-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Settings in rabbitmq.config seem to be ignored #2
Comments
Could you please double check that the rabbitmq.config you modified is the one that is used by RabbitMQ? The config file is indicated in log file (right below the logo) or in the Web management (Overview > Node). |
Yes, I am quite certain I am editing the correct config file.
|
I have troubles reproducing the problem. I suspect there is a typo in the config, but what you posted above works fine for me. In Which RabbitMQ version are you using? |
Yes, rabbit_auth_backend_ip_range and rabbitmq_auth_backend_ip_range. I am using RabbitMQ 3.5.6 on Windows 7 64-bit. |
Thinking it might be a Windows problem, I have tried on both Mac and Linux. I have been unable to get those working either - in fact I can't see to get it to reject any requests under those OSs. What OS are you testing with? If there are way to trigger more logging by the plugin? |
I confirm there is an issue with RabbitMQ 3.5.6-- the plugin is never consulted. |
Thanks! While you are in there fixing that, I see the plugin logs a line when a user does not match the IP range. It would be useful if it logged something either way - match or no match. This would be very helpful when debugging. |
False hopes. I still did not reproduce the bug. However, I released v0.1.1 with some additional logging. Please install the updated plug-in and enable RabbitMQ debug logging in your rabbitmq.config as follows:
With this your plugin should log both negative and positive matches. If it does not help I will do another release with even more logs. |
I have tried the new version. On Windows, the behavior is the same. Here's my entire config file: [ With a user tagged 'tag999' from an external IP address (should get denied): =INFO REPORT==== 29-Oct-2015::14:26:13 === With an untagged user from an external IP address (should get denied): =INFO REPORT==== 29-Oct-2015::14:28:27 === And with a user tagged 'ip-private' from an external IP address (should get denied but for a different reason): =WARNING REPORT==== 29-Oct-2015::14:19:54 === On Linux I still see nothing in indicate the plugin is logging anything. =INFO REPORT==== 29-Oct-2015::15:25:55 ===
=INFO REPORT==== 29-Oct-2015::15:27:25 === =INFO REPORT==== 29-Oct-2015::15:27:27 === =INFO REPORT==== 29-Oct-2015::15:27:27 === I know rabbit is loading and parsing my config correctly because when I purposely modify the file so it is invalid, rabbit report the error and does not start. So I am not sure what is going on here, but clearly the plugin is still using the settings with in the app file, and not the settings in my config file. Perhaps the next debugging step would be for the plug in to echo the configuration to the log file, and maybe a line at start up that says it is running? |
Hey, you have a typo in your rabbitmq.config! (Sorry that it took so long, I didn't realize this could be the issue.) You have: [
{rabbit,
[
{log_levels, [{default, debug}]},
...
,
{rabbitmq_auth_backend_ip_range,
[
...
{default_masks, [<<"0.0.0.0/32">>]}
]}
]}
]. But correct is: [
{rabbit,
[
{log_levels, [{default, debug}]},
...
]},
{rabbitmq_auth_backend_ip_range,
[
...
{default_masks, [<<"0.0.0.0/32">>]}
]}
]. The I will fix the documentation to clarify this aspect. Thanks for your patience and cooperation. |
Settings in rabbitmq.config seem to be ignored. For example, I have installed the plug-in, and edited my configuration like so:
{auth_backends, [{rabbit_auth_backend_internal, [rabbit_auth_backend_internal, rabbit_auth_backend_ip_range]}]},
{rabbitmq_auth_backend_ip_range, [{tag_masks, [{'ip-private', [<<"::FFFF:127.0.0.1/128">>]}]}, {default_masks, [<<"::0/0">>]}]}
Then I have tried sending a message as a user tagged with 'ip-private' from 127.0.0.1 to RabbitMQ. I see the following error message in the log file.
=WARNING REPORT==== 20-Oct-2015::15:26:32 ===
Address 127.0.0.1 not matching any of [ 192.168.0.0/16 ::FFFF:192.168.0.0/112 ]
Those IP ranges listed are the ones present in the rabbitmq_auth_backend_ip_range.app file within the plugin.
I also tried creating some tags other than "ip-private" - these seems to have no effect at all.
No matter what I do, it seems as if the plugin is using the IP range settings in the rabbitmq_auth_backend_ip_range.app file.
I have tried reinstalling the rabbit server to make sure the config is reloaded.
Any idea what is wrong?
The text was updated successfully, but these errors were encountered: