[rabbitmq-discuss] Not able to get ssl working with rabbitMQ server
Gavin M. Roy
gavinmroy at gmail.com
Mon Jan 27 16:21:59 GMT 2014
Here’s a gist of both my rabbitmq.config, an example python script using BlockingConnection on 0.9.13 and the interactive session running the script, all working with SSL using pika:
https://gist.github.com/gmr/8651586
I’m going to guess that either your RabbitMQ SSL configuration is incorrect or that your ssl_options specified are preventing you from connecting.
Also, looking at your output, you appear to be connecting just fine. Any abrupt connection disconnects are happening after your connection is established. These last two lines specify:
DEBUG 2014-01-27 16:25:27,927 pika.callback process 231 : Calling <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.OpenOk"
The connection has been established ok
DEBUG 2014-01-27 16:25:27,927 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_closed of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
The adapter has registered to be notified when the connection is closed.
If your python app stops there, the connection will be closed abruptly with RabbitMQ since you’re not telling it to shutdown the connection.
Hope this helps,
Gavin
From: Gavin M. Roy Gavin M. Roy
Reply: Gavin M. Roy gavinmroy at gmail.com
Date: January 27, 2014 at 10:56:25 AM
To: Michael Klishin mklishin at gopivotal.com, Kausik Chattopadhyay connect_kausik at yahoo.com
Subject: Re: [rabbitmq-discuss] Not able to get ssl working with rabbitMQ server
Your ssl_options are a pretty important part of the SSL connection in this code and they are omitted, same with your other email thread. Without them, it’s hard to debug for you. The underlying code is the same regardless of the connection adapter. If we can see what those are, it should help.
Also, any related snippets from rabbit@[NODE].log could be helpful.
Gavin
From: Kausik Chattopadhyay Kausik Chattopadhyay
Reply: Kausik Chattopadhyay connect_kausik at yahoo.com, Discussions about RabbitMQ rabbitmq-discuss at lists.rabbitmq.com
Date: January 27, 2014 at 6:03:05 AM
To: Michael Klishin mklishin at gopivotal.com
Subject: Re: [rabbitmq-discuss] Not able to get ssl working with rabbitMQ server
Hi Michael,
So far I was working with SelectConnection using pika and it is good.
Today I tried to get a publisher working with BlockingConnection with SSL. Normal connection works however failing with SSL. The same setup works with SelectConnection. Any idea ?
My publisher code is as follows:
parameters = ConnectionParameters(HOST, PORT,
ssl=True,
ssl_options=ssl_options)
connection = pika.BlockingConnection(parameters)
I am getting the following error:
------------------------------------------
DEBUG 2014-01-27 16:25:27,901 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_error of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': False, 'arguments': None}
DEBUG 2014-01-27 16:25:27,901 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
INFO 2014-01-27 16:25:27,901 pika.adapters.base_connection _create_and_connect_to_socket 164 : Connecting to 172.16.47.133:5671 with SSL
DEBUG 2014-01-27 16:25:27,925 pika.callback process 217 : Processing 0:Connection.Start
DEBUG 2014-01-27 16:25:27,925 pika.callback _use_one_shot_callback 390 : Processing use of oneshot callback
DEBUG 2014-01-27 16:25:27,925 pika.callback _use_one_shot_callback 392 : 0 registered uses left
DEBUG 2014-01-27 16:25:27,925 pika.callback remove 260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG 2014-01-27 16:25:27,926 pika.callback process 231 : Calling <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Start"
DEBUG 2014-01-27 16:25:27,926 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG 2014-01-27 16:25:27,926 pika.callback process 217 : Processing 0:Connection.Tune
DEBUG 2014-01-27 16:25:27,926 pika.callback _use_one_shot_callback 390 : Processing use of oneshot callback
DEBUG 2014-01-27 16:25:27,926 pika.callback _use_one_shot_callback 392 : 0 registered uses left
DEBUG 2014-01-27 16:25:27,926 pika.callback remove 260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG 2014-01-27 16:25:27,926 pika.callback process 231 : Calling <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Tune"
DEBUG 2014-01-27 16:25:27,926 pika.connection _create_heartbeat_checker 946 : Creating a HeartbeatChecker: 600
DEBUG 2014-01-27 16:25:27,926 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG 2014-01-27 16:25:27,927 pika.callback process 217 : Processing 0:Connection.OpenOk
DEBUG 2014-01-27 16:25:27,927 pika.callback _use_one_shot_callback 390 : Processing use of oneshot callback
DEBUG 2014-01-27 16:25:27,927 pika.callback _use_one_shot_callback 392 : 0 registered uses left
DEBUG 2014-01-27 16:25:27,927 pika.callback remove 260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG 2014-01-27 16:25:27,927 pika.callback process 231 : Calling <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.OpenOk"
DEBUG 2014-01-27 16:25:27,927 pika.callback add 161 : Added: {'callback': <bound method BlockingConnection._on_connection_closed of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
---------------------------------------
Serverside log shows:
=INFO REPORT==== 27-Jan-2014::05:55:47 ===
accepting AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671)
=WARNING REPORT==== 27-Jan-2014::05:55:47 ===
closing AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671):
connection_closed_abruptly
On Wednesday, January 22, 2014 8:07 PM, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:
Hi Michael,
Thanks.
Actually the certificates were owned by root.
I tried the followings:
1. Adding user rabbitmq to group root --- didnt work
2. Changing the ownership of all the certficates to rabbitmq:rabbitmq --- didnt work
Finally I tried this. Created a "rabbitmq" sudoer. Installing rabbitmq server. Generating the certificates as a "rabbitmq" user --> this worked
Thanks
Kausik
On Wednesday, January 22, 2014 4:54 PM, Michael Klishin <mklishin at gopivotal.com> wrote:
On 22 Jan 2014, at 14:59, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:
> Interestingly, this is the log from rabbit at master1-sasl.log
There is nothing new in the SASL log.
ecacertfile indicates there was an issue with the CA certificate, which cannot
be loaded due to eaccess (according to the other log file).
--
MK
Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140127/4780ba89/attachment.html>
More information about the rabbitmq-discuss
mailing list