docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon OpenCTI-Platform

"GraphQLError: RabbitMQ seems down" - invalid credentials

Open pli482004 opened this issue 1 year ago • 1 comments

Description

Trying to install OpenCTI from Docker. The opencti container is created but is unhealthy after running docker compose up -d, due to an error in RabbitMQ. The RabbitMQ seems to be having an issue about invalid credentials.

Environment

  1. OS: MacOS Sonoma 14.6.1
  2. OpenCTI version: Docker Release 6.3.5
  3. Docker Desktop: 4.33.0

Reproducible Steps

  1. Copy the docker-compose.yml from this repo
  2. Add platform: linux/amd64 to each service as necessary
  3. Copy the .env.sample from this repo and add UUIDv4s as necessary
  4. Rename .env.sample to .env
  5. Run docker compose up -d

Errors

In the opencti container, the following is repeatedly logged: 2024-10-06 23:06:35 {"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500},"message":"RabbitMQ seems down","name":"DATABASE_ERROR","stack":"GraphQLError: RabbitMQ seems down\n at error (/opt/opencti/build/src/config/errors.js:7:10)\n at DatabaseError (/opt/opencti/build/src/config/errors.js:57:48)\n at /opt/opencti/build/src/database/rabbitmq.js:271:13\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at checkSystemDependencies (/opt/opencti/build/src/initialization.js:44:3)\n at platformStart (/opt/opencti/build/src/boot.js:15:7)"},{"message":"Handshake terminated by server: 403 (ACCESS-REFUSED) with message \"ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.\"","name":"Error","stack":"Error: Handshake terminated by server: 403 (ACCESS-REFUSED) with message \"ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.\"\n at k (/opt/opencti/build/node_modules/amqplib/lib/connection.js:172:16)\n at cb (/opt/opencti/build/node_modules/amqplib/lib/connection.js:107:11)\n at Socket.recv (/opt/opencti/build/node_modules/amqplib/lib/connection.js:456:9)\n at Object.onceWrapper (node:events:633:28)\n at Socket.emit (node:events:519:28)\n at emitReadable_ (node:internal/streams/readable:832:12)\n at processTicksAndRejections (node:internal/process/task_queues:81:21)"}],"level":"error","message":"RabbitMQ seems down","source":"backend","timestamp":"2024-10-07T04:06:35.272Z","version":"6.3.3"}

In the rabbitMQ container, I get the following error: 2024-10-06 23:07:21 2024-10-07 04:07:21.021266+00:00 [error] <0.1120.0> Error on AMQP connection <0.1120.0> (172.18.0.6:32814 -> 172.18.0.4:5672, state: starting): 2024-10-06 23:07:21 2024-10-07 04:07:21.021266+00:00 [error] <0.1120.0> PLAIN login refused: user 'opencti' - invalid credentials

It seems like the credentials I set in the .env file are not valid for some reason. I have tried setting different users or passwords through the environment variables.

Additional Information

My .env file looks like this, almost entirely pasted from the sample .env file in this repo:

[email protected] OPENCTI_ADMIN_PASSWORD=changeme OPENCTI_ADMIN_TOKEN=89905755-2723-416c-862c-50d1508e3746 OPENCTI_BASE_URL=http://localhost:8080 OPENCTI_HEALTHCHECK_ACCESS_KEY=changeme MINIO_ROOT_USER=opencti MINIO_ROOT_PASSWORD=changeme RABBITMQ_DEFAULT_USER=opencti RABBITMQ_DEFAULT_PASS=changeme CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6 CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7 CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0 CONNECTOR_ANALYSIS_ID=4dffd77c-ec11-4abe-bca7-fd997f79fa36 SMTP_HOSTNAME=localhost ELASTIC_MEMORY_SIZE=4G

pli482004 avatar Oct 07 '24 04:10 pli482004

I had the same issue and managed to fix it, although I'm not sure if this is the proper solution. Essentially, it seems that the rabbitmq container was not recognizing the password set in the .env file for some reason. To fix this I had to go in and force rabbitmq to update the password to match the one in the .env file.

While the rabbitmq container is running, attach to it: docker exec -it <rabbitmq_container_id> sh

List out all rabbitmq users, in your case there should be one with the username "opencti": rabbitmqctl list_users

Update the password for this user to match the .env: rabbitmqctl change_password opencti <whatever_rabbitmq_password_is_in_your_env>

Detach from the rabbitmq container by pressing ctrl+p ctrl+q

Restart containers and it should be fixed: docker-compose down docker-compose up -d

arng4108 avatar May 21 '25 18:05 arng4108