Bug 802519 - qpid-stat fails to connect with SSL.
qpid-stat fails to connect with SSL.
Status: CLOSED NOTABUG
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-tools (Show other bugs)
Development
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: mick
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-12 13:52 EDT by mick
Modified: 2012-04-19 14:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-15 12:47:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description mick 2012-03-12 13:52:33 EDT
At svn rev 1292387 this test works.  At svn rev 1292388 it does not -- and it looks like this problem has persisted to today.

I will include in this comment two scripts -- a large one that I use to start the broker, and a teensy one that I run qpid-stat with.

When qpid-stat succeeds, it looks like this:
{


    Connections
      client-addr                     cproc      cpid  auth        connected  idle  msgIn  msgOut
        =============================================================================================
          127.0.0.1:6667-127.0.0.1:50224  qpid-stat  9863  guest@QPID  0s         0s     208    263
}


When qpid-stat fails, it looks like this:
{
    Failed: ConnectError - [Errno 111] Connection refused
}




#################### START BROKER SCRIPT #################################
#! /bin/bash 


# NOTE   Run this in cpp/src/tests -- after doing "make check" to get things built.


source ./test_env.sh


# Debugging print. --------------------------
debug=1
function print {
  if [ "$debug" ]; then
    echo "sasl_fed_ex: $1"
  fi
}

TEST_HOSTNAME=127.0.0.1
CLIENT_NAME=guest

CERT_DIR=`pwd`/test_cert_db
CERT_PW_FILE=`pwd`/cert.password


create_certs() {
    echo mkdir ${CERT_DIR}
    mkdir ${CERT_DIR}
    echo certutil -N -d ${CERT_DIR} -f ${CERT_PW_FILE}
    certutil -N -d ${CERT_DIR} -f ${CERT_PW_FILE}
    echo certutil -S -d ${CERT_DIR} -n ${TEST_HOSTNAME} -s "CN=${TEST_HOSTNAME}" -t "CT,," -x -f ${CERT_PW_FILE} -z /usr/bin/certutil
    certutil -S -d ${CERT_DIR} -n ${TEST_HOSTNAME} -s "CN=${TEST_HOSTNAME}" -t "CT,," -x -f ${CERT_PW_FILE} -z /usr/bin/certutil
}

delete_certs() {
    if [[ -e ${CERT_DIR} ]] ;  then
        print "removing cert dir ${CERT_DIR}"
        rm -rf ${CERT_DIR}
    fi
}


CERTUTIL=$(type -p certutil)
if [[ !(-x $CERTUTIL) ]] ; then
    echo "No certutil.  Quitting.";
    exit 0;
fi

delete_certs

create_certs
if [ ! $? ]; then
  error "Could not create test certificate"
  exit 1
fi

sasl_config_dir=$builddir/sasl_config
echo "sasl_config_dir $sasl_config_dir"

tmp_root=${builddir}/sasl_fed_ex_temp
print "results dir is ${tmp_root}"
rm -rf ${tmp_root}
mkdir -p $tmp_root

TCP_PORT=5801
SSL_PORT=6667

SSL_LIB=${moduledir}/ssl.so

# don't use this!  --ssl-require-client-authentication        \

export QPID_NO_MODULE_DIR=1
export QPID_LOAD_MODULE=$SSLCONNECTOR_LIB
export QPID_SSL_CERT_DB=${CERT_DIR}
export QPID_SSL_CERT_PASSWORD_FILE=${CERT_PW_FILE}


function start_broker {
  print "Starting broker -- logs are in  $tmp_root/qpidd_src.log"
  $QPIDD_EXEC                                  \
    --port=${TCP_PORT}                         \
    --ssl-port ${SSL_PORT}                     \
    --sasl-config=$sasl_config_dir             \
    --auth yes                                 \
    --load-module $SSL_LIB                     \
    --ssl-cert-db $CERT_DIR                    \
    --ssl-cert-password-file $CERT_PW_FILE     \
    --ssl-cert-name $TEST_HOSTNAME             \
    --mgmt-enable=yes                          \
    --log-enable info+                         \
    --log-source yes                           \
    --daemon                                   \
    -t                                         \
    --log-to-file $tmp_root/qpidd_src.log 2> /dev/null
}


start_broker

echo " "

#################### END BROKER SCRIPT #############################





#################### START QPID-STAT SCRIPT ##############################
    /home/mick/trunk/qpid/tools/src/py/qpid-stat -c --sasl-mechanism=PLAIN amqps://guest/guest@127.0.0.1:6667
#################### END QPID-STAT SCRIPT ################################
Comment 1 Ted Ross 2012-03-12 14:28:38 EDT
The issue here is that the commit-in-question changes the command line options for qpid-stat (see https://issues.apache.org/jira/browse/QPID-3851).

The target broker must be specified in the "-b" option after the change.  I suggest closing this as NOTABUG.
Comment 2 mick 2012-03-15 12:47:22 EDT
oops, I see.

Note You need to log in before you can comment on or make changes to this bug.