[rabbitmq-discuss] Not able to get ssl working with rabbitMQ server

Gavin M. Roy gavinmroy at gmail.com
Mon Jan 27 16:21:59 GMT 2014


Here’s a gist of both my rabbitmq.config, an example python script using BlockingConnection on 0.9.13 and the interactive session running the script, all working with SSL using pika:

https://gist.github.com/gmr/8651586

I’m going to guess that either your RabbitMQ SSL configuration is incorrect or that your ssl_options specified are preventing you from connecting.

Also, looking at your output, you appear to be connecting just fine. Any abrupt connection disconnects are happening after your connection is established. These last two lines specify:

DEBUG      2014-01-27 16:25:27,927 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.OpenOk"
The connection has been established ok

DEBUG      2014-01-27 16:25:27,927 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_closed of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}

The adapter has registered to be notified when the connection is closed.

If your python app stops there, the connection will be closed abruptly with RabbitMQ since you’re not telling it to shutdown the connection.

Hope this helps,

Gavin


From: Gavin M. Roy Gavin M. Roy
Reply: Gavin M. Roy gavinmroy at gmail.com
Date: January 27, 2014 at 10:56:25 AM
To: Michael Klishin mklishin at gopivotal.com, Kausik Chattopadhyay connect_kausik at yahoo.com
Subject:  Re: [rabbitmq-discuss] Not able to get ssl working with rabbitMQ server  
Your ssl_options are a pretty important part of the SSL connection in this code and they are omitted, same with your other email thread. Without them, it’s hard to debug for you. The underlying code is the same regardless of the connection adapter. If we can see what those are, it should help.

Also, any related snippets from rabbit@[NODE].log could be helpful.

Gavin

From: Kausik Chattopadhyay Kausik Chattopadhyay
Reply: Kausik Chattopadhyay connect_kausik at yahoo.com, Discussions about RabbitMQ rabbitmq-discuss at lists.rabbitmq.com
Date: January 27, 2014 at 6:03:05 AM
To: Michael Klishin mklishin at gopivotal.com
Subject:  Re: [rabbitmq-discuss] Not able to get ssl working with rabbitMQ server
Hi Michael,
So far I  was working with SelectConnection using pika and it is good.
Today I tried to get a publisher working with BlockingConnection with SSL. Normal connection works however failing with SSL. The same setup works with SelectConnection. Any idea ?

My publisher code is as follows:

 parameters = ConnectionParameters(HOST, PORT,
                                              ssl=True,
                                              ssl_options=ssl_options)
connection = pika.BlockingConnection(parameters)




I am getting the following error:
------------------------------------------
DEBUG      2014-01-27 16:25:27,901 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_error of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': False, 'arguments': None}
DEBUG      2014-01-27 16:25:27,901 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
INFO       2014-01-27 16:25:27,901 pika.adapters.base_connection  _create_and_connect_to_socket        164 : Connecting to 172.16.47.133:5671 with SSL
DEBUG      2014-01-27 16:25:27,925 pika.callback                  process                              217 : Processing 0:Connection.Start
DEBUG      2014-01-27 16:25:27,925 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,925 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,925 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_start of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Start"
DEBUG      2014-01-27 16:25:27,926 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              217 : Processing 0:Connection.Tune
DEBUG      2014-01-27 16:25:27,926 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,926 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,926 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,926 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_tune of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.Tune"
DEBUG      2014-01-27 16:25:27,926 pika.connection                _create_heartbeat_checker            946 : Creating a HeartbeatChecker: 600
DEBUG      2014-01-27 16:25:27,926 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}
DEBUG      2014-01-27 16:25:27,927 pika.callback                  process                              217 : Processing 0:Connection.OpenOk
DEBUG      2014-01-27 16:25:27,927 pika.callback                  _use_one_shot_callback               390 : Processing use of oneshot callback
DEBUG      2014-01-27 16:25:27,927 pika.callback                  _use_one_shot_callback               392 : 0 registered uses left
DEBUG      2014-01-27 16:25:27,927 pika.callback                  remove                               260 : Removing callback #0: {'callback': <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 0}
DEBUG      2014-01-27 16:25:27,927 pika.callback                  process                              231 : Calling <bound method BlockingConnection._on_connection_open of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>> for "0:Connection.OpenOk"
DEBUG      2014-01-27 16:25:27,927 pika.callback                  add                                  161 : Added: {'callback': <bound method BlockingConnection._on_connection_closed of <pika.adapters.blocking_connection.BlockingConnection object at 0x2d6be90>>, 'only': None, 'one_shot': True, 'arguments': None, 'calls': 1}

--------------------------------------- 

Serverside log shows:

=INFO REPORT==== 27-Jan-2014::05:55:47 ===
accepting AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671)

=WARNING REPORT==== 27-Jan-2014::05:55:47 ===
closing AMQP connection <0.6427.1> (172.16.47.1:56458 -> 172.16.47.133:5671):
connection_closed_abruptly




On Wednesday, January 22, 2014 8:07 PM, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:
Hi Michael,
Thanks.
 Actually the certificates were owned by root. 
I tried the followings:
1. Adding user rabbitmq to group root  --- didnt work
2. Changing the ownership of all the certficates to rabbitmq:rabbitmq --- didnt work

Finally I tried this. Created a "rabbitmq" sudoer. Installing rabbitmq server. Generating the certificates as a "rabbitmq" user --> this worked

Thanks
Kausik


On Wednesday, January 22, 2014 4:54 PM, Michael Klishin <mklishin at gopivotal.com> wrote:

On 22 Jan 2014, at 14:59, Kausik Chattopadhyay <connect_kausik at yahoo.com> wrote:

> Interestingly, this is the log from rabbit at master1-sasl.log

There is nothing new in the SASL log.

ecacertfile indicates there was an issue with the CA certificate, which cannot
be loaded due to eaccess (according to the other log file).

--
MK

Software Engineer, Pivotal/RabbitMQ




_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140127/4780ba89/attachment.html>


More information about the rabbitmq-discuss mailing list