[rabbitmq-discuss] RabbitMQ clustering with SSL

• Previous message: [rabbitmq-discuss] RabbitMQ clustering with SSL
• Next message: [rabbitmq-discuss] RabbitMQ clustering with SSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I installed the latest 3.1.5 and the server comes out fine with no custom 
config or env file.  When I put the config filei above, it works as well 
with clustering working.  When I setup the env ffile the rabbitMQ server of 
the primary node always hangs and the secondary node always timesout trying 
to connect to the other host.  There is not much info in the logs either. 
 We change the env file above to use only one boot file which was created 
as described in the erlang documentation.

SASL_BOOT_FILE=/usr/lib/erlang/releases/R16B01/start_ssl
SERVER_START_ARGS=" -proto_dist inet_tls "

   The log file has this and nothing else

=INFO REPORT==== 15-Aug-2013::13:04:24 ===
Statistics database started.

=INFO REPORT==== 15-Aug-2013::13:04:24 ===
Server startup complete; 12 plugins started.
 * amqp_client
 * mochiweb
 * rabbitmq_auth_mechanism_ssl
 * rabbitmq_consistent_hash_exchange
 * rabbitmq_federation
 * rabbitmq_federation_management
 * rabbitmq_management
 * rabbitmq_management_agent
 * rabbitmq_management_visualiser
 * rabbitmq_tracing
 * rabbitmq_web_dispatch
 * webmachine

    Is there a way to turn on more tracing or someone else has seen these 
before.  Would appreciate any pointers.

Thanks
Venkat

On Wednesday, August 14, 2013 3:42:29 PM UTC-4, ramvi... at gmail.com wrote:
>
> As suggested, I upgraded erlang to R16B01 and RabbitMQ server to 3.1.4.1. 
>  After the upgrade the RabbitMQ server does not come up.  I removed any 
> custom env or config files as well as the mnesia tables. I also tried 
> removing all of the rabbitmq and erlang installs and reinstalling them.  I 
> have the following versions on the system
>
> # rpm -qa | grep -i esl | more
> esl-erlang-R16B01-1.x86_64
> # rpm -qa | grep -i rabbit
> rabbitmq-server-3.1.4-1.noarch
>
> The startup_log has the following.
>
>               Starting broker...
>
> BOOT FAILED
> ===========
>
> Error description:
>    {could_not_start,rabbit,undef}
>
> Log files (may contain more information):
>    /var/log/rabbitmq/rabbit at itops-dev-164.log
>    /var/log/rabbitmq/rabbit at itops-dev-164-sasl.log
>
> {"init terminating in 
> do_boot",{rabbit,failure_during_boot,{could_not_start,rabbit,undef}}}^M
> ^[[60G[^[[0;31mFAILED^[[0;39m]^M
>
>    I am also attaching the sasl log and erl_crash.dump.  Would appreciate 
> any help in solving this issue.
>
>
> On Tuesday, August 13, 2013 5:39:53 PM UTC-4, ramvi... at gmail.com wrote:
>>
>> We also noticed two other failures.  When we kill the epmd process and 
>> restart rabbitMQ we see the following error.  
>>
>> {error_logger,{{2013,8,13},{17,31,53}},"Protocol: ~p: not 
>> supported~n",["inet_tls"]}
>>
>>    According to one other thread here, this should go away if we use the 
>> latest version of erlang, which we are using.  Rabbit MQ also seems to 
>> recognize the latest version of erlang, when we do rabbitmqctl status. We 
>> checked this  removing the SSL.configuration.  As mentioned in the ssl 
>> config guide for erlang, if we uncomment the commented out section of the 
>> config file below, the RRabbitMQ server would just hang.  I am able to 
>> connect the WebUI, but I never get the success message on the terminal I 
>> started the server.  Also, the other node when brought up, times out trying 
>> to connect to this node.
>>
>> -Venkat
>>
>> On Tuesday, August 13, 2013 12:00:57 PM UTC-4, ramvi... at gmail.com wrote:
>>>
>>> Hi,
>>>
>>>     We are setting up a RabbitMQ env with clustering on the LAN and 
>>> federated on the WAN.  We also intend to use consistent hash on the 
>>> receiver side.  We were able to successfully setup a federated 
>>> configuration with ssl enabled.  But we are having issues trying to setup 
>>> ssl with clusters.  We are using RabbitMQ 3.1.3 with erlang 
>>> version  5.9.3.1.  We have setup the erlang config based on 
>>> http://www.erlang.org/doc/apps/ssl/ssl_distribution.html.   I am able 
>>> connect tru an erlang client server program to send data back and forth and 
>>> so I know the ssl with erlang works.  But when I bring RabbitMQ with 
>>> clusters and take a TCP dump of the packets, the data transfer seem to be 
>>> clear text.  Is there a way to check if the clusters are configured for ssl 
>>> by any other means.  Also, would appreciate if someone can point out what 
>>> am I doing wrong here.  Here is the env file (rabbitmq-env.conf)
>>>
>>> SERVER_START_ARGS="-boot /usr/lib64/erlang/releases/R15B03/start_ssl 
>>> -proto_dist inet_tls"
>>> #SERVER_START_ARGS="${SERVER_START_ARGS} -pa 
>>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>>> #SERVER_START_ARGS="${SERVER_START_ARGS} 
>>> /usr/lib64/erlang/lib/asn1-1.8/ebin"
>>> #SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_portprogram_dir 
>>> /usr/lib64/erlang/lib/ssl-5.1.2/ebin"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_cacertfile 
>>> /etc/openssl/all_cacerts.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_certfile 
>>> /etc/openssl/nn-vmrh5/cert.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_keyfile 
>>> /etc/openssl/nn-vmrh5/key.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_verify 1"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>>> server_fail_if_no_peer_cert true"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>>> server_secure_renegotiate true"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_cacertfile 
>>> /etc/openssl/all_cacerts.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_certfile 
>>> /etc/openssl/nn-vmrh5/cert.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_keyfile 
>>> /etc/openssl/nn-vmrh5/key.pem"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_verify 1"
>>> SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt 
>>> client_secure_renegotiate true"
>>> #echo SERVER_START_ARGS: ${SERVER_START_ARGS}
>>>
>>> Here is the rabbitmq.config for clustering and ssl option set for other 
>>> modes.
>>>
>>>
>>> [nn-vmrh5: /etc/rabbitmq]vi rabbitmq.config
>>> [
>>>     {rabbit, [
>>>         {default_vhost, <<"alert">>},
>>>         {tcp_listeners, [5672]},
>>>         {ssl_listeners, [5671]},
>>>         {rabbitmq_tracing, [{username, "guest"}]},
>>>         {cluster_nodes, ['rabbit at nn-vmrh5','rabbit at nn-vmrh5g']},
>>>         {ssl_options, [{cacertfile,"/etc/openssl/all_cacerts.pem"},
>>>                        {certfile,"/etc/openssl/nn-vmrh5/cert.pem"},
>>>                        {keyfile,"/etc/openssl/nn-vmrh5/key.pem"},
>>>                        {verify,verify_peer},
>>>                        {fail_if_no_peer_cert,true}] },
>>>         {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
>>>         {ssl_cert_login_from, common_name},
>>>         {log_levels, [{connection, info}]}
>>>     ] }
>>> ].
>>>
>>>    Would really appreciate any help on this.
>>>
>>> Thanks
>>> Venkat
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130815/d56144e0/attachment.htm>

• Previous message: [rabbitmq-discuss] RabbitMQ clustering with SSL
• Next message: [rabbitmq-discuss] RabbitMQ clustering with SSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]