api.consume against fedora endpoint hits permissions issue

[dustymabe]

Can I get a very simple api.consume example that works with fedora's endpoint? I can get the cli to work with the default callback using the docs here but I can't seem to get a simple api.consume() call working (not using twisted_consume) with fedora-messaging-1.6.0-1.fc30.noarch python3-fedora-messaging-1.6.0-1.fc30.noarch

[jeremycline]

Can you provide the code sample you're trying?

[dustymabe]

starting from a fresh f30 container:

# dnf install fedora-messaging
# cd /etc/fedora-messaging/
# cp fedora.toml config.toml

Then try to run the following:

#!/usr/bin/python3
from fedora_messaging import api

def process_message(msg):
    print(msg.topic)

def main():
#   # Next, we need a queue to consume messages from. We can define
#   # the queue and binding configurations in these dictionaries:
#   queues = {
#       'demo': {
#           'durable': False,  # Delete the queue on broker restart
#           'auto_delete': True,  # Delete the queue when the client terminates
#           'exclusive': False,  # Allow multiple simultaneous consumers
#           'arguments': {},
#       },
#   }
#   binding = {
#       'exchange': 'amq.topic',  # The AMQP exchange to bind our queue to
#       'queue': 'demo',  # The unique name of our queue on the AMQP broker
#       'routing_keys': ['pungi.compose.status.change'] # The topics that should be delivered to the queue
#   }

    # Start consuming messages using our callback. This call will block until
    # a KeyboardInterrupt is raised, or the process receives a SIGINT or SIGTERM
    # signal.
    api.consume(process_message)

if __name__ == '__main__':
    main()

[jeremycline]

And I assume there's no logging output (doesn't look like you're setting up logging).

My guess is that the permissions on the Fedora broker are clashing with the way the synchronous API is declaring exchanges or queues (the async and sync code are currently completely different).

Is there are reason you cannot use the CLI? It sets up logging, signal handlers, etc for you so you don't have to do that yourself. Obviously we need to fix api.consume, but I'm curious about your motives.

[dustymabe]

And I assume there's no logging output (doesn't look like you're setting up logging).

yeah didn't realize it wouldn't log by default. I thought it would since those settings are in the conf file.

My guess is that the permissions on the Fedora broker are clashing with the way the synchronous API is declaring exchanges or queues (the async and sync code are currently completely different).

ok I set up logging and now I get more info:

[root@4ad35fde9862 bin]# cat foo.py
#!/usr/bin/python3
from fedora_messaging import config, api, exceptions
import logging

# Set local logging
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)


def process_message(msg):
    print(msg.topic)

def main():
    config.conf.setup_logging()
    # Start consuming messages using our callback. This call will block until
    # a KeyboardInterrupt is raised, or the process receives a SIGINT or SIGTERM
    # signal.
    api.consume(process_message)

if __name__ == '__main__':
    main()
[root@4ad35fde9862 bin]#
[root@4ad35fde9862 bin]# ./foo.py
[INFO fedora_messaging._session] Authenticating with server using x509 (certfile: /etc/fedora-messaging/fedora-cert.pem, keyfile: /etc/fedora-messaging/fedora-key.pem)                                                                     
[INFO fedora_messaging._session] Connecting to rabbitmq.fedoraproject.org:5671
[INFO fedora_messaging._session] Successfully opened connection to rabbitmq.fedoraproject.org
[WARNING pika.channel] Received remote Channel.Close (403): "ACCESS_REFUSED - access to exchange 'amq.topic' in vhost '/public_pubsub' refused for user 'fedora'" on <Channel number=1 OPEN conn=<SelectConnection OPEN transport=<pika.adapters.utils.io_services_utils._AsyncSSLTransport object at 0x7f4857db6898> params=<URLParameters host=rabbitmq.fedoraproject.org port=5671 virtual_host=/public_pubsub ssl=True>>>
[INFO fedora_messaging._session] Channel <Channel number=1 CLOSED conn=<SelectConnection OPEN transport=<pika.adapters.utils.io_services_utils._AsyncSSLTransport object at 0x7f4857db6898> params=<URLParameters host=rabbitmq.fedoraproject.org port=5671 virtual_host=/public_pubsub ssl=True>>> closed (403): ACCESS_REFUSED - access to exchange 'amq.topic' in vhost '/public_pubsub' refused for user 'fedora'

Is there are reason you cannot use the CLI? It sets up logging, signal handlers, etc for you so you don't have to do that yourself. Obviously we need to fix api.consume, but I'm curious about your motives.

I think that might be a good discussion for a separate ticket. I'll open one soon and edit this comment to link back to it.

EDIT: Here is the issue I just opened: #173

[jeremycline]

Cool. That does look like a permissions issue. We should make the synchronous API behave the same as the async API in this respect.