Failed to create consumer binding Error
Hi Team,
I am using Spring Cloud Stream (spring-cloud-starter-stream-solace.2.0.0-string-serialization and sol-jcsmp.10.13.0) to send and consume messages with Solace VPN. I am able to publish and consume the message, but I get below continuous error in my log file with corresponding increase in the bind count.
o.s.cloud.stream.binding.BindingService : Failed to create consumer binding; retrying in 30 seconds org.springframework.cloud.stream.binder.BinderException: Exception thrown while starting consumer: at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:461) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:90) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binder.AbstractBinder.bindConsumer(AbstractBinder.java:143) ~[spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binding.BindingService.doBindConsumer(BindingService.java:176) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binding.BindingService.bindConsumer(BindingService.java:133) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binding.AbstractBindableProxyFactory.createAndBindInputs(AbstractBindableProxyFactory.java:112) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] at org.springframework.cloud.stream.binding.InputBindingLifecycle.doStartWithBindable(InputBindingLifecycle.java:58) [spring-cloud-stream-3.0.7.RELEASE.jar:3.0.7.RELEASE] .... at org.springframework.boot.loader.Launcher.launch(Launcher.java:109) ~[app/:na] at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[app/:na] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[app/:na]
Caused by: com.solacesystems.jcsmp.AccessDeniedException: Permission Not Allowed - Queue 'XXX.TRADE.ACK.NACK.RTT.IN' - Topic 'XXX.TRADE.ACK.NACK.RTT' at com.solacesystems.jcsmp.impl.SessionModeSupportClient.performSmpReq(SessionModeSupportClient.java:278) ~[sol-jcsmp-10.13.0.jar:na] at com.solacesystems.jcsmp.impl.SessionModeSupportClient.addSubscription(SessionModeSupportClient.java:230) ~[sol-jcsmp-10.13.0.jar:na] at com.solacesystems.jcsmp.impl.JCSMPBasicSession.addSubscription(JCSMPBasicSession.java:908) ~[sol-jcsmp-10.13.0.jar:na] at com.solace.spring.cloud.stream.binder.provisioning.SolaceQueueProvisioner.addSubscriptionToQueue(SolaceQueueProvisioner.java:155)
Below is the corresponding log message we see on the Solace side:
0500 <local3.notice> appwpcuteai21 event: CLIENT: CLIENT_CLIENT_CREATE_ENDPOINT_FAILED: uatvpn83 9274705d-0312-470c-5d52-1fa6/17/03a80001/jlG2lbsfkc Client (2377) 9274705d-0312-470c-5d52-1fa6/17/03a80001/jlG2lbsfkc username xxx-pcf-dev.xxxx.com Create Durable Queue XXX.TRADE.ACK.NACK.RTT.IN: AccessType (Non-Exclusive), Quota (200MB), MaxMessageSize (0B), AllOthersPermission(Read|Consume), RespectTTL(Unspecified), RejectMsgToSenderOnDiscard(Unspecified), MaxRedelivery(0), failed, reason: Already Exist
I have all the required properties set in the configuration (provisionDurableQueue and provisionSubscriptionsToDurableQueue set to false)
spring: cloud: stream: defaultBinder: kafka-broker bindings: rttTradePublisher: destination: "#P2P/QUE/XXX.TRADE.INSTR.RTT.OUT" content-type: "text/plain;charset=utf-8" binder: solace-broker rttResponseSubscriber: content-type: "text/xml;charset=utf-8" consumer: max-attempts: 2 backOffMaxInterval: 43200000 destination: XXX.TRADE.ACK.NACK.RTT group: IN binder: solace-broker rttResponseSubscriberDMQ: consumer: max-attempts: 2147483647 backOffMaxInterval: 43200000 destination: XXX.TRADE.ACK.NACK.RTT.IN group: dmq binder: solace-broker solace: bindings: rttTradePublisher: producer: provisionDurableQueue: false provisionSubscriptionsToDurableQueue: false msgInternalDmqEligible: true rttResponseSubscriber: consumer: autoBindDmq: true provisionDmq: false provisionDurableQueue: false provisionSubscriptionsToDurableQueue: false rttResponseSubscriberDMQ: consumer: provisionDurableQueue: false provisionSubscriptionsToDurableQueue: false
The environment specific configuration has details related to Solace infrastructure:
spring: cloud: stream: binders: solace-broker: type: solace environment: solace: java: host: tcps://xxxxxxx.xxxx.com:55443 msgVpn: uatvpn83 connectRetries: -1 reconnectRetries: -1 apiProperties: AUTHENTICATION_SCHEME: AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE SSL_KEY_STORE: ${vcap.services.xxx-credentials-service.credentials.keyStore} SSL_KEY_STORE_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword} SSL_PRIVATE_KEY_ALIAS: ${vcap.services.xxx-credentials-service.credentials.keyAlias} SSL_PRIVATE_KEY_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword} SSL_TRUST_STORE: ${vcap.services.xxx-credentials-service.credentials.keyStore} SSL_TRUST_STORE_PASSWORD: ${vcap.services.xxx-credentials-service.credentials.keyStorePassword}
I am able to consume message from XXX.TRADE.ACK.NACK.RTT
. But it keeps on tring to create queue and bind count keeps on increase. Could you please review and give any pointer that may help me? Your help much appreciated.
Answers
-
Hi @sdeveloper,
If
provisionDurableQueue
is disabled it shouldn't be trying to provision the queues so my guess is something is off in the spacing of the yaml (such a pain sometimes!) or I'm wondering if the issue is that you don't have the-in-0
on the end of your binding names. Are you use Spring Cloud Functions to define your functions or are you using the older annotation based way? If using functions can you try to make your binding names in the configrttResponseSubscriber-in-0
andrttResponseSubscriberDMQ-in-0
? That should match the first input for yourrttResponseSubscriber
function and yourrttResponseSubscriberDMQ
function. Which I would also have expected to see defined underspring.cloud.function.definition
in the config0 -
Hi @marc - sorry for delay in responding. The issue was resolved after adding value to 'Owner' property of queue (it was empty before). This caused the issue of: AccessDeniedException: Permission Not Allowed.
0 -
The more typical approach to address this (for queues created administratively) is to change the permissions to "consume". This allows apps to bind the queue and receive/ACK messages. By changing the ownership of the queue to an application username, this allows any apps with that username full control over the endpoint, which means they can modify the topics, or even delete the endpoint.
See for more info: https://docs.solace.com/Messaging/Guaranteed-Msg/Endpoints.htm#Endpoint_Permissions
0 -
Thanks @Aaron. Attached is the queue detail. I see it already had value 'Consume' for peroerty 'All Other Permissions'. But it did not work until the administrator set the 'Owner' value to my SSL certificate's CN.
0