fedora-infrastructure

Clone
Source Code
GIT

#9386 Cannot connect to public broker.
Closed: Fixed 4 years ago by astepano. Opened 4 years ago by astepano.

Closed: Fixed
Reopen Issue

Hello, I am following : https://fedora-messaging.readthedocs.io/en/latest/quick-start.html#fedora-s-public-broker

Consumers says:

Error: Channel closed by server: 403 (ACCESS-REFUSED) with message "ACCESS_REFUSED - access to exchange 'amq.topic' in vhost '/public_pubsub' refused for user 'fedora'"

It seems server recognizes user fedora.

Consumer is written in JS node.

Similar issues: https://github.com/fedora-infra/fedora-messaging/issues/190

Code:

// Options for full client and server verification:
const broker = cfg.broker['fedora']
// url: 'amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub'
const socketOptions = {
  cert: fs.readFileSync(broker.certfile),
  key: fs.readFileSync(broker.keyfile),
  ca: [fs.readFileSync(broker.ca_cert)],
  //clientProperties : {},
  credentials: amqp.credentials.external(),
};

async function start() {
    try {
        var conn = await amqp.connect(broker.url, socketOptions);
    } catch (error) {
        throw new Error('Whoops! Cannot create connection.')
    }
    process.on('SIGINT', conn.close.bind(conn));
    try {
        var channel = await conn.createChannel();
    } catch (error) {
        throw new Error('Whoops! Cannot create channel.')
    }
    var exchange1 = 'amq.topic';
    const queue_name = uuidv4();
    channel.assertExchange(exchange1, 'topic', {durable: false});
    const queue = await channel.checkQueue(queue_name);
    .... at this place server closes connection ....

Metadata Update from @pingou:
- Issue tagged with: rabbitmq
4 years ago

I tried also with passive: true as described at https://fedora-infra-docs.readthedocs.io/en/latest/dev-guide/messaging.html#pubsub-virtual-host:

In consumer:

channel.assertExchange(exchange1, 'topic', {durable: true, passive: true, autoDelete: true, exclusive: true});

I tried all possible combinations for durable , passive, exclusive

It fails with the same result:

Error: Channel closed by server: 403 (ACCESS-REFUSED) with message "ACCESS_REFUSED - access to exchange 'amq.topic' in vhost '/public_pubsub' refused for user 'fedora'"

Please help.

sounds like a cert issue, could it be?

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops
4 years ago

If I change cert-file, say make it wrong, that error message is completely different: 

(node:25628) UnhandledPromiseRejectionWarning: Error: Whoops! Cannot create connection.
    at start (/home/andrei/osci/kai/fetchv2/js/listener.js:32:15)
(node:25628) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:25628) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

I think with cert is all OK. Server recognizes user fedora.

But this user cannot access exchange amq.topic in vhost /public_pubsub.

Oh, try with %2Fpublic_pubsub instead of /public_pubsub to see if that changes something

I tried, same error. Actually url is:

 url: 'amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub',

From: https://fedora-messaging.readthedocs.io/en/stable/quick-start.html#fedora-s-public-broker it has url: amqps://rabbitmq.fedoraproject.org/%2Fpublic_pubsub

Maybe there is some logs on server side? Thank you!

Connection URL has correct virtual host. Any change in virtual-host name %2Fpublic_pubsub says: Cannot create connection. With virtual host %2Fpublic_pubsub it connects succesfully. But no access to exchange amq.topic. Hm

Using the python client, it works fine for me, :(

https://github.com/fedora-infra/fedora-messaging/issues/190 was also about issues to connect outside of the usual library, I'm not seeing much hints in it though :(

Okay, it works for me.
Solution: do not touch exchange from consumer, not even verify if it exists.

Examples from https://github.com/squaremo/amqp.node/blob/master/examples/tutorials/receive_logs_topic.js#L18

has code:

    var ok = ch.assertExchange(ex, 'topic', {durable: false});

Just comment that line + remove it from initialization sequence in consumer.
This is not obvious. Especially if you take official library examples :-)
Solution: Do not verify in fedora consumer if broker has exchange amq.topic + amq.topic.

@pingou thank you for your comments.

Oh, cool you got it working!

Should we close as fixed?

Metadata Update from @astepano:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Thanks for getting back to us on this with the info btw :)

Log in to comment on this ticket.

Metadata
None

rabbitmq medium-gain ops medium-trouble

None
None
Waiting on Assignee
Boards 1
ops Status: Done
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.