Bad CONNECT when trying to subscribe to message queue - rabbitmq

I'm completely new to RabbitMQ and now I'm looking for a configuration error. The client doesn't receive any messages from RabbitMQ and I debugged it as far as possible.
Frontend messages:
Message 1:
CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
heart-beat:20000,0
Message 2:
ERROR
message:Bad CONNECT
content-type:text/plain
version:1.0,1.1,1.2
content-length:30
Virtual host '/' access denied
There are two vHosts: / and someVhost and there are different users like frontend_listener. Now I found a way to access the log file.
RabbitMQ log file:
2020-02-11 15:50:53.579 [warning] <0.798.0> STOMP login failed for user "frontend_listener"
2020-02-11 15:50:53.579 [error] <0.798.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Access refused for user 'frontend_listener'\n"
Server private detail: none
...
2020-02-11 15:51:25.349 [info] <0.850.0> Creating user 'frontend_listener'
2020-02-11 15:51:30.374 [info] <0.857.0> Setting permissions for 'frontend_listener' in 'someVhost' to '$', '$', 'client-notification.*'
2020-02-11 15:51:54.980 [warning] <0.867.0> STOMP login failed - not_allowed (vhost access not allowed)~n
2020-02-11 15:51:54.980 [error] <0.867.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Virtual host '/' access denied"
Server private detail: none
2020-02-11 15:52:56.427 [warning] <0.875.0> STOMP login failed - not_allowed (vhost access not allowed)~n
It reads like the permissions are wrong. Can someone help me out interpreting that correctly?
I try to read it: User frontend_listener wants to access the vHost /, but it hasn't sufficient permissions (don't know what $ here mean other than a part of regular expression). The thing is, that I don't know if that is the correct vHost. How do I find out the URL of each vHost?
I'm asking this because I believe that the mapping to the vHost is wrong or something is missing.
Edit:
After adding host: 'someVhost' to my stomp-config.ts I was able to subscribe to the queues. Now I get the following error in the log:
2020-02-12 16:32:25.913 [error] <0.5159.1> Channel error on connection <0.5149.1> (127.0.0.1:58136 -> 127.0.0.1:15674, vhost: 'someVhost', user: 'frontend_listener'), channel 1:
operation basic.consume caused a channel exception access_refused: access to queue 'stomp-subscription-SZ3-PO1-PbZroPol-WXSQw' in vhost 'someVhost' refused for user 'frontend_listener'
2020-02-12 16:32:26.022 [error] <0.5145.1> STOMP error frame sent:
Message: access_refused
On the frontend I don't get a message or error.

You need to also pass host information in the STOMP CONNECT frame..
this is what the specifications says and clients MUST set this header
host : The name of a virtual host that the client wishes to connect to. It is recommended clients set this to the host name that the socket was established against, or to any name of their choosing. If this header does not match a known virtual host, servers supporting virtual hosting MAY select a default virtual host or reject the connection.
So this is how your CONNET frame should look
CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
host: someVhost
heart-beat:20000,0

Related

erlang failed to resolve ipv6 addresses using parameter from rabbitmq

I'm using rabbitmq cluster in k8s which has only pure ipv6 address. inet return nxdomain error when parsing the k8s service name.
The paramter passed to erlang from rabbitmq is:
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="+A 128 -kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist inet6_tcp"
RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
erl_inetrc: |-
{inet6, true}.
when rabbitmq using its plugin rabbit_peer_discovery_k8s to invoke k8s api:
2019-10-15 07:33:55.000 [info] <0.238.0> Peer discovery backend does not support locking, falling back to randomized delay
2019-10-15 07:33:55.000 [info] <0.238.0> Peer discovery backend rabbit_peer_discovery_k8s does not support registration, skipping randomized start
up delay.
2019-10-15 07:33:55.000 [debug] <0.238.0> GET https://kubernetes.default.svc.cluster.local:443/api/v1/namespaces/tazou/endpoints/zt4-crmq
2019-10-15 07:33:55.015 [debug] <0.238.0> Response: {error,{failed_connect,[{to_address,{"kubernetes.default.svc.cluster.local",443}},{inet,[inet]
,nxdomain}]}}
2019-10-15 07:33:55.015 [debug] <0.238.0> HTTP Error {failed_connect,[{to_address,{"kubernetes.default.svc.cluster.local",443}},{inet,[inet],nxdom
ain}]}
2019-10-15 07:33:55.015 [info] <0.238.0> Failed to get nodes from k8s - {failed_connect,[{to_address,{"kubernetes.default.svc.cluster.local",443}}
,
{inet,[inet],nxdomain}]}
2019-10-15 07:33:55.016 [error] <0.237.0> CRASH REPORT Process <0.237.0> with 0 neighbours exited with reason: no case clause matching {error,"{fa
iled_connect,[{to_address,{\"kubernetes.default.svc.cluster.local\",443}},\n {inet,[inet],nxdomain}]}"} in rabbit_mnesia:init_from
_config/0 line 167 in application_master:init/4 line 138
2019-10-15 07:33:55.016 [info] <0.43.0> Application rabbit exited with reason: no case clause matching {error,"{failed_connect,[{to_address,{\"kub
ernetes.default.svc.cluster.local\",443}},\n
in k8s console, the address could be resolved:
[rabbitmq]# nslookup -type=AAAA kubernetes.default.svc.cluster.local
Server: 2019:282:4000:2001::6
Address: 2019:282:4000:2001::6#53
kubernetes.default.svc.cluster.local has AAAA address fd01:abcd::1
the inet could return ipv6 address.
kubectl exec -ti zt4-crmq-0 rabbitmqctl eval 'inet:gethostbyname("kubernetes.default.svc.cluster.local").'
{ok,{hostent,"kubernetes.default.svc.cluster.local",[],inet6,16,
[{64769,43981,0,0,0,0,0,1}]}}
as I know, plugin call httpc:request to invoke k8s api. I don't know what's the gap between httpc:request and inet:gethostbyname. I also don't what's used by httpc:request to resolve the address of hostname.
I query for the rabbitmq plugin, It's said that rabbitmq plugin don't aware how erlang resovlve the address. https://github.com/rabbitmq/rabbitmq-peer-discovery-k8s/issues/55.
Anything else I could set for erl_inetrc so that erlang could resolve the ipv6 address? what did i miss to config? or how could i debug from erlang side? I'm new to erlang.
B.R,
Tao

How to make HTTPS request from mule ESB?

How to make HTTPS request without port from HTTP component ? I can't use url with port 443 or 80 because port number just appending with url and it says invalid url.
So how to make request just with URL instead of enter port number ?
Also, If i have IP address i can use IP + Port to access the data. but Server runs behind proxy server so no way to find application server IP.
Error Message:
Message : Error sending HTTP request to https://xxx-yyy.com:443/rest/name
Payload : {NullPayload}
Payload Type : org.mule.transport.NullPayload
Root Exception stack trace:
java.util.NoSuchElementException
at java.util.Collections$EmptyIterator.next(Unknown Source)
at com.mulesoft.mule.http.request.NameResolvingRequestBuilder.nextResolvedAddresses(NameResolvingRequestBuilder.java:99)
at com.mulesoft.mule.http.request.NameResolvingRequestBuilder.setUrl(NameResolvingRequestBuilder.java:75)
at org.mule.module.http.internal.request.grizzly.GrizzlyHttpClient.createGrizzlyRequest(GrizzlyHttpClient.java:555)
at org.mule.module.http.internal.request.grizzly.GrizzlyHttpClient.sendAndWait(GrizzlyHttpClient.java:355)
at org.mule.module.http.internal.request.grizzly.GrizzlyHttpClient.send(GrizzlyHttpClient.java:303)
at com.mulesoft.mule.http.request.grizzly.EEGrizzlyHttpClient.send(EEGrizzlyHttpClient.java:105)
at org.mule.module.http.internal.request.DefaultHttpRequester.innerProcess(DefaultHttpRequester.java:383)
at org.mule.module.http.internal.request.DefaultHttpRequester.processBlocking(DefaultHttpRequester.java:226)
Please advise.
The error indicates that the host name can not be found. That should be expected given that the host name is made up. You can find this error mentioned in this KB article: https://support.mulesoft.com/s/article/Error-sending-HTTP-request-with-java-util-NoSuchElementException
This error has nothing to do with HTTPS or the port used.
I have double checked that the host name is indeed not registered with nslookup:
c:\>nslookup xxx-yyy.com
Server: UnKnown
Address: 192.168.0.1
Non-authoritative answer:
Name: xxx-yyy.com
Address: 121.14.27.78

