我从源代码安装了最新版本的 Erlang 和 RabbitMQ:
- Erlang/OTP 22 [erts-10.4.4] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1]
- RabbitMQ 3.7.17
- Ubuntu 18.04
- Python 3.6.7
- 芹菜 4.3.0
我的 /etc/rabbitmq/rabbitmq.config
[
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
{rabbit,
[
{tcp_listeners, [{"127.0.0.1", 5672}]},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/usr/local/share/ca-certificates/ca.crt"},
{certfile, "/usr/local/share/ca-certificates/server.crt"},
{keyfile, "/usr/local/share/private/server.key"},
{versions, ['tlsv1.2', 'tlsv1.1']},
{verify, verify_peer},
{fail_if_no_peer_cert, true}
]},
{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']}
]
}
].
我已经验证了这些.crt并且.key实际上是.pem格式的。这是我的celeryconfig.py:
import ssl
broker_url="amqps://USER:PASSWORD@rabbit-endpoint.com:5671//"
result_backend="I am using postgresql"
include=["my_tasks.py"]
task_acks_late=True
worker_prefetch_multiplier=1
worker_max_tasks_per_child=25
timezone="UTC"
broker_use_ssl={'keyfile': 'beep.key', 'certfile': 'beep.crt', 'ca_certs': 'boop.crt', 'cert_reqs': ssl.CERT_REQUIRED}
每当我启动我的芹菜工人时。我收到这条消息:
consumer: Cannot connect to amqps://USER:**@rabbit-endpoint.com:5671//: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:847).
我读到由于一些漏洞,最新版本的 Erlang/RabbitMQ 不应该接受 SSLv3,所以我不确定 Celery 为什么要尝试使用 SSLv3 进行身份验证。