[rabbitmq-discuss] RabbitMQ clustering with SSL

ramviv.123 at gmail.com ramviv.123 at gmail.com
Wed Aug 14 20:42:29 BST 2013

As suggested, I upgraded erlang to R16B01 and RabbitMQ server to 
 After the upgrade the RabbitMQ server does not come up.  I removed any 
custom env or config files as well as the mnesia tables. I also tried 
removing all of the rabbitmq and erlang installs and reinstalling them.  I 
have the following versions on the system

# rpm -qa | grep -i esl | more
# rpm -qa | grep -i rabbit

The startup_log has the following.

              Starting broker...


Error description:

Log files (may contain more information):
   /var/log/rabbitmq/rabbit at itops-dev-164.log
   /var/log/rabbitmq/rabbit at itops-dev-164-sasl.log

{"init terminating in 

   I am also attaching the sasl log and erl_crash.dump.  Would appreciate 
any help in solving this issue.

On Tuesday, August 13, 2013 5:39:53 PM UTC-4, ramvi... at gmail.com wrote:
> We also noticed two other failures.  When we kill the epmd process and 
> restart rabbitMQ we see the following error.  
> {error_logger,{{2013,8,13},{17,31,53}},"Protocol: ~p: not 
> supported~n",["inet_tls"]}
>    According to one other thread here, this should go away if we use the 
> latest version of erlang, which we are using.  Rabbit MQ also seems to 
> recognize the latest version of erlang, when we do rabbitmqctl status. We 
> checked this  removing the SSL.configuration.  As mentioned in the ssl 
> config guide for erlang, if we uncomment the commented out section of the 
> config file below, the RRabbitMQ server would just hang.  I am able to 
> connect the WebUI, but I never get the success message on the terminal I 
> started the server.  Also, the other node when brought up, times out trying 
> to connect to this node.
> -Venkat
> On Tuesday, August 13, 2013 12:00:57 PM UTC-4, ramvi... at gmail.com wrote:
>> Hi,
>>     We are setting up a RabbitMQ env with clustering on the LAN and 
>> federated on the WAN.  We also intend to use consistent hash on the 
>> receiver side.  We were able to successfully setup a federated 
>> configuration with ssl enabled.  But we are having issues trying to setup 
>> ssl with clusters.  We are using RabbitMQ 3.1.3 with erlang 
>> version  We have setup the erlang config based on 
>> http://www.erlang.org/doc/apps/ssl/ssl_distribution.html.   I am able 
>> connect tru an erlang client server program to send data back and forth and 
>> so I know the ssl with erlang works.  But when I bring RabbitMQ with 
>> clusters and take a TCP dump of the packets, the data transfer seem to be 
>> clear text.  Is there a way to check if the clusters are configured for ssl 
>> by any other means.  Also, would appreciate if someone can point out what 
>> am I doing wrong here.  Here is the env file (rabbitmq-env.conf)
>> SERVER_START_ARGS="-boot /usr/lib64/erlang/releases/R15B03/start_ssl 
>> -proto_dist inet_tls"
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> /usr/lib64/erlang/lib/asn1-1.8/ebin"
>> #SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_portprogram_dir 
>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_cacertfile 
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_certfile 
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_keyfile 
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_verify 1"
>> server_fail_if_no_peer_cert true"
>> server_secure_renegotiate true"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_cacertfile 
>> /etc/openssl/all_cacerts.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_certfile 
>> /etc/openssl/nn-vmrh5/cert.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_keyfile 
>> /etc/openssl/nn-vmrh5/key.pem"
>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_verify 1"
>> client_secure_renegotiate true"
>> Here is the rabbitmq.config for clustering and ssl option set for other 
>> modes.
>> [nn-vmrh5: /etc/rabbitmq]vi rabbitmq.config
>> [
>>     {rabbit, [
>>         {default_vhost, <<"alert">>},
>>         {tcp_listeners, [5672]},
>>         {ssl_listeners, [5671]},
>>         {rabbitmq_tracing, [{username, "guest"}]},
>>         {cluster_nodes, ['rabbit at nn-vmrh5','rabbit at nn-vmrh5g']},
>>         {ssl_options, [{cacertfile,"/etc/openssl/all_cacerts.pem"},
>>                        {certfile,"/etc/openssl/nn-vmrh5/cert.pem"},
>>                        {keyfile,"/etc/openssl/nn-vmrh5/key.pem"},
>>                        {verify,verify_peer},
>>                        {fail_if_no_peer_cert,true}] },
>>         {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
>>         {ssl_cert_login_from, common_name},
>>         {log_levels, [{connection, info}]}
>>     ] }
>> ].
>>    Would really appreciate any help on this.
>> Thanks
>> Venkat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erl_crash.dump
Type: application/octet-stream
Size: 1518670 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rabbit at itops-dev-164-sasl.log
Type: application/octet-stream
Size: 15552 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130814/6b15b560/attachment-0003.obj>

More information about the rabbitmq-discuss mailing list