[meta-virtualization] Adding SSL support to RabbitMQ Server 3.2.4

Phillip Warren warrenphd at gmail.com
Tue Sep 18 19:00:31 PDT 2018 

Multipost from [yocto] as I just realized [meta-virtualization] is probably the proper list for this question.

Hi, rookie here. I'm trying to enable SSL for Management Plugin for RabbitMQ Server 3.2.4 on pyro.

Without modifying the build, I simply created /etc/rabbitmq/rabbitmq.config with the following entries:

[
  {rabbitmq_management,
  [
    {listener, [{port,     15671},
                {ip,       "0.0.0.0"},
                {ssl,      true},
                {ssl_opts, [{cacertfile, "/etc/rabbitmq/root-ca.pem"},
                            {certfile,   "/etc/rabbitmq/dev.pem"},
                            {keyfile,    "/etc/rabbitmq/dev-np.key"}]}]}
  ]}
].

and placed the cacertfile, certfile, and keyfile at /etc/rabbitmq/

RabbitMQ Server fails to start at boot. /var/log/rabbitmq/rabbitmq@{hostname}.log shows the following error:

=ERROR REPORT==== 17-Sep-2018::20:13:16 ===
** Generic server rabbit_web_dispatch_registry terminating 
** Last message in was {add,rabbit_mgmt,
                           [{port,15671},
                            {ip,"0.0.0.0"},
                            {ssl,true},
                            {ssl_opts,
                                [{cacertfile,"/etc/rabbitmq/root-ca.pem"},
                                 {certfile,"/etc/rabbitmq/dcx-dev.pem"},
                                 {keyfile,"/etc/rabbitmq/dcx-dev-np.key"}]}],
                           #Fun<rabbit_web_dispatch.1.73001898>,
                           #Fun<rabbit_mgmt_app.2.77843060>,
                           {[],"RabbitMQ Management"}}
** When Server state == undefined
** Reason for termination == 
** {could_not_start_listener,
       [{port,15671},
        {ip,"0.0.0.0"},
        {ssl,true},
        {ssl_opts,
            [{cacertfile,"/etc/rabbitmq/root-ca.pem"},
             {certfile,"/etc/rabbitmq/dcx-dev.pem"},
             {keyfile,"/etc/rabbitmq/dcx-dev-np.key"}]}],
       {'EXIT',
           {{case_clause,{error,{"no such file or directory","crypto.app"}}},
            [{mochiweb,ensure_started,1,
                 [{file,"mochiweb-wrapper/mochiweb-git/src/mochiweb.erl"},
                  {line,71}]},
             {mochiweb_socket_server,prep_ssl,1,
                 [{file,
                      "mochiweb-wrapper/mochiweb-git/src/mochiweb_socket_server.erl"},
                  {line,139}]},
             {mochiweb_socket_server,start_server,2,
                 [{file,
                      "mochiweb-wrapper/mochiweb-git/src/mochiweb_socket_server.erl"},
                  {line,130}]},
             {supervisor,do_start_child,2,
                 [{file,"supervisor.erl"},{line,310}]},
             {supervisor,handle_start_child,2,
                 [{file,"supervisor.erl"},{line,681}]},
             {supervisor,handle_call,3,[{file,"supervisor.erl"},{line,390}]},
             {gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,585}]},
             {proc_lib,init_p_do_apply,3,
                 [{file,"proc_lib.erl"},{line,239}]}]}}}

After googling around, I'm going down the path of trying to build Erlang with SSL support. Please stop me if this isn't the proper approach!

I clearly see in meta-cloud-services/meta-openstack/recipes-devtools/erlang/erlang-native_R16B03-1.bb a line that says:

EXTRA_OECONF = '--without-ssl'

To alter this statement, I wrote an erlang-native_R16B03-1.bbappend in my meta-layer and tried the following entries:

*****************************************************************************************************

DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = '--with-ssl=/usr/bin/openssl'

This fails to build with the following error:

configure: error: Invalid path to option --with-ssl=PATH
configure: error: /bin/bash 'build/tmp/work/x86_64-linux/erlang-native/R16B03-1-r0/otp_src_R16B03-1/erts/configure' failed for erts

*****************************************************************************************************

DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = '--with-ssl'

Builds successfully but produces the same error as above in /var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************

DEPENDS += "ncurses-native openssl"
EXTRA_OECONF = "--with-ssl=${STAGING_DIR_HOST}${layout_exec_prefix}"

Builds successfully but produces the same error as above in /var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************

DEPENDS += "ncurses-native openssl"
EXTRA_OECONF =  "--with-ssl use SSL"

Builds successfully but produces the same error as above in /var/log/rabbitmq/rabbitmq@{hostname}.log
*****************************************************************************************************

Detailed help is greatly appreciated. Seems like I'm missing something obvious.

Best Regards,
Phillip Warren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180918/96728e8a/attachment.html>

More information about the meta-virtualization mailing list