最後更新: 2024-03-08
目錄
- Installation
- rabbitmq-diagnostics
- ...
- Status
- Web management
- rabbitmqadmin
Installation
Erlang
Before installing RabbitMQ, you must install a supported version of Erlang.
CentOS-derivative repositories provide Erlang versions that are typically out of date and
cannot be used to run latest RabbitMQ releases.
Team RabbitMQ produces a package stripped down to only provide those components needed to run RabbitMQ.
(Zero-dependency Erlang from RabbitMQ)
Zero-dependency Erlang from RabbitMQ
URL=https://github.com/rabbitmq/erlang-rpm
mkdir /usr/src/rabbitmq
cd /usr/src/rabbitmq
LINK="$URL/releases/download/v21.3.8.21/erlang-21.3.8.21-1.el7.x86_64.rpm"
wget $LINK
rpm -i erlang-26.2.2-1.el7.x86_64.rpm
Test
# To switch to Erlang shell, you can type the following command.
erl
rabbitmq-server 要的 package
yum install socat logrotate -y
rabbitmq-server
rpm --import https://www.rabbitmq.com/rabbitmq-release-signing-key.asc
https://github.com/rabbitmq/rabbitmq-server
Version
- 3.12.13 # Requires Erlang 25
- 3.7 # 最後支援 RHEL 6, 7 的 Version (V3.7 要 Erlang 21.3)
rpm -Uvh rabbitmq-server-3.7.28-1.el7.noarch.rpm
systemctl enable rabbitmq-server --now
systemctl status rabbitmq-server
rabbitmq-diagnostics
rabbitmq-diagnostics ping
This only checks if the OS process is running and registered with epmd.
... Ping succeeded
rabbitmq-diagnostics -s listeners
Interface: [::], port: 15671, protocol: https, purpose: HTTP API over TLS (HTTPS) Interface: 127.0.0.1, port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication Interface: 127.0.0.1, port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
rabbitmq-diagnostics status
rabbitmq-diagnostics cluster_status
rabbitmq-diagnostics environment
Port
Checking
netstat -nlp | grep -e beam -e epmd
346:tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 189585/beam.smp 750:tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 189626/epmd 1457:tcp6 0 0 :::5672 :::* LISTEN 189585/beam.smp 1659:tcp6 0 0 :::4369 :::* LISTEN 189626/epmd
beam.smp (5672)
By default, RabbitMQ will listen on port 5672 on all available interfaces.
for "plain" AMQP 0-9-1 and AMQP 1.0 connections (without TLS) (Setting: listeners.tcp)
/etc/rabbitmq/rabbitmq.conf
listeners.tcp.1 = 127.0.0.1:5672
systemctl restart rabbitmq-server
epmd (4369/tcp)
Erlang Port Mapping Daemon
A peer discovery service used by RabbitMQ nodes and CLI tools
/etc/rabbitmq/rabbitmq-env.conf
export ERL_EPMD_ADDRESS=127.0.0.1
distribution.listener (25672)
Erlang distribution server port used for inter-node and CLI tools communication
(computed as AMQP port + 20000)
* these ports should not be publicly exposed
Default: distribution.listener.interface = 0.0.0.0
/etc/rabbitmq/rabbitmq.conf
distribution.listener.interface = 127.0.0.1 distribution.listener.port_range.min = 25672 distribution.listener.port_range.max = 25672
Units
M, MiB for mebibytes (2^20 bytes)
MB for megabytes (10^6 bytes)
G, GiB for gibibytes (2^30 bytes)
GB for gigabytes (10^9 bytes)
Settings
rabbitmq-env.conf
Debian: /etc/rabbitmq/rabbitmq-env.conf
RPM: /etc/rabbitmq/rabbitmq-env.conf
ENV: RABBITMQ_CONF_ENV_FILE
/etc/rabbitmq/rabbitmq-env.conf
SERVER_START_ARGS="-kernel inet_dist_use_interface {127,0,0,1}"
export RABBITMQ_NODENAME=rabbit@localhost
ERL_EPMD_ADDRESS="127.0.0.1"
SERVER_START_ARGS
# To ensure the cluster port (25672) listen only to the localhost
ps 會見 process
/usr/lib64/erlang/erts-10.3.5.16/bin/beam.smp ... -kernel inet_dist_use_interface {127,0,0,1}
RABBITMQ_NODENAME
Node Names (Identifiers)
A node name consists of two parts, a prefix (usually rabbit) and hostname. (e.g. [email protected])
=> 可以多個 node 在同一 host 上執行 (e.g. [email protected], [email protected])
* In a cluster, nodes identify and contact each other using node names.
當不是 "@localhost" 時, 要修改 /etc/hosts, 否則會有 error
... php7-dev rabbitmqctl: attempted to contact: ['rabbit@php7-dev'] ... php7-dev rabbitmqctl: rabbit@php7-dev: ... php7-dev rabbitmqctl: * unable to connect to epmd (port 4369) on php7-dev: address (cannot connect to host/port) ... php7-dev rabbitmqctl: Current node details: ... php7-dev rabbitmqctl: * node name: 'rabbitmqcli-2764-rabbit@php7-dev'
Environment variable interpolation
Modern RabbitMQ versions support environment variable interpolation in rabbitmq.conf.
# environment variable interpolation
default_user = $(SEED_USERNAME) default_pass = $(SEED_USER_PASSWORD)
rabbitmq limit memory usage
The RabbitMQ server detects the total amount of RAM installed in the computer on startup and
when rabbitmqctl set_vm_memory_high_watermark fraction is executed.
By default, when the RabbitMQ server uses above 40% of the installed RAM,
it raises a memory alarm and blocks all connections.
Once the memory alarm has cleared normal service resumes.
(e.g. due to the server paging messages to disk or delivering them to clients)
* The limit does not prevent RabbitMQ nodes from using more than the computed limit,
it is merely the point at which publishers are throttled.
A value of 0 makes the memory alarm go off immediately and
thus disables all publishing (this may be useful if you wish to disable publishing globally;
(use rabbitmqctl set_vm_memory_high_watermark 0).
To prevent the memory alarm from going off at all, set some high multiplier such as 100.
Configuring the Absolute Memory Limit (or Threshold)
/etc/rabbitmq/rabbitmq.conf
vm_memory_calculation_strategy = rss vm_memory_high_watermark.absolute = 512MiB
Blocking
RabbitMQ has two configurable resource watermarks.
- disk_free_limit.absolute
- vm_memory_high_watermark.absolute
When they are reached, RabbitMQ will block connections that publish messages.
RabbitMQ will block connections that publish messages
in order to avoid being killed by the OS (out-of-memory killer) or exhausting all available free disk space
rabbitmqctl 會見到 "blocking"
When free disk space drops below a configured limit (50 MB by default),
an alarm will be triggered and all producers will be blocked.
# running: rabbitmqctl set_disk_free_limit 1G
disk_free_limit.absolute = 1G
Status
rabbitmq-diagnostics status
Web management
它是 rabbitmq 的一個 plugins 來 (It's not enabled by default)
An HTTP-based API for management and monitoring of RabbitMQ nodes and clusters
It periodically collects and aggregates data about many aspects of the system. (metrics)
P.S.
The embedded Web server used by the management plugin: Cowboy
Enable Plugin
rabbitmq-plugins version
3.12.13
rabbitmq-plugins enable rabbitmq_management
Enabling plugins on node rabbit@localhost: rabbitmq_management The following plugins have been configured: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch Applying plugin configuration to rabbit@localhost... The following plugins have been enabled: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch started 3 plugins.
* Node restart is not required after plugin activation.
Test
curl localhost:15672
Firewall Rules
# https
firewall-cmd --add-rich-rule='rule family="ipv4" source address="x.x.x.x" port port="15671" protocol="tcp" accept' --permanent
# http
firewall-cmd --add-rich-rule='rule family="ipv4" source address="x.x.x.x" port port="15672" protocol="tcp" accept' --permanent
firewall-cmd --reload
建立 User Account
# create a user(admin)
rabbitmqctl add_user admin StrongPassword
# tag the user(admin) with "administrator" for full management UI and HTTP API access
rabbitmqctl set_user_tags admin administrator
# 設定對於 "/" 的 permission
rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
# List & Delete User
rabbitmqctl list_users
user tags admin [administrator] guest [administrator]
rabbitmqctl delete_user USERNAME
Notes
The default user “guest” is an administrative user and its login credentials are published("guest")
* “guest” User can only log in via localhost
Settings
rabbitmq.conf
management.tcp.ip = 0.0.0.0 management.tcp.port = 15672 # 1 hour management.login_session_timeout = 60
RabbitMQ implicitly reloads certificates when files change. This is something Erlang/OTP does, not RabbitMQ as such.
SSL
rabbitmq.conