[英]How to connect celery to rabbitMQ using SSL
我正在嘗試使用 SSL 證書將 celery 與rabbitMQ 代理連接。
這是代碼:
from celery import Celery
import ssl
broker_uri = 'amqp://user:pwd@server:5672/vhost'
certs_conf = {
"ca_certs": "/certs/serverca/cacert.pem",
"certfile": "/certs/client/rabbit-cert.pem",
"keyfile": "/certs/client/rabbit-key.pem",
"cert_reqs": ssl.CERT_REQUIRED
}
app = Celery('tasks', broker=broker_uri)
app.conf.update(BROKER_USE_SSL=certs_conf)
app.send_task('task.name', [{'a': 1}])
當我嘗試執行此代碼時,出現以下異常:
Traceback (most recent call last):
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 36, in __call__
return self.__value__
AttributeError: 'ChannelPromise' object has no attribute '__value__'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test_send_task.py", line 44, in <module>
app.send_task('task.name', [message])
File "C:\Python36\lib\site-packages\celery\app\base.py", line 737, in send_task
amqp.send_task_message(P, name, message, **options)
File "C:\Python36\lib\site-packages\celery\app\amqp.py", line 558, in send_task_message
**properties
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 181, in publish
exchange_name, declare,
File "C:\Python36\lib\site-packages\kombu\connection.py", line 494, in _ensured
return fun(*args, **kwargs)
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 187, in _publish
channel = self.channel
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 209, in _get_channel
channel = self._channel = channel()
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 38, in __call__
value = self.__value__ = self.__contract__()
File "C:\Python36\lib\site-packages\kombu\messaging.py", line 224, in <lambda>
channel = ChannelPromise(lambda: connection.default_channel)
File "C:\Python36\lib\site-packages\kombu\connection.py", line 819, in default_channel
self.ensure_connection()
File "C:\Python36\lib\site-packages\kombu\connection.py", line 405, in ensure_connection
callback)
File "C:\Python36\lib\site-packages\kombu\utils\functional.py", line 333, in retry_over_time
return fun(*args, **kwargs)
File "C:\Python36\lib\site-packages\kombu\connection.py", line 261, in connect
return self.connection
File "C:\Python36\lib\site-packages\kombu\connection.py", line 802, in connection
self._connection = self._establish_connection()
File "C:\Python36\lib\site-packages\kombu\connection.py", line 757, in _establish_connection
conn = self.transport.establish_connection()
File "C:\Python36\lib\site-packages\kombu\transport\pyamqp.py", line 130, in establish_connection
conn.connect()
File "C:\Python36\lib\site-packages\amqp\connection.py", line 288, in connect
self.drain_events(timeout=self.connect_timeout)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 471, in drain_events
while not self.blocking_read(timeout):
File "C:\Python36\lib\site-packages\amqp\connection.py", line 477, in blocking_read
return self.on_inbound_frame(frame)
File "C:\Python36\lib\site-packages\amqp\method_framing.py", line 55, in on_frame
callback(channel, method_sig, buf, None)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 481, in on_inbound_method
method_sig, payload, content,
File "C:\Python36\lib\site-packages\amqp\abstract_channel.py", line 128, in dispatch_method
listener(*args)
File "C:\Python36\lib\site-packages\amqp\connection.py", line 368, in _on_start
b", ".join(self.mechanisms).decode()))
amqp.exceptions.ConnectionError: Couldn't find appropriate auth mechanism (can offer: AMQPLAIN, PLAIN; available: EXTERNAL)
在沒有 ssl 配置的情況下執行相同的代碼效果很好。 我缺少什么?
我可以使用配置了 SSL 的 pika 向代理發送消息,但我無法正確配置 Celery 以使用 SSL 將消息發送到同一個代理。
提前致謝。
嘗試使用設置:
broker_use_ssl=True
您還可以使用以amqps://...開頭的代理 URL 。
您需要啟用此插件: https : //github.com/rabbitmq/rabbitmq-auth-mechanism-ssl並將以下配置添加到 /etc/rabbitmq/rabbitmq.conf
auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
auth_mechanisms.3 = EXTERNAL
如果您只想要 ssl 連接,則僅添加 EXTERNAL。
如果您的服務器提供 EXTERNAL 身份驗證機制,則它可能已經支持 SSL 客戶端身份驗證。 但是,對於 Celery 客戶端,您需要一個額外的配置選項來使用 EXTERNAL(即 SSL)身份驗證:
app.conf.broker_login_method = 'EXTERNAL'
為了完整起見,有效的 celery 配置片段如下所示:
...
import ssl
app = Celery("some_name")
app.conf.broker_url = 'amqps://rabbitmq.example.com:5671/vhostname'
app.conf.broker_use_ssl = {
'keyfile': r'C:\path\to\private\box1-nopass.key.pem',
'certfile': r'C:\path\to\certs\box1.cert.pem',
'ca_certs': r'C:\path\to\ca-chain.cert.pem',
'cert_reqs': ssl.CERT_REQUIRED
}
app.conf.broker_login_method = 'EXTERNAL'
...
注意, broker_url
沒有 username:password 因為用戶名由客戶端證書的屬性決定(並且用戶必須預先存在於 RabbitMQ 服務器上,配置為“無密碼”)並且默認 SSL 端口為 5671(不是 5672)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.