search

openstack-k8s-operators / openstack-operator

Meta Operator for OpenStack
https://openstack-k8s-operators.github.io/openstack-operator/
Apache License 2.0
27 stars 76 forks source link

Fix rabbitmq IPv6 with TLS/FIPS #917

Closed olliewalsh closed 2 months ago

olliewalsh commented 2 months ago

Rabbitmq IPv6 config requires changes to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS and RABBITMQ_CTL_ERL_ARGS which are clobbered by the TLS/FIPS config. Rework the logic that build the args to handle this.

Closes: OSPRH-8372

olliewalsh commented 2 months ago

/hold

softwarefactory-project-zuul[bot] commented 2 months ago

Build failed (check pipeline). Post recheck (without leading slash) to rerun all jobs. Make sure the failure cause has been resolved before you rerun jobs.

https://review.rdoproject.org/zuul/buildset/3842409964c140a3b32e3f79af62c40d

:heavy_check_mark: openstack-k8s-operators-content-provider SUCCESS in 3h 06m 52s :heavy_check_mark: podified-multinode-edpm-deployment-crc SUCCESS in 1h 17m 44s :x: cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 8m 01s :heavy_check_mark: cifmw-data-plane-adoption-osp-17-to-extracted-crc SUCCESS in 2h 31m 57s :heavy_check_mark: openstack-operator-tempest-multinode SUCCESS in 1h 45m 02s

softwarefactory-project-zuul[bot] commented 2 months ago

This change depends on a change that failed to merge.

Change https://github.com/openstack-k8s-operators/lib-common/pull/527 is needed.

olliewalsh commented 2 months ago

/remove-hold

softwarefactory-project-zuul[bot] commented 2 months ago

Build failed (check pipeline). Post recheck (without leading slash) to rerun all jobs. Make sure the failure cause has been resolved before you rerun jobs.

https://review.rdoproject.org/zuul/buildset/6468b53c7c7d4a40a27212f9ce5c7bf1

:x: openstack-k8s-operators-content-provider FAILURE in 8m 06s :warning: podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider :warning: cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider :warning: openstack-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

olliewalsh commented 2 months ago

/hold

olliewalsh commented 2 months ago

/remove-hold

olliewalsh commented 2 months ago

Manually tested the resulting RabbitmqCluster CR on IPv4 FIPS environment (in particilur to confirm dropping -crypto from CTL_ERL_ARGS is ok):

sh-5.1$ env | grep ARGS
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter-node-tls.config -crypto fips_mode true
RABBITMQ_CTL_ERL_ARGS=-proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter-node-tls.config
sh-5.1$ cat /etc/rabbitmq/erl_inetrc 
{inet,true}.
sh-5.1$ hostname
rabbitmq-server-2
sh-5.1$ rabbitmqctl cluster_status --node rabbit@rabbitmq-server-0.rabbitmq-nodes.openstack | head
Cluster status of node rabbit@rabbitmq-server-0.rabbitmq-nodes.openstack ...
Basics

Cluster name: rabbitmq

Disk Nodes

rabbit@rabbitmq-server-0.rabbitmq-nodes.openstack
rabbit@rabbitmq-server-1.rabbitmq-nodes.openstack
rabbit@rabbitmq-server-2.rabbitmq-nodes.openstack
softwarefactory-project-zuul[bot] commented 2 months ago

Build failed (check pipeline). Post recheck (without leading slash) to rerun all jobs. Make sure the failure cause has been resolved before you rerun jobs.

https://review.rdoproject.org/zuul/buildset/c5a31cfee7184ebe9a2bb23937eb523e

:heavy_check_mark: openstack-k8s-operators-content-provider SUCCESS in 4h 19m 23s :heavy_check_mark: podified-multinode-edpm-deployment-crc SUCCESS in 1h 17m 15s :x: cifmw-crc-podified-edpm-baremetal FAILURE in 41m 35s :heavy_check_mark: cifmw-data-plane-adoption-osp-17-to-extracted-crc SUCCESS in 2h 35m 43s :heavy_check_mark: openstack-operator-tempest-multinode SUCCESS in 1h 52m 21s

abays commented 2 months ago

recheck

Error from server (InternalError): error when creating "devsetup/edpm/services/dataplane_v1beta1_openstackdataplaneservice_reposetup.yaml": Internal error occurred: failed calling webhook "mopenstackdataplaneservice.kb.io": failed to call webhook...
olliewalsh commented 2 months ago

recheck

Error from server (InternalError): error when creating "devsetup/edpm/services/dataplane_v1beta1_openstackdataplaneservice_reposetup.yaml": Internal error occurred: failed calling webhook "mopenstackdataplaneservice.kb.io": failed to call webhook...

was planning to wait to rebase on https://github.com/openstack-k8s-operators/openstack-operator/pull/924 but that's failing CI so lets merge this first

openshift-ci[bot] commented 2 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprince, olliewalsh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openstack-k8s-operators/openstack-operator/blob/main/OWNERS)~~ [dprince,olliewalsh] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
dprince commented 2 months ago

/override rdoproject.org/github-check

openshift-ci[bot] commented 2 months ago

@dprince: Overrode contexts on behalf of dprince: rdoproject.org/github-check

In response to [this](https://github.com/openstack-k8s-operators/openstack-operator/pull/917#issuecomment-2221065351): >/override rdoproject.org/github-check Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.