[rabbitmq-discuss] RabbitMQ clustering with SSL

ramviv.123 at gmail.com ramviv.123 at gmail.com
Wed Aug 14 20:42:29 BST 2013


As suggested, I upgraded erlang to R16B01 and RabbitMQ server to 3.1.4.1. 
 After the upgrade the RabbitMQ server does not come up.  I removed any 
custom env or config files as well as the mnesia tables. I also tried 
removing all of the rabbitmq and erlang installs and reinstalling them.  I 
have the following versions on the system

# rpm -qa | grep -i esl | more
esl-erlang-R16B01-1.x86_64
# rpm -qa | grep -i rabbit
rabbitmq-server-3.1.4-1.noarch

The startup_log has the following.

              Starting broker...

BOOT FAILED
===========

Error description:
   {could_not_start,rabbit,undef}

Log files (may contain more information):
   /var/log/rabbitmq/rabbit at itops-dev-164.log
   /var/log/rabbitmq/rabbit at itops-dev-164-sasl.log

{"init terminating in 
do_boot",{rabbit,failure_during_boot,{could_not_start,rabbit,undef}}}^M
^[[60G[^[[0;31mFAILED^[[0;39m]^M

   I am also attaching the sasl log and erl_crash.dump.  Would appreciate 
any help in solving this issue.


On Tuesday, August 13, 2013 5:39:53 PM UTC-4, ramvi... at gmail.com wrote:
>
> We also noticed two other failures.  When we kill the epmd process and 
> restart rabbitMQ we see the following error.  
>
> {error_logger,{{2013,8,13},{17,31,53}},"Protocol: ~p: not 
> supported~n",["inet_tls"]}
>
>    According to one other thread here, this should go away if we use the 
> latest version of erlang, which we are using.  Rabbit MQ also seems to 
> recognize the latest version of erlang, when we do rabbitmqctl status. We 
> checked this  removing the SSL.configuration.  As mentioned in the ssl 
> config guide for erlang, if we uncomment the commented out section of the 
> config file below, the RRabbitMQ server would just hang.  I am able to 
> connect the WebUI, but I never get the success message on the terminal I 
> started the server.  Also, the other node when brought up, times out trying 
> to connect to this node.
>
> -Venkat
>
> On Tuesday, August 13, 2013 12:00:57 PM UTC-4, ramvi... at gmail.com wrote:
>>
>> Hi,
>>
>>     We are setting up a RabbitMQ env with clustering on the LAN and 
>> federated on the WAN.  We also intend to use consistent hash on the 
>> receiver side.  We were able to successfully setup a federated 
>> configuration with ssl enabled.  But we are having issues trying to setup 
>> ssl with clusters.  We are using RabbitMQ 3.1.3 with erlang 
>> version  5.9.3.1.  We have setup the erlang config based on 
>> http://www.erlang.org/doc/apps/ssl/ssl_distribution.html.   I am able 
>> connect tru an erlang client server program to send data back and forth and 
>> so I know the ssl with erlang works.  But when I bring RabbitMQ with 
>> clusters and take a TCP dump of the packets, the data transfer seem to be 
>> clear text.  Is there a way to check if the clusters are configured for ssl 
>> by any other means.  Also, would appreciate if someone can point out what 
>> am I doing wrong here.  Here is the env file (rabbitmq-env.conf)
>>
>> SERVER_START_ARGS="-boot /usr/lib64/erlang/releases/R15B03/start_ssl 
>> -proto_dist inet_tls"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} -pa 
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} 
>> /usr/lib64/erlang/lib/asn1-1.8/ebin"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_portprogram_dir 
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_cacertfile 
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_certfile 
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_keyfile 
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_verify 1"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>> server_fail_if_no_peer_cert true"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>> server_secure_renegotiate true"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_cacertfile 
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_certfile 
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_keyfile 
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_verify 1"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>> client_secure_renegotiate true"
>> #echo SERVER_START_ARGS: ${SERVER_START_ARGS}
>>
>> Here is the rabbitmq.config for clustering and ssl option set for other 
>> modes.
>>
>>
>> [nn-vmrh5: /etc/rabbitmq]vi rabbitmq.config
>> [
>>     {rabbit, [
>>         {default_vhost, <<"alert">>},
>>         {tcp_listeners, [5672]},
>>         {ssl_listeners, [5671]},
>>         {rabbitmq_tracing, [{username, "guest"}]},
>>         {cluster_nodes, ['rabbit at nn-vmrh5','rabbit at nn-vmrh5g']},
>>         {ssl_options, [{cacertfile,"/etc/openssl/all_cacerts.pem"},
>>                        {certfile,"/etc/openssl/nn-vmrh5/cert.pem"},
>>                        {keyfile,"/etc/openssl/nn-vmrh5/key.pem"},
>>                        {verify,verify_peer},
>>                        {fail_if_no_peer_cert,true}] },
>>         {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
>>         {ssl_cert_login_from, common_name},
>>         {log_levels, [{connection, info}]}
>>     ] }
>> ].
>>
>>    Would really appreciate any help on this.
>>
>> Thanks
>> Venkat
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erl_crash.dump
Type: application/octet-stream
Size: 1518670 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rabbit at itops-dev-164-sasl.log
Type: application/octet-stream
Size: 15552 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0003.obj>


More information about the rabbitmq-discuss mailing list