RabbitMQ - Resolve "handshake timeout"

Let's say the main RabbitMQ log file (such as /var/log/rabbitmq/rabbit@server001.log on Linux) contains the following.

=ERROR REPORT==== 10-Feb-2021::02:22:19 ===
closing AMQP connection <0.26368.110> (10.17.114.55:50858 -> 10.55.17.201:5672):
{handshake_timeout,handshake}

 

The rabbitmqctl cluster_status command can be used to determine if the servers are missing from the cluster. In this example, server2 is not in running_nodes, meaning that server2 is not in the cluster.

~]# rabbitmqctl cluster_status
Cluster status of node rabbit@server1
[{nodes,[{disc,[rabbit@server1,rabbit@server2,rabbit@server3]}]},
 {running_nodes,[rabbit@server1]},
 {cluster_name,<<"rabbit@server1.example.com">>},
 {partitions,[]},
 {alarms,[{rabbit@server2,[]},{rabbit@server3,[]}]}]

 

The systemctl restart rabbitmq-server command can be used as a quick fix. In this scenario, issuing this command on server1 may temporarily resolve the issue.

View the main RabbitMQ configuration file to determine if SSL is enabled. If SSL is enable, you will want to include both the handshake_timeout and ssl_handshake_timeout directives. If SSL is not enabled, you will only need to include the handshake_timeout directive. If the config file is in the YAML format, you should find something like this.

[
  {rabbit, [
      {auth_backends, [rabbit_auth_backend_internal,rabbit_auth_backend_ldap]},
      {vm_memory_high_watermark, {absolute, "10240MiB"}},
      {handshake_timeout,     20000}
  ]},
  {rabbitmq_auth_backend_ldap,
    [ 
       {use_ssl,               false},

 

If the config file is in the INI format, you should find something like this.

ssl_options.cacertfile = /var/lib/rabbitmq/config/certs/ca_certificate_bundle.pem
ssl_options.certfile   = /var/lib/rabbitmq/config/certs/server_certificate.pem
ssl_options.keyfile    = /var/lib/rabbitmq/config/certs/server_key.pem
ssl_options.password   = itsasecret
ssl_options.verify     = verify_peer
ssl_options.fail_if_no_peer_cert = false
ssl_options.versions.1 = tlsv1.2

 

The default handshake timeout is 10 seconds. This can be set to some other value in the main RabbitMQ configuration file. If the config file is in the YAML format, you would do something like this. In this example, the timeout is set to 20000 ms (that's 20 seconds).

[
  {rabbit, [
      {auth_backends, [rabbit_auth_backend_internal,rabbit_auth_backend_ldap]},
      {log_levels, [{connection, debug}, {channel, info}]},
      {cluster_partition_handling, autoheal},
      {vm_memory_high_watermark, {absolute, "10240MiB"}},
      {handshake_timeout,     20000}
  ]},

 

If the config file is in the INI format, you would do something like this. In this example, both handshake_timeout and ssl_handshake_timeout are set to 20000 ms (that's 20 seconds).

handshake_timeout = 10000
ssl_handshake_timeout = 20000

 

Restart the RabbitMQ service for this change to take effect.

systemctl restart rabbitmq-server

 

Use the rabbitmqctl environment command to validate the change has taken effect.

~]# rabbitmqctl environment | grep -i handshake
      {handshake_timeout,20000},
      {ssl_handshake_timeout,5000},

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 5af41 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |