Celery Workers & Correct RabbitMQ Privileges

Hey there!
Hope all is well with all of y’all!

Tutor is fantastic, really excited about it!

I wanted to reach out to gain some insight as to the possibility of not having to have to use a RabbitMQ User that is Admin?

set_user_tags ourTutorRabbitMQUser administrator
sudo rabbitmqctl set_permissions -p / ourTutorRabbitMQUser .* .* .* 

I know we have been giving the RabbitMQ user admin access, is that needed?
Looks like in the docker compose celery is run as root, is that perhaps why we need to have our RabbitMQ User have admin access?

C_FORCE_ROOT: "1" # run celery tasks as root #nofear

With both:

command: ./manage.py cms celery worker --loglevel=info -- 
hostname=edx.cms.core.default.%%h --maxtasksperchild 100 --exclude- 
queues=edx.lms.core.default

   command: ./manage.py lms celery worker --loglevel=info -- 
   hostname=edx.lms.core.default.%%h --maxtasksperchild 100 --exclude- 
   queues=edx.cms.core.default

And by default it seems to be building queues with unique GUID’s as well, so I am kinda guessing that the OpenEdX platform by default wants admin access to RabbitMQ?

I apologize for my level of “greenhorn” stature with the project and OpenEdX as a whole.

Thanks for any thoughts, inputs, hazings and help!

Open edX by itself does not require root access to rabbitmq. If I remember correctly, I decided to run the rabbitmq container as root because it greatly simplifiied bind-mounts volume management in docker-compose. Did you try to define a custom RABBITMQ_USERNAME?

Thanks for the response, I realized I never said thanks earlier
I think what was a bit of the hangup was that we could create a custom user for RabbitMQ but I had believed that user we leverage for authenticating against RabbitMQ has to be an “admin” user.
And after some digging, I did see that Celery supports Redis, shifted to using ElastiCache Redis on AWS as a managed Redis cluster.
Even though that does mean custom edits to both the cms.env.json & lms.env.json files.