巨海录
2014-Oct-28 08:15 UTC
[Puppet Users] Getting MCollective and RabbitMQ talking over SSL
my current environment is:
- OS: rhel-6.5-x86_64
- puppet: 3.6.2
- rabbitmq-server: 3.2.4
- erlang: R14B-04
on my master node i install:
- mcollective-client
- rabbitmq-server
on my agent node i install:
- mcollective-server
when i use normal way to connect mcollective and rabbitmq, and it works:
/etc/mcollective/client.cfg and /etc/mcollective/server.cfg
# RabbitMQ connector settings:
direct_addressing = 1
connector = rabbitmq
plugin.rabbitmq.vhost = /mcollective
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = puppetmaster
plugin.rabbitmq.pool.1.port = 61613
plugin.rabbitmq.pool.1.user = mcollective
plugin.rabbitmq.pool.1.password = mcollective
# mco ping
suse-node1 time=77.58 ms
---- ping statistics ----
1 replies max: 77.58 min: 77.58 avg: 77.58
then i do this:
on my master node:
1. usermod -G puppet foreman-proxy
2. vi /etc/rabbitmq/rabbitmq.config
[
{rabbit, [
{ssl_options, [
{cacertfile,"/var/lib/puppet/ssl/certs/ca.pem"},
{certfile,"/var/lib/puppet/ssl/certs/puppetmaster.pem"},
{keyfile,
"/var/lib/puppet/ssl/private_keys/puppetmaster.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]},
{rabbitmq_stomp, [
{tcp_listeners, [61613]},
{ssl_listeners, [61614]}
]}
].
3. service rabbitmq-server restart
4. netstat -tulnp |grep 6161
tcp 0 0 :::61613 :::*
LISTEN 16109/beam
tcp 0 0 :::61614 :::*
LISTEN 16109/beam
5. vi /etc/mcollective/client.cfg
direct_addressing = 1
connector = rabbitmq
plugin.rabbitmq.vhost = /mcollective
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com
plugin.rabbitmq.pool.1.port = 61614
plugin.rabbitmq.pool.1.ssl = 1
plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem
plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/puppetmaster
.pem
plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/private_keys/
puppetmaster.pem
plugin.rabbitmq.pool.1.ssl.fallback = 0
plugin.rabbitmq.pool.1.user = mcollective
plugin.rabbitmq.pool.1.password = mcollective
6. mco ping
error 2014/10/28 15:55:22: rabbitmq.rb:45:in `on_ssl_connectfail' SSL
session creation with stomp+ssl://mcollective@puppetmaster:61614 failed:
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
error 2014/10/28 15:55:22: rabbitmq.rb:45:in `on_ssl_connectfail' SSL
session creation with stomp+ssl://mcollective@puppetmaster:61614 failed:
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
on my agent node:
1. vi /etc/mcollective/server.cfg
# RabbitMQ connector settings:
direct_addressing = 1
connector = rabbitmq
plugin.rabbitmq.vhost = /mcollective
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = puppetmaster01.tk.puppet.com
plugin.rabbitmq.pool.1.port = 61614
plugin.rabbitmq.pool.1.ssl = 1
plugin.rabbitmq.pool.1.ssl.ca = /var/lib/puppet/ssl/certs/ca.pem
plugin.rabbitmq.pool.1.ssl.cert = /var/lib/puppet/ssl/certs/suse-agent.
pem
plugin.rabbitmq.pool.1.ssl.key = /var/lib/puppet/ssl/private_keys/suse-
agent.pem
plugin.rabbitmq.pool.1.ssl.fallback = 0
plugin.rabbitmq.pool.1.user = mcollective
plugin.rabbitmq.pool.1.password = mcollective
2. service mcollective restart
3. cat /var/log/mcollective.log
W, [2014-10-28T16:00:07.994893 #5988] WARN -- : runner.rb:60:in `run'
Exiting after signal: SIGTERM
I, [2014-10-28T16:00:07.995250 #5988] INFO -- : rabbitmq.rb:20:in
`on_disconnect' Disconnected from stomp://mcollective@puppetmaster:61613
I, [2014-10-28T16:00:28.211632 #6117] INFO -- : mcollectived:35 The
Marionette Collective 2.2.4 started logging at info level
I, [2014-10-28T16:00:28.239139 #6120] INFO -- : rabbitmq.rb:35:in
`on_ssl_connecting' Estblishing SSL session with
stomp+ssl://mcollective@puppetmaster:61614
E, [2014-10-28T16:00:28.244191 #6120] ERROR -- : rabbitmq.rb:45:in
`on_ssl_connectfail' SSL session creation with
stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL
returned=5 errno=0 state=SSLv2/v3 read server hello A
I, [2014-10-28T16:00:28.244308 #6120] INFO -- : rabbitmq.rb:25:in
`on_connectfail' TCP Connection to
stomp+ssl://mcollective@puppetmaster:61614 failed on attempt 0
I, [2014-10-28T16:00:28.255089 #6120] INFO -- : rabbitmq.rb:35:in
`on_ssl_connecting' Estblishing SSL session with
stomp+ssl://mcollective@puppetmaster:61614
E, [2014-10-28T16:00:28.256671 #6120] ERROR -- : rabbitmq.rb:45:in
`on_ssl_connectfail' SSL session creation with
stomp+ssl://mcollective@puppetmaster:61614 failed: SSL_connect SYSCALL
returned=5 errno=0 state=SSLv2/v3 read server hello A
I, [2014-10-28T16:00:28.256782 #6120] INFO -- : rabbitmq.rb:25:in
`on_connectfail' TCP Connection to
stomp+ssl://mcollective@puppetmaster:61614 failed on attempt 1
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5dd03d08-d5d6-4544-ac2a-4a097f6eeec9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.