rabbitmq-shovel

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

rabbitmq-shovel

Mark Lin-3
Wanted to get shovel to work, but am getting

{amqp_error,access_refused,
                            "access to vhost 'vtest' refused for user 'shovel'",
                            'connection.open'}}

from the rabbit server.  

I am sure the username and password are correct.  From the bql security document, http://www.rabbitmq.com/rabbitmq-bql.html#bql-security-rules, showing the exact same error, it seems that I HAVE to use bql to grant permission to amq.default(which doesn't actually exist on the OSX 1.7.0 build of rabbitmq).  Instead of trying to get bql to work, I want to make sure I am heading toward the right direction.  Would appreciate any pointer from folks who have it working.


By the way, the version of rabbitmq-shovel I downloaded via hg has a few parameter modifications differ from given example in the blog:

From rabbitmq-shovel/src/rabbit_shovel_sup.erl
reconnect becomes reconnect_delay
qos becomes prefetch_count

And this is not a valid parameter:
{delivery_mode, keep},


Thanks,
Mark
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: rabbitmq-shovel

Scott Brooks-4
I haven't used that shovel yet, but do you need to set the vhost to /vtest rather then vtest?

I'm not sure if it's stripping the / or not.

Scott Brooks

On Wed, Apr 21, 2010 at 6:46 PM, Mark Lin <[hidden email]> wrote:
Wanted to get shovel to work, but am getting

{amqp_error,access_refused,
                           "access to vhost 'vtest' refused for user 'shovel'",
                           'connection.open'}}

from the rabbit server.

I am sure the username and password are correct.  From the bql security document, http://www.rabbitmq.com/rabbitmq-bql.html#bql-security-rules, showing the exact same error, it seems that I HAVE to use bql to grant permission to amq.default(which doesn't actually exist on the OSX 1.7.0 build of rabbitmq).  Instead of trying to get bql to work, I want to make sure I am heading toward the right direction.  Would appreciate any pointer from folks who have it working.


By the way, the version of rabbitmq-shovel I downloaded via hg has a few parameter modifications differ from given example in the blog:

From rabbitmq-shovel/src/rabbit_shovel_sup.erl
reconnect becomes reconnect_delay
qos becomes prefetch_count

And this is not a valid parameter:
{delivery_mode, keep},


Thanks,
Mark
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: rabbitmq-shovel

Matthias Radestock-3
In reply to this post by Mark Lin-3
Mark,

Mark Lin wrote:
> Wanted to get shovel to work, but am getting
>
> {amqp_error,access_refused, "access to vhost 'vtest' refused for user
> 'shovel'", 'connection.open'}}
>
> from the rabbit server.
>
> I am sure the username and password are correct.

Have you granted the 'shovel' user access to the vhost 'vtest'? See
http://www.rabbitmq.com/admin-guide.html#set_permissions - so something like
   rabbitmqctl set_permissions -p vtest shovel ".*" ".*" ".*"
should do the trick.

> From the bql security document,
> http://www.rabbitmq.com/rabbitmq-bql.html#bql-security-rules, showing
> the exact same error, it seems that I HAVE to use bql ...

No, you don't have to use bql; rabbitmqctl (which ships with the broker)
is all you need.

> to grant permission to amq.default(which doesn't actually exist on
> the OSX 1.7.0 build of rabbitmq).

'amq.default' is a pseudonym for the otherwise nameless default
exchange. From http://www.rabbitmq.com/admin-guide.html#access-control ...

"For convenience RabbitMQ maps AMQP's default exchange's blank name to
'amq.default' when performing permission checks."

Whether or not the shovel user needs access to the default exchange
depends on the rest of your shovel configuration. But in any case the
".*" regexps in the above set_permissions call will cover that.

> By the way, the version of rabbitmq-shovel I downloaded via hg has a
> few parameter modifications differ from given example in the blog.

The shovel, like the rest of the code base, is evolving, so for the most
up to date documentation always refer to the docs shipped with the code,
i.e. http://hg.rabbitmq.com/rabbitmq-shovel/file/default/README in this
case.


Regards,

Matthias.

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: rabbitmq-shovel

Mark Lin-3
Thank you!  It turns out my vhost name actually has "/" in the name. So I was specifying the wrong vhost name all along.  I guess since the default  vhost is "/", I was looking at it like uri, so I had to create vhost preceded by "/".  

Always helpful to have another pair of eyes looking at the problem.  


Two quick questions, is it possible to define multiple queue.bind in the same declaration?  This is to shovel traffic from multiple exchanges.    And can we use the Most-Recently-Declared-Queue in the resource definition and NOT have it persistent so if shovel dies, the queue dies with it instead of accumulate messages?


Thanks again,
Mark, happy shoveling.


On Apr 21, 2010, at 11:40 PM, Matthias Radestock wrote:

Mark,

Mark Lin wrote:
Wanted to get shovel to work, but am getting

{amqp_error,access_refused, "access to vhost 'vtest' refused for user
'shovel'", 'connection.open'}}

from the rabbit server.

I am sure the username and password are correct.

Have you granted the 'shovel' user access to the vhost 'vtest'? See
http://www.rabbitmq.com/admin-guide.html#set_permissions - so something like
  rabbitmqctl set_permissions -p vtest shovel ".*" ".*" ".*"
should do the trick.

From the bql security document,
http://www.rabbitmq.com/rabbitmq-bql.html#bql-security-rules, showing
the exact same error, it seems that I HAVE to use bql ...

No, you don't have to use bql; rabbitmqctl (which ships with the broker)
is all you need.

to grant permission to amq.default(which doesn't actually exist on
the OSX 1.7.0 build of rabbitmq).

'amq.default' is a pseudonym for the otherwise nameless default
exchange. From http://www.rabbitmq.com/admin-guide.html#access-control ...

"For convenience RabbitMQ maps AMQP's default exchange's blank name to
'amq.default' when performing permission checks."

Whether or not the shovel user needs access to the default exchange
depends on the rest of your shovel configuration. But in any case the
".*" regexps in the above set_permissions call will cover that.

By the way, the version of rabbitmq-shovel I downloaded via hg has a
few parameter modifications differ from given example in the blog.

The shovel, like the rest of the code base, is evolving, so for the most
up to date documentation always refer to the docs shipped with the code,
i.e. http://hg.rabbitmq.com/rabbitmq-shovel/file/default/README in this
case.


Regards,

Matthias.


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: rabbitmq-shovel

Matthew Sackman
On Thu, Apr 22, 2010 at 11:40:18AM -0700, Mark Lin wrote:
> Two quick questions, is it possible to define multiple queue.bind in
> the same declaration?.

Yes. There are no restrictions on the declarations at all.

>  And can we use the Most-Recently-Declared-Queue in the resource definition and NOT have it persistent so if shovel dies, the queue dies with it instead of accumulate messages?

Yes. When you declare the queue, make sure you set the auto-delete flag.

Matthew

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: rabbitmq-shovel

Matthew Sackman
In reply to this post by Scott Brooks-4
On Wed, Apr 21, 2010 at 07:12:21PM -0600, Scott Brooks wrote:
> I'm not sure if it's stripping the / or not.

Yes. This is probably the most unsavoury part of the schema. The problem
is that a) we need to support vhosts that start with / and that don't
start with /; b) the default vhost is /

Thus:

amqp://user:pass@host/   => vhost = /
amqp://user:pass@host//  => vhost = /
amqp://user:pass@host/a  => vhost = a
amqp://user:pass@host//a => vhost = /a

So basically, the first / is definitely just a separator, so if your
vhost is not / but does start with a /, then you need to add another /.
The confusion arises because the separator is / and the default vhost is
also /

Matthew

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss