rabbitmq 对虚拟主机的访问被拒绝
[英]rabbitmq access to vhost denied
问题描述
I set up a controller host with rabbitmq-server running.
我设置了一个运行rabbitmq-server 的控制器主机。 From the nova host, I see that the nova-conductor cannot be reached.从 nova 主机,我看到无法到达 nova 导体。 I checked on the controller host and I see the following in the logs :我检查了控制器主机,并在日志中看到以下内容:
access to vhost 'None' refused for user 'openstack'
I have the following configuration settings for rabbitmq on the controller host:我在控制器主机上对 rabbitmq 进行了以下配置设置:
rabbitmqctl list_users
Listing users ...
guest [administrator]
openstack []
When I list permissions I see openstack can access all resources当我列出权限时,我看到 openstack 可以访问所有资源
list_permissions
Listing permissions in vhost "/" ...
guest .* .* .*
openstack .* .* .*
I am able to authenticate with the rabbitmq-server - just unable to access the / vhost.我能够使用 rabbitmq-server 进行身份验证 - 只是无法访问 / vhost。 For debugging, I would like to set up so that any client can access any resource (turn off access control altogether).对于调试,我想设置为任何客户端都可以访问任何资源(完全关闭访问控制)。 Is that possible.那可能吗。
Thanks谢谢
3 个解决方案
解决方案1
1 2018-10-21 19:26:05
access to vhost 'None' refused for user 'openstack'
Something is trying to access a vhost named None , which doesn't exist.有些东西正试图访问一个名为None的虚拟主机,它不存在。 The default vhost is named / .默认虚拟主机名为/ 。 Since None is a keyword in Python I suspect there is an application bug or mis-configuration somewhere.由于None是 Python 中的关键字,我怀疑某处存在应用程序错误或配置错误。
It's not possible to disable access control so I suggest creating a well-known user and password to use.禁用访问控制是不可能的,所以我建议创建一个众所周知的用户和密码来使用。
解决方案2
1 已采纳 2018-10-22 02:14:15
This is caused by a relatively new change in either Kombu or oslo.messages .这是由Kombu或oslo.messages 中相对较新的更改引起的。 Previously if a virtual_host was not provided, it would default to / .以前,如果未提供 virtual_host,则默认为/ 。 This is no longer the case.这已不再是这种情况。
For it to work your transport_url needs to at the very least have one / at the end.要使其工作,您的transport_url至少需要在末尾有一个/ 。
transport_url = rabbit://stackrabbit:secretrabbit@127.0.0.1:5672/
You can take a look at for example devstack here as a reference.您可以在此处查看例如 devstack 作为参考。
The actual upstream fix for the issue is available here .该问题的实际上游修复可在此处获得。
解决方案3
0 2020-12-16 10:57:05
You can also send http requests to the vhost to get/set user permissions.您还可以向虚拟主机发送 http 请求以获取/设置用户权限。 You have to specify the host name as part of the url, but since the default vhost is '/' you have to substitute it for '%2F' ie http://<ip>:<port>/api/vhosts/%2F/permissions您必须将主机名指定为 url 的一部分,但由于默认 vhost 是“/”,因此您必须将其替换为“%2F”,即http://<ip>:<port>/api/vhosts/% 2F/权限
eg例如
curl -i -u guest:guest -h "content-type:application/json" -GET http://localhost:15672/api/permissions/%2F/guest
You can find a full list of api options by going to http://<ip>:<port>/api/index.html您可以通过访问http://<ip>:<port>/api/index.html找到完整的 api 选项列表
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.