search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.3k stars 930 forks source link

"GraphQLError: RabbitMQ seems down" - invalid credentials #8651

Open pli482004 opened 1 week ago

pli482004 commented 1 week ago

Description

Trying to install OpenCTI from Docker. The opencti container is created but is unhealthy after running docker compose up -d, due to an error in RabbitMQ. The RabbitMQ seems to be having an issue about invalid credentials.

Environment

  1. OS: MacOS Sonoma 14.6.1
  2. OpenCTI version: Docker Release 6.3.5
  3. Docker Desktop: 4.33.0

Reproducible Steps

  1. Copy the docker-compose.yml from this repo
  2. Add platform: linux/amd64 to each service as necessary
  3. Copy the .env.sample from this repo and add UUIDv4s as necessary
  4. Rename .env.sample to .env
  5. Run docker compose up -d

Errors

In the opencti container, the following is repeatedly logged: 2024-10-06 23:06:35 {"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500},"message":"RabbitMQ seems down","name":"DATABASE_ERROR","stack":"GraphQLError: RabbitMQ seems down\n at error (/opt/opencti/build/src/config/errors.js:7:10)\n at DatabaseError (/opt/opencti/build/src/config/errors.js:57:48)\n at /opt/opencti/build/src/database/rabbitmq.js:271:13\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at checkSystemDependencies (/opt/opencti/build/src/initialization.js:44:3)\n at platformStart (/opt/opencti/build/src/boot.js:15:7)"},{"message":"Handshake terminated by server: 403 (ACCESS-REFUSED) with message \"ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.\"","name":"Error","stack":"Error: Handshake terminated by server: 403 (ACCESS-REFUSED) with message \"ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.\"\n at k (/opt/opencti/build/node_modules/amqplib/lib/connection.js:172:16)\n at cb (/opt/opencti/build/node_modules/amqplib/lib/connection.js:107:11)\n at Socket.recv (/opt/opencti/build/node_modules/amqplib/lib/connection.js:456:9)\n at Object.onceWrapper (node:events:633:28)\n at Socket.emit (node:events:519:28)\n at emitReadable_ (node:internal/streams/readable:832:12)\n at processTicksAndRejections (node:internal/process/task_queues:81:21)"}],"level":"error","message":"RabbitMQ seems down","source":"backend","timestamp":"2024-10-07T04:06:35.272Z","version":"6.3.3"}

In the rabbitMQ container, I get the following error: 2024-10-06 23:07:21 2024-10-07 04:07:21.021266+00:00 [error] <0.1120.0> Error on AMQP connection <0.1120.0> (172.18.0.6:32814 -> 172.18.0.4:5672, state: starting): 2024-10-06 23:07:21 2024-10-07 04:07:21.021266+00:00 [error] <0.1120.0> PLAIN login refused: user 'opencti' - invalid credentials

It seems like the credentials I set in the .env file are not valid for some reason. I have tried setting different users or passwords through the environment variables.

Additional Information

My .env file looks like this, almost entirely pasted from the sample .env file in this repo:

OPENCTI_ADMIN_EMAIL=admin@opencti.io OPENCTI_ADMIN_PASSWORD=changeme OPENCTI_ADMIN_TOKEN=89905755-2723-416c-862c-50d1508e3746 OPENCTI_BASE_URL=http://localhost:8080 OPENCTI_HEALTHCHECK_ACCESS_KEY=changeme MINIO_ROOT_USER=opencti MINIO_ROOT_PASSWORD=changeme RABBITMQ_DEFAULT_USER=opencti RABBITMQ_DEFAULT_PASS=changeme CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6 CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7 CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0 CONNECTOR_ANALYSIS_ID=4dffd77c-ec11-4abe-bca7-fd997f79fa36 SMTP_HOSTNAME=localhost ELASTIC_MEMORY_SIZE=4G

aHenryJard commented 5 days ago

Hello, could you connect to opencti container and rabbitMQ and list environement variable to see if the .env has actually be taken ? (it's RABBITMQUSERNAME and RABBITMQPASSWORD on opencti / for RABBITMQ_DEFAULT_USER and RABBITMQ_DEFAULT_PASS on rabbitMq).

And another issue can be that somehow you started first with default rabbitMQ credential and then with RABBITMQ_DEFAULT_PASS in which case credential are stored in rabbitMQ volume, you can delete rabbitMQ volume or you can use:

docker compose down -v
docker compose up -d

This will restart all without any data (like a new first start)