PerfTest using TLS with EXTERNAL authentication

jgian...@applause.com

unread,

Mar 21, 2018, 7:34:45 PM3/21/18

to rabbitmq-users

Does anyone know if PerfTest will work using TLS with EXTERNAL authentication provided by the rabbitmq_auth_mechanism_ssl plugin? Using something like the URI below, I always get back a message saying "ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN.".

amqps://rab...@172.17.0.2/?cacertfile=/etc/cacert.pem&certfile=/etc/clientcert.pem&keyfile=/etc/clientkey.pem&auth_mechanism=external

The server shows an error like the below, but no other useful information.

=ERROR REPORT==== 21-Mar-2018::23:25:31 ===

Error on AMQP connection <0.12298.0> (172.17.0.3:45318 -> 172.17.0.2:5671, state: starting):

PLAIN login refused: user 'rabbit' - invalid credentials

It seems to fail the same way no matter which query string parameters I use. I know external authentication works on the server, as a Python client is able to connect fine. I just can't get PerfTest to use external auth. Anyone have any ideas?

Thanks.

-Jason

Luke Bakken

unread,

Mar 22, 2018, 11:10:34 AM3/22/18

to rabbitmq-users

Hi Jason,

Using PerfTest with TLS is documented here:

https://www.rabbitmq.com/java-tools.html#perf-test-tls

You'll have to use various system properties to configure which certificate files to use. Examples are given in that document. If you have issues getting it working, let us know.

Thanks,

Luke

Jason Giangrande

unread,

Mar 22, 2018, 12:45:53 PM3/22/18

to rabbitm...@googlegroups.com

Luke,

Thanks for the response.

PerfTest works fine with TLS with PLAIN authentication. My problem is trying to use EXTERNAL authentication as provided by the rabbitmq_auth_mechanism_ssl plugin with PerfTest. That is what is throwing the errors I sent. I can use PLAIN auth for my testing, but I'd prefer to use the same auth mechanism as services, which is why I asked if using EXTERNAL auth with PerfTest was possible.

---

Jason Giangrande • Senior Systems Engineer, Platform Delivery • Applause App Quality, Inc.

o: 774-388-0557 • c: 508-864-7836 • e: jgian...@applause.com

---

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Luke Bakken

unread,

Mar 22, 2018, 12:59:52 PM3/22/18

to rabbitmq-users

Hi Jason,

Got it. I looked around the PerfTest code and EXTERNAL doesn't appear to be supported at the moment. I'll work on adding it and will follow up here.

I agree it's always best to test with what you're going to use in production.

Thanks,

Luke

--

Staff Software Engineer
Pivotal / RabbitMQ

Jason Giangrande

unread,

Mar 22, 2018, 1:16:32 PM3/22/18

to rabbitm...@googlegroups.com

Thanks Luke. That would be awesome. Would you like me to submit a GitHub issue for this work? I have a work-around for now, but I'm happy to follow any necessary procedures to help expedite this feature.

Thanks again.

---

Jason Giangrande • Senior Systems Engineer, Platform Delivery • Applause App Quality, Inc.

o: 774-388-0557 • c: 508-864-7836 • e: jgian...@applause.com

---

--

Luke Bakken

unread,

Mar 22, 2018, 2:07:35 PM3/22/18

to rabbitmq-users

Hi Jason,

I've created an issue here if you'd like to subscribe to it:https://github.com/rabbitmq/rabbitmq-perf-test/issues/88

I have my environment set up to at least reproduce your situation and have added my RabbitMQ configuration as well as the error output to that issue.

Thanks,

Luke

On Thursday, March 22, 2018 at 10:16:32 AM UTC-7, Jason Giangrande wrote:

Thanks Luke. That would be awesome. Would you like me to submit a GitHub issue for this work? I have a work-around for now, but I'm happy to follow any necessary procedures to help expedite this feature.

Thanks again.

---
Jason Giangrande • Senior Systems Engineer, Platform Delivery • Applause App Quality, Inc.
o: 774-388-0557 • c: 508-864-7836

---

Luke Bakken

unread,

Mar 26, 2018, 4:57:54 PM3/26/18

to rabbitmq-users

Hello again -

The following PR adds EXTERNAL support via the --sasl-external command line argument:

https://github.com/rabbitmq/rabbitmq-perf-test/pull/91

Once this PR is reviewed and merged, a binary artifact will be available the next day for you to test with.

Thanks,
Luke

The variables in the command are absolute paths to the stores in my file system.

Jason Giangrande

unread,

Mar 28, 2018, 10:49:44 PM3/28/18

to rabbitm...@googlegroups.com

I tested 2.1.0.RC1 and can confirm that EXTERNAL auth works now. Thanks for the quick turn around Luke.

---

Jason Giangrande • Senior Systems Engineer, Platform Delivery • Applause App Quality, Inc.

o: 774-388-0557 • c: 508-864-7836 • e: jgian...@applause.com

---

--

Luke Bakken

unread,

Mar 29, 2018, 9:37:21 AM3/29/18

to rabbitmq-users

Great news! Thank you for testing it and letting the list know.

On Wednesday, March 28, 2018 at 7:49:44 PM UTC-7, Jason Giangrande wrote:

I tested 2.1.0.RC1 and can confirm that EXTERNAL auth works now. Thanks for the quick turn around Luke.

---
Jason Giangrande • Senior Systems Engineer, Platform Delivery • Applause App Quality, Inc.
o: 774-388-0557 • c: 508-864-7836 • e:

---

Reply all

Reply to author

Forward