We Keep Coding

How to get user accessible queues in YARN?

I use typical stack YARN/Ranger with atomic policies for accessing YARN queues. Having Hadoop user access, how to get list of queues that user has access to? I can see how it's usually done from admin side, but what about user? I went through yarn APIs, but found nothing. Ranger - user usually doesn't have enough permissions to get more details about itself. Is the only way to do it is to bruteforce all queues in cluster until u find accessible one?

Unfortunately, the user queue policy is not visible through the REST APIs for Fair Scheduler. You can double-check by running:
curl RM-ADDR:PORT/ws/v1/cluster/scheduler
but looking at ResourceManager REST API’s:Cluster Scheduler API I think you're out of luck.
If you use Ambari or Cloudera Manager, those might have APIs that will allow you to download the Fair Scheduler's XML file.

How can I use RabbitMQ user access management in iAPC?

I'm setting up a new RabbitMQ service in iAPC (Swisscom app cloud) and I need to control the user access of the different producer/consumer application.
My access control requirement:
Application A can only write to queue X.
Application B can only read from queue X.
RabbitMQ provides usually user management functionalities. However, the whole user management in the admin section, RabbitMQ management GUI, is not available.
What solution does exist in iAPC to manage read/write permissions for different applications which have an app binding?
Is it even possible to setup different users?

I believe there is no way to add additional users in these managed RabbitMQ service deployments provided by Swisscom. This is quite similar across all of the available shared services (e.g. ElasticSearch or MariaDB) which come with a preset of defined users. I assume that this is true because those are actually shared services (as opposed to dedicated ones), where there may be authentication / security concerns if you are allowed to administer existing users.
For anyone who is interested the way to access your RabbitMQ CloudFoundry service admin interface via the provided environment parameters to see what is possible:
bind your RabbitMQ service to a running app instance (e.g. MY-APP)
look at the environment of that app with cf env MY-APP
tunnel the RabbitMQ management port to your localhost:
cf ssh -N -T -L 15000:rabbitmq.service.consul:15672 MY-APP
open a webbrowser and look at http://localhost:15000
Use the Username and Password you found in step (2) under rabbitmqent > credentials > management to log in

RabbitMQ user with no access to management UI but can publish and subscribe

We are accessing rabbitMQ using a username and password (other than admin). I was wondering if I could create a user with no management UI access but can publish and subscribe to topics this would greatly increase the security of the application which we are building, in case the credentials are compromised nobody will be able to login through management UI.
Is there any way I can create a user with no management UI access but still will be able to publish and subscribe to topics?
RabbitMQ version: 3.7.10
Erlang 21.2.3
protocol: MQTT

Create the user without the required tags for management access. This is documented here: https://www.rabbitmq.com/management.html
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.

As said management should be the right role for this case
rabbitmqctl set_user_tags username management

How is erlang.cookie and rabbitmq related?

I have accidentally deleted erlang.cookie and i cannot restart RabbitMQ server? What is the best way to make the server running again.

The erlang cookie is a token needed by rabbitmq to use clustering. That's why he is required on server start.
Go to /var/lib/rabbitmq and check if .erlang.cookie is still here.
If not, try running
rabbitmqctl shutdown
rabbitmq-server
Considering the erlang doc this should regenerate your cookie.
The first action of the Erlang network authentication server (auth) is then to read a file named $HOME/.erlang.cookie. If the file does not exist, it is created.
If this doesn't work, try to reboot the host, and if this still doesn't work can you post more details about the error message, and run
rabbitmqctl status
and show us what it gives you.

Celery and Flower: nothing in broker tab

I'm trying to configure Flower, Celery's monitoring tool. This works ok overall, but I cannot see anything under the broker tab. I can see stuff under "workers", 'tasks' and 'monitor' and the graphs are updating. I'm using the following to start flower:
celery flower --broker=amqp://<username>:<password>#<ipaddress>:5672/vhost_ubuntu --broker_api=http://<username>:<password>#<ipaddress>:15672/api
Relevant error message I'm receiving is: Unable to get broker info: 401 Client Error: Unauthorized
I can login to RabbitMQ management via http://:15672/ with username guest and password guest
Any ideas as to why I can't see the messages under the broker tab?

This reply might be a few years too late, but I finally figured out why I was having the same issue. Once you enable the rabbitmq_management plugin, you need to give the user that you are using to connect to rabbitmq permission to use it. At heart, the rabbitmq-management plugin gives you a user interface to check on your amqp server, if you credentials work to login to the portal they should work with the API once the administrator tag is added.
sudo rabbitmqctl set_user_tags <username> administrator

You need to enable flower to access rabbitmq. For that run these commands in your terminal
sudo rabbitmq-plugins enable rabbitmq_management
sudo service rabbitmq-server restart
Also make sure that current user has relevant permissions on rabbitmq.
Now if you run flower, it should show the broker.
Also there is a bug in older version of tornado. Make sure to upgrage tornado so that flower works properly.
pip install --upgrade tornado