如何使用SSL将芹菜连接到RabbitMQ [英] How to connect celery to rabbitMQ using SSL
问题描述
我正在尝试使用SSL证书将芹菜与RabbitMQ代理连接.
I'm trying to connect celery with a rabbitMQ broker using SSL certificates.
这是代码:
from celery import Celery
import ssl
broker_uri = 'amqp://user:pwd@server:5672/vhost'
certs_conf = {
"ca_certs": "/certs/serverca/cacert.pem",
"certfile": "/certs/client/rabbit-cert.pem",
"keyfile": "/certs/client/rabbit-key.pem",
"cert_reqs": ssl.CERT_REQUIRED
}
app = Celery('tasks', broker=broker_uri)
app.conf.update(BROKER_USE_SSL=certs_conf)
app.send_task('task.name', [{'a': 1}])
当我尝试执行此代码时,出现以下异常:
When I try to execute this code i get the following exception:
Traceback (most recent call last):
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 36, in __call__
return self.__value__
AttributeError: 'ChannelPromise' object has no attribute '__value__'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test_send_task.py", line 44, in <module>
app.send_task('task.name', [message])
File "C:\Python36\lib\site-packages\celery\app\base.py", line 737, in send_task
amqp.send_task_message(P, name, message, **options)
File "C:\Python36\lib\site-packages\celery\app\amqp.py", line 558, in send_task_message
**properties
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 181, in publish
exchange_name, declare,
File "C:\Python36\lib\site-packages\kombu\connection.py", line 494, in _ensured
return fun(*args, **kwargs)
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 187, in _publish
channel = self.channel
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 209, in _get_channel
channel = self._channel = channel()
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 38, in __call__
value = self.__value__ = self.__contract__()
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 224, in <lambda>
channel = ChannelPromise(lambda: connection.default_channel)
File "C:\Python36\lib\site-packages\kombu\connection.py", line 819, in default_channel
self.ensure_connection()
File "C:\Python36\lib\site-packages\kombu\connection.py", line 405, in ensure_connection
callback)
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 333, in retry_over_time
return fun(*args, **kwargs)
File "C:\Python36\lib\site-packages\kombu\connection.py", line 261, in connect
return self.connection
File "C:\Python36\lib\site-packages\kombu\connection.py", line 802, in connection
self._connection = self._establish_connection()
File "C:\Python36\lib\site-packages\kombu\connection.py", line 757, in _establish_connection
conn = self.transport.establish_connection()
File "C:\Python36\lib\site-packages\kombu\transport\pyamqp.py", line 130, in establish_connection
conn.connect()
File "C:\Python36\lib\site-packages\amqp\connection.py", line 288, in connect
self.drain_events(timeout=self.connect_timeout)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 471, in drain_events
while not self.blocking_read(timeout):
File "C:\Python36\lib\site-packages\amqp\connection.py", line 477, in blocking_read
return self.on_inbound_frame(frame)
File "C:\Python36\lib\site-packages\amqp\method_framing.py", line 55, in on_frame
callback(channel, method_sig, buf, None)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 481, in on_inbound_method
method_sig, payload, content,
File "C:\Python36\lib\site-packages\amqp\abstract_channel.py", line 128, in dispatch_method
listener(*args)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 368, in _on_start
b", ".join(self.mechanisms).decode()))
amqp.exceptions.ConnectionError: Couldn't find appropriate auth mechanism (can offer: AMQPLAIN, PLAIN; available: EXTERNAL)
在没有ssl配置的情况下执行相同的代码效果很好.我想念的是什么?
Executing the same code without the ssl configuration works just well. What I'm missing?
我可以使用配置了SSL的pika将消息发送到代理,但是我无法正确配置Celery以使用SSL将消息发送到同一代理.
I can send messages to the broker using pika configured with SSL, but I can't manage to properly configure Celery to send messages to the same broker with SSL.
谢谢.
推荐答案
如果您的服务器提供了EXTERNAL身份验证机制,则它可能已经支持SSL客户端身份验证.但是对于Celery客户端,您需要一个附加的配置选项才能使用EXTERNAL(即SSL)身份验证:
Your server may already support SSL client authentication if it's offering the EXTERNAL authentication mechanism. For the Celery client however you need an additional configuration option to use EXTERNAL (i.e. SSL) authentication:
app.conf.broker_login_method = 'EXTERNAL'
为完整起见,有效的celery配置代码段如下所示:
For completeness, a valid celery configuration snippet would look like:
...
import ssl
app = Celery("some_name")
app.conf.broker_url = 'amqps://rabbitmq.example.com:5671/vhostname'
app.conf.broker_use_ssl = {
'keyfile': r'C:\path\to\private\box1-nopass.key.pem',
'certfile': r'C:\path\to\certs\box1.cert.pem',
'ca_certs': r'C:\path\to\ca-chain.cert.pem',
'cert_reqs': ssl.CERT_REQUIRED
}
app.conf.broker_login_method = 'EXTERNAL'
...
请注意, broker_url
中没有用户名:密码,因为用户名是由客户端证书的属性决定的(并且用户必须预先存在于RabbitMQ服务器上,并且配置为无密码"),默认的SSL端口是5671(不是5672).
Note, there's no username:password in the broker_url
as the username is determined by attributes of the client certificate (and the user must be pre-existing on the RabbitMQ server, configured with "no password") and the default SSL port is 5671 (not 5672).
这篇关于如何使用SSL将芹菜连接到RabbitMQ的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!