search

kubemq-io / kubemq-community

KubeMQ is a Kubernetes native message queue broker
https://kubemq.io
Apache License 2.0
659 stars 48 forks source link

gRPC error with TLS #29

Closed Ultchad closed 1 year ago

Ultchad commented 1 year ago

I have issue when i run kubemq server with certificate (The same command work without TLS) I can't send message in queue via gRPC: 

$ kubemq queues send qdock1 'hello word 1'
2022/12/07 14:33:54 loaded configuration from /tmp/tmp.Ebe1N53171/config.yaml
Sending Queue Message:
{
    "id": "",
    "channel": "qdock1",
    "client_id": "908ci19b-ec5a-4224-8422-64f386761da4",
    "body_string": "hello word 1"
}
error: error sending queue message, rpc error: code = Unavailable desc = error reading from server: EOF

But I can list the queue (via API) The certificates is valid (pub, key and ca) I test with:

I looked the exchanges of kubemq queues send qdock1 'hello word 1' with the server: With TLS or without TLS: i can read all exchanges

kubemq commented 1 year ago

Did you configure the client side with the ca ? kubemqctl config.... This is mTLS

On Wed, Dec 7, 2022 at 3:59 PM Ultchad @.***> wrote:

I have issue when i run kubemq server with certificate (The same command work without TLS) I can't send message in queue via gRPC:

$ kubemq queues send qdock1 'hello word 1' 2022/12/07 14:33:54 loaded configuration from /tmp/tmp.Ebe1N53171/config.yaml Sending Queue Message: { "id": "", "channel": "qdock1", "client_id": "908ci19b-ec5a-4224-8422-64f386761da4", "body_string": "hello word 1" } error: error sending queue message, rpc error: code = Unavailable desc = error reading from server: EOF

But I can list the queue (via API) The certificates is valid (pub, key and ca) I test with:

  • kubemq TLS (security option) and reverse proxy for API
  • kubemq without TLS and reverse proxy for API, REST and gRPC

I looked the exchanges of kubemq queues send qdock1 'hello word 1' with the server: With TLS or without TLS: i can read all exchanges

— Reply to this email directly, view it on GitHub https://github.com/kubemq-io/kubemq-community/issues/29, or unsubscribe https://github.com/notifications/unsubscribe-auth/AK5WGXBAGNB2RPUHTC5OSE3WMCJ4LANCNFSM6AAAAAASW3EUWQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

Ultchad commented 1 year ago

With kubemqctl

$ openssl s_client -connect server.domain:9090 <<< '' | openssl x509 > server.crt
$ kubemqctl config
? Select Connection Type: Direct
? Set Kubemq Host: server.domain
? Set Kubemq gRPC port interface: 50000
? Set Kubemq Rest port interface: 9090
? Set Kubemq Api port interface: 8080
? Set default interface: grpc
? Configure access control Yes
? Set SSL Secured connection ? Yes
? Set cert file path: ./server.crt
? Would you like to set connection ClientId ? No
? Would you like to set JWT Authentication token ? No
? Would you like to set license information?: No
Configuration completed and saved.

$ kubemqctl queues send qdock1 'hello word 1'
Sending Queue Message:
{
    "id": "",
    "channel": "qdock1",
    "client_id": "4f49d68a-c700-47fb-b66e-1f1708b4dba6",
    "body_string": "hello word 1"
}
Response:
{
    "message_id": "ZgF6BTReA4o2Ubwq20LTxq",
    "sent_at": "2022-12-07 16:06:40.756"
}

The kubemqctl client work but kubemq client not Should we use kubemqctl from other reposity instead kubemq command (from this repository) ?

kubemq commented 1 year ago

If kubemqctl works this mean that the connectivity is working. check you client code

Ultchad commented 1 year ago

I am using kubemq-community client, kubemq command from this repository They don't have the option to set a certificate on the client I don't understant , i re send my last question: Should we use kubemqctl from other reposity instead kubemq command (from this repository) ? (This is not a client I coded, it's your client)