此问题与49320158有关,我将尝试提供更多详细信息。
我正在尝试遵循教程First Step with Django,但是我需要添加TLS / SSL才能连接到RabbitMQ服务器v3.7.4。
我已经用pika 11.2测试了我的证书,并且可以连接。
但是celery无法连接,rabbitmq说'没有对等证书'。
如何指定或确保芹菜发出证书?
仅我的settings.py芹菜设置(django):
# celery settings
SSL_DIR = os.path.normpath(os.path.join(BASE_DIR, '../../ssl/client'))
CELERY_BROKER_USE_SSL = {
'keyfile': SSL_DIR + '/user-key.pem',
'certfile': SSL_DIR + '/user-cert.pem',
'ca_certs': SSL_DIR + '/default_cacert.pem',
'cert_reqs': ssl.CERT_REQUIRED
}
CELERY_BROKER_LOGIN_METHOD = "EXTERNAL"
CELERY_BROKER_URL = 'amqps://user@rabbitmqserver/vhost'
我的celery.py:
from __future__ import absolute_import, unicode_literals
import os
import ssl
from celery import Celery
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'webui.settings')
app = Celery('webui')
app.config_from_object('django.conf:settings',
silent=False, force=True, namespace='CELERY')
PROJ_DIR = os.path.dirname(os.path.dirname(__file__))
BASE_DIR = os.path.normpath(os.path.join(PROJ_DIR, '../../ssl/client'))
cert_conf = {
"ca_certs": BASE_DIR + "default-cacert.pem",
"certfile": BASE_DIR + "user-cert.pem",
"keyfile": BASE_DIR + "user-key.pem",
"cert_reqs": ssl.CERT_REQUIRED
}
# try manually setting the BROKER_USE_SSL
app.conf.update(BROKER_USE_SSL=cert_conf)
# try enabling message signing, too
app.conf.update(
security_key=BASE_DIR+'user-key.pm',
security_certificate=BASE_DIR+'user-cert.pem',
security_cert_store=BASE_DIR+'*.pem',
)
app.setup_security()
# Load task modules from all registered Django app configs.
app.autodiscover_tasks()
@app.task(bind=True)
def debug_task(self):
print('Request: {0!r}'.format(self.request))
芹菜堆栈跟踪:
[2018-06-22 12:04:07,628: CRITICAL/MainProcess] Unrecoverable error: AccessRefused(403, u'ACCESS_REFUSED - Login was refused using authentication mechanism EXTERNAL. For details see the broker logfile.', (0, 0), u'')
Traceback (most recent call last):
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/worker.py", line 205, in start
self.blueprint.start(self)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/bootsteps.py", line 119, in start
step.start(parent)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/bootsteps.py", line 369, in start
return self.obj.start()
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/consumer/consumer.py", line 322, in start
blueprint.start(self)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/bootsteps.py", line 119, in start
step.start(parent)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/consumer/connection.py", line 23, in start
c.connection = c.connect()
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/consumer/consumer.py", line 409, in connect
conn = self.connection_for_read(heartbeat=self.amqheartbeat)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/consumer/consumer.py", line 416, in connection_for_read
self.app.connection_for_read(heartbeat=heartbeat))
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/celery/worker/consumer/consumer.py", line 440, in ensure_connected
callback=maybe_shutdown,
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/connection.py", line 405, in ensure_connection
callback)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/utils/functional.py", line 332, in retry_over_time
return fun(*args, **kwargs)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/connection.py", line 261, in connect
return self.connection
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/connection.py", line 802, in connection
self._connection = self._establish_connection()
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/connection.py", line 757, in _establish_connection
conn = self.transport.establish_connection()
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/kombu/transport/pyamqp.py", line 130, in establish_connection
conn.connect()
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/connection.py", line 308, in connect
self.drain_events(timeout=self.connect_timeout)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/connection.py", line 491, in drain_events
while not self.blocking_read(timeout):
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/connection.py", line 497, in blocking_read
return self.on_inbound_frame(frame)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/method_framing.py", line 55, in on_frame
callback(channel, method_sig, buf, None)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/connection.py", line 501, in on_inbound_method
method_sig, payload, content,
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/abstract_channel.py", line 128, in dispatch_method
listener(*args)
File "/home/username/.virtualenvs/edi/local/lib/python2.7/site-packages/amqp/connection.py", line 623, in _on_close
(class_id, method_id), ConnectionError)
AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism EXTERNAL. For details see the broker logfile.
rabbitmq.conf:
listeners.ssl.default = 0.0.0.0:5671
ssl_options.cacertfile = /etc/rabbitmq/ssl/server/default-cacert.pem
ssl_options.certfile = /etc/rabbitmq/ssl/server/rabbitmqserver-cert.pem
ssl_options.keyfile = /etc/rabbitmq/ssl/server/rabbitmqserver-key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
ssl_options.depth = 2
ssl_options.versions.1 = tlsv1.2
ssl_options.versions.2 = tlsv1.1
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
ssl_options.secure_renegotiate = true
ssl_cert_login_from = common_name
auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
auth_mechanisms.3 = EXTERNAL
log.syslog.level = info
log.file.level = info
RabbitMQ日志:
2018-06-22 20:04:07.604 [info] <0.22240.0> accepting AMQP connection <0.22240.0> (192.168.56.1:43780 -> 192.168.56.252:5671)
2018-06-22 20:04:07.607 [error] <0.22240.0> Error on AMQP connection <0.22240.0> (192.168.56.1:43780 -> 192.168.56.252:5671, state: starting):
EXTERNAL login refused: no peer certificate
2018-06-22 20:04:07.608 [info] <0.22240.0> closing AMQP connection <0.22240.0> (192.168.56.1:43780 -> 192.168.56.252:5671)