Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rabbitmq_web_mqtt/rabbitmq_web_stomp plugins do not enable ssl ports #1677

Closed
tim3453456 opened this issue Jul 17, 2024 · 2 comments · Fixed by #1735
Closed

rabbitmq_web_mqtt/rabbitmq_web_stomp plugins do not enable ssl ports #1677

tim3453456 opened this issue Jul 17, 2024 · 2 comments · Fixed by #1735
Assignees
@Zerpet
Labels
bug Something isn't working
Milestone
v2.11.0

Comments

@tim3453456
Copy link

Describe the bug

When enabling the plugins rabbitmq_web_stomp or rabbitmq_web_mqtt in combination with tls, the generated statefulset resource does not add the corresponding ports for the plugins. This only happens for the ssl ports. The default non-ssl ports work as expected. Other plugins like plain rabbitmq_stomp or rabbitmq_mqtt also work as expected, for both ssl and non-ssl ports.

To Reproduce

Steps to reproduce the behavior:

  1. kubectl apply -f rabbitmq.yml
  2. look at the generated statefulset/pods/services in namespace rabbit-combined
  3. There are no mentions of ports 15673 (web_stomp_tls) or 15676 (web_mqtt_tls)
  4. Ports 15674 (web_stomp) and 15675 (web_mqtt) are present, as expected
  5. Logs for rabbitmq-operator do not show any errors or warnings
rabbitmq.yml 
apiVersion: v1
kind: Namespace
metadata:
name: rabbit-combined
---
apiVersion: v1
kind: Secret
metadata:
name: rabbit-combined-tls
namespace: rabbit-combined
type: Opaque
stringData:
tls.crt: |
  -----BEGIN CERTIFICATE-----
  MIIGGzCCBAOgAwIBAgIUYaTbsG6raZB1BveSKWKZvoHc7o8wDQYJKoZIhvcNAQEL
  BQAwgZwxCzAJBgNVBAYTAkRFMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcM
  CENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFu
  eVNlY3Rpb25OYW1lMTMwMQYDVQQDDCpjb21iaW5lZC5yYWJiaXQtY29tYmluZWQu
  c3ZjLmNsdXN0ZXIubG9jYWwwHhcNMjQwNzE3MDc1ODA0WhcNMzQwNzE1MDc1ODA0
  WjCBnDELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI
  Q2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55
  U2VjdGlvbk5hbWUxMzAxBgNVBAMMKmNvbWJpbmVkLnJhYmJpdC1jb21iaW5lZC5z
  dmMuY2x1c3Rlci5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
  AJ56YmFlz7csAcdQFTBjP5x8I7OYS737MfHdoAIr3dMLT32u+hC5/MyArok9FGpI
  rAaCL1raw5W09Tk9sQSOCCq+DXlKMOucLe5aWGZ+rPGgnmSD951pWqpxkLpPy7MZ
  6AQaKqBgv8e6scgJ/4fe/8LVVX0g5mpeJ9xzCuSjimF0tO4Zo6eOJvRGJ45xeYfa
  cRWiR0j+MCtcVJiQpbtD39esriGDz96hH89twX4oZ6qPAI4W0TpBP5RspbcU3tID
  8fIyI3DNBoWjHVcX94sMxmwTQVmzpTSKZDI4YA67dDEJP2c+N6Cf7dXr7wmazBna
  ABHXGrOugJMgVQvwIq/IU93xPrRAGt90tu+d/8tIYWd+0B76L2iTq+Gf07S87c1e
  5Dhf7jejfBlca0ZxqWrfGu88U984YvaNjhZ71NxoUbYjGtiRbEPGJn7ODT4gKEd0
  btOCOIGvhZGxDx0hXOxgpu3xXi6KxgFQuFrXEXqSNBLHCsBn8umP/LJP3/g4yFmi
  Uni9hyYP0Rc1ChAFM55WdXL9aWs0nK4LEqgPklXgP4ecIWsuboZRmo719v1zUTQM
  B3jeWPPOqEqh964brmt2ZsHRfj3qhG6q6jjg8UGm4HXEUuAXMW+clhqCf6Gi/tp6
