<div dir="ltr"><div>Question partially answered: I ran "sudo setenforce 0" and suddenly the exchanges connect to the intended upstream.<br><br></div>So . . . how to give them permission to do this when SELinux is enforcing?<br>
<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Feb 3, 2014 at 12:10 PM, Daniel Ashton <span dir="ltr"><<a href="mailto:jdashton@ashtonfam.org" target="_blank">jdashton@ashtonfam.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Thanks so much for the response, Simon.<br><br>I've tweaked the network configuration, so the IP addresses are different. But the results are the same, whether connecting to the upstream or to myself:<br>
<br>[root@localhost jdashton]# rabbitmqctl eval 'gen_tcp:connect("192.168.199.2", 5672, []).'<br>{error,eacces}<br>...done.<br>[root@localhost jdashton]# rabbitmqctl eval 'gen_tcp:connect("192.168.199.1", 5672, []).'<br>
{error,eacces}<br>...done.<br><br></div>*.2 is myself, *.1 is my intended upstream host.<br><br></div>From the Mac side this works beautifully. Exchanges are seeing the Fedora20 host as their upstream, federation status shows them all as running, and the above command gets {ok,#Port<5233.<i>some_number</i>>} as the response when connecting to *.2 (Fedora) or *.1 (Mac/self).<br>
<div><div><br></div><div>Thanks again for your help. I would love to get this working.<br><br></div><div><br></div></div></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Mon, Feb 3, 2014 at 11:18 AM, Simon MacMullen <span dir="ltr"><<a href="mailto:simon@rabbitmq.com" target="_blank">simon@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I doubt it's a firewall, that should lead to "connection timed out" or "connection refused" type errors.<br>
<br>
SELinux is maybe a possibility.<br>
<br>
If you invoke:<br>
<br>
# rabbitmqctl eval 'gen_tcp:connect("172.30.42.<u></u>19", 5672, []).'<br>
<br>
on the Fedora host then that will attempt to establish a vanilla TCP connection to the Mac. What response does it give?<br>
<br>
Cheers, Simon<div><br>
<br>
On 03/02/2014 4:01PM, Daniel Ashton wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
I see no evidence that it ever reaches the upstream. The upstream's log<br>
files have nothing about being connected to from the Fedora broker.<br>
That's why I wondered about Fedora (or upstream Mac host, for that<br>
matter) firewalls or SELinux on Fedora. eacces . . . can that indicate<br>
an SELinux problem?<br>
<br>
<br>
On Mon, Feb 3, 2014 at 10:57 AM, Simon MacMullen <<a href="mailto:simon@rabbitmq.com" target="_blank">simon@rabbitmq.com</a><br></div><div>
<mailto:<a href="mailto:simon@rabbitmq.com" target="_blank">simon@rabbitmq.com</a>>> wrote:<br>
<br>
That's quite odd. 'eacces' is an OS-level error, nothing in RabbitMQ<br>
should be generating that error for anything AMQPish.<br>
<br>
Is there anything interesting in the logs on the upstream?<br>
<br>
Cheers, Simon<br>
<br>
On 03/02/2014 2:35PM, J. Daniel Ashton wrote:<br>
<br>
I'm trying to prototype federated message queuing between a Mac<br>
host and<br>
a Fedora 20 image running under VirtualBox. After a certain<br>
amount of<br>
head banging I managed to get the Mac exchanges federated from the<br>
Fedora exchanges, meaning that messages sent to the Fedora upstream<br>
broker are received on the Mac (downstream) broker.<br>
<br>
However, when trying to go the other way (Fedora sees Mac as<br>
upstream),<br>
I get error messages about "eacces".<br>
<br>
|==> rabbit@localhost.log <==<br>
<br>
=WARNING REPORT==== 29-Jan-2014::21:18:11 ===<br>
Federation exchange 'amq.direct' in vhost '/' did not connect to<br>
exchange 'amq.direct' in vhost '/' on amqp://<a href="http://172.30.42.19" target="_blank">172.30.42.19</a><br></div>
<<a href="http://172.30.42.19" target="_blank">http://172.30.42.19</a>><div><br>
{error,eacces}<br>
<br>
==> rabbit@localhost-sasl.log <==<br>
<br>
=SUPERVISOR REPORT==== 29-Jan-2014::21:18:11 ===<br>
Supervisor: {<0.15681.0>,<br>
rabbit_federation_link_sup}<br>
Context: child_terminated<br>
Reason: {shutdown,restart}<br>
Offender: [{pid,<0.21716.0>},<br>
{name,<br>
{upstream,<br></div>
[<<"amqp://guest:guest@172.30.<u></u>__42.19<br>
<mailto:<a href="mailto:guest%253Aguest@172.30.42.19" target="_blank">guest%3Aguest@172.30.<u></u>42.19</a>>">>],<br>
<br>
<<"amq.direct">>,<<"amq.__<u></u>direct">>,1000,1,1,36000000,<br>
<br>
none,false,'on-confirm',none,<<u></u>__<"mac_host">>}},<br>
{mfargs,<br>
{rabbit_federation_exchange___<u></u>link,start_link,<br>
[{{upstream,<br>
<br>
[<<"amqp://guest:guest@172.30.<u></u>__42.19<br>
<mailto:<a href="mailto:guest%253Aguest@172.30.42.19" target="_blank">guest%3Aguest@172.30.<u></u>42.19</a>>">>],<br>
<br>
<<"amq.direct">>,<<"amq.__<u></u>direct">>,1000,1,1,<br>
<br>
36000000,none,false,'on-__<u></u>confirm',none,<br>
<<"mac_host">>},<br>
<br>
{resource,<<"/">>,exchange,<<"<u></u>__amq.direct">>}}]}},<div><br>
{restart_type,{permanent,1}},<br>
{shutdown,4294967295},<br>
{child_type,worker}]<br>
|<br>
<br>
My Google-fu is failing me. What may be causing the above error<br>
(/e.g./<br>
SELinux?) and how should I go about fixing it?<br>
<br>
BTW, on the theory that it might be the Linux or Mac firewalls,<br>
I tried<br>
opening a browser on the Fedora box and requesting<br>
|http://172.30.42.19:5672|. I got a (tiny) answer in return, so the<br>
firewall looks less likely to be the problem.<br>
<br>
<br>
<br></div>
______________________________<u></u>___________________<br>
rabbitmq-discuss mailing list<br>
rabbitmq-discuss@lists.__<a href="http://rabbitmq.com" target="_blank">rabbi<u></u>tmq.com</a><br>
<mailto:<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com" target="_blank">rabbitmq-discuss@<u></u>lists.rabbitmq.com</a>><br>
<a href="https://lists.rabbitmq.com/__cgi-bin/mailman/listinfo/__rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/__<u></u>cgi-bin/mailman/listinfo/__<u></u>rabbitmq-discuss</a><div><br>
<<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/<u></u>cgi-bin/mailman/listinfo/<u></u>rabbitmq-discuss</a>><br>
<br>
<br>
--<br>
Simon MacMullen<br>
RabbitMQ, Pivotal<br>
<br>
<br>
<br>
<br>
--<br>
Daniel Ashton PGP key available <a href="http://Daniel.AshtonFam.org" target="_blank">http://Daniel.AshtonFam.org</a><br></div>
mailto:<a href="mailto:jdashton@AshtonFam.org" target="_blank">jdashton@AshtonFam.org</a> <mailto:<a href="mailto:jdashton@AshtonFam.org" target="_blank">jdashton@AshtonFam.org</a><u></u>><br>
<a href="http://ChamberMusicWeekend.org" target="_blank">http://ChamberMusicWeekend.org</a><br>
</blockquote><div><div>
<br>
-- <br>
Simon MacMullen<br>
RabbitMQ, Pivotal<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Daniel Ashton PGP key available <a href="http://Daniel.AshtonFam.org" target="_blank">http://Daniel.AshtonFam.org</a><br></div></div>mailto:<a href="mailto:jdashton@AshtonFam.org" target="_blank">jdashton@AshtonFam.org</a> <a href="http://ChamberMusicWeekend.org" target="_blank">http://ChamberMusicWeekend.org</a><br>
</div>
</blockquote></div><br><br clear="all"><br>-- <br>Daniel Ashton PGP key available <a href="http://Daniel.AshtonFam.org" target="_blank">http://Daniel.AshtonFam.org</a><br>mailto:<a href="mailto:jdashton@AshtonFam.org" target="_blank">jdashton@AshtonFam.org</a> <a href="http://ChamberMusicWeekend.org" target="_blank">http://ChamberMusicWeekend.org</a><br>
</div>