MQTT broker bridges in RabbitMQ and scalability

Hi,

Is there any broker bridge concept against rabbitmq MQTT plugin , as there is one in Mosquito ?

And also how can we scale rabbit mq?

Can you refer any architectural diagram for RabbitMQ MQTT plugin.

Thanks ,

Ankur.

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 15/07/2014 7:45AM, Ankur5 C wrote:
> Is there any broker bridge concept against rabbitmq MQTT plugin , as
> there is one in Mosquito ?

You can connect RabbitMQ brokers using federation:
http://www.rabbitmq.com/federation.html

The underlying protocol is AMQP though.

Cheers, Simon

--
Simon MacMullen
RabbitMQ, Pivotal
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Hi,

I want the default user guest to work from remote host.

My rabbitmq config file looks like :
[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},    
                        {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                        {fail_if_no_peer_cert,false}]}]},
 {rabbitmq_mqtt, [{default_user,     <<"guest">>},
                  {default_pass,     <<"guest">>},
                        {loopback_users, []},
                  {allow_anonymous,  true},
                  {vhost,            <<"/">>},
                  {subscription_ttl, 1800000},
                  {prefetch,         10},
                  {ssl_listeners,    [8883]},
                  {tcp_listeners,    [1883]},
                  {tcp_listen_options, [binary,
                                        {packet,    raw},
                                        {reuseaddr, true},
                                        {backlog,   128},
                                        {nodelay,   true}]}]}
].


I have mentioned the {loopback_users, []} , and even after restarting the rabbitmq server my mqtt client is saying Not authorized to connect and the logs reveal , MQTT login failed for "guest" access_refused (access must be from localhost).

Please suggest.

From,local host all is well.


Thanks and Regards,
Ankur Chakraborty

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 18 July 2014 at 13:00:44, Ankur5 C ([hidden email]) wrote:
> > {loopback_users, []}

loopback_users is a RabbitMQ server config setting, not the MQTT plugin.

The example on http://www.rabbitmq.com/access-control.html includes it in
the "rabbit" app config.

It is also highly recommended to use a new user with non-obvious credentials
rather than enabling remote access for "guest". 
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Thanks , I am going to use a new user. Is it the right way . This time I am getting Bad user name or password (4). How to set up a new user ?

[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},    
                        {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                        {fail_if_no_peer_cert,false}]}]},
 {rabbitmq_mqtt, [{default_user,     <<"cto">>},
                  {default_pass,     <<"cto">>},
                        {allow_anonymous,  true},
                  {vhost,            <<"/">>},
                  {subscription_ttl, 1800000},
                  {prefetch,         10},
                  {ssl_listeners,    [8883]},
                  {tcp_listeners,    [1883]},
                  {tcp_listen_options, [binary,
                                        {packet,    raw},
                                        {reuseaddr, true},
                                        {backlog,   128},
                                        {nodelay,   true}]}]}
].

Thanks and Regards,
Ankur Chakraborty




From:        Michael Klishin <[hidden email]>
To:        Ankur5 C <[hidden email]>
Cc:        Legacy list about RabbitMQ <[hidden email]>
Date:        18-07-2014 14:33
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

---

On 18 July 2014 at 13:00:44, Ankur5 C ([hidden email]) wrote:
> > {loopback_users, []}

loopback_users is a RabbitMQ server config setting, not the MQTT plugin.

The example on http://www.rabbitmq.com/access-control.html includes it in
the "rabbit" app config.

It is also highly recommended to use a new user with non-obvious credentials
rather than enabling remote access for "guest". 
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

 On 18 July 2014 at 13:17:40, Ankur5 C ([hidden email]) wrote:
> > This time I am getting Bad user name or password (4). How to set  
> up a new user ?

rabbitmqctl add_user:
http://www.rabbitmq.com/man/rabbitmqctl.1.man.html

> {rabbitmq_mqtt, [{default_user, <<"cto">>},
> {default_pass, <<"cto">>},

Using the same password as username is a terrible practice.
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Thanks , I am going to use a new user. Is it the right way . This time I am getting Bad user name or password (4). How to set up a new user ?

[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},    
                        {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                        {fail_if_no_peer_cert,false}]}]},
 {rabbitmq_mqtt, [{default_user,     <<"cto">>},
                  {default_pass,     <<"cto">>},
...

Just to throw in my 2c, the default_user/default_pass are only applied in the broker when it starts up with an empty database, so when it first starts or after a rabbitmqctl reset. So, whilst you could do that, Michael's suggestion of using rabbitmqctl add_user is virtually always what you want.

Hope that's useful.

Thanks and Regards,
Ankur Chakraborty




From:        Michael Klishin [hidden email]
To:        Ankur5 C [hidden email]
Cc:        Legacy list about RabbitMQ [hidden email]
Date:        18-07-2014 14:33
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

---

On 18 July 2014 at 13:00:44, Ankur5 C ([hidden email]) wrote:
> > {loopback_users, []}

loopback_users is a RabbitMQ server config setting, not the MQTT plugin.

The example on http://www.rabbitmq.com/access-control.html includes it in
the "rabbit" app config.

It is also highly recommended to use a new user with non-obvious credentials
rather than enabling remote access for "guest". 
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Also sharing my client code : Do I need to use any user name and password
at the client end?

try {

                        client = new MqttClient(
"tcp://ec2-54-179-77-171.ap-southeast-1.compute.amazonaws.com:1883",
"AmazonTest");

                        client.connect();

                        System.out.println("Connection status :: "+client
.isConnected());

                        int i=0;
                        MqttMessage message = new MqttMessage();
                        while(true){
                                try {
                                        i++;
                                        Thread.sleep(1000);
                                        message.setPayload(("Hii I am Raspberry
PI!!!"+Integer.toString(i)).getBytes());
                                        client.publish("Raspberry/test", message);
                                } catch (InterruptedException e) {
                                        // TODO Auto-generated catch block
                                        e.printStackTrace();
                                }
                        }


                } catch (MqttException e) {
                        e.printStackTrace();
                }
        }

Thanks and Regards,
Ankur Chakraborty
Tata Consultancy Services
Mailto: [hidden email]
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
                        Business Solutions
                        Consulting
____________________________________________



From: Ankur5 C/KOL/TCS
To: Michael Klishin <[hidden email]>
Cc: Legacy list about RabbitMQ
            <[hidden email]>
Date: 18-07-2014 14:46
Subject: Re: [rabbitmq-discuss] MQTT login failed for "guest"
            access_refused even after mentioning loopback_users


Thanks , I am going to use a new user. Is it the right way . This time I am
getting Bad user name or password (4). How to set up a new user ?

[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},
                        {ssl_options,
[{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                        {fail_if_no_peer_cert,false}]}]},
 {rabbitmq_mqtt, [{default_user,     <<"cto">>},
                  {default_pass,     <<"cto">>},
                        {allow_anonymous,  true},
                  {vhost,            <<"/">>},
                  {subscription_ttl, 1800000},
                  {prefetch,         10},
                  {ssl_listeners,    [8883]},
                  {tcp_listeners,    [1883]},
                  {tcp_listen_options, [binary,
                                        {packet,    raw},
                                        {reuseaddr, true},
                                        {backlog,   128},
                                        {nodelay,   true}]}]}
].

Thanks and Regards,
Ankur Chakraborty





From: Michael Klishin <[hidden email]>
To: Ankur5 C <[hidden email]>
Cc: Legacy list about RabbitMQ
            <[hidden email]>
Date: 18-07-2014 14:33
Subject: Re: [rabbitmq-discuss] MQTT login failed for "guest"
            access_refused even after mentioning loopback_users



On 18 July 2014 at 13:00:44, Ankur5 C ([hidden email]) wrote:
> > {loopback_users, []}

loopback_users is a RabbitMQ server config setting, not the MQTT plugin.

The example on http://www.rabbitmq.com/access-control.html includes it in
the "rabbit" app config.

It is also highly recommended to use a new user with non-obvious
credentials
rather than enabling remote access for "guest".
--
MK

Staff Software Engineer, Pivotal/RabbitMQ


=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you



_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

 On 18 July 2014 at 13:43:32, Ankur5 C ([hidden email]) wrote:
> > Also sharing my client code : Do I need to use any user name and  
> password
> at the client end?

You can configure MQTT plugin to not perform authentication as authentication
is optional in MQTT:
http://www.rabbitmq.com/mqtt.html

If you ask me, this is a terrible MQTT feature (and in fact
I know that some MQTT-based services reject unauthenticated clients).
But if you use default_user and default_pass, you do not need to provide
any credentials. That's why default_user/default_pass are there.

Again, this is pretty clearly documented in http://www.rabbitmq.com/mqtt.html.
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

ok , great i will use guest as default user and pass.

This is my rabbit config file :

[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},    
                        {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                                {fail_if_no_peer_cert,false}]}]},
 {rabbitmq_mqtt, [{default_user,     <<"guest">>},
                  {default_pass,     <<"guest">>},
                  {allow_anonymous,  true},
                  {vhost,            <<"/">>},
                  {subscription_ttl, 1800000},
                  {prefetch,         10},
                  {ssl_listeners,    [8883]},
                  {tcp_listeners,    [1883]},
                  {tcp_listen_options, [binary,
                                        {packet,    raw},
                                        {reuseaddr, true},
                                        {backlog,   128},
                                        {nodelay,   true}]}]}
].

Please let me know where should I provide the loopback_users ?


Ankur Chakraborty
Tata Consultancy Services
Plot C, Block EP ,
Salt Lake Electronics Complex
Kolkata - 700091,West Bengal
India
Ph:- +913366367304
Buzz:- 4337304
Mailto: [hidden email]
Website: http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Consulting
____________________________________________



From:        Michael Klishin <[hidden email]>
To:        Ankur5 C <[hidden email]>
Cc:        Legacy list about RabbitMQ <[hidden email]>
Date:        18-07-2014 15:22
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

---

 On 18 July 2014 at 13:43:32, Ankur5 C ([hidden email]) wrote:
> > Also sharing my client code : Do I need to use any user name and  
> password
> at the client end?

You can configure MQTT plugin to not perform authentication as authentication
is optional in MQTT:
http://www.rabbitmq.com/mqtt.html

If you ask me, this is a terrible MQTT feature (and in fact
I know that some MQTT-based services reject unauthenticated clients).
But if you use default_user and default_pass, you do not need to provide
any credentials. That's why default_user/default_pass are there.

Again, this is pretty clearly documented in http://www.rabbitmq.com/mqtt.html.
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

 On 18 July 2014 at 14:33:02, Ankur5 C ([hidden email]) wrote:
> > Please let me know where should I provide the loopback_users  
> ?

This is documented with an example in http://www.rabbitmq.com/access-control.html:
[{rabbit, [{loopback_users, []}]}].

So, in your case it becomes

{rabbit,        [{loopback_users, []}
                 {tcp_listeners,  [5672]},
                 {ssl_listeners,  [5671]},    
                 {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                                {certfile,"/etc/rabbitmq/server/cert.pem"},
                                {keyfile,"/etc/rabbitmq/server/key.pem"},
                                {verify,verify_peer}]}
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Hi,

Just wanted to know using Paho java client how can I connect a rabbit mq mqtt broker using username and password.

At the broker side I have to add user and password and add the user from rabbitmq ctl. Then what should be done at the paho java client end ?

Please suggest with example.

Thanks and Regards,
Ankur Chakraborty

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 22 July 2014 at 10:52:11, Ankur5 C ([hidden email]) wrote:
> > Just wanted to know using Paho java client how can I connect a
> rabbit mq mqtt broker using username and password.
>
> At the broker side I have to add user and password and add the user
> from rabbitmq ctl. Then what should be done at the paho java client
> end ?
>
> Please suggest with example.

Ankur,

You don't need to configure anything
in the Paho Java client, just provide a URI, client-id and (possibly) client WAL/persister.

This is what two MqttClient constructors do:
http://www.eclipse.org/paho/files/javadoc/index.html

Also, you do not technically have to add a new user to RabbitMQ but if you connect
from remote hosts and want to use reasonable security practices, that's a good idea.

That said, in the latter case non-authenticated connections is not what you want.
--
MK

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

So if I do not use SSL , in that case how does the authentication occur? Anyone who is aware of the uri can post data to a topic with a client id ?

What is the significance of the user and pass (mentioned as default user and pass) mentioned in the rabbit config file?

I am using the default one and using the tag   loopback_users, []   for connecting from remote host. All is working fine.

Thanks and Regards,
Ankur Chakraborty




From:        Michael Klishin <[hidden email]>
To:        Ankur5 C <[hidden email]>
Cc:        Legacy list about RabbitMQ <[hidden email]>
Date:        22-07-2014 15:53
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

---

On 22 July 2014 at 10:52:11, Ankur5 C ([hidden email]) wrote:
> > Just wanted to know using Paho java client how can I connect a
> rabbit mq mqtt broker using username and password.
>
> At the broker side I have to add user and password and add the user
> from rabbitmq ctl. Then what should be done at the paho java client
> end ?
>
> Please suggest with example.

Ankur,

You don't need to configure anything
in the Paho Java client, just provide a URI, client-id and (possibly) client WAL/persister.

This is what two MqttClient constructors do:
http://www.eclipse.org/paho/files/javadoc/index.html

Also, you do not technically have to add a new user to RabbitMQ but if you connect
from remote hosts and want to use reasonable security practices, that's a good idea.

That said, in the latter case non-authenticated connections is not what you want.
--
MK

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 22 July 2014 at 15:41:40, Ankur5 C ([hidden email]) wrote:
> > So if I do not use SSL , in that case how does the authentication  
> occur?

If you configure RabbitMQ to verify peer, the client will be authenticated.
Paho can be configured to perform TLS verification, too.

http://www.rabbitmq.com/ssl.html

Different clients expose different APIs for enabling/disabling peer verification.
There are 3 examples that demonstrate how MQTT clients can be set up to use TLS
with peer verification, including 2 Paho clients (Java and Python):

https://github.com/michaelklishin/mqtt-tls-playground

> Anyone who is aware of the uri can post data to a topic with  
> a client id ?

You do not post data to URIs in MQTT. You open a long-running connection
using a URI and client-id, then publish messages using a separate protocol
frame (which clients expose as a separate API function/method).

In Paho, the method is MqttClient#publish:
http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttClient.html#publish(java.lang.String, byte[], int, boolean)

Sorry to point this out but this is really basic  ,
a software engineer should be able to figure this out on her own quite quickly.

> What is the significance of the user and pass (mentioned as default  
> user and pass) mentioned in the rabbit config file?

We are going in circles on this. This is documented quite clearly:
http://www.rabbitmq.com/mqtt.html

> I am using the default one and using the tag loopback_users, []  
> for connecting from remote host. All is working fine.

That can work but now it is possible to connect to your RabbitMQ node
using well-known credentials of an administrative user. Doesn't sound incredibly
secure to me.
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

I guess I am not able to clarify my question.

Ok let me pose this like , is there any other mode of authentication other than TLS ?

When we create topics , is there any feature of role / user based access of those topics?

Thanks and Regards,
Ankur Chakraborty




From:        Michael Klishin <[hidden email]>
To:        Ankur5 C <[hidden email]>
Cc:        Legacy list about RabbitMQ <[hidden email]>
Date:        22-07-2014 17:22
Subject:        Re: [rabbitmq-discuss] MQTT login failed for "guest" access_refused even after mentioning loopback_users

---

On 22 July 2014 at 15:41:40, Ankur5 C ([hidden email]) wrote:
> > So if I do not use SSL , in that case how does the authentication  
> occur?

If you configure RabbitMQ to verify peer, the client will be authenticated.
Paho can be configured to perform TLS verification, too.

http://www.rabbitmq.com/ssl.html

Different clients expose different APIs for enabling/disabling peer verification.
There are 3 examples that demonstrate how MQTT clients can be set up to use TLS
with peer verification, including 2 Paho clients (Java and Python):

https://github.com/michaelklishin/mqtt-tls-playground

> Anyone who is aware of the uri can post data to a topic with  
> a client id ?

You do not post data to URIs in MQTT. You open a long-running connection
using a URI and client-id, then publish messages using a separate protocol
frame (which clients expose as a separate API function/method).

In Paho, the method is MqttClient#publish:
http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttClient.html#publish(java.lang.String, byte[], int, boolean)

Sorry to point this out but this is really basic  ,
a software engineer should be able to figure this out on her own quite quickly.

> What is the significance of the user and pass (mentioned as default  
> user and pass) mentioned in the rabbit config file?

We are going in circles on this. This is documented quite clearly:
http://www.rabbitmq.com/mqtt.html

> I am using the default one and using the tag loopback_users, []  
> for connecting from remote host. All is working fine.

That can work but now it is possible to connect to your RabbitMQ node
using well-known credentials of an administrative user. Doesn't sound incredibly
secure to me.
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 22 July 2014 at 16:00:08, Ankur5 C ([hidden email]) wrote:
> > Ok let me pose this like , is there any other mode of authentication  
> other than TLS ?

With MQTT you can authenticate using username & password or bypass authentication
and use TLS peer verification. Authentication mechanisms in MQTT (the protocol, not the plugin)
are not pluggable.

RabbitMQ will support TLS certificate authentication [1] for MQTT, too, but currently does not.

> When we create topics , is there any feature of role / user based  
> access of those topics?

RabbitMQ itself has fairly flexible authorization:
http://www.rabbitmq.com/access-control.html

but MQTT (the protocol) does not have the concept of topic authorization as of 3.1.1.
So while you can restrict e.g. publishing for MQTT clients (internally, the amq.topic exchange
is used by the MQTT plugin), there is no good way to indicate authorization failures
to MQTT clients.

This is a subject of ongoing debate in the MQTT community, unfortunately, I'm not aware of
any suggested improvements for the future spec revisions. 

1. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Hi,

Is there any plan to implement rabbitmq's topic authorization and authentication ? Our requirement is the same as mentioned in :

https://stormpath.com/blog/lightweight-authentication-and-authorization-for-mqtt-with-stormpath/

Topic based authorization and authentication is required against the MQTT plugin of rabbitmq.



Thanks and Regards,
Ankur Chakraborty

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

On 29 July 2014 at 09:25:39, Ankur5 C ([hidden email]) wrote:
> > Is there any plan to implement rabbitmq's topic authorization
> and authentication ? Our requirement is the same as mentioned
> in :
>
> https://stormpath.com/blog/lightweight-authentication-and-authorization-for-mqtt-with-stormpath/ 
>
> Topic based authorization and authentication is required against
> the MQTT plugin of rabbitmq.

MQTT 3.1.1 (the protocol) does not have a concept of topic authorization.
As soon as it does, we'll look into adding it to RabbitMQ MQTT plugin.
--
MK

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Hi,

I am trying to connect rabbitmq over the ssl port but I am getting :

accepting AMQP connection <0.231.0> (192.168.161.171:65208 -> 192.168.161.197:5671)

=ERROR REPORT==== 30-Jul-2014::17:53:07 ===
error on AMQP connection <0.231.0>:
{ssl_upgrade_error,timeout}

My config file is :

[{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]},    
                        {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}]}
].

I am using the example https://www.rabbitmq.com/ssl.html , Connecting without validating certificates.

Please suggest.

Thanks and Regards,
Ankur Chakraborty




From:        Michael Klishin <[hidden email]>
To:        Ankur5 C <[hidden email]>
Cc:        Legacy list about RabbitMQ <[hidden email]>
Date:        29-07-2014 10:57
Subject:        Re: [rabbitmq-discuss] Topic authorization and authentication

---

On 29 July 2014 at 09:25:39, Ankur5 C ([hidden email]) wrote:
> > Is there any plan to implement rabbitmq's topic authorization
> and authentication ? Our requirement is the same as mentioned
> in :
>
> https://stormpath.com/blog/lightweight-authentication-and-authorization-for-mqtt-with-stormpath/
>
> Topic based authorization and authentication is required against
> the MQTT plugin of rabbitmq.

MQTT 3.1.1 (the protocol) does not have a concept of topic authorization.
As soon as it does, we'll look into adding it to RabbitMQ MQTT plugin.
--
MK

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss