Using "myapp remote_console" with TLS distribution?

rlipscombe · November 16, 2022, 8:07pm

I’ve got my cluster configured to use TLS for distribution, and now the rebar3-/relx-generated start script fails to ping the node.

It correctly digs the -proto_dist setting out of vm.args, but doesn’t seem to do anything with the -ssl_dist_optfile setting.

How do I get ping, remote_console, etc., to work when I’m using TLS distribution?

I looked at the docs for erl_call, which don’t mention TLS anywhere, so I tried using nodetool instead:

If I run env "USE_NODETOOL=1" sh -x /myapp/bin/myapp remote_console, then I see it attempt to connect, and then barf on the ====WARNING REPORT==== that comes out.

rlipscombe · November 16, 2022, 8:44pm

I found a workaround:

In vm.args.src, put -proto_dist and -ssl_dist_optfile on the same line. I don’t know whether this is intended to be supported, but it results in the startup script picking up the entire line and passing both options.
Use env "USE_NODETOOL=1" /myapp/bin/myapp remote_console. It takes about 10 seconds to connect (which seems off; it’s instant if I don’t use TLS distribution), but it does work.

Is there a better way to do this?