[oslo][operators] oslo.messaging and RabbitMQ SSL
For the past few months, we've been investigating a significant bug when enabling SSL for oslo.messaging connections to RabbitMQ.[0] Thanks to some patient and excellent investigation, it was tracked down to an issue in the amqp library that we use in oslo.messaging. The fix has now been released as 2.4.1, and we've updated the requirements on master to reflect that, but we can't backport requirements changes to the stable branches. Since this affects releases going back to Pike, that's potentially a lot of affected users. We're planning to release note[1] all of the stable branches to communicate the need to use a newer version of the library, but I also wanted to send an email to the list in order to help get the word out. Basically, since we can't fix this in the library itself I'm running a publicity campaign to let everyone know what the fix is. :-) If you have any questions, feel free to reach out here or on IRC in #openstack-oslo. Thanks. -Ben 0: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 1: https://review.openstack.org/#/c/638461
On 19-02-21 14:56:24, Ben Nemec wrote:
For the past few months, we've been investigating a significant bug when enabling SSL for oslo.messaging connections to RabbitMQ.[0] Thanks to some patient and excellent investigation, it was tracked down to an issue in the amqp library that we use in oslo.messaging. The fix has now been released as 2.4.1, and we've updated the requirements on master to reflect that, but we can't backport requirements changes to the stable branches. Since this affects releases going back to Pike, that's potentially a lot of affected users. We're planning to release note[1] all of the stable branches to communicate the need to use a newer version of the library, but I also wanted to send an email to the list in order to help get the word out. Basically, since we can't fix this in the library itself I'm running a publicity campaign to let everyone know what the fix is. :-)
If you have any questions, feel free to reach out here or on IRC in #openstack-oslo. Thanks.
-Ben
0: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 1: https://review.openstack.org/#/c/638461
Stable policy may allow for the backport, depending on the details of the issue. https://docs.openstack.org/project-team-guide/stable-branches.html -- Matthew Thode
On Thu, 21 Feb 2019 at 22:10, Matthew Thode <mthode@mthode.org> wrote:
On 19-02-21 14:56:24, Ben Nemec wrote:
For the past few months, we've been investigating a significant bug when enabling SSL for oslo.messaging connections to RabbitMQ.[0] Thanks to some patient and excellent investigation, it was tracked down to an issue in the amqp library that we use in oslo.messaging. The fix has now been released as 2.4.1, and we've updated the requirements on master to reflect that, but we can't backport requirements changes to the stable branches. Since this affects releases going back to Pike, that's potentially a lot of affected users. We're planning to release note[1] all of the stable branches to communicate the need to use a newer version of the library, but I also wanted to send an email to the list in order to help get the word out. Basically, since we can't fix this in the library itself I'm running a publicity campaign to let everyone know what the fix is. :-)
If you have any questions, feel free to reach out here or on IRC in #openstack-oslo. Thanks.
-Ben
0: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 1: https://review.openstack.org/#/c/638461
Stable policy may allow for the backport, depending on the details of the issue.
https://docs.openstack.org/project-team-guide/stable-branches.html
quoting Ken Giusti
Unfortunately we can't backport this fix to previous stable branches since it is a change to requirements which is technically a feature release.
https://bugs.launchpad.net/oslo.messaging/+bug/1800957/comments/52
On 2/21/19 3:07 PM, Matthew Thode wrote:
On 19-02-21 14:56:24, Ben Nemec wrote:
For the past few months, we've been investigating a significant bug when enabling SSL for oslo.messaging connections to RabbitMQ.[0] Thanks to some patient and excellent investigation, it was tracked down to an issue in the amqp library that we use in oslo.messaging. The fix has now been released as 2.4.1, and we've updated the requirements on master to reflect that, but we can't backport requirements changes to the stable branches. Since this affects releases going back to Pike, that's potentially a lot of affected users. We're planning to release note[1] all of the stable branches to communicate the need to use a newer version of the library, but I also wanted to send an email to the list in order to help get the word out. Basically, since we can't fix this in the library itself I'm running a publicity campaign to let everyone know what the fix is. :-)
If you have any questions, feel free to reach out here or on IRC in #openstack-oslo. Thanks.
-Ben
0: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 1: https://review.openstack.org/#/c/638461
Stable policy may allow for the backport, depending on the details of the issue.
https://docs.openstack.org/project-team-guide/stable-branches.html
The stable policy may allow it, but as I understand it we couldn't release the resulting library. Requirements changes mandate a feature release, which we can't do from stable branches.
participants (3)
-
Antonio Ojea
-
Ben Nemec
-
Matthew Thode