Closed ghost closed 3 years ago
OCTI Env Variables:
opencti: image: opencti/platform:4.3.5 environment:
We have troubleshooted the issue to be related to there being no option to support amqps:// in rabbitmq.js. Lines 15-18
I've created a configuration that will enable testing on the amqps version. This lets rabbitmq list for amqp/ssl on port 5671.
Create self-signed certs, following instructions from https://www.rabbitmq.com/ssl.html#automated-certificate-generation.
git clone https://github.com/michaelklishin/tls-gen tls-gen
cd tls-gen/basic/
make PASSWORD=apassword
make verify
make info
If your server's private key was created with a passphrase (see PASSWORD=apassword above), you'll want to strip that.
cd results
openssl rsa -in server_key.pem -out server_key.pem
# then enter the passphrase apassword
Back in the root of your project, create a directory to map to rabbitmq container
cd ../../
mkdir certs
cp tls-gen/basic/results/ca_certificate.pem certs/
cp tls-gen/basic/results/server_certificate.pem certs/
cp tls-gen/basic/results/server_key.pem certs/
Update docker-compose.yml
rabbitmq:
image: rabbitmq:3.8-management
environment:
- RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS}
- RABBITMQ_PORT_MANAGEMENT=15671
- RABBITMQ_MANAGEMENT_SSL_CACERTFILE=/var/lib/rabbitmq_certs/ca_certificate.pem
- RABBITMQ_MANAGEMENT_SSL_CERTFILE=/var/lib/rabbitmq_certs/server_certificate.pem
- RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT=false
- RABBITMQ_MANAGEMENT_SSL_KEYFILE=/var/lib/rabbitmq_certs/server_key.pem
- RABBITMQ_SSL_CACERTFILE=/var/lib/rabbitmq_certs/ca_certificate.pem
- RABBITMQ_SSL_CERTFILE=/var/lib/rabbitmq_certs/server_certificate.pem
- RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=false
- RABBITMQ_SSL_KEYFILE=/var/lib/rabbitmq_certs/server_key.pem
volumes:
- amqpdata:/var/lib/rabbitmq
- ${PWD}/certs:/var/lib/rabbitmq_certs
ports:
- "15671:15671"
- "15672:15672"
Description
When trying to setup a rabbitmq cluster using Amazon MQ, opencti is failing to connect. The host system that is running docker can access the cluster via curl/telnet. The only difference I can see between a stand-alone rabbitmq cluster and amazon mq is that AWS uses SSL for rabbitmq connections.
Environment
Amazon MQ Broker engine: RabbitMQ Deployment mode: Single-instance broker Broker instance type: mq.m5.xlarge Broker engine version: 3.8.6
listening ports
Protocol | Bound to | Port amqp/ssl | :: | 5671 clustering | :: | 25672 https | :: | 15671
Web Contexts
Context | Bound to | Port | SSL | Path RabbitMQ Management | 0.0.0.0 | 15671 | * | /
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
Connect and use Amazon MQ
Actual Output
{"error":{"name":"DatabaseError","_error":{},"_showLocations":false,"_showPath":false,"time_thrown":"2021-04-08T15:05:22.890Z","data":{"reason":"RabbitMQ seems down","category":"technical"},"internalData":{}},"version":"4.3.5","level":"error","message":"[OPENCTI] Platform initialization fail","timestamp":"2021-04-08T15:05:22.890Z"}
Additional information