New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Bunny gem #6857

Merged
merged 1 commit into from Mar 3, 2016

Conversation

Projects
None yet
5 participants
@Ladas
Contributor

Ladas commented Feb 22, 2016

Update Bunny gem, the old gem couldn't handle reconnect when
amqp service got restarted.

Seems like new bunny works the same, so no changes in using it
are needed.

Fixes BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1222005

@miq-bot

This comment has been minimized.

Show comment
Hide comment
@miq-bot

miq-bot Feb 22, 2016

Member

Checked commit Ladas@0effc7c with ruby 2.2.3, rubocop 0.34.2, and haml-lint 0.13.0
1 file checked, 0 offenses detected
Everything looks good. 👍

Member

miq-bot commented Feb 22, 2016

Checked commit Ladas@0effc7c with ruby 2.2.3, rubocop 0.34.2, and haml-lint 0.13.0
1 file checked, 0 offenses detected
Everything looks good. 👍

@chessbyte

This comment has been minimized.

Show comment
Hide comment
@chessbyte

chessbyte Feb 22, 2016

Member

@blomquisg please review

Member

chessbyte commented Feb 22, 2016

@blomquisg please review

@blomquisg

This comment has been minimized.

Show comment
Hide comment
@blomquisg

blomquisg Feb 22, 2016

Member

The only thing that jumped out at me was that after 1.6.0 Bunny now sets verify_peer = true by default, whereas before it was verify_peer = false.

This will only mess us up with situations where the user enables SSL for AMQP. Which, as I understand it, is not a standard configuration for AMQP in OSP.

Still, I think we should play it safe and do the following:

  • add a setting to control OpenStack AMQP verify_peer in vmdb.tmpl.yml
    • should we use the same CA as we use for the SSL cert verification of the OSP API?
  • default the Bunny verify_peer to false
  • add some documentation describing how to install the CA for peer verification if it's different than the OSP API CA.
Member

blomquisg commented Feb 22, 2016

The only thing that jumped out at me was that after 1.6.0 Bunny now sets verify_peer = true by default, whereas before it was verify_peer = false.

This will only mess us up with situations where the user enables SSL for AMQP. Which, as I understand it, is not a standard configuration for AMQP in OSP.

Still, I think we should play it safe and do the following:

  • add a setting to control OpenStack AMQP verify_peer in vmdb.tmpl.yml
    • should we use the same CA as we use for the SSL cert verification of the OSP API?
  • default the Bunny verify_peer to false
  • add some documentation describing how to install the CA for peer verification if it's different than the OSP API CA.
@matthewd

This comment has been minimized.

Show comment
Hide comment
@matthewd

matthewd Feb 22, 2016

Contributor

default the Bunny verify_peer to false

😟

Contributor

matthewd commented Feb 22, 2016

default the Bunny verify_peer to false

😟

@Ladas

This comment has been minimized.

Show comment
Hide comment
@Ladas

Ladas Feb 23, 2016

Contributor

@blomquisg hm, but that is for followup PR, right? Because we don't support AMQP SSL at all now.

Then my guess would be that this setting will go to Endpoint data? Yeah, I would use the same CA for now.

Contributor

Ladas commented Feb 23, 2016

@blomquisg hm, but that is for followup PR, right? Because we don't support AMQP SSL at all now.

Then my guess would be that this setting will go to Endpoint data? Yeah, I would use the same CA for now.

@blomquisg

This comment has been minimized.

Show comment
Hide comment
@blomquisg

blomquisg Feb 23, 2016

Member

@matthewd yeah 😞

Alternatively, we could doc it away, since we don't have a better solution that helps users setup the CA cert for OpenStack API and AMQP.

I would think the right thing to do here would be to either (or both) have a page in the Appliance configuration that allows an admin to upload a CA for OpenStack connections in their organization, and/or have a mechanism in the appliance console that allows an admin to specify the same CA.

Member

blomquisg commented Feb 23, 2016

@matthewd yeah 😞

Alternatively, we could doc it away, since we don't have a better solution that helps users setup the CA cert for OpenStack API and AMQP.

I would think the right thing to do here would be to either (or both) have a page in the Appliance configuration that allows an admin to upload a CA for OpenStack connections in their organization, and/or have a mechanism in the appliance console that allows an admin to specify the same CA.

Update Bunny gem
Update Bunny gem, the old gem couldn't handle reconnect when
amqp service got restarted.

Seems like new bunny works the same, so no changes in using it
are needed.

Fixes BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1222005
@Ladas

This comment has been minimized.

Show comment
Hide comment
@Ladas

Ladas Mar 1, 2016

Contributor

we need to use 2.1.0, higher versions are breaking ipv6 ruby-amqp/bunny#383

Contributor

Ladas commented Mar 1, 2016

we need to use 2.1.0, higher versions are breaking ipv6 ruby-amqp/bunny#383

@miq-bot

This comment has been minimized.

Show comment
Hide comment
@miq-bot

miq-bot Mar 1, 2016

Member

<github_pr_commenter_batch />Some comments on commit Ladas@0b3328d

Member

miq-bot commented Mar 1, 2016

<github_pr_commenter_batch />Some comments on commit Ladas@0b3328d

@Ladas Ladas closed this Mar 1, 2016

@Ladas Ladas reopened this Mar 1, 2016

blomquisg added a commit that referenced this pull request Mar 3, 2016

@blomquisg blomquisg merged commit bd1e600 into ManageIQ:master Mar 3, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage decreased (-0.0003%) to 32.261%
Details

@blomquisg blomquisg added this to the Sprint 37 Ending Mar 7, 2016 milestone Mar 3, 2016

lgalis pushed a commit to lgalis/manageiq that referenced this pull request Mar 17, 2016

Merge branch 'bz1310245' into '5.5.z'
Update Bunny gem

Update Bunny gem, the old gem couldn't handle reconnect when
amqp service got restarted.

Seems like new bunny works the same, so no changes in using it
are needed.

Fixes BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1222005

Clean cherry-pick of:
ManageIQ#6857

Fixes 5.5.z BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1310245



See merge request !839
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment