如何使用SSL将芹菜连接到RabbitMQ [英] How to connect celery to rabbitMQ using SSL

问题描述

我正在尝试使用SSL证书将芹菜与RabbitMQ代理连接.

I'm trying to connect celery with a rabbitMQ broker using SSL certificates.

这是代码:

from celery import Celery
import ssl

broker_uri = 'amqp://user:pwd@server:5672/vhost'

certs_conf = {
    "ca_certs": "/certs/serverca/cacert.pem",
    "certfile": "/certs/client/rabbit-cert.pem",
    "keyfile": "/certs/client/rabbit-key.pem",
    "cert_reqs": ssl.CERT_REQUIRED
}

app = Celery('tasks', broker=broker_uri)
app.conf.update(BROKER_USE_SSL=certs_conf)

app.send_task('task.name', [{'a': 1}])

当我尝试执行此代码时，出现以下异常:

When I try to execute this code i get the following exception:

Traceback (most recent call last):
  File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 36, in __call__
    return self.__value__
AttributeError: 'ChannelPromise' object has no attribute '__value__'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "test_send_task.py", line 44, in <module>
    app.send_task('task.name', [message])
  File "C:\Python36\lib\site-packages\celery\app\base.py", line 737, in send_task
    amqp.send_task_message(P, name, message, **options)
  File "C:\Python36\lib\site-packages\celery\app\amqp.py", line 558, in send_task_message
    **properties
  File "C:\Python36\lib\site-packages\kombu\messaging.py", line 181, in publish
    exchange_name, declare,
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 494, in _ensured
    return fun(*args, **kwargs)
  File "C:\Python36\lib\site-packages\kombu\messaging.py", line 187, in _publish
    channel = self.channel
  File "C:\Python36\lib\site-packages\kombu\messaging.py", line 209, in _get_channel
    channel = self._channel = channel()
  File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 38, in __call__
    value = self.__value__ = self.__contract__()
  File "C:\Python36\lib\site-packages\kombu\messaging.py", line 224, in <lambda>
    channel = ChannelPromise(lambda: connection.default_channel)
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 819, in default_channel
    self.ensure_connection()
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 405, in ensure_connection
    callback)
  File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 333, in retry_over_time
    return fun(*args, **kwargs)
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 261, in connect
    return self.connection
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 802, in connection
    self._connection = self._establish_connection()
  File "C:\Python36\lib\site-packages\kombu\connection.py", line 757, in _establish_connection
    conn = self.transport.establish_connection()
  File "C:\Python36\lib\site-packages\kombu\transport\pyamqp.py", line 130, in establish_connection
    conn.connect()
  File "C:\Python36\lib\site-packages\amqp\connection.py", line 288, in connect
    self.drain_events(timeout=self.connect_timeout)
  File "C:\Python36\lib\site-packages\amqp\connection.py", line 471, in drain_events
    while not self.blocking_read(timeout):
  File "C:\Python36\lib\site-packages\amqp\connection.py", line 477, in blocking_read
    return self.on_inbound_frame(frame)
  File "C:\Python36\lib\site-packages\amqp\method_framing.py", line 55, in on_frame
    callback(channel, method_sig, buf, None)
  File "C:\Python36\lib\site-packages\amqp\connection.py", line 481, in on_inbound_method
    method_sig, payload, content,
  File "C:\Python36\lib\site-packages\amqp\abstract_channel.py", line 128, in dispatch_method
    listener(*args)
  File "C:\Python36\lib\site-packages\amqp\connection.py", line 368, in _on_start
    b", ".join(self.mechanisms).decode()))
amqp.exceptions.ConnectionError: Couldn't find appropriate auth mechanism (can offer: AMQPLAIN, PLAIN; available: EXTERNAL)

在没有ssl配置的情况下执行相同的代码效果很好.我想念的是什么?

Executing the same code without the ssl configuration works just well. What I'm missing?

我可以使用配置了SSL的pika将消息发送到代理，但是我无法正确配置Celery以使用SSL将消息发送到同一代理.

I can send messages to the broker using pika configured with SSL, but I can't manage to properly configure Celery to send messages to the same broker with SSL.

谢谢.

推荐答案

如果您的服务器提供了EXTERNAL身份验证机制，则它可能已经支持SSL客户端身份验证.但是对于Celery客户端，您需要一个附加的配置选项才能使用EXTERNAL(即SSL)身份验证:

Your server may already support SSL client authentication if it's offering the EXTERNAL authentication mechanism. For the Celery client however you need an additional configuration option to use EXTERNAL (i.e. SSL) authentication:

app.conf.broker_login_method = 'EXTERNAL'

为完整起见，有效的celery配置代码段如下所示:

For completeness, a valid celery configuration snippet would look like:

...
import ssl

app = Celery("some_name")

app.conf.broker_url = 'amqps://rabbitmq.example.com:5671/vhostname'

app.conf.broker_use_ssl = {
  'keyfile': r'C:\path\to\private\box1-nopass.key.pem',
  'certfile': r'C:\path\to\certs\box1.cert.pem',
  'ca_certs': r'C:\path\to\ca-chain.cert.pem',
  'cert_reqs': ssl.CERT_REQUIRED
}

app.conf.broker_login_method = 'EXTERNAL'
...

请注意， broker_url 中没有用户名:密码，因为用户名是由客户端证书的属性决定的(并且用户必须预先存在于RabbitMQ服务器上，并且配置为无密码")，默认的SSL端口是5671(不是5672).

Note, there's no username:password in the broker_url as the username is determined by attributes of the client certificate (and the user must be pre-existing on the RabbitMQ server, configured with "no password") and the default SSL port is 5671 (not 5672).

这篇关于如何使用SSL将芹菜连接到RabbitMQ的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！