Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-23064

Keystone-operator requries rabbitmq but keystone only uses it if you enable notificaions.

XMLWordPrintable

    • Moderate

      keystone is not a distribute service an dose not use rabbitmq unless you enable
      notifiction with the oslo messaging rabbitmq driver

      https://github.com/openstack/keystone/blob/master/keystone/notifications.py
      https://docs.openstack.org/keystone/latest/configuration/config-options.html#oslo_messaging_notifications.transport_url

      https://docs.openstack.org/keystone/latest/install/keystone-install-rdo.html
      https://docs.openstack.org/keystone/latest/install/keystone-install-ubuntu.html

      the keystone operator howewver require a rabbit instance

      https://github.com/openstack-k8s-operators/keystone-operator/blob/main/api/v1beta1/keystoneapi_types.go#L185-L189

      which st the uses for notificaoints

      https://github.com/openstack-k8s-operators/keystone-operator/blob/main/templates/keystoneapi/config/keystone.conf#L36-L47
      however this is defaultign to the incorrect message bus adn uses the wrong name

      the notificaotin message bus shoudl be defied as`NotificationsBusInstance`

      	// +kubebuilder:validation:Optional
	// NotificationsBusInstance is the name of the RabbitMqCluster CR to select
	// the Message Bus Service instance used by the Nova top level services and all cells to publish notifications.
	// If undefined, the value will be inherited from OpenStackControlPlane.
	// An empty value "" leaves the notification drivers unconfigured and emitting no notifications at all.
	// Avoid colocating it with RabbitMqClusterName, APIMessageBusInstance or CellMessageBusInstance used for RPC.
	// For particular Nova cells, notifications cannot be disabled, nor configured differently.
	NotificationsBusInstance *string `json:"notificationsBusInstance,omitempty"`

      it shoudl not have a default value as notrication shoudl be disabled by default

      when its enabeld we use a sepeate rabbitmq instance for it called rabbit-notifications by convention

      https://github.com/openstack-k8s-operators/openstack-operator/pull/1591

      the rabbitMqClusterName fied was added by
      https://github.com/openstack-k8s-operators/keystone-operator/commit/52985536f4624d3a245d63210ab07d9553007cbd

      whhich incorectly redused the naem we default to for rpc trafic and make it required instead of optional which is problematic as if notifcaion are not consumed they will pile up indefintly in rabbit unless you configure experiation on the rabbit server for the messages.

      thjs seams to have been intorudce for barbican integration

      https://github.com/openstack-k8s-operators/barbican-operator/pull/34
      however we shoudl nto assuem that barbican is deploy and it shoudl be possibel to deploy without enabling this fucntionaliy.

              Unassigned Unassigned
              smooney@redhat.com Sean Mooney
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: