Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leek says my broker isnt reachable due to broker_management is_alive check failure #86

Open
merc1031 opened this issue Jun 26, 2024 · 1 comment
Open

Leek says my broker isnt reachable due to broker_management is_alive check failure #86

merc1031 opened this issue Jun 26, 2024 · 1 comment

Comments

@merc1031
Copy link

Describe the bug
Not 100% sure this is a bug, but the celery user by default does not have access to the aliveness-check api. so When the broker_management client calls is_alive it seems to fail and claim that my broker is not reachable.

I tried it from inside the running leek container

>>> import kombu
>>> c = kombu.connection.Connection("amqp://celery:<redacted>@rabbitmq.service.consul:5672/celery")
>>>
>>> c.ensure_connection(max_retries=2)
<Connection: amqp://celery:**@rabbitmq.service.consul:5672/celery at 0x7f415ae0f7f0>
>>> c.release()

>>> c = AMQPClient("rabbitmq.service.consul:15672", "celery", <redacted>, scheme="http", verify=False)
>>> c.is_alive()
Traceback (most recent call last):
  File "/opt/venv/lib/python3.8/site-packages/pyrabbit2/api.py", line 124, in _call
    resp = self.http.do_call(path, method, body, headers, params)
  File "/opt/venv/lib/python3.8/site-packages/pyrabbit2/http.py", line 110, in do_call
    raise HTTPError(content, resp.status_code, resp.text, path, body)
pyrabbit2.http.HTTPError: 401 - {"error":"not_authorised","reason":"User not authorised to access virtual host"} (User not authorised to access virtual host) (aliveness-test/%2F) (None)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/venv/lib/python3.8/site-packages/pyrabbit2/api.py", line 260, in is_alive
    resp = self._call(uri, 'GET')
  File "/opt/venv/lib/python3.8/site-packages/pyrabbit2/api.py", line 127, in _call
    raise PermissionError('Insufficient permissions to query ' +
pyrabbit2.api.PermissionError: Insufficient permissions to query aliveness-test/%2F with user celery :401 - {"error":"not_authorised","reason":"User not authorised to access virtual host"} liveness-test/%2F) (None)

Is there any workaround / other way to check if the broker_management_url is reeachable that wouldnt involve giving my production celery user more vhost access?

Additionally, the responses in the ui dont indicate if its the broker_management that is unreachable or the broker, it seems to return a generic "broker" unreachable message.
@pedrodevoto
Copy link

@merc1031 were you able to solve this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@merc1031 @pedrodevoto