🎄 Happy Holidays! 🥳

Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.

Happy Holidays!

Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.

Failed to create consumer binding Error

sdeveloper
sdeveloper Member Posts: 8
edited October 2022 in General Discussions #1

Hi Team,

I am using Spring Cloud Stream (spring-cloud-starter-stream-solace.2.0.0-string-serialization and sol-jcsmp.10.13.0) to send and consume messages with Solace VPN. I am able to publish and consume the message, but I get below continuous error in my log file with corresponding increase in the bind count.

o.s.cloud.stream.binding.BindingService : Failed to create consumer binding; retrying in 30 seconds 
org.springframework.cloud.stream.binder.BinderException: Exception thrown while starting consumer: 
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:461) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:90) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binder.AbstractBinder.bindConsumer(AbstractBinder.java:143) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binding.BindingService.doBindConsumer(BindingService.java:176) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binding.BindingService.bindConsumer(BindingService.java:133) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binding.AbstractBindableProxyFactory.createAndBindInputs(AbstractBindableProxyFactory.java:112) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
at org.springframework.cloud.stream.binding.InputBindingLifecycle.doStartWithBindable(InputBindingLifecycle.java:58) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE]
....
at org.springframework.boot.loader.Launcher.launch(Launcher.java:109) ~[app/:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[app/:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[app/:na]
Caused by: com.solacesystems.jcsmp.AccessDeniedException: Permission Not Allowed - Queue 'XXX.TRADE.ACK.NACK.RTT.IN' - Topic 'XXX.TRADE.ACK.NACK.RTT'
at com.solacesystems.jcsmp.impl.SessionModeSupportClient.performSmpReq(SessionModeSupportClient.java:278) ~[sol-jcsmp-10.13.0.jar:na]
at com.solacesystems.jcsmp.impl.SessionModeSupportClient.addSubscription(SessionModeSupportClient.java:230) ~[sol-jcsmp-10.13.0.jar:na]
at com.solacesystems.jcsmp.impl.JCSMPBasicSession.addSubscription(JCSMPBasicSession.java:908) ~[sol-jcsmp-10.13.0.jar:na]
at com.solace.spring.cloud.stream.binder.provisioning.SolaceQueueProvisioner.addSubscriptionToQueue(SolaceQueueProvisioner.java:155)

Below is the corresponding log message we see on the Solace side:

0500 <local3.notice> appwpcuteai21 event: CLIENT: CLIENT_CLIENT_CREATE_ENDPOINT_FAILED: uatvpn83 9274705d-0312-470c-5d52-1fa6/17/03a80001/jlG2lbsfkc Client (2377) 9274705d-0312-470c-5d52-1fa6/17/03a80001/jlG2lbsfkc username xxx-pcf-dev.xxxx.com Create Durable Queue XXX.TRADE.ACK.NACK.RTT.IN: AccessType (Non-Exclusive), Quota (200MB), MaxMessageSize (0B), AllOthersPermission(Read|Consume), RespectTTL(Unspecified), RejectMsgToSenderOnDiscard(Unspecified), MaxRedelivery(0), failed, reason: Already Exist

I have all the required properties set in the configuration (provisionDurableQueue and provisionSubscriptionsToDurableQueue set to false)

spring:
 cloud:
  stream:
   defaultBinder: kafka-broker
   bindings:
    rttTradePublisher:
     destination: "#P2P/QUE/XXX.TRADE.INSTR.RTT.OUT"
     content-type: "text/plain;charset=utf-8"
     binder: solace-broker
    rttResponseSubscriber:
     content-type: "text/xml;charset=utf-8"
     consumer:
      max-attempts: 2
      backOffMaxInterval: 43200000
     destination: XXX.TRADE.ACK.NACK.RTT
     group: IN
     binder: solace-broker
    rttResponseSubscriberDMQ:
     consumer:
      max-attempts: 2147483647
      backOffMaxInterval: 43200000
     destination: XXX.TRADE.ACK.NACK.RTT.IN
     group: dmq
     binder: solace-broker
   solace:
    bindings:
     rttTradePublisher:
      producer:
       provisionDurableQueue: false
       provisionSubscriptionsToDurableQueue: false
       msgInternalDmqEligible: true
     rttResponseSubscriber:
      consumer:
       autoBindDmq: true
       provisionDmq: false
       provisionDurableQueue: false
       provisionSubscriptionsToDurableQueue: false
     rttResponseSubscriberDMQ:
      consumer:
       provisionDurableQueue: false
       provisionSubscriptionsToDurableQueue: false		  

The environment specific configuration has details related to Solace infrastructure:

spring:
 cloud:
  stream:
   binders:
    solace-broker:
     type: solace
     environment:
      solace:
       java:
        host: tcps://xxxxxxx.xxxx.com:55443
        msgVpn: uatvpn83
        connectRetries: -1
        reconnectRetries: -1
        apiProperties:
         AUTHENTICATION_SCHEME: AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE
         SSL_KEY_STORE: ${vcap.services.xxx-credentials-service.credentials.keyStore}
         SSL_KEY_STORE_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword}
         SSL_PRIVATE_KEY_ALIAS: ${vcap.services.xxx-credentials-service.credentials.keyAlias}
         SSL_PRIVATE_KEY_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword}
         SSL_TRUST_STORE: ${vcap.services.xxx-credentials-service.credentials.keyStore}
         SSL_TRUST_STORE_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword}

I am able to consume message from XXX.TRADE.ACK.NACK.RTT. But it keeps on tring to create queue and bind count keeps on increase. Could you please review and give any pointer that may help me? Your help much appreciated.

Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Hi @sdeveloper,

    If provisionDurableQueue is disabled it shouldn't be trying to provision the queues so my guess is something is off in the spacing of the yaml (such a pain sometimes!) or I'm wondering if the issue is that you don't have the -in-0 on the end of your binding names. Are you use Spring Cloud Functions to define your functions or are you using the older annotation based way? If using functions can you try to make your binding names in the config rttResponseSubscriber-in-0 and rttResponseSubscriberDMQ-in-0 ? That should match the first input for your rttResponseSubscriber function and your rttResponseSubscriberDMQ function. Which I would also have expected to see defined under spring.cloud.function.definition in the config

  • sdeveloper
    sdeveloper Member Posts: 8
    edited October 2022 #3

    Hi @marc - sorry for delay in responding. The issue was resolved after adding value to 'Owner' property of queue (it was empty before). This caused the issue of: AccessDeniedException: Permission Not Allowed.

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 644 admin
    edited October 2022 #4

    The more typical approach to address this (for queues created administratively) is to change the permissions to "consume". This allows apps to bind the queue and receive/ACK messages. By changing the ownership of the queue to an application username, this allows any apps with that username full control over the endpoint, which means they can modify the topics, or even delete the endpoint.

    See for more info: https://docs.solace.com/Messaging/Guaranteed-Msg/Endpoints.htm#Endpoint_Permissions

  • sdeveloper
    sdeveloper Member Posts: 8

    Thanks @Aaron. Attached is the queue detail. I see it already had value 'Consume' for peroerty 'All Other Permissions'. But it did not work until the administrator set the 'Owner' value to my SSL certificate's CN.