Re: Possible to set source IP address in queue route setup in C++ broker?
On 23/08/17 17:35, Steve Huston wrote: - Host A wants to set up a pull route to pull messages from Host B - Host A has two IP addresses assigned to it - When Host A connects to B, can A specify a particular source IP address that B will see it as? Ah, makes sense. Sorry for my confusion, your original wording actually described it perfectly, I just jumped to the wrong interpretation! Unfortunately the broker doesn't allow the source ip to be explicitly set at present. There is quite a chain of calls that the chosen source ip would need to be passed along for a per 'link' (i.e. inter-broker connection) option. Slightly simpler would be a broker level option used for all outgoing connections. - To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
RE: Possible to set source IP address in queue route setup in C++ broker?
Thanks for replying, Gordon - sorry for the confusing terms. > On 22/08/17 21:22, Steve Huston wrote: > > I'm using the C++ broker and I am setting up queue pull routes to > > another broker. I want to be able to have my local broker set a > > virtual IP address as the IP source address when connecting to the > > remote broker it will pull from. Is this possible using current broker > > capabilities? > > I don't understand the question properly. When creating a pull route you > always have to supply the host/ip that the destination broker will connect to > in order to pull the messages. If that is a virtual IP, I don't think > anything in > the broker or the qpid-route tool should care? > > I'm probably misunderstanding what you are trying to do though, can you > elaborate a bit more? - Host A wants to set up a pull route to pull messages from Host B - Host A has two IP addresses assigned to it - When Host A connects to B, can A specify a particular source IP address that B will see it as? The situation is there's a firewall between A and B; only one of A's addresses is reachable from outside that firewall. We're trying to prevent having to NAT/PAT A's address at the firewall. Thanks, -Steve - To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
Re: Possible to set source IP address in queue route setup in C++ broker?
On 22/08/17 21:22, Steve Huston wrote: I'm using the C++ broker and I am setting up queue pull routes to another broker. I want to be able to have my local broker set a virtual IP address as the IP source address when connecting to the remote broker it will pull from. Is this possible using current broker capabilities? I don't understand the question properly. When creating a pull route you always have to supply the host/ip that the destination broker will connect to in order to pull the messages. If that is a virtual IP, I don't think anything in the broker or the qpid-route tool should care? I'm probably misunderstanding what you are trying to do though, can you elaborate a bit more? - To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
Re: Qpid C++ Broker 1.36 Max Connections Per User Option not working
- Original Message -
> From: "Chuck Rolke"
> To: users@qpid.apache.org
> Sent: Wednesday, August 23, 2017 11:51:04 AM
> Subject: Re: Qpid C++ Broker 1.36 Max Connections Per User Option not working
>
>
>
> - Original Message -
> > From: "Spud Strumpet"
> > To: users@qpid.apache.org
> > Sent: Wednesday, August 23, 2017 11:33:28 AM
> > Subject: Qpid C++ Broker 1.36 Max Connections Per User Option not working
> >
> > Hi,
> >
> > I have been trying to configure the maximum connections per user but none
> > of
> > the options seem to be having an affect.
> > I have tried various combinations of setting:
> >
> >* --connection-limit-per-user N on the command line, and
> >* quota connections N username in the acl file
> >
> > In the broker trace log, it confirms that the connection limit is enabled,
> > but all connections then succeed anyway. None are rejected.
> >
> > I have tried setting max connections to zero in both places for all users,
> > but still I can connect.
> >
> > Is anyone able to confirm that the max connections options are working as
> > expected in the C++ 1.36 Broker?
> >
> > Here is the log output for debug+:Security:
> >
> > C:\Users\Bob\Desktop\qpid_broker_cpp>C:\qpid-cpp\bin\qpidd.exe --data-dir
> > C:\qpid_data_dir --auth yes --acl-file aclfile.acl --log-enable
> > debug+:Security
> > 2017-08-23 16:12:13 [Security] notice ACL: Read file
> > "C:\qpid_data_dir\aclfile.acl"
> > 2017-08-23 16:12:13 [Security] debug ACL: Group list: 0 groups found:
> > 2017-08-23 16:12:13 [Security] debug ACL: name list: 2 names found:
> > 2017-08-23 16:12:13 [Security] debug ACL: * bob
> > 2017-08-23 16:12:13 [Security] debug ACL: Rule list: 6 ACL rules found:
> > 2017-08-23 16:12:13 [Security] debug ACL: 1 allow [bob] create *
> > 2017-08-23 16:12:13 [Security] debug ACL: 2 allow [bob] bind *
> > 2017-08-23 16:12:13 [Security] debug ACL: 3 allow [bob] consume *
> > 2017-08-23 16:12:13 [Security] debug ACL: 4 allow [bob] publish *
> > 2017-08-23 16:12:13 [Security] debug ACL: 5 allow [bob] access *
> > 2017-08-23 16:12:13 [Security] debug ACL: 6 deny [*] *
> > 2017-08-23 16:12:13 [Security] debug ACL: connections quota: 1 rules found:
> > 2017-08-23 16:12:13 [Security] debug ACL: quota 1 : 0 connections for bob
> > 2017-08-23 16:12:13 [Security] debug ACL: queues quota: 0 rules found:
> > 2017-08-23 16:12:13 [Security] debug ACL: Load Rules
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 6 deny [*] *
> > 2017-08-23 16:12:13 [Security] debug ACL: FoundMode deny
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 5 allow [bob] access
> > *
> > 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {access} to
> > objects
> > {broker,connection,exchange,link,method,query,queue} with props { } for
> > users {bob}
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 4 allow [bob] publish
> > *
> > 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {publish} to
> > objects
> > {broker,connection,exchange,link,method,query,queue} with props { } for
> > users {bob}
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 3 allow [bob] consume
> > *
> > 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {consume} to
> > objects
> > {broker,connection,exchange,link,method,query,queue} with props { } for
> > users {bob}
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 2 allow [bob] bind *
> > 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {bind} to objects
> > {broker,connection,exchange,link,method,query,queue} with props { } for
> > users {bob}
> > 2017-08-23 16:12:13 [Security] debug ACL: Processing 1 allow [bob] create
> > *
> > 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {create} to
> > objects
> > {broker,connection,exchange,link,method,query,queue} with props { } for
> > users {bob}
> > 2017-08-23 16:12:13 [Security] debug ACL: global Connection Rule list : 0
> > rules found :
> > 2017-08-23 16:12:13 [Security] debug ACL: User Connection Rule lists : 0
> > user
> > lists found :
> > 2017-08-23 16:12:13 [Security] debug ACL: Transfer ACL is Enabled!
> > 2017-08-23 16:12:13 [Security] debug ACL: Connection quotas are Enabled.
> > 2017-08-23 16:12:13 [Security] debug ACL: Default connection mode : allow
> > 2017-08-23 16:12:13 [Security] info ACL Plugin loaded
> >
> > Many thanks in advance,
> >
> > Spud.
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> > For additional commands, e-mail: users-h...@qpid.apache.org
> >
> >
>
> Hi Spud,
>
> In the log the second-to-last line shows:
>
> ACL: Default connection mode : allow
>
> That's the key for users connecting. At the end of the ACL file try this:
>
> acl deny all create connection host=all
>
> This will set the default connection mode to deny. Only users with 'allow
> rules' will be able to connect.
>
> This is discussed in
> ht
Re: Qpid C++ Broker 1.36 Max Connections Per User Option not working
- Original Message -
> From: "Spud Strumpet"
> To: users@qpid.apache.org
> Sent: Wednesday, August 23, 2017 11:33:28 AM
> Subject: Qpid C++ Broker 1.36 Max Connections Per User Option not working
>
> Hi,
>
> I have been trying to configure the maximum connections per user but none of
> the options seem to be having an affect.
> I have tried various combinations of setting:
>
>* --connection-limit-per-user N on the command line, and
>* quota connections N username in the acl file
>
> In the broker trace log, it confirms that the connection limit is enabled,
> but all connections then succeed anyway. None are rejected.
>
> I have tried setting max connections to zero in both places for all users,
> but still I can connect.
>
> Is anyone able to confirm that the max connections options are working as
> expected in the C++ 1.36 Broker?
>
> Here is the log output for debug+:Security:
>
> C:\Users\Bob\Desktop\qpid_broker_cpp>C:\qpid-cpp\bin\qpidd.exe --data-dir
> C:\qpid_data_dir --auth yes --acl-file aclfile.acl --log-enable
> debug+:Security
> 2017-08-23 16:12:13 [Security] notice ACL: Read file
> "C:\qpid_data_dir\aclfile.acl"
> 2017-08-23 16:12:13 [Security] debug ACL: Group list: 0 groups found:
> 2017-08-23 16:12:13 [Security] debug ACL: name list: 2 names found:
> 2017-08-23 16:12:13 [Security] debug ACL: * bob
> 2017-08-23 16:12:13 [Security] debug ACL: Rule list: 6 ACL rules found:
> 2017-08-23 16:12:13 [Security] debug ACL: 1 allow [bob] create *
> 2017-08-23 16:12:13 [Security] debug ACL: 2 allow [bob] bind *
> 2017-08-23 16:12:13 [Security] debug ACL: 3 allow [bob] consume *
> 2017-08-23 16:12:13 [Security] debug ACL: 4 allow [bob] publish *
> 2017-08-23 16:12:13 [Security] debug ACL: 5 allow [bob] access *
> 2017-08-23 16:12:13 [Security] debug ACL: 6 deny [*] *
> 2017-08-23 16:12:13 [Security] debug ACL: connections quota: 1 rules found:
> 2017-08-23 16:12:13 [Security] debug ACL: quota 1 : 0 connections for bob
> 2017-08-23 16:12:13 [Security] debug ACL: queues quota: 0 rules found:
> 2017-08-23 16:12:13 [Security] debug ACL: Load Rules
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 6 deny [*] *
> 2017-08-23 16:12:13 [Security] debug ACL: FoundMode deny
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 5 allow [bob] access *
> 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {access} to objects
> {broker,connection,exchange,link,method,query,queue} with props { } for
> users {bob}
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 4 allow [bob] publish *
> 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {publish} to objects
> {broker,connection,exchange,link,method,query,queue} with props { } for
> users {bob}
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 3 allow [bob] consume *
> 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {consume} to objects
> {broker,connection,exchange,link,method,query,queue} with props { } for
> users {bob}
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 2 allow [bob] bind *
> 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {bind} to objects
> {broker,connection,exchange,link,method,query,queue} with props { } for
> users {bob}
> 2017-08-23 16:12:13 [Security] debug ACL: Processing 1 allow [bob] create *
> 2017-08-23 16:12:13 [Security] debug ACL: Adding actions {create} to objects
> {broker,connection,exchange,link,method,query,queue} with props { } for
> users {bob}
> 2017-08-23 16:12:13 [Security] debug ACL: global Connection Rule list : 0
> rules found :
> 2017-08-23 16:12:13 [Security] debug ACL: User Connection Rule lists : 0 user
> lists found :
> 2017-08-23 16:12:13 [Security] debug ACL: Transfer ACL is Enabled!
> 2017-08-23 16:12:13 [Security] debug ACL: Connection quotas are Enabled.
> 2017-08-23 16:12:13 [Security] debug ACL: Default connection mode : allow
> 2017-08-23 16:12:13 [Security] info ACL Plugin loaded
>
> Many thanks in advance,
>
> Spud.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>
>
Hi Spud,
In the log the second-to-last line shows:
ACL: Default connection mode : allow
That's the key for users connecting. At the end of the ACL file try this:
acl deny all create connection host=all
This will set the default connection mode to deny. Only users with 'allow
rules' will be able to connect.
This is discussed in
https://qpid.apache.org/releases/qpid-cpp-1.36.0/cpp-broker/book/chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Authorization-Specifying_ACL_Connection_Host_Limits
-Chuck
-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org
Qpid C++ Broker 1.36 Max Connections Per User Option not working
Hi,
I have been trying to configure the maximum connections per user but none of
the options seem to be having an affect.
I have tried various combinations of setting:
* --connection-limit-per-user N on the command line, and
* quota connections N username in the acl file
In the broker trace log, it confirms that the connection limit is enabled, but
all connections then succeed anyway. None are rejected.
I have tried setting max connections to zero in both places for all users, but
still I can connect.
Is anyone able to confirm that the max connections options are working as
expected in the C++ 1.36 Broker?
Here is the log output for debug+:Security:
C:\Users\Bob\Desktop\qpid_broker_cpp>C:\qpid-cpp\bin\qpidd.exe --data-dir
C:\qpid_data_dir --auth yes --acl-file aclfile.acl --log-enable debug+:Security
2017-08-23 16:12:13 [Security] notice ACL: Read file
"C:\qpid_data_dir\aclfile.acl"
2017-08-23 16:12:13 [Security] debug ACL: Group list: 0 groups found:
2017-08-23 16:12:13 [Security] debug ACL: name list: 2 names found:
2017-08-23 16:12:13 [Security] debug ACL: * bob
2017-08-23 16:12:13 [Security] debug ACL: Rule list: 6 ACL rules found:
2017-08-23 16:12:13 [Security] debug ACL: 1 allow [bob] create *
2017-08-23 16:12:13 [Security] debug ACL: 2 allow [bob] bind *
2017-08-23 16:12:13 [Security] debug ACL: 3 allow [bob] consume *
2017-08-23 16:12:13 [Security] debug ACL: 4 allow [bob] publish *
2017-08-23 16:12:13 [Security] debug ACL: 5 allow [bob] access *
2017-08-23 16:12:13 [Security] debug ACL: 6 deny [*] *
2017-08-23 16:12:13 [Security] debug ACL: connections quota: 1 rules found:
2017-08-23 16:12:13 [Security] debug ACL: quota 1 : 0 connections for bob
2017-08-23 16:12:13 [Security] debug ACL: queues quota: 0 rules found:
2017-08-23 16:12:13 [Security] debug ACL: Load Rules
2017-08-23 16:12:13 [Security] debug ACL: Processing 6 deny [*] *
2017-08-23 16:12:13 [Security] debug ACL: FoundMode deny
2017-08-23 16:12:13 [Security] debug ACL: Processing 5 allow [bob] access *
2017-08-23 16:12:13 [Security] debug ACL: Adding actions {access} to objects
{broker,connection,exchange,link,method,query,queue} with props { } for users
{bob}
2017-08-23 16:12:13 [Security] debug ACL: Processing 4 allow [bob] publish *
2017-08-23 16:12:13 [Security] debug ACL: Adding actions {publish} to objects
{broker,connection,exchange,link,method,query,queue} with props { } for users
{bob}
2017-08-23 16:12:13 [Security] debug ACL: Processing 3 allow [bob] consume *
2017-08-23 16:12:13 [Security] debug ACL: Adding actions {consume} to objects
{broker,connection,exchange,link,method,query,queue} with props { } for users
{bob}
2017-08-23 16:12:13 [Security] debug ACL: Processing 2 allow [bob] bind *
2017-08-23 16:12:13 [Security] debug ACL: Adding actions {bind} to objects
{broker,connection,exchange,link,method,query,queue} with props { } for users
{bob}
2017-08-23 16:12:13 [Security] debug ACL: Processing 1 allow [bob] create *
2017-08-23 16:12:13 [Security] debug ACL: Adding actions {create} to objects
{broker,connection,exchange,link,method,query,queue} with props { } for users
{bob}
2017-08-23 16:12:13 [Security] debug ACL: global Connection Rule list : 0 rules
found :
2017-08-23 16:12:13 [Security] debug ACL: User Connection Rule lists : 0 user
lists found :
2017-08-23 16:12:13 [Security] debug ACL: Transfer ACL is Enabled!
2017-08-23 16:12:13 [Security] debug ACL: Connection quotas are Enabled.
2017-08-23 16:12:13 [Security] debug ACL: Default connection mode : allow
2017-08-23 16:12:13 [Security] info ACL Plugin loaded
Many thanks in advance,
Spud.
-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org
Re: [qpid c++][launchpad-ppa] linearstore.so not available in binary?
That I missed, thanks /Morgan Jakub Scholz-2 wrote > Perhaps a stupid question ... but have you tried installing the > liblinearstore (liblinearstore_1.36.0-1qpid+xenial1_amd64.deb) package? > According to the changelog it has been renamed from qpidd-linear-store. > > Jakub -- View this message in context: http://qpid.2158936.n2.nabble.com/qpid-c-launchpad-ppa-linearstore-so-not-available-in-binary-tp7665871p7665873.html Sent from the Apache Qpid users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
Re: [qpid c++][launchpad-ppa] linearstore.so not available in binary?
Perhaps a stupid question ... but have you tried installing the liblinearstore (liblinearstore_1.36.0-1qpid+xenial1_amd64.deb) package? According to the changelog it has been renamed from qpidd-linear-store. Jakub On Wed, Aug 23, 2017 at 3:34 PM, Morgan Lindqvist < morgan.lindqv...@ericsson.com> wrote: > Hi, > > I am using the binary of quid-c++ 1.36 available here, > https://launchpad.net/~qpid/+archive/ubuntu/released?field. > series_filter=xenial > > The issue I have is that I do not find the linearstore.so and hence I do > not > get persistence to work. > > Should I use something else than linearstore.so or is it missing from the > binary? > > Can I add it in some way or could it be added to the binary? > > Best Regards, > Morgan > > > > > -- > View this message in context: http://qpid.2158936.n2.nabble. > com/qpid-c-launchpad-ppa-linearstore-so-not-available- > in-binary-tp7665871.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > >
[qpid c++][launchpad-ppa] linearstore.so not available in binary?
Hi, I am using the binary of quid-c++ 1.36 available here, https://launchpad.net/~qpid/+archive/ubuntu/released?field.series_filter=xenial The issue I have is that I do not find the linearstore.so and hence I do not get persistence to work. Should I use something else than linearstore.so or is it missing from the binary? Can I add it in some way or could it be added to the binary? Best Regards, Morgan -- View this message in context: http://qpid.2158936.n2.nabble.com/qpid-c-launchpad-ppa-linearstore-so-not-available-in-binary-tp7665871.html Sent from the Apache Qpid users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
