I am trying to run a flower instance on a remote rabbitmq broker (running in kubernetes) to create a simple dashboard for monitoring purposes. But we want the rabbitmq user used by flower to have strictly readonly permissions because the dashboard is meant to be accessed by non-admin people for quick and autonomous visualization of their tasks, so we must ensure flower doesn't have any write access to the broker.
I have created a user myuser with the management role, and these permissions:
Virtual host
Configure regexp
Write regexp
Read regexp
myvhost
.*
However, launching flower fails even though authentication and authorization seems to function correctly:
2024-08-16 17:04:27.701518+00:00 [info] <0.14389.9> connection <0.14389.9> (REDACTED): user 'myuser' authenticated and granted access to vhost 'myvhost'
[...]
amqp.exceptions.AccessRefused: Exchange.declare: (403) ACCESS_REFUSED - access to exchange 'reply.celery.pidbox' in vhost 'myvhost' refused for user 'myvhost'
At this point, flower tries continuously the same thing and enters an infinite error loop.
Does flower absolutely need some write access to function correctly ? If so, where can I find the exact permission requirements for flower with rabbitmq as the broker ?
Thanks in advance.
To Reproduce
Steps to reproduce the behavior:
run RabbitMQ instance with a vhost named 'myvhost'
Create a RabbitMQ user myuser with permissions as described above ('management' role AND readonly permissions on the myvhost)
Create and use a local python venv with flower and celery installed
Run celery --broker=amqp://myuser:<myuser_password>@<server_url>:5672/myvhost flower
Expected behavior
Flower can correctly see myvhost's queues content without needing write access to the vhost
System information
Remote:
rabbitmq 3.11
Local:
python 3.12
flower 2.0.1
Describe the bug
I am trying to run a flower instance on a remote rabbitmq broker (running in kubernetes) to create a simple dashboard for monitoring purposes. But we want the rabbitmq user used by flower to have strictly readonly permissions because the dashboard is meant to be accessed by non-admin people for quick and autonomous visualization of their tasks, so we must ensure flower doesn't have any write access to the broker.
I have created a user
myuserwith themanagementrole, and these permissions:However, launching flower fails even though authentication and authorization seems to function correctly:
At this point, flower tries continuously the same thing and enters an infinite error loop.
Does flower absolutely need some write access to function correctly ? If so, where can I find the exact permission requirements for flower with rabbitmq as the broker ?
Thanks in advance.
To Reproduce Steps to reproduce the behavior:
myuserwith permissions as described above ('management' role AND readonly permissions on themyvhost)celery --broker=amqp://myuser:<myuser_password>@<server_url>:5672/myvhost flowerExpected behavior Flower can correctly see
myvhost's queues content without needing write access to the vhostSystem information Remote: rabbitmq 3.11 Local: python 3.12 flower 2.0.1