[rabbitmq-discuss] RabbitMQ clustering with SSL
ramviv.123 at gmail.com
ramviv.123 at gmail.com
Wed Aug 14 20:33:20 BST 2013
As suggested I tried upgrading the erlang to R16B01 and the rabbitmq server
to 3.1.4. Now I am not able to bring up the rabbitmq server. I tried
removing the erlang and rabbitmq installs multiple times and still I am
unable to bring it up. I am not using any custom configuration or env files
as well. I tried removing the mnesia directory but did not help either.
# rpm -qa | grep -i esl | more
esl-erlang-R16B01-1.x86_64
]# rpm -qa | grep -i rabbit
rabbitmq-server-3.1.4-1.noarch.
The startup log has the following error
Starting broker...
BOOT FAILED
===========
Error description:
{could_not_start,rabbit,undef}
Log files (may contain more information):
/var/log/rabbitmq/rabbit at itops-dev-164.log
/var/log/rabbitmq/rabbit at itops-dev-164-sasl.log
{"init terminating in
do_boot",{rabbit,failure_during_boot,{could_not_start,rabbit,undef}}}^M
^[[60G[^[[0;31mFAILED^[[0;39m]^M
I am attaching rabbit at itops-dev-164-sasl.log file as well
On Tuesday, August 13, 2013 5:39:53 PM UTC-4, ramvi... at gmail.com wrote:
>
> We also noticed two other failures. When we kill the epmd process and
> restart rabbitMQ we see the following error.
>
> {error_logger,{{2013,8,13},{17,31,53}},"Protocol: ~p: not
> supported~n",["inet_tls"]}
>
> According to one other thread here, this should go away if we use the
> latest version of erlang, which we are using. Rabbit MQ also seems to
> recognize the latest version of erlang, when we do rabbitmqctl status. We
> checked this removing the SSL.configuration. As mentioned in the ssl
> config guide for erlang, if we uncomment the commented out section of the
> config file below, the RRabbitMQ server would just hang. I am able to
> connect the WebUI, but I never get the success message on the terminal I
> started the server. Also, the other node when brought up, times out trying
> to connect to this node.
>
> -Venkat
>
> On Tuesday, August 13, 2013 12:00:57 PM UTC-4, ramvi... at gmail.com wrote:
>>
>> Hi,
>>
>> We are setting up a RabbitMQ env with clustering on the LAN and
>> federated on the WAN. We also intend to use consistent hash on the
>> receiver side. We were able to successfully setup a federated
>> configuration with ssl enabled. But we are having issues trying to setup
>> ssl with clusters. We are using RabbitMQ 3.1.3 with erlang
>> version 5.9.3.1. We have setup the erlang config based on
>> http://www.erlang.org/doc/apps/ssl/ssl_distribution.html. I am able
>> connect tru an erlang client server program to send data back and forth and
>> so I know the ssl with erlang works. But when I bring RabbitMQ with
>> clusters and take a TCP dump of the packets, the data transfer seem to be
>> clear text. Is there a way to check if the clusters are configured for ssl
>> by any other means. Also, would appreciate if someone can point out what
>> am I doing wrong here. Here is the env file (rabbitmq-env.conf)
>>
>> SERVER_START_ARGS="-boot /usr/lib64/erlang/releases/R15B03/start_ssl
>> -proto_dist inet_tls"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} -pa
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> #SERVER_START_ARGS="${SERVER_START_ARGS}
>> /usr/lib64/erlang/lib/asn1-1.8/ebin"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_portprogram_dir
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_cacertfile
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_certfile
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_keyfile
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_verify 1"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt
>> server_fail_if_no_peer_cert true"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt
>> server_secure_renegotiate true"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_cacertfile
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_certfile
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_keyfile
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_verify 1"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt
>> client_secure_renegotiate true"
>> #echo SERVER_START_ARGS: ${SERVER_START_ARGS}
>>
>> Here is the rabbitmq.config for clustering and ssl option set for other
>> modes.
>>
>>
>> [nn-vmrh5: /etc/rabbitmq]vi rabbitmq.config
>> [
>> {rabbit, [
>> {default_vhost, <<"alert">>},
>> {tcp_listeners, [5672]},
>> {ssl_listeners, [5671]},
>> {rabbitmq_tracing, [{username, "guest"}]},
>> {cluster_nodes, ['rabbit at nn-vmrh5','rabbit at nn-vmrh5g']},
>> {ssl_options, [{cacertfile,"/etc/openssl/all_cacerts.pem"},
>> {certfile,"/etc/openssl/nn-vmrh5/cert.pem"},
>> {keyfile,"/etc/openssl/nn-vmrh5/key.pem"},
>> {verify,verify_peer},
>> {fail_if_no_peer_cert,true}] },
>> {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
>> {ssl_cert_login_from, common_name},
>> {log_levels, [{connection, info}]}
>> ] }
>> ].
>>
>> Would really appreciate any help on this.
>>
>> Thanks
>> Venkat
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/0358a23d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rabbit at itops-dev-164-sasl.log
Type: application/octet-stream
Size: 15552 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/0358a23d/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erl_crash.dump
Type: application/octet-stream
Size: 1518670 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/0358a23d/attachment-0003.obj>
More information about the rabbitmq-discuss
mailing list