Getting MCollective and RabbitMQ talking over SSL

asked 2014-10-28 03:07:25 -0500

alameow gravatar image

updated 2014-10-28 03:09:42 -0500

my current environment is: OS: rhel-6.5-x86_64 puppet: 3.6.2 rabbitmq-server: 3.2.4 erlang: R14B-04

on my master node i install:

  • mcollective-client
  • rabbitmq-server

on my agent node i install:

  • mcollective-server

when i use normal way to connect mcollective and rabbitmq, and it works:

/etc/mcollective/client.cfg and /etc/mcollective/server.cfg

# RabbitMQ connector settings:
direct_addressing = 1
connector = rabbitmq
plugin.rabbitmq.vhost = /mcollective
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = puppetmaster
plugin.rabbitmq.pool.1.port = 61613
plugin.rabbitmq.pool.1.user = mcollective
plugin.rabbitmq.pool.1.password = mcollective

mco ping

mco ping
suse-node1                               time=77.58 ms
^C

---- ping statistics ----
1 replies max: 77.58 min: 77.58 avg: 77.58

then i do this:

on my master node:

  1. usermod -G puppet foreman-proxy
  2. vi /etc/rabbitmq/rabbitmq.config

    [ {rabbit, [
    {ssloptions, [ {cacertfile,"/var/lib/puppet/ssl/certs/ca.pem"}, {certfile,"/var/lib/puppet/ssl/certs/puppetmaster.pem"}, {keyfile,"/var/lib/puppet/ssl/privatekeys/puppetmaster.pem"}, {verify,verifypeer}, {failifnopeercert,false}]} ]}, {rabbitmqstomp, [ {tcplisteners, [61613]}, {ssllisteners, [61614]} ]} ].

  3. service rabbitmq-server restart

  4. netstat -tulnp |grep 6161

    tcp 0 0 :::61613 :::* LISTEN 16109/beam
    tcp 0 0 :::61614 :::* LISTEN 16109/beam

  5. vi /etc/mcollective/client.cfg

    directaddressing = 1 connector = rabbitmq plugin.rabbitmq.vhost = /mcollective plugin.rabbitmq.pool.size = 1 plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com plugin.rabbitmq.pool.1.port = 61614 plugin.rabbitmq.pool.1.ssl = 1 plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/puppetmaster.pem plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/privatekeys/puppetmaster.pem plugin.rabbitmq.pool.1.ssl.fallback = 0 plugin.rabbitmq.pool.1.user = mcollective plugin.rabbitmq.pool.1.password = mcollective

  6. mco ping

    error 2014/10/28 15:55:22: rabbitmq.rb:45:in on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A error 2014/10/28 15:55:22: rabbitmq.rb:45:inonsslconnectfail' SSL session creation with stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A

on my agent node:

1. vi /etc/mcollective/server.cfg

# RabbitMQ connector settings:
direct_addressing = 1
connector = rabbitmq
plugin.rabbitmq.vhost = /mcollective
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com
plugin.rabbitmq.pool.1.port = 61614
plugin.rabbitmq.pool.1.ssl = 1
plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem
plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/suse-agent.pem
plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/private_keys/suse-agent.pem
plugin.rabbitmq.pool.1.ssl.fallback = 0
plugin.rabbitmq.pool.1.user = mcollective
plugin.rabbitmq.pool.1.password = mcollective
  1. service mcollective restart

  2. cat /var/log/mcollective.log

    W, [2014-10-28T16:00:07.994893 #5988] WARN -- : runner.rb:60:in run' Exiting after ...

(more)
edit retag flag offensive close merge delete