[
https://issues.apache.org/jira/browse/DISPATCH-224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317649#comment-15317649
]
Alan Conway edited comment on DISPATCH-224 at 6/7/16 1:50 AM:
--------------------------------------------------------------
This does not appear to be fixed on branch 0.6.0 or master. The default config
does not work: qdstat just says "disconnected", with nothing in the router logs
below trace level, and then only some obscure "<-SASL ->SASL connection
aborted" nonsense. Neither of these settings helps:
{code}
authenticatePeer: no
requireEncryption: no
{code}
The only way I can stand up a working test router router is:
{code}
listener {
saslMechanisms: anonymous
}
{code}
This is completely non-obvious and not explained at all in "configuring
dispatch" in the book. It is covered in reference docs, but you'd be very lucky
to find it, or guess this was the issue if you didn't already know. We will
lose users on this one. My setup:
Built from git: proton 0.12.x, dispatch 0.6.x
Installed sasl libs:
cyrus-sasl-scram-2.1.26-25.2.fc23.x86_64
cyrus-sasl-devel-2.1.26-25.2.fc23.x86_64
cyrus-sasl-plain-2.1.26-25.2.fc23.x86_64
cyrus-sasl-md5-2.1.26-25.2.fc23.x86_64
cyrus-sasl-2.1.26-25.2.fc23.x86_64
cyrus-sasl-lib-2.1.26-25.2.fc23.x86_64
cyrus-sasl-gssapi-2.1.26-25.2.fc23.x86_64
was (Author: aconway):
This does not appear to be fixed on branch 0.6.0 or master. The default config
does not work: qdstat just says "disconnected", with nothing in the router logs
below trace level, and then only some obscure "<-SASL ->SASL connection
aborted" nonsense. Neither of these settings helps:
{code}
authenticatePeer: no
requireEncryption: no
{code}
The only way I can stand up a working test router router is:
{conf}
listener {
saslMechanisms: anonymous
}
{conf}
This is completely non-obvious and not explained at all in "configuring
dispatch" in the book. It is covered in reference docs, but you'd be very lucky
to find it, or guess this was the issue if you didn't already know. We will
lose users on this one. My setup:
Built from git: proton 0.12.x, dispatch 0.6.x
Installed sasl libs:
cyrus-sasl-scram-2.1.26-25.2.fc23.x86_64
cyrus-sasl-devel-2.1.26-25.2.fc23.x86_64
cyrus-sasl-plain-2.1.26-25.2.fc23.x86_64
cyrus-sasl-md5-2.1.26-25.2.fc23.x86_64
cyrus-sasl-2.1.26-25.2.fc23.x86_64
cyrus-sasl-lib-2.1.26-25.2.fc23.x86_64
cyrus-sasl-gssapi-2.1.26-25.2.fc23.x86_64
> Default installed configuration fails without error message.
> ------------------------------------------------------------
>
> Key: DISPATCH-224
> URL: https://issues.apache.org/jira/browse/DISPATCH-224
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.5
> Reporter: Alan Conway
> Assignee: Ted Ross
> Priority: Critical
> Fix For: 0.7.0
>
>
> A simple test of a default install of dispatch in /usr/local does not work:
> {code}
> $ make install
> $ qdrouterd&
> $ qdstat -g
> ConnectionException: Connection amqp://0.0.0.0:amqp/$management disconnected
> {code}
> The exception gives no hint why we were disconnected, and the router log file
> has no entries at all regarding the disconnection. The actual cause is a SASL
> rejection due to invalid configuration. There are several issues that need
> fixing:
> - The router log should show an error if SASL cant find/parse its config file.
> - The router log should show an error if a connection is rejected for
> security reasons.
> - The client exception should indicate that the disconnect was caused by a
> security problem.
> - The router should look for SASL configuration under its install prefix
> since that is where it is installed.
> - The default router configuration needs to be updated to either be
> functional or clearly NON functional.
> Question is is what should the default configuration allow? IMO it should at
> least allow you to use the tools shipped with qdrouterd to verify that it is
> running and working.
> The alternative is don't ship a default config at all. In that case the
> router should fail to start at all with a clear message "you must configure
> me first, see $prefix/share/doc/qdrouter/config-examples." We can provide a
> sample "qdrouterd-insecure.conf" to get developers started quickly without
> forcing them to learn SASL first. We can add other example configs for
> different scenarios as we go.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
