I have implemented Kafka two way SSL authentication on a 17 node cluster. I have tested by running console consumer/producer commands from few nodes of the cluster. But when I try to do that from local network ( Laptop ) it doesn't work. I get SSL handshake error. I am suspecting it to be advertised listener issue as there is no adv. listener defined on server.properties. We are using private ips/private dns in all our configurations. From the local network below command works ( ip address is private ip of one of the brokers)
openssl c_client -connect 10.97.33.111:9093
My server.properties file has below entries
listeners=EXTERNAL://:9092,INTERNAL://:9091,CLIENT://:9093
listener.security.protocol.map=EXTERNAL:SSL,INTERNAL:SSL,CLIENT:SSL
## Inter Broker Listener Configuration
inter.broker.listener.name=INTERNAL
Please suggest what is required to fix this issue.
Related
I have created EKS cluster with API server endpoint access as "Private". Cluster is configured in private subnet. I'd like to allow kubectl access from local PC. I have created Client VPN, it has access to private network (verified that by SSH to an EC2 instance running in the same private subnet). But kubectl gets "unable to connect to the server: dial x.x.x.x:443 i/o timout". "aws eks update-kubeconfig" can see that cluster and updates local context properly. What could be the problem?
Found out what was was missing. 443 had to be enabled in authorization rules
I'm new to RabbitMQ and I want to run a RabbitMQ server instance on centOS7 using the following command:
sudo systemctl start rabbitmq-server
The command seemed to take forever and when I stopped the process and checked the log files, everything was ok and it said that rabbit is up and running. But when I try to execute any command using rabbitmqctl I'm getting the following error:
Error: unable to perform an operation on node 'rabbit#hostname'. Please see diagnostics information and suggestions below.
Most common reasons for this are:
* Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
* CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
* Target node is not running
In addition to the diagnostics info below:
* See the CLI, clustering and networking guides on https://rabbitmq.com/documentation.html to learn more
* Consult server logs on node rabbit#hostname
* If target node is configured to use long node names, don't forget to use --longnames with CLI tools
**DIAGNOSTICS**
attempted to contact: [rabbit#hostname]
rabbit#hostname:
* connected to epmd (port 4369) on hostname
* epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
* can't establish TCP connection to the target node, reason: timeout (timed out)
* suggestion: check if host 'hostname' resolves, is reachable and ports 25672, 4369 are not blocked by firewall
Current node details:
* node name: 'rabbitmqcli-806330-rabbit#hostname'
* effective user's home directory: /var/lib/rabbitmq
* Erlang cookie hash: KgAE7WR3dl5/FGAyWKE5LA==
I tried killing the processes manually but it didn't work.
every needed port is listening and I can telnet them. Can you please help me on where the problem might be?
The client machine cannot resolve the hostname pointing to the rabbitmq server.
If the IP address isn't publicly propagated, you have to put the IP/host combination in /etc/hosts file.
You could also try to connect to the IP address instead of the hostname to clear any other network related issues.
I have both a client and a broker running on a remote Linux machine within a Lora Network server that has a mosquitto connector.
The client can listen for the broker's broadcast from a certain address and port (#127.0.0.1:1883)
I would like to open an ssh tunnel between this remote machine and my machine (windows 10) to 'eavesdrop' on the communication between the client and the broker using MQTT.fx to run a mosquitto client;
So far I tried to:
Run ssh -L 22883:#remoteMachineAdress:1883 usern.ame#gatewayAdress -p222 on MobaXtrem](https://mobaxterm.mobatek.net/)
Then I launch a client on MQTT.fx to listen on the broker: 127.0.0.1 port 22883.
This establishes a connection to the broker. However, I am not receiving any of the messages passed to the original client (the one on the remote machine) receives.
Can anyone tell me what am I doing wrong?
And if there are any tutorials about this?
I appreciate all the help I can get, thank you in advance!
This configuration is correct, it was the connector on the server who was sending the data to a different application.
I'm quite confused on how to set up logstash-forwarder.
I currently have it running on my local host, but am unsure how to set it up to handshake with the remote host. I have a ssl certificate and key, and have the configuration paths to it.
I am confused as far as what should I be installing onto my remote host to get this to execute? Is it just a copy of the ssl key, and certificate, or some type of logstash-forwarder package installation as well?
The remote server would normally be an instance of logstash, using the lumberjack input, where you would specify the SSL parameters.
Currently I have a master and agent working on separate Centos 6.5 VMs. I would like to be able to configure my own master as I will be tearing down and making a new master every time.
How can I get puppet agent --test --noop to work on my master machine as well?
Currently I receive an error:
Error: Could not request certificate: 502 "Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )"
SSL requests seem to be setup for port 443. Any thoughts?
Thank you very much!
Jason
Credit to Felix Frank, mr_tron
Issue seemed to be solved by removing http_proxy declaration in .bashrc file and anywhere else
Puppet Master now able to act as an agent
Thank you,
Jason