On 11/17/2011 03:08 AM, Paul Colby wrote:
I have a cluster of two Qpidd brokers - both C++ v0.12 (on CentOS 5.5).
Both brokers have been clustering very happily so far :)
Now, I've enabled both SASL and SSL on both brokers.
I have several client applications I've written that can authenticate, and
use SSL to talk successfully to either broker. However, I can't get the
two brokers to cluster anymore (unless I disable SSL).
Specifically, if I start one broker, then everything is happy (clients
connect / send / receive etc).
But when I try to start a second broker, the second broker begins to start
up ok, but then stops after reporting "error Rejected un-encrypted
connection", and then shutting down the catch-up connection.
Is there something I need to do to tell the brokers to use SSL for their
catch-up connections? Or is require-encryption=yes incompatible with
clustering?
This is just a suggestion, but you could try setting --cluster-url to
amqps://<fqdn>:<port>, e.g. amqps://myhost.mydomain.com:5671. The idea
there is to get the update client (which I think is what is failing) to
use SSL.
An alternative might be to set --cluster-mechanism to DIGEST-MD5 along
with a valid --cluster-username and --cluster-password. The idea there
is to use a SASL encryption layer on the update client so as to avoid
being excluded by the require-encryption=yes setting.
I haven't verified either of these myself however...
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