SSL handshake error twisted

So I have a twisted application where I create the SSL service like this:
myfactory=MyFactory(host, port)
service=SSLServer(port,myfactory, ssl.DefaultOpenSSLContextFactory(MY_SERVICE_SSL_KEY, MY_SERVICE_SSL_CERT))
Here MyFactory is just my custom Factory class, and MY_SERVICE_SSL_KEY and MY_SERVICE_SSL_CERT are the file paths to the key and cert files required by SSL.
The service is such that a client will connect to the service, send a line of information (which gets stored on on the server side) and then disconnects.
The issue is that for some client IPs, everything "seems" to work: the client connects, the server receives the expected data, and then connectionLost is called. I log the reason for connectionLost and get this:
[Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ConnectionLost'>: Connection to the other side was lost in a non-clean fashion: Connection lost.
But for other client IP addresses, there seems to be an SSL handshake error where the connection is lost immediately:
application [28/Nov/2017 02:39:36] INFO MyProtocol ConnectionMade: xx.xx.xx.xx
application [28/Nov/2017 02:39:36] INFO MyProtocol ConnectionLost: xx.xx.xx.xx | [Failure instance: Traceback: <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake failure')]
Does anyone know why this happens? How can I fix it?

Exception in thread "main" com.amazonaws.SdkClientException: Unable to execute HTTP request: Unrecognized SSL message, plaintext connection

Getting this exception while connecting to Amazon S3 Bucket to download an object.
Exception in thread “main” com.amazonaws.SdkClientException: Unable to
execute HTTP request: Unrecognized SSL message, plaintext connection
The issue is due to:
Java 6 or earlier clients ignore SNI alerts but in Java 7/8 clients, SNI checking is enabled by default.
Resolution:
You can disable SNI alerts by specifying the JVM system parameter. Just add -Djsse.enableSNIExtension=false in eclipse.ini and restart eclipse.

apache-tomcat-6.0.30 Socket bind failed/Protocol handler start fail ed

org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: Socket bind failed: [730013] An attempt was made to access
a socket in a way forbidden by its access permissions.
org.apache.catalina.core.StandardService initialize
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
LifecycleException: Protocol handler initialization failed: java.lang.Exception
: Socket bind failed: [730013] An attempt was made to access a socket in a way f
orbidden by its access permissions.
INFO: Deploying configuration descriptor manager.xml
org.apache.coyote.http11.Http11AprProtocol start
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730013] An attempt was made to access
a socket in a way forbidden by its access permissions.
org.apache.catalina.core.StandardService start
SEVERE: Failed to start connector [Connector[HTTP/1.1-80]]
LifecycleException: service.getName(): "Catalina"; Protocol handler start fail
ed: java.lang.Exception: Socket bind failed: [730013] An attempt was made to acc
ess a socket in a way forbidden by its access permissions.
The error shows while run apache-tomcat-6.0.30.
Process can't use privileged ports by default. Use a port above 1024. If you want to access Tomcat via port 80 use iptables or similar to map port 80 to 8080 or use the supplied service wrapper (jsvc) that will start as root, bind to port 80 and then drop to a non-privileged user.