  RDjNhIGfuWYVjUk1ZURbBX+yIqmi/II4TLFtnsmeRQ4RAgMBAAGjUzBRMB0GA1Ud
  DgQWBBR0FMeJwNuPLAU6Eb+nHo+swnhJnzAfBgNVHSMEGDAWgBR0FMeJwNuPLAU6
  Eb+nHo+swnhJnzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA7
  caAxZviIUXLNHr8kEuTqvOaHgXNamLclkN6Ty2+m+vEKzWsIoMXH76oUlLjYaler
  W42wHfZ/zx43YxyJkix5qnSQqP1i4hi9U79IEkhKsA8i6KHkg04xAcU1YTD0IzvM
  t/NY0cFne7PyVKjfhtrNL0sBHCGJHiLrR4ImBj7D4FXb9/CYUdu43jUABIiDy70B
  nAOqGP4zehkrd+6YFhZWtnM3hg+wWAPsrP4kmFcoPny4W1AZyUkc6UUOl77AgnzM
  tJem89dXK2MQkCSuuFC+ssr/YijeAyBTuiIC59KZx80nBM8Ur3auAcjidWPS+t5B
  zC7PcZdAH75BZG88+J+EEJInfveJodbih5mz7E7f4WGMxk82hJl3AxeVB3HMg08n
  UE6iHExTdLd7DXnZZmfZkkI/wdzPnF4lIrU+R5nLjldLB0OOTpT8ez4Vb5tkcP5O
  gdrFp/eA2oS2+b2Ym0/J4nf2Sy/Hapkx/lJ25ocnE3TEldbg+ry56FtW20qdQrkY
  aT7scfL5E2wtynOW1dGqJ1lWtHTkjnl7X4rRhQGduTNsjki3a3mNsQKG/G8LjOAL
  BVdmXOsAKBy7OjkGxR4UrW+gLKdAB2XqWSwsv9xMdAGHGL1Kz/RYLJuoX662RTzy
  jQr6HDFcA5iJt7h9YpJFFIvRaJdCQzCuewFt24Cj5Q==
  -----END CERTIFICATE-----
tls.key: |
  -----BEGIN PRIVATE KEY-----
  MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCeemJhZc+3LAHH
  UBUwYz+cfCOzmEu9+zHx3aACK93TC099rvoQufzMgK6JPRRqSKwGgi9a2sOVtPU5
  PbEEjggqvg15SjDrnC3uWlhmfqzxoJ5kg/edaVqqcZC6T8uzGegEGiqgYL/HurHI
  Cf+H3v/C1VV9IOZqXifccwrko4phdLTuGaOnjib0RieOcXmH2nEVokdI/jArXFSY
  kKW7Q9/XrK4hg8/eoR/PbcF+KGeqjwCOFtE6QT+UbKW3FN7SA/HyMiNwzQaFox1X
  F/eLDMZsE0FZs6U0imQyOGAOu3QxCT9nPjegn+3V6+8JmswZ2gAR1xqzroCTIFUL
  8CKvyFPd8T60QBrfdLbvnf/LSGFnftAe+i9ok6vhn9O0vO3NXuQ4X+43o3wZXGtG
  calq3xrvPFPfOGL2jY4We9TcaFG2IxrYkWxDxiZ+zg0+IChHdG7TgjiBr4WRsQ8d
  IVzsYKbt8V4uisYBULha1xF6kjQSxwrAZ/Lpj/yyT9/4OMhZolJ4vYcmD9EXNQoQ
  BTOeVnVy/WlrNJyuCxKoD5JV4D+HnCFrLm6GUZqO9fb9c1E0DAd43ljzzqhKofeu
  G65rdmbB0X496oRuquo44PFBpuB1xFLgFzFvnJYagn+hov7aekQ4zYSBn7lmFY1J
  NWVEWwV/siKpovyCOEyxbZ7JnkUOEQIDAQABAoICAAiU/hDiL45uzqXZe1xEc6Ro
  wJIwNCHUoY7Efq6/a2LLYQGgYSBYwgzdBxadfSaISvCLSj80S5Um2ITCB30EqAKQ
  ijBASUfpDD+1GsZqI7luBkXRM66NjwBd6AV+3rwTMhJOzHIk6x3IyWnYyMK128nU
  Pa3qAzBNawEwJa3eAVdnt4iRUOB4/TkLN4cqM/ecZ7VRNWUJhthCRr6ATslGUq/e
  RQvBlJcsyIk2G11WmM6Osev/5lKuR+AkxhCVC7/5wLdp6atpHupLvAIEZT5dcb1W
  iZpu9QpUWDqz/NevZQpmws03fFGxd3K3NRmjDVx1Br3wlRyX3ZSaEqDz3xz/zzLG
  1FayAeS/JuzI8uLFxf2UwPZ5Tt27Ukc0apxsVxepNFyYggOnpTAvGrJGB8ip+3E1
  BEiCing+DeLLB9tmHzm7PHxt45g+1B1GvmlzTH/prte/Hu45drLMPl0kq6tR8nnu
  Gd9BBkkqlajV5JwA+IbRyah9c2qtQcc69ekgBw0/MEdmnhAx92379dqm+6N0Akm5
  DCIG4H5gPE5SsBEgZ8CQ1oCIgWvNOz7DPnTYeXPccNyKPl2b2/ebrQYMwz0rsprk
  6AkBMjyBxHMrRm7nCqA9KCVUiLxK6cIqEUJVBy2BofZIzKUJxQv3AmXNZWU3ZCnp
  WMTHLCGAO1+2QnGCKICxAoIBAQDOVWWhxF3DMnIA8ZBnNibbwjx49mctqZvdO0bH
  GHf4FPuicjeDA9SfahOkf2NiGu2fkFIQwJgkYGd63iHt/tPSKh254gi9/cjF69Br
  eFmBgrSwI66m7ha7GQEcxvjME1PshCnEE1qj+mQlgDXLzoAJajwUmDipIJ4jY6ul
  KR0rA3agDO8E6hEAq+thvYevb6I3I2zC++WwzVmTxpuqQHgmgt/f3DZKdDeJpn04
  S+uctL0szYZBfFSxGN5QCvUsE9v8fsX/VHrwSxKQyhMnSRJVT1UzIgUVG8X2wH+Y
  n3vsLA8OZ5P5nCTCa3Mm50XwPQVvqUqG45uVjCXEkJa8qkHFAoIBAQDEoA3j514O
  ctKYZAQnu2u4AXYkN/4jktx3zop00oU0UJYM29p/evMigSKXWUxkZR+DssdOg/G9
  ow4UwOLfsp13zenq8SeY+eOhSpo7lFwCvLKyJlPoIy7dWjO/R4so0xZoHvPCnpWW
  rpGq5i03wGddulIKgbStHta8PIcCQuLcCl4FIpZBiL/9s910e1Ke0Xdgpf9hgT4F
  ZKTmPGmas+Zfiq5KdpdkfIp1Pj6qqTeQPF+Sdk25ffE0s7IqCi8r+NVG1DHu2UUF
  yZGFxsyUZlFYDDxJ+rn5FWkdyQ76CKB/j9ZzO/UMdwH86DcpmZOagftXRX+31sdN
  ydrRE/xzGJvdAoIBAQCfrMya1Jju/zHkcwyaIvkNZhJgVedhGfmpyj6qws/Mp4hY
  nWVCOYuo1nFfAspJWKd9rTUlC7ZxqD1Mg2zkfik0Yi1g9YBob2aZbDV9hcRWim0E
  RojZXDUxE1eeCojtfSOcTGb5+zRQ4+vubXq0PxkssA7QrUBj+f8HShHCHcAZ0nNR
  xtCOEAmaaHEe0YqYhJ6XZw27Ey8clL32s2Mx7PROcUeJOSS2l5uHJdWP5IjwW5pu
  epqkQPBVoPYiIWi8dJ3wl7boMlt1a9NxQ0BxTYYniN5ZVMF0JWsc2rmjxgAjs7Dv
  J88HAwQbhQW3HJEuKjrzv6ISIz/7ClsL9A0C8gs1AoIBAGXvdEQK1sA21ucaMu1G
  RPoIB++O97oJkTKraSxXV6dff+r6r7QXUaU5vW0pZmlF46irLpiN3u2pcstflD7U
  or5Riku66gRsyI391ye8Kldg7GNfa3CVjN5EvT8VIBfyF1OzeDwVawfLSMmIuziE
  DxKQXagExl5Z9olv9648btAUr9mJrMwc0Sv963lP1e1wOqtoY5VxI244VyTlfPou
  +efeRa1k/eeiiUVvF53yTFQCeKm9m13m5P2li2AwF3R8dFVb/OcOzLHLZh4sijMF
  OHalITxZN8DiULSYX6NQhaScNVlYZBoqOGWdHbv7WoJnkJ4V8bilKH4zf7WU3vPs
  diECggEBAJxCOGv+BhT/qLZualg8YwhaIVUYIBSGTFtBBInAr/zr6bYyLWTcQ+/U
  32rPqARLnmTAJRtIRycQXpWvE7BF2JfFklrFKOKnWrDzMlNwAVCqUUg9Eg/Lvtgt
  C83KkSmHyeEQCSnnIEEet9W7hitC0E9E4vbSr075tMB6GFhC+kMG9YmHGWpPGcls
  mCL9UPlJ3AGU3HbG9byJEGHHDcshF2WotKbNfIrqCeXCCW6XQGhmbXWjSrqnC1q0
  3EAFDye77fsjV1gBc/D2S9o99bu4BYyNjmWRyw0rfJ3Wwn8p8AaEROQ8UeEyZFXM
  I9YDnrg+8J73C0fp//lVrsmpf5KtKmI=
  -----END PRIVATE KEY-----
---
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: combined
namespace: rabbit-combined
spec:
image: docker.io/rabbitmq:3.13.4-management
persistence:
  storage: 10Gi
rabbitmq:
  additionalConfig: |
    log.console.formatter = json
    web_mqtt.ssl.port       = 15676
    web_mqtt.ssl.backlog    = 1024
    web_mqtt.ssl.cacertfile = /etc/rabbitmq-tls/tls.crt
    web_mqtt.ssl.certfile   = /etc/rabbitmq-tls/tls.crt
    web_mqtt.ssl.keyfile    = /etc/rabbitmq-tls/tls.key
    web_stomp.ssl.port       = 15673
    web_stomp.ssl.backlog    = 1024
    web_stomp.ssl.cacertfile = /etc/rabbitmq-tls/tls.crt
    web_stomp.ssl.certfile   = /etc/rabbitmq-tls/tls.crt
    web_stomp.ssl.keyfile    = /etc/rabbitmq-tls/tls.key
  additionalPlugins:
  - rabbitmq_mqtt
  - rabbitmq_stomp
  - rabbitmq_web_mqtt
  - rabbitmq_web_stomp
replicas: 3
resources:
  limits:
    cpu: "2"
    memory: 4Gi
  requests:
    cpu: 100m
    memory: 128Mi
service:
  type: ClusterIP
tls:
  disableNonTLSListeners: false
  secretName: rabbit-combined-tls
rabbitmq-operator-values.yml 
clusterOperator:
image:
 repository: rabbitmqoperator/cluster-operator
 tag: 2.9.0
metrics:
 containerPorts:
   http: 9782
 enabled: true
global:
imageRegistry: docker.io

Expected behavior
Ports 15673 and 15676 should be enabled in statefulset/pod/service

Version and environment information

  • RabbitMQ: 3.13.4
  • RabbitMQ Cluster Operator: 2.9.0
  • Kubernetes: 1.28
  • Cloud provider or hardware configuration: Tanzu Kubernetes Grid Integrated Edition (TKGI)

Additional context

There seems to be a similar Issue, that was solved with this merge request: #889
@tim3453456 tim3453456 added the bug Something isn't working label Jul 17, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the stale Issue or PR with long period of inactivity label Sep 16, 2024
@Zerpet Zerpet removed the stale Issue or PR with long period of inactivity label Sep 25, 2024
@Zerpet Zerpet self-assigned this Sep 25, 2024
@Zerpet
Copy link
Collaborator

Zerpet commented Sep 25, 2024

It looks like web mqtt/stomp TLS ports are opened only if mutual TLS is configured via spec.tls.caSecretName. I'm not sure what's the reason for this. I have some reading to do 🙂

@Zerpet Zerpet mentioned this issue Sep 26, 2024
Merged
@Zerpet Zerpet added this to the v2.11.0 milestone Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zerpet Zerpet

Labels
bug Something isn't working
Projects
None yet
Milestone
v2.11.0
Development

Successfully merging a pull request may close this issue.

Update condition to enable Web MQTT/STOMP TLS ports rabbitmq/cluster-operator
2 participants
@Zerpet @tim3453456