You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Alan Conway (JIRA)" <ji...@apache.org> on 2016/06/07 01:51:21 UTC

[jira] [Comment Edited] (DISPATCH-224) Default installed configuration fails without error message.

    [ https://issues.apache.org/jira/browse/DISPATCH-224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317649#comment-15317649 ] 

Alan Conway edited comment on DISPATCH-224 at 6/7/16 1:50 AM:
--------------------------------------------------------------

This does not appear to be fixed on branch 0.6.0 or master. The default config does not work: qdstat just says "disconnected", with nothing in the router logs below trace level, and then only some obscure "<-SASL ->SASL connection aborted" nonsense. Neither of these settings helps:

{code}
    authenticatePeer: no 
    requireEncryption: no
{code}

 The only way I can stand up a working test router router is:

{code}
listener {
    saslMechanisms: anonymous
}
{code}

This is completely non-obvious and not explained at all in  "configuring dispatch" in the book. It is covered in reference docs, but you'd be very lucky to find it, or guess this was the issue if you didn't already know. We will lose users on this one. My setup:

Built from git: proton 0.12.x, dispatch 0.6.x
Installed sasl libs:
cyrus-sasl-scram-2.1.26-25.2.fc23.x86_64
cyrus-sasl-devel-2.1.26-25.2.fc23.x86_64
cyrus-sasl-plain-2.1.26-25.2.fc23.x86_64
cyrus-sasl-md5-2.1.26-25.2.fc23.x86_64
cyrus-sasl-2.1.26-25.2.fc23.x86_64
cyrus-sasl-lib-2.1.26-25.2.fc23.x86_64
cyrus-sasl-gssapi-2.1.26-25.2.fc23.x86_64



was (Author: aconway):
This does not appear to be fixed on branch 0.6.0 or master. The default config does not work: qdstat just says "disconnected", with nothing in the router logs below trace level, and then only some obscure "<-SASL ->SASL connection aborted" nonsense. Neither of these settings helps:

{code}
    authenticatePeer: no 
    requireEncryption: no
{code}

 The only way I can stand up a working test router router is:

{conf}
listener {
    saslMechanisms: anonymous
}
{conf}

This is completely non-obvious and not explained at all in  "configuring dispatch" in the book. It is covered in reference docs, but you'd be very lucky to find it, or guess this was the issue if you didn't already know. We will lose users on this one. My setup:

Built from git: proton 0.12.x, dispatch 0.6.x
Installed sasl libs:
cyrus-sasl-scram-2.1.26-25.2.fc23.x86_64
cyrus-sasl-devel-2.1.26-25.2.fc23.x86_64
cyrus-sasl-plain-2.1.26-25.2.fc23.x86_64
cyrus-sasl-md5-2.1.26-25.2.fc23.x86_64
cyrus-sasl-2.1.26-25.2.fc23.x86_64
cyrus-sasl-lib-2.1.26-25.2.fc23.x86_64
cyrus-sasl-gssapi-2.1.26-25.2.fc23.x86_64


> Default installed configuration fails without error message.
> ------------------------------------------------------------
>
>                 Key: DISPATCH-224
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-224
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.5
>            Reporter: Alan Conway
>            Assignee: Ted Ross
>            Priority: Critical
>             Fix For: 0.7.0
>
>
> A simple test of a default install of dispatch in /usr/local does not work:
> {code}
> $ make install
> $ qdrouterd&
> $ qdstat -g
> ConnectionException: Connection amqp://0.0.0.0:amqp/$management disconnected
> {code}
> The exception gives no hint why we were disconnected, and the router log file has no entries at all regarding the disconnection. The actual cause is a SASL rejection due to invalid configuration. There are several issues that need fixing:
> - The router log should show an error if SASL cant find/parse its config file.
> - The router log should show an error if a connection is rejected for security reasons.
> - The client exception should indicate that the disconnect was caused by a security problem.
> - The router should look for SASL configuration under its install prefix since that is where it is installed.
> - The default router configuration needs to be updated to either be functional or clearly NON functional.
> Question is is what should the default configuration allow? IMO it should at least allow you to use the tools shipped with qdrouterd to verify that it is running and working.
> The alternative is don't ship a default config at all. In that case the router should fail to start at all with a clear message "you must configure me first, see $prefix/share/doc/qdrouter/config-examples." We can provide a sample "qdrouterd-insecure.conf" to get developers started quickly without forcing them to learn SASL first. We can add other example configs for different scenarios as we go.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org