[Puppet Users] Getting MCollective and RabbitMQ talking over SSL

Tue, 28 Oct 2014 04:29:49 -0700 

my current environment is:

   - OS: rhel-6.5-x86_64
   - puppet: 3.6.2
   - rabbitmq-server: 3.2.4
   - erlang: R14B-04

on my master node i install:

   -  mcollective-client
   -  rabbitmq-server

on my agent node i install:

   -  mcollective-server

when i use normal way to connect mcollective and rabbitmq, and it works:

/etc/mcollective/client.cfg and /etc/mcollective/server.cfg

 # RabbitMQ connector settings:
 direct_addressing = 1
 connector = rabbitmq
 plugin.rabbitmq.vhost = /mcollective
 plugin.rabbitmq.pool.size = 1
 plugin.rabbitmq.pool.1.host = puppetmaster
 plugin.rabbitmq.pool.1.port = 61613
 plugin.rabbitmq.pool.1.user = mcollective
 plugin.rabbitmq.pool.1.password = mcollective

# mco ping

    suse-node1                               time=77.58 ms
    
    ---- ping statistics ----
    1 replies max: 77.58 min: 77.58 avg: 77.58 



then i do this:

on my master node:

1. usermod -G puppet foreman-proxy
2. vi /etc/rabbitmq/rabbitmq.config

    [
      {rabbit, [  
        {ssl_options, [
                   {cacertfile,"/var/lib/puppet/ssl/certs/ca.pem"},
                   {certfile,"/var/lib/puppet/ssl/certs/puppetmaster.pem"},
                   {keyfile,
"/var/lib/puppet/ssl/private_keys/puppetmaster.pem"},
                   {verify,verify_peer},
                   {fail_if_no_peer_cert,false}]}
      ]},
      {rabbitmq_stomp, [
        {tcp_listeners, [61613]},
        {ssl_listeners, [61614]}
      ]}
    ].



3. service rabbitmq-server restart
4. netstat -tulnp |grep 6161

    tcp        0      0 :::61613                    :::*                   
     LISTEN      16109/beam          
    tcp        0      0 :::61614                    :::*                   
     LISTEN      16109/beam  


5. vi /etc/mcollective/client.cfg

    direct_addressing = 1
    connector = rabbitmq
    plugin.rabbitmq.vhost = /mcollective
    plugin.rabbitmq.pool.size = 1
    plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com
    plugin.rabbitmq.pool.1.port = 61614
    plugin.rabbitmq.pool.1.ssl = 1
    plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem
    plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/puppetmaster
.pem
    plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
    plugin.rabbitmq.pool.1.ssl.fallback = 0
    plugin.rabbitmq.pool.1.user = mcollective
    plugin.rabbitmq.pool.1.password = mcollective



6. mco ping

    error 2014/10/28 15:55:22: rabbitmq.rb:45:in `on_ssl_connectfail' SSL 
session creation with stomp+ssl://mcollective@puppetmaster:61614 failed: 
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
    error 2014/10/28 15:55:22: rabbitmq.rb:45:in `on_ssl_connectfail' SSL 
session creation with stomp+ssl://mcollective@puppetmaster:61614 failed: 
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A



on my agent node:

1. vi /etc/mcollective/server.cfg

    # RabbitMQ connector settings:
    direct_addressing = 1
    connector = rabbitmq
    plugin.rabbitmq.vhost = /mcollective
    plugin.rabbitmq.pool.size = 1
    plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com
    plugin.rabbitmq.pool.1.port = 61614
    plugin.rabbitmq.pool.1.ssl = 1
    plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem
    plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/suse-agent.
pem
    plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/private_keys/suse-
agent.pem
    plugin.rabbitmq.pool.1.ssl.fallback = 0
    plugin.rabbitmq.pool.1.user = mcollective
    plugin.rabbitmq.pool.1.password = mcollective

2. service mcollective restart

3. cat /var/log/mcollective.log

    W, [2014-10-28T16:00:07.994893 #5988]  WARN -- : runner.rb:60:in `run' 
Exiting after signal: SIGTERM
    I, [2014-10-28T16:00:07.995250 #5988]  INFO -- : rabbitmq.rb:20:in 
`on_disconnect' Disconnected from stomp://mcollective@puppetmaster:61613
    I, [2014-10-28T16:00:28.211632 #6117]  INFO -- : mcollectived:35 The 
Marionette Collective 2.2.4 started logging at info level
    I, [2014-10-28T16:00:28.239139 #6120]  INFO -- : rabbitmq.rb:35:in 
`on_ssl_connecting' Estblishing SSL session with 
stomp+ssl://mcollective@puppetmaster:61614
    E, [2014-10-28T16:00:28.244191 #6120] ERROR -- : rabbitmq.rb:45:in 
`on_ssl_connectfail' SSL session creation with 
stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv2/v3 read server hello A
    I, [2014-10-28T16:00:28.244308 #6120]  INFO -- : rabbitmq.rb:25:in 
`on_connectfail' TCP Connection to 
stomp+ssl://mcollective@puppetmaster:61614 failed on attempt 0
    I, [2014-10-28T16:00:28.255089 #6120]  INFO -- : rabbitmq.rb:35:in 
`on_ssl_connecting' Estblishing SSL session with 
stomp+ssl://mcollective@puppetmaster:61614
    E, [2014-10-28T16:00:28.256671 #6120] ERROR -- : rabbitmq.rb:45:in 
`on_ssl_connectfail' SSL session creation with 
stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv2/v3 read server hello A
    I, [2014-10-28T16:00:28.256782 #6120]  INFO -- : rabbitmq.rb:25:in 
`on_connectfail' TCP Connection to 
stomp+ssl://mcollective@puppetmaster:61614 failed on attempt 1

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5dd03d08-d5d6-4544-ac2a-4a097f6eeec9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to