Issues connecting to fedora-messaging

[hellcp-work]

Following the tls instructions in the documentation, I tried the following piece of code:

# From https://github.com/fedora-infra/fedora-messaging/tree/develop/configs
TomlRB.load_file('/etc/fedora-messaging/fedora.toml', symbolize_keys: true)
connection = Bunny.new(fedora[:amqp_url],
                       tls_cert: fedora[:tls][:certfile],
                       tls_key: fedora[:tls][:keyfile],
                       tls_ca_certificates: [fedora[:tls][:ca_cert]])
connection.start

That results in

W, [2025-10-20T10:39:05.428094 #1]  WARN -- #<Bunny::Session:0x53c0 fedora@rabbitmq.fedoraproject.org:5671, vhost=/public_pubsub, addresses=[rabbitmq.fedoraproject.org:5671]>: An empty frame was received while opening the connection. In RabbitMQ <= 3.1 this could mean an authentication issue.
Bunny::TCPConnectionFailedForAllHosts: Could not establish TCP connection to any of the configured hosts (Bunny::TCPConnectionFailedForAllHosts)
from /usr/lib64/obs-api/ruby/3.4.0/gems/bunny-2.24.0/lib/bunny/session.rb:351:in 'Bunny::Session#start'
Caused by Bunny::HostListDepleted: No more hosts to try in the supplied list of hosts
from /usr/lib64/obs-api/ruby/3.4.0/gems/bunny-2.24.0/lib/bunny/session.rb:1376:in 'Bunny::Session#initialize_transport'
Caused by Bunny::TCPConnectionFailed: An empty frame was received while opening the connection. In RabbitMQ <= 3.1 this could mean an authentication issue.
from /usr/lib64/obs-api/ruby/3.4.0/gems/bunny-2.24.0/lib/bunny/session.rb:1241:in 'Bunny::Session#open_connection'

I'm not entirely sure why this would happen, considering that this works just fine in python client libraries.

[michaelklishin]

@hellcp-work I don't know what Fedora messaging is, or what certificates are used, or what the target RabbitMQ node logs, or what "Python library" you are trying to compare Bunny to. Different clients can and will in practice have different TLS-related defaults, namely the default list of trusted CA certificates used by their underlying TLS implementations: some default to the system certificate store, others start with an empty list you explicitly have to populate.

Bunny does not load any system roots (default root certificates), so the CA certificate bundle must either be appended to the CA bundle file or Ruby's TLS library must be programmatically configured to do that or something comparable.

Actionable Suggestions

Given the extremely limited amount of information shared, all I can suggest is taking a look at the debugging methodologies explained in the following RabbitMQ guides:

• Troubleshooting Networking
• Troubleshooting TLS

They explain how to narrow down the most common connectivity issues quickly, using standard CLI tools that you can easily provision on virtually any reasonably modern and popular OS.

RabbitMQ logging guide explains how to inspect server logs, which should be the very first step in troubleshooting most RabbitMQ-related things, including TLS connections.

[hellcp-work]

I don't really have easy access to server logs, as it is a public amqp server. Thanks for the hint about the CA bundle file, I will see if that was my problem.