[rabbitmq-discuss] Multiple local-usernames for federation

Simon MacMullen simon at rabbitmq.com
Tue May 14 14:46:10 BST 2013

On 14/05/13 14:24, Roman Gaufman wrote:
> Yes but I want it biodirectional, I tried to simplify the example, but I
> guess that wasn't helpful.

Ah, got it.


> They each have a RabbitMQ instance, on each one I do:
>  1. Create vhost: oracle
>  2. Create new users: moscow:password, london:password, cloud:password
>  3. Set permissions for all users for the oracle vhost: .* .* .*
>  4. Set local username and nodename
>      1. Cloud: rabbitmqctl -p oracle set_parameter federation
>         local-username '"Cloud"'
>      2. London: rabbitmqctl -p oracle set_parameter federation
>         local-nodename '"London"'
>      3. Moscow: rabbitmqctl -p oracle set_parameter federation
>         local-nodename '"Moscow"'

So here you are setting the local-username to "Cloud", but 
local-nodename to "London" / "Moscow". Is that another simplification? 
Is that happening on the same machine?

<snip> the rest of the configuration looks reasonable.

> Now the problem comes when I set a federation upstream on the "Local"
> servers (London and Moscow), I want to have a different
> username/password on each. But it seems the "Cloud" upstream must always
> have the same username/password? - Unless I am misunderstanding something?

I'm afraid it's still not tremendously clear what you are asking here. 
If you want "London" to connect to "Cloud" using one username and 
"Moscow" to connect to "Cloud" with another, then you can do that - just 
set the usernames / passwords in the URLs differently.

> Yes, I did all that, but I want to federate in both directions. If I do
> the above, all messages I write to the Local servers (London, Moscow) I
> can consume on the Cloud server, however if I write from the Cloud
> server, I cannot consume the messages on the Local servers.
> To do that, I need to add federation upstreams on the local servers:
> rabbitmqctl set_parameter federation-upstream Cloud
> '{"uri":"amqp://london:password@
> <http://london:password@>"}'
> rabbitmqctl set_parameter federation-upstream Cloud
> '{"uri":"amqp://moscow:password@
> <http://moscow:password@>"}'
> But I cannot do that because RabbitMQ only accepts a single
> local-username :( - Am I missing something?

Ah - I think I understand what you are missing. Do you think 
local-username must correspond to the username set in another server's 
upstream URL? That's not the case.

The remote username(s) (i.e. the ones in the upstream URLs) need to be 
valid users in the upstream host. I think you have that right.

The local-username just needs to exist locally and be able to publish 
messages; it's used to republish messages that have been received from a 
remote host. *It does not need to correspond to anything else*.

The fact that you are seeing {error,user_does_not_exist} on a certain 
host means that you have set the local-username to the name of a user 
that does not exist on that host. Or that you have not set it, it;s 
defaulting to "guest", and "guest" does not exist.

Does this make sense?

Cheers, Simon
Simon MacMullen
RabbitMQ, Pivotal

More information about the rabbitmq-discuss mailing list