462d7cb1-f1c4-4f76-8628-57d5265fd469] AMQP server on 172.29.236.234:5671 is unreachable: [Errno 104] Connection reset by peer. Trying again in 32 seconds. Client port: None 


I looked at all sorts of things - permissions, user_secrets, networking, SSL, certificates all to no avail.

It turns out that all I actually needed to do was add the following to searchlight's configuration:
[oslo_messaging_rabbit] 
rabbit_use_ssl = {{ searchlight_rabbitmq_use_ssl }}


I had been setting:
 searchlight_rabbitmq_use_ssl: {{ searchlight_rabbitmq_use_ssl }} in the [DEFAULT] section, but it looks like that was just magical thinking on my part.

So, in the hopes that if I ever do this again having this public admission of an id-ten-t problem will be worth the time it may save me, here's a blog post.

Somehow I have a feeling that the majority of my blog posts will be me admitting to doing something stupid.