rabbitmq-server fail to start after setting the cipher suites #259
Comments
|
If you use uppercase-and-hypher cipher suite names, they must be strings or quoted: |
|
I'm not sure this is an issue with the cookbook, the value you've provided are not valid as far as Erlang runtime is concerned. The cookbook could try correcting invalid inputs but it may end up being even more confusing. |
|
should we change @michaelklishin I tried your saying, it didnot work also., |
|
Ah, overlooked the extra curly braces. Yes, those seem unnecessary. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
systemctl status rabbitmq-server
rabbitmq-server.service - RabbitMQ broker
Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled)
Active: failed (Result: exit-code) since Wed 2015-04-29 01:09:55 EDT; 17s ago
Process: 28787 ExecStopPost=/usr/bin/rm /var/run/rabbitmq/pid (code=exited, status=0/SUCCESS)
Process: 28730 ExecStop=/usr/lib/rabbitmq/bin/rabbitmqctl stop (code=exited, status=2)
Process: 28596 ExecStartPost=/usr/lib/rabbitmq/bin/rabbitmqctl wait /var/run/rabbitmq/pid (code=exited, status=2)
Process: 28593 ExecStart=/usr/lib/rabbitmq/bin/rabbitmq-server (code=exited, status=1/FAILURE)
Process: 28538 ExecStartPre=/bin/sh -c /usr/lib/rabbitmq/bin/rabbitmqctl status > /dev/null 2>&1 (code=exited, status=2)
Main PID: 28593 (code=exited, status=1/FAILURE)
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: * epmd reports: node 'rabbit' not running at all
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: no other nodes on c582f1-n28-vm3
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: * suggestion: start the node
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: current node details:
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: - node name: 'rabbitmqctl-28730@c582f1-n28-vm3'
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: - home dir: /var/lib/rabbitmq
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com rabbitmqctl[28730]: - cookie hash: kl5tp+Ye4yP52orFw/BILQ==
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com systemd[1]: rabbitmq-server.service: control process exited, code=exited status=2
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com systemd[1]: Failed to start RabbitMQ broker.
Apr 29 01:09:55 c582f1-n28-vm3.pok.stglabs.ibm.com systemd[1]: Unit rabbitmq-server.service entered failed state.
The /var/lib/rabbitmq/erl_crash.dump shows:
Wed Apr 29 01:09:55 2015
Slogan: could not start kernel pid (application_controller) (error in config file "/etc/rabbitmq/rabbitmq.config" (5): bad term)
System version: Erlang/OTP 17 [erts-6.2.1] [source] [64-bit] [smp:4:4] [async-threads:30] [hipe] [kernel-poll:true]
The "/etc/rabbitmq/rabbitmq.config" shows:
[
{kernel, [
]},
{ssl, [{versions, ['tlsv1.2']}]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{verify,verify_none},
{fail_if_no_peer_cert,false}
,{versions,['tlsv1.2']}
,{ciphers,[{ECDHE-ECDSA-AES256-SHA384},{ECDHE-RSA-AES128-SHA256},{ECDHE-ECDSA-AES256-SHA384},{ECDHE-ECDSA-AES128-SHA256}]}
]},
{tcp_listen_options, [binary, {packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{exit_on_close,false},
{keepalive,false}]},
]}
].
I found that I set the cipher suites to {ciphers,['dhe_rsa,aes_256_cbc,sha','dhe_dss,aes_256_cbc,sha','rsa,aes_256_cbc,sha']} or
{ciphers,["ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES128-SHA256"]}
rabbitmq server can work fine.
so I think we need to update the function: https://github.com/jjasghar/rabbitmq/blob/master/libraries/default.rb#L47
The text was updated successfully, but these errors were encountered: