0

I am hoping someone has got this to work. I am the trying to connect RabbitMQ shovel to Azure Event hub or Service Bus. I found two tutorials on MS, (very short to set up) but both results in the shovel error. The request to Event hub or Service bus is success in the example.

My guess is that something is missing from the below tutorials or that some components have been changed and breaking changes has been introduced:

Importing Data from RabbitMQ into Azure Data Explorer via Event Hubs https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/importing-data-from-rabbitmq-into-azure-data-explorer-via-event/ba-p/3777688 Shovel error

AMQP allows for interconnecting connecting brokers directly, for instance using routers like Apache Qpid Dispatch Router or broker-native "shovels" like the one of RabbitMQ. https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-amqp-overview

How to integrate Service Bus with RabbitMQ https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-integrate-with-rabbitmq

Version: RabbitMQ 3.10.7, Erlang 25.0

Case and steps: Adding a new Azure Service Bus Namespace rabbitmq01 basic public endpoint Creating our Azure Service Bus Queue from-rabbitmq01

Enabling the RabbitMQ Shovel Plugin

rabbitmq-plugins enable rabbitmq_shovel_management

Created queue in Rabbitmq telemetry01

Connecting RabbitMQ to Azure Service Bus Add SAS Policy, Manage now, tested with just send also. rabbitmq-shovel01 Primary Connection String

Connection String to AMQP https://red-mushroom-0f7446a0f.azurestaticapps.net/ amqps://rabbitmq-shovel01:SAS-KEY@rabbitmq01.servicebus.windows.net:5671/?sasl=plain

TNC

Test-NetConnection -ComputerName rabbitmq01.servicebus.windows.net -Port 5671 = True

Make the dynamic shovel with above properties. Shovel was done exactly like the tutorial The shovel status is just starting, never goes to running.

Log:

2023-07-08 19:09:56.385000+02:00 [error] <0.742.0> supervisor: {<0.742.0>,amqp10_client_connection_sup} 2023-07-08 19:09:56.385000+02:00 [error] <0.742.0> errorContext: start_error 2023-07-08 19:09:56.385000+02:00 [error] <0.742.0> reason: {badmatch,{error,closed}} [...] 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> ** Stacktrace = 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> ** [{amqp10_client_frame_reader,init,1, 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> [{file,"amqp10_client_frame_reader.erl"}, 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> {line,109}]}, 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> {gen_statem,init_it,6,[{file,"gen_statem.erl"},{line,1001}]}, 2023-07-08 19:09:56.386000+02:00 [error] <0.744.0> {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}] [...] 2023-07-08 19:09:56.386000+02:00 [error] <0.688.0> Shovel 'rmq-2-sb' could not connect to destination 2023-07-08 19:09:56.387000+02:00 [error] <0.687.0> supervisor: {<0.687.0>,rabbit_shovel_dyn_worker_sup}

Shovel to Bus requests success

Tested

  1. I have tried to change TLS version in Service bus.
  2. Enabled rabbitmq_amqp1_0 plugin, https://github.com/rabbitmq/rabbitmq-amqp1.0.
  3. Tested a lot of combinations with the URI. After testing https://red-mushroom-0f7446a0f.azurestaticapps.net/ and URL enconding.
  4. Azure ServiceBus can be used with the AMQP 1.0 protocol. Since version 3.7 RabbitMQ supports shovels where either the source or destination (or both) uses AMQP 1.0. https://gist.github.com/kjnilsson/159c643fb34604f8ea20be336109261b

I have sent a mail to RabbitMQ community also. Thank you in advance

11.07.2023 Update New RabbitMQ 3.12.1 and Erlang 26.0

Today I did a new test with both tutorials. For the Event hub i followed it exactly. The shovel error is: 2023-07-11 10:01:57.638000+02:00 [error] <0.2006.0> supervisor: {<0.2006.0>,amqp10_client_connection_sup} 2023-07-11 10:01:57.638000+02:00 [error] <0.2006.0> errorContext: start_error 2023-07-11 10:01:57.638000+02:00 [error] <0.2006.0> reason: {options,incompatible,[{verify,verify_peer},{cacerts,undefined}]} [...] 2023-07-11 10:09:27.788000+02:00 [error] <0.2476.0> Shovel 'shovel-07' could not connect to destination

For the Service bus it is the same.

First I tried with shovel Source AMQP 0.9.1, Destination, AMQP 1.0. : 2023-07-11 10:44:41.042000+02:00 [error] <0.3627.0> supervisor: {<0.3627.0>,amqp10_client_connection_sup} 2023-07-11 10:44:41.042000+02:00 [error] <0.3627.0> errorContext: start_error 2023-07-11 10:44:41.042000+02:00 [error] <0.3627.0> reason: {options,incompatible,[{verify,verify_peer},{cacerts,undefined}]} [...] 2023-07-11 10:44:41.043000+02:00 [error] <0.3610.0> Shovel 'shovel_01' could not connect to destination

Then I tried shovel Source AMQP 1.0, Destination, AMQP 1.0.

And as expected: 2023-07-11 11:08:18.155000+02:00 [error] <0.8999.0> amqp1_0_plugin_not_enabled

Enabled plugin amqp1_0

2023-07-11 11:14:58.438000+02:00 [error] <0.9613.0> supervisor: {<0.9613.0>,amqp10_client_connection_sup} 2023-07-11 11:14:58.438000+02:00 [error] <0.9613.0> errorContext: start_error 2023-07-11 11:14:58.438000+02:00 [error] <0.9613.0> reason: {options,incompatible,[{verify,verify_peer},{cacerts,undefined}]} [...] 2023-07-11 11:14:58.438000+02:00 [error] <0.9582.0> Shovel 'shovel_03' could not connect to destination

After update to: RabbitMQ 3.12.1 and Erlang 26.0 .So it has do to with TLS, and that was not a step in any of the tutorials. This is gonna take time :) Any help is appreciated

I got in touch with MS, as per delivered test results, they did not find a issue with the test(s) done. TNC images validated connectivity. Further troubleshooting will be done by support. Looking forward to that. Collaboration is key.

aspen l
  • 54
  • 7
  • Make sure you navigate to the service bus queue, create a [policy](https://i.imgur.com/ponRJq4.png), and [convert it](https://i.imgur.com/yFD200q.png) – Sampath Jul 12 '23 at 11:34
  • from the [reference](https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/importing-data-from-rabbitmq-into-azure-data-explorer-via-event/ba-p/3777688) able to connect to [rabbitmqqtt](https://i.imgur.com/iXfHUWn.png) [queue](https://i.imgur.com/DBoFirA.png) and [messages](https://i.imgur.com/t4VvWCJ.png) – Sampath Jul 12 '23 at 11:39
  • go to Admin -> Shovel Management, where you can add your new shovel that will take care of sending messages from a RabbitMQ queue to your Azure Service Bus queue as per the [MSDOC](https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/importing-data-from-rabbitmq-into-azure-data-explorer-via-event/ba-p/3777688) – Sampath Jul 12 '23 at 11:44
  • Hi Sampath and thanks for helping. I have no issue with making the shovel, that is ok :) The image "policy" you uploaded is from the Azure Service bus policy, but the tutorial your are "referencing" in your comment is for Azure Event Hub. But policy is policy :) I have done Importing Data from RabbitMQ into Azure Data Explorer via Event Hubs tutorial now. Were am I wrong per the tutorial? I have done 3 mores test now. Same result every time Here is the result https://github.com/spawnmarvel/test/blob/main/RabbitMQ%202%20Azure%20Event%20Hub.pdf – aspen l Jul 12 '23 at 17:29
  • Hi Sampath, Done with How to integrate Service Bus with RabbitMQ. Result: https://github.com/spawnmarvel/test/blob/main/RabbitMQ%202%20Azure%20Service%20Bus.pdf Result is the same for me in both tutorials. Shovel x could not start: - 2023-07-12[error] <0.5449.0> exception exit: {options,incompatible, 2023-07-12 [error] <0.5449.0> [{verify,verify_peer},{cacerts,undefined}]} - So this must be due to TLS and the URI. Tls is not mentioned as a step. Azure Service Bus->Networking, minimum tls 1.2, Local Authentication ->Enabled. (default properties) implemented. What have you configured? – aspen l Jul 12 '23 at 17:31
  • Hi Sampath, can you also show me a picture of the Shovel Status, where is says "running" on your setup? (Name-State-Source-Destination-Last changed) I hope you have time to view the 2 pdf's with the implementation and results. The tutorial is are very short. Thank you – aspen l Jul 12 '23 at 17:40
  • for TLS is network related error Refer to This for [Ip address](https://stackoverflow.com/questions/76583406/python-psycopg2-not-able-to-connect-to-postgres-server-psycopg2-operationalerro/76593045#76593045) – Sampath Jul 13 '23 at 03:42
  • Ok, will give to a sample of how to connect with the Azure service bus with RabbitMQ. – Sampath Jul 13 '23 at 03:56

3 Answers3

0

Sample RabbitMQ Shovel to Azure Service Bus:

  • Enable the required

rabbitmq-plugins enable rabbitmq_shovel_management rabbitmq-plugins enable rabbitmq_shovel

rabbitmq-plugins enable rabbitmq_management

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

Sampath
  • 810
  • 2
  • 2
  • 13
  • Hi Sampath and thank you very much for all help. I have read it all and understand it. You say" for TLS is network related error Refer to This for 'ip address'", -> AD PostgreSQL ->Networking? The only issue I have is connecting the shovel using the URI to the Azure Service Bus. "By default, Service Bus namespaces are accessible from the internet as long as the request contains valid authentication and authorization. " https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-ip-filtering TNC -ComputerName xxxxx.servicebus.windows.net -Port 5671, TcpTestSucceeded: True. – aspen l Jul 13 '23 at 06:43
  • So in all of my tests, this is always true: TNC -ComputerName xxxxx.servicebus.windows.net -Port 5671, TcpTestSucceeded: True. But when adding the converted URI from ASB URI to AMQP URI and press add the shovel. The status is always, "Starting" and the log is always: shovel x could not start, {options,incompatible,[{verify,verify_peer},{cacerts,undefined} – aspen l Jul 13 '23 at 06:47
  • 1
    @sampath I thank you for all the effort and help. I will continue my journey with this. For me it did not work. Still an unclear issue with authentication and authorization in both tutorials. – aspen l Jul 13 '23 at 07:12
  • The error facing is related to a system configuration issue. Please cross [check](https://i.imgur.com/wLQgyJ1.png) your enviroment .Thank you. – Sampath Jul 13 '23 at 07:15
  • @sampath, again thank you. I will try to find the solution. From all the available pdf 's on Github and comments here: TNC -ComputerName xxxxx.servicebus.windows.net -Port 5671, TcpTestSucceeded: True always with Public access in Azure. Test-NetConnection -ComputerName (Specifies the Domain Name System (DNS) name or IP address of the target computer.) -Port (Specifies the TCP port number on the remote computer. The cmdlet uses this port number to test connectivity to the remote computer.), TcpTestSucceeded: True indicates that the connection was successful and the port is open. – aspen l Jul 13 '23 at 08:13
  • https://stackoverflow.com/help/someone-answers – aspen l Jul 13 '23 at 13:36
  • one strange thing here: Your RabbitMQ shovel "add shovel" image uses Endpoint=sb:, but your Dynamic shovel has amqps://. You can view it above or here https://github.com/spawnmarvel/test/blob/main/difference.jpg: Is that the correct? The docs said otherwise.... – aspen l Jul 15 '23 at 09:15
  • yes with amqps://. uploaded the right image sorry 3 and 4 image it is correct . – Sampath Jul 15 '23 at 14:56
  • good that you found solution with Installed RabbitMQ 3.12.1 Erlang 26.0 and moved from policy send to using new policy. – Sampath Jul 15 '23 at 14:57
  • could you check my answer and vote on it. I have added link to images showing result. Thank you (I am not allowed to vote..) – aspen l Jul 15 '23 at 16:16
0

I got in touch with MS, as per delivered test results, they did not find a issue with the test(s) done. TNC images validated connectivity. Further troubleshooting will be done by support. Looking forward to that. Collaboration is key.

aspen l
  • 54
  • 7
0

https://www.erlang.org/blog/otp-26-highlights/ Erlang/OTP 26 Highlights May 16, 2023 [...] Erlang/OTP 26 Highlights In OTP 26, the default value for the verify option is now verify_peer instead of verify_none. Host verification requires trusted CA certificates to be supplied using one of the options cacerts or cacertsfile. Therefore, a connection attempt with an empty option list will fail in OTP 26:

{error,{options,incompatible,
                [{verify,verify_peer},{cacerts,undefined}]}}

The default value for the cacerts option is undefined, which is not compatible with the {verify,verify_peer} option. To make the connection succeed, the recommended way is to use the cacerts option to supply CA certificates to be used for verifying.

This is the breaking change (I would believe) after 16.05.2023:

amqps://rabbitmq-shovel:StringOfRandomChars@rabbitmq.servicebus.windows.net:5671/?sasl=plain

Is must be on format similar to this I would belive:

amqps://rabbitmq-shovel:StringOfRandomChars@rabbitmq.servicebus.windows.net:5671/?cacertfile=/path/to/cacert_root_certificate_servicebus.pem&verify=verify_peer (something??)

So https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-integrate-with-rabbitmq must be updated with new information and the tool https://red-mushroom-0f7446a0f.azurestaticapps.net/ must also generate new URI with ssl stuff, and I would belive the public root certificate for Azure Service Bus must be obtainable. Input in this?

15.07.2023 update https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/importing-data-from-rabbitmq-into-azure-data-explorer-via-event/ba-p/3777688 Tutorial version: RabbitMQ 3.11.7 Erlang 25.2.

Tested with RabbitMQ 3.11.10 Erlang 25.2.

RabbitMQ log:

2023-07-15 10:38:00.787000+02:00 [warning] <0.1427.0> Description: "Server authenticity is not verified since certificate path validation is not enabled"
2023-07-15 10:38:00.787000+02:00 [warning] <0.1427.0>      Reason: "The option {verify, verify_peer} and one of the options 'cacertfile' or 'cacerts' are required to enable this."
2023-07-15 10:38:00.787000+02:00 [warning] <0.1427.0> 
2023-07-15 10:38:01.394000+02:00 [error] <0.1408.0> Shovel 'rmq2eh' in virtual host '/' is stopping, reason: {outbound_link_detached,
2023-07-15 10:38:01.394000+02:00 [error] <0.1408.0>                                                           {'v1_0.error',
2023-07-15 10:38:01.394000+02:00 [error] <0.1408.0>                                                            {symbol,
2023-07-15 10:38:01.394000+02:00 [error] <0.1408.0>                                                             <<"amqp:unauthorized-access">>},

 [...] 2023-07-15 10:49:09.143000+02:00 hostname =>
2023-07-15 10:49:09.143000+02:00 <<"xxxxxxxx.servicebus.windows.net">>,

The tutorial(s) must be update with highest RabbitMQ and Erlang version it supports, so that new user know what version(s) they can use and what are the dependency's.. I will do one test with same RabbitMQ version used in the hub tutorial if I can find it. The Erlang version used for this test is the same.

Update versions (could not find 3.11.7): RabbitMQ 3.11.0 Erlang 25.2 result:

2023-07-15 11:46:16.886000+02:00 [error] <0.2202.0> Shovel 'rmq2ev114' in virtual host '/' is stopping, reason: {outbound_link_detached,
2023-07-15 11:46:16.886000+02:00 [error] <0.2202.0>                                                              {'v1_0.error',
2023-07-15 11:46:16.886000+02:00 [error] <0.2202.0>                                                               {symbol,
2023-07-15 11:46:16.886000+02:00 [error] <0.2202.0>                                                                <<"amqp:unauthorized-access">>},
[...]
2023-07-15 11:46:16.887000+02:00 [warning] <0.2220.0>                                                                                    hostname =>
2023-07-15 11:46:16.887000+02:00 [warning] <0.2220.0>                                                                                     <<"xxxxx.servicebus.windows.net">>,
[...]
2023-07-15 11:46:21.895000+02:00 [warning] <0.2254.0> Description: "Server authenticity is not verified since certificate path validation is not enabled"
2023-07-15 11:46:21.895000+02:00 [warning] <0.2254.0>      Reason: "The option {verify, verify_peer} and one of the options 'cacertfile' or 'cacerts' are required to enable this."

15.07.2023 18:11 It works now finally. It now works for Azure Event Hub and for Azure Service bus, new URI with TLS and Azure Root certificate and had to add an extra root policy also to the namespace for each service, not just the sub SAS https://github.com/spawnmarvel/test/blob/main/it_works.jpg

I am out, I am done, my life is back.

aspen l
  • 54
  • 7
  • Downloaded cert DigiCert Global Root CA from https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list. used uri. `amqps://policy14:SAS-TOKEN@xxxxxx.servicebus.windows.net?cacertfile=c:/RabbitMQBaseFolder/cert//DigiCertGlobalRootCA.pem&verify=verify_none`.Result: `2023-07-15 12:56:54.291000+02:00 [error] <0.18351.0>` result: `<<"amqp:unauthorized-access">>},` No TLS error just unauthorized-access – aspen l Jul 15 '23 at 11:02
  • Installed RabbitMQ 3.12.1 Erlang 26.0 and moved from policy send to using new policy: Add SAS Policy (Manage) name: policymanage URI:amqps://policymanage:SAS-TOKEN@XXXXXX.servicebus.windows.net?cacertfile=c:/RabbitMQBaseFolder/cert/DigiCertGlobalRootCA.pem&verify=verify_none Result:`2023-07-15 14:06:44.420000+02:00 [error] <0.4342.0> Shovel 'test_04' in virtual host '/' is stopping, reason: {outbound_link_detached, [..] <<"amqp:unauthorized-access">>},` view https://github.com/spawnmarvel/test/blob/main/unauthorized-access.jpg – aspen l Jul 15 '23 at 12:19
  • It now works for Azure Event Hub and for Azure Service bus, new URI with TLS and Azure Root certificate and had to add an extra root policy also to the namespace for each service, not just the sub SAS. https://github.com/spawnmarvel/test/blob/main/it_works.jpg – aspen l Jul 15 '23 at 16:02