Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"true SSLContext not available" / NoSuchAlgorithmException in Logstash 2.3.2 #82

Closed
PhaedrusTheGreek opened this issue May 2, 2016 · 8 comments
Closed

"true SSLContext not available" / NoSuchAlgorithmException in Logstash 2.3.2 #82

PhaedrusTheGreek opened this issue May 2, 2016 · 8 comments
Assignees
@andrewvc

Comments

@PhaedrusTheGreek
Copy link

When using RabbitMQ input with ssl => true in Logstash 2.3.2 against RabbitMQ 3.6.1 , connection fails with "true SSLContext not available" / Java::JavaSecurity::NoSuchAlgorithmException.

Connecting to RabbitMQ. Settings: {:vhost=>"/", :host=>"max", :port=>5671, :user=>"user", :automatic_recovery=>true, :pass=>"pass", :timeout=>0, :heartbeat=>0, :tls=>"true", :tls_certificate_path=>"", :tls_certificate_password=>""} {:level=>:debug, :file=>"logstash/plugin_mixins/rabbitmq_connection.rb", :line=>"147", :method=>"connect"}
Using TLS/SSL version true
true SSLContext not available {:class=>"Java::JavaSecurity::NoSuchAlgorithmException", :location=>"sun.security.jca.GetInstance.getInstance(sun/security/jca/GetInstance.java:159)", :level=>:warn, :file=>"logstash/inputs/rabbitmq.rb", :line=>"180", :method=>"register"}

Strangely, this doesn't happen in Logstash 2.3.1 even though the plugin version is the same.

├ $ logstash-2.3.2/bin/plugin list --verbose | grep rabbit
logstash-input-rabbitmq (4.0.1)
logstash-output-rabbitmq (3.0.9)

├ $ logstash-2.3.1/bin/plugin list --verbose | grep rabbit
logstash-input-rabbitmq (4.0.1)
logstash-output-rabbitmq (3.0.9)
@PhaedrusTheGreek
Copy link
Author

PhaedrusTheGreek commented May 3, 2016
edited
Loading

@andrewvc

Steps to test:

# docker pull rabbitmq
# docker run -d --hostname my-rabbit --name some-rabbit -p 15672:15672 -p 5671:5671 -v /opt/etc-rabbitmq:/etc/rabbitmq  rabbitmq:3-management

where /opt/etc-rabbitmq contains: rabbitmq.config:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/etc/rabbitmq/cacert.pem"},
                    {certfile,"/etc/rabbitmq/servercert.pem"},
                    {keyfile,"/etc/rabbitmq/serverkey.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

and also the given cert files (you're on your own)

Next, mozey into the admin interface http://localhost:15672/ and:

  • Add the user called index with password index, set permission to the / virtualhost.
  • Add the queue called logstash.queue

Configure logstash to test:

# Pull from rabbitmq queues
input {
        rabbitmq {
                host => "max"
                user => "index"
                ssl => true
                port => 5671
                password => "index"
                queue => "logstash.queue"
                key => "logstash.queue"
                durable => true
                threads => 1
                prefetch_count => 1000
        }
}
output {
 stdout {
        codec => rubydebug
 }
}

@andrewvc andrewvc self-assigned this May 3, 2016
@andrewvc
Copy link
Contributor

@PhaedrusTheGreek this will be fixed in logstash-plugins/logstash-mixin-rabbitmq_connection#22

@dkiser
Copy link

dkiser commented May 13, 2016

@andrewvc this bit me earlier today....running logstash 2.3.1 with the following versions installed

*logstash-input-rabbitmq-4.0.1
*logstash-mixin-rabbitmq_connection-2.4.0

I see new 5.x versions on rubygems, but these are only for logstash 5.x right? Any idea if this will be fixed for 2.3.X or what a workaround would be?

@andrewvc
Copy link
Contributor

My mistake. I'll release a 2.3.x version ASAP

On Fri, May 13, 2016 at 12:33 AM, Domingo Kiser notifications@github.com
wrote:

@andrewvc https://github.com/andrewvc this bit me earlier
today....running logstash 2.3.1 with the following versions installed

*logstash-input-rabbitmq-4.0.1
*logstash-mixin-rabbitmq_connection-2.4.0

I see new 5.x versions on rubygems, but these are only for logstash 5.x
right? Any idea if this will be fixed for 2.3.X or what a workaround would
be?


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#82 (comment)

@dkiser
Copy link

dkiser commented May 13, 2016

@andrewvc nice! in theory i should be able to do a plugin update afterwards and update my settings to the new types and be GTG. I was getting a file not found error when i had SSL on via "TLSv1.1" due to the tls_certifciate_path key being in the rabbitmq_settings bag.

error after realizing I needed a version string instead of 'true'

Using TLS/SSL version TLSv1.2
No such file or directory -  {:class=>"Errno::ENOENT", :location=>"org/jruby/RubyFile.java:370:in `initialize'", :level=>:warn, :file=>"logstash/inputs/rabbitmq.rb", :line=>"180", :method=>"register"}
Connecting to RabbitMQ. Settings: {:vhost=>"services", :host=>"localhost", :port=>5672, :user=>"guest", :automatic_recovery=>true, :pass=>"guest", :timeout=>0, :heartbeat=>0, :tls=>"TLSv1.2", :tls_certificate_path=>"", :tls_certificate_password=>""} {:level=>:debug, :file=>"logstash/plugin_mixins/rabbitmq_connection.rb", :line=>"147", :method=>"connect"}

original code in the mixin i had

s[:tls_certificate_path] = @tls_certificate_path || ""

monkey patch workaround

s[:tls_certificate_path] = @tls_certificate_path if @tls_certificate_path

The new mixin should fix all this right?

@dkiser dkiser mentioned this issue May 13, 2016
Closed
@PhaedrusTheGreek
Copy link
Author

Also as a workaround, you can set ssl => “TLSv1.2" instead of ssl => true, but if you apply the workaround, it will break when the fix is applied, so be sure to set it back to ssl => true when you upgrade.

@dkiser
Copy link

dkiser commented May 19, 2016

@PhaedrusTheGreek that workaround didn't work for me due to the tls_certificate_path problem posted above. The workaound that did work for me was manually installing compatible versions of logstash-input-rabbitmq and logstash-mixin-rabbitmq_connection after removing the originally installed versions from the gemfile lock in the Logstash distro. Plugin updates would never work for me due to rubygems trying to install version 5.x of logstash-input-rabbitmq.

What worked for me was the following, specifically choosing 4.1.0 as the logstash-input-rabbitmq plugin, otherwise it only found 5.0.1.

# TODO: rip this thing out when new rmq plugin code has been pushed to
#       upstream rubygems.org per
#       https://github.com/logstash-plugins/logstash-input-rabbitmq/pull/86
#       AND https://github.com/elastic/logstash/blob/2.3/Gemfile.jruby-1.9.lock
#       no longer locks in the old versions.
RUN logstash-plugin uninstall logstash-input-rabbitmq \
        && logstash-plugin uninstall logstash-output-rabbitmq \
        && logstash-plugin install --version 4.1.0 logstash-input-rabbitmq

@andrewvc
Copy link
Contributor

Thanks for posting the update @dkiser it is much appreciated :) Sorry the workaround didn't work as I'd thought.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewvc andrewvc

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andrewvc @suyograo @PhaedrusTheGreek @dkiser