Deepstream AMQP with TLS termination endpoint support

• Hardware Platform (Jetson / GPU) : Jetson Nano
• DeepStream Version : 5.1
• JetPack Version (valid for Jetson only) : 4.5.1
• TensorRT Version : 7.1.3
• Issue Type( questions, new requirements, bugs) : configuration
• How to reproduce the issue ? : deepstream samples included in the docker image nvcr.io/nvidia/deepstream-l4t:5.1-21.02-samples

I am opening this new topic as I wasn’t able to find a proper documentation so far that describe how to use the samples provided in the deepstream docker image for the Jetson to connect to a AMQPS endpoint.

I could successfully connect, using some python code I have developed with the pika library, to a RabbitMQ server opened on the port 5671 (so with TLS termination).

But when I try to reproduce such connection with the samples like /opt/nvidia/deepstream/deepstream-5.1/sources/apps/sample_apps/deepstream-test4 or even using the /opt/nvidia/deepstream/deepstream-5.1/sources/libs/amqp_protocol_adaptor the program is running and waiting doing nothing.

To test the SSL termination as it is describe for another protocol (kafka) I am running with success the following command either
openssl s_client -connect ****.****.net:5671 -tls1_2

Thank you for your help in this matter.

Sorry for the late response, is this still an issue to support? Thanks

@kayccc
Thank you for coming back to me.
Yes indeed I am still unable to connect. My assumption is that some extra settings are required to make the connection with TLS.

To illustrate is here my python code section to configure the connection.

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

credentials = pika.PlainCredentials('user', 'password')
parameters = pika.ConnectionParameters('rabbitmq.broker.dns', 5671, "/", credentials=credentials, ssl_options=pika.SSLOptions(context))
connection = pika.BlockingConnection(parameters)

How to reproduce such settings with the examples provided in Deepstream to connect to an AMQP broker ?

Thank you in advance.

Hi,
You need to implement customized protocol message handler and integrate it with DeepStream applications using interface, nvds_msgapi.
https://docs.nvidia.com/metropolis/deepstream/dev-guide/text/DS_plugin_gst-nvmsgbroker.html
but pika is a purely python implementaion of of the AMQP 0-9-1 protocol. deepstream is developing with c/c++, i do not think you can implement as stated first.

@amycao
I am not sure to understand the necessity of that as it is described as being already supported in the documentation.
https://docs.nvidia.com/metropolis/deepstream/dev-guide/text/DS_plugin_gst-nvmsgbroker.html#amqp-broker

I know for having checked some other posts that some people could use it successfully with a local instance of RabbitMQ but as mentioned in my case I not am using the unsecured enpoint (5672) but a secured port (5671) as the RabbitMQ broker is a remote one. The protocol version provided by RabbitMQ is the same → AMQP 0-9-1.

I mentioned here the testing code I did in python to be sure that the AMQP communication with TLS was working properly on my broker which is the case. So my issue is on the configuration of the AMQP protocol adapter provided in Deepstream. Do you have a working example with the TLS support or this is not currently supported ?

Oh, ok. got your points. i thought you want pika as protocol adapter. for amqp broker, it did not support TLS, only kafka support.
https://docs.nvidia.com/metropolis/deepstream/dev-guide/text/DS_IoT.html

@amycao
Thanks for your clarifications, is there any plan you (NVIDIA) add the TLS support in the current AMQP protocol adapter ?
Because unsecured only configuration is definitely not a production grade ready option for us :(
But I understand the current status 👍

We are checking internally, will update once progress.

1 Like