katello's amqp and the agent communicate over 5674 yet /etc/services indicates this should be on 5671. We should correct our port usage to 5761 to correctly follow the standard port as indicated in /etc/services
Note: Before doing this please upgrade to the latest AMQP and make sure this was not already fixed in RHEL. Btw since we use default SSL port it could be good idea to move this upstream.
Ah I did not follow Mike's report. Now I understand. Please disregard comment 1. We are using wrong port! # grep amqp /etc/services amqps 5671/tcp # amqp protocol over TLS/SSL amqps 5671/udp # amqp protocol over TLS/SSL amqp 5672/tcp # AMQP amqp 5672/udp # AMQP amqp 5672/sctp # AMQP Correcting https://fedorahosted.org/katello/wiki/FirewallConfiguration https://github.com/Katello/katello/pull/231
Client: katello-agent-1.1.2-1.el6cf.noarch * /etc/gofer/plugins/katelloplugin.conf [messaging] uuid= url=ssl://$(host):5671 cacert=/etc/rhsm/ca/candlepin-local.pem clientcert=/etc/pki/consumer/bundle.pem Server: * /etc/qpidd.conf auth=no require-encryption=yes ssl-require-client-authentication=yes ssl-port=5671 ssl-cert-db=/etc/pki/katello/nssdb ssl-cert-password-file=/etc/katello/nss_db_password-file ssl-cert-name=broker * /etc/pulp/pulp.conf [messaging] url: ssl://localhost:5671 cacert: /usr/share/katello/candlepin-cert.crt clientcert: /etc/pki/pulp/qpid_client_striped.crt
Verified using: * candlepin-0.7.8-1.el6cf.noarch * candlepin-selinux-0.7.8-1.el6cf.noarch * candlepin-tomcat6-0.7.8-1.el6cf.noarch * katello-1.1.12-7.el6cf.noarch * katello-all-1.1.12-7.el6cf.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.1.8-1.el6cf.noarch * katello-cli-1.1.8-4.el6cf.noarch * katello-cli-common-1.1.8-4.el6cf.noarch * katello-common-1.1.12-7.el6cf.noarch * katello-configure-1.1.9-3.el6cf.noarch * katello-glue-candlepin-1.1.12-7.el6cf.noarch * katello-glue-pulp-1.1.12-7.el6cf.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-1.1.1-1.el6cf.noarch * pulp-1.1.12-1.el6cf.noarch * pulp-common-1.1.12-1.el6cf.noarch * pulp-selinux-server-1.1.12-1.el6cf.noarch
closing, currentrelease since these seemingly got missed in the 1.0.1 errata
getting rid of 6.0.0 version since that doesn't exist