[yocto] Adding SSL support to RabbitMQ Server 3.2.4
Phillip Warren
warrenphd at gmail.com
Tue Sep 18 02:33:04 PDT 2018
Hi, rookie here. I'm trying to enable SSL for RabbitMQ Server 3.2.4 on pyro.
Without modifying the build, I simply created /etc/rabbitmq/rabbitmq.config
with the following entries:
[
{rabbitmq_management,
[
{listener, [{port, 15671},
{ip, "0.0.0.0"},
{ssl, true},
{ssl_opts, [{cacertfile, "/etc/rabbitmq/root-ca.pem"},
{certfile, "/etc/rabbitmq/dev.pem"},
{keyfile, "/etc/rabbitmq/dev-np.key"}]}]}
]}
].
and placed the cacertfile, certfile, and keyfile at /etc/rabbitmq/
RabbitMQ Server fails to start at boot.
/var/log/rabbitmq/rabbitmq@{hostname}.log
shows the following error:
=ERROR REPORT==== 17-Sep-2018::20:13:16 ===
** Generic server rabbit_web_dispatch_registry terminating
** Last message in was {add,rabbit_mgmt,
[{port,15671},
{ip,"0.0.0.0"},
{ssl,true},
{ssl_opts,
[{cacertfile,"/etc/rabbitmq/root-ca.pem"},
{certfile,"/etc/rabbitmq/dcx-dev.pem"},
{keyfile,"/etc/rabbitmq/dcx-dev-np.key"}]}],
#Fun<rabbit_web_dispatch.1.73001898>,
#Fun<rabbit_mgmt_app.2.77843060>,
{[],"RabbitMQ Management"}}
** When Server state == undefined
** Reason for termination ==
** {could_not_start_listener,
[{port,15671},
{ip,"0.0.0.0"},
{ssl,true},
{ssl_opts,
[{cacertfile,"/etc/rabbitmq/root-ca.pem"},
{certfile,"/etc/rabbitmq/dcx-dev.pem"},
{keyfile,"/etc/rabbitmq/dcx-dev-np.key"}]}],
{'EXIT',
{{case_clause,{error,{"no such file or
directory","crypto.app"}}},
[{mochiweb,ensure_started,1,
[{file,"mochiweb-wrapper/mochiweb-git/src/mochiweb.erl"},
{line,71}]},
{mochiweb_socket_server,prep_ssl,1,
[{file,
"mochiweb-wrapper/mochiweb-git/src/mochiweb_socket_server.erl"},
{line,139}]},
{mochiweb_socket_server,start_server,2,
[{file,
"mochiweb-wrapper/mochiweb-git/src/mochiweb_socket_server.erl"},
{line,130}]},
{supervisor,do_start_child,2,
[{file,"supervisor.erl"},{line,310}]},
{supervisor,handle_start_child,2,
[{file,"supervisor.erl"},{line,681}]},
{supervisor,handle_call,3,[{file,"supervisor.erl"},{line,390}]},
{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,585}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,239}]}]}}}
After googling around, I'm going down the path of trying to build Erlang
with SSL support. Please stop me if this isn't the proper approach!
I clearly see in
meta-cloud-services/meta-openstack/recipes-devtools/erlang/erlang-native_R16B03-1.bb
a line that says:
EXTRA_OECONF = '--without-ssl'
To alter this statement, I wrote an erlang-native_R16B03-1.bbappend in my
meta-layer and tried the following entries:
*****************************************************************************************************
DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = '--with-ssl=/usr/bin/openssl'
This fails to build with the following error:
configure: error: Invalid path to option --with-ssl=PATH
configure: error: /bin/bash
'build/tmp/work/x86_64-linux/erlang-native/R16B03-1-r0/otp_src_R16B03-1/erts/configure'
failed for erts
*****************************************************************************************************
DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = '--with-ssl'
Builds successfully but products the same error as above in
/var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************
DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = "--with-ssl=${STAGING_DIR_HOST}${layout_exec_prefix}"
Builds successfully but products the same error as above
in /var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************
DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = "--with-ssl use SSL"
Builds successfully but products the same error as above
in /var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************
Detailed help is greatly appreciated. Seems like I'm missing something
obvious.
Best Regards,
Phillip Warren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20180918/db54e998/attachment.html>
More information about the yocto
mailing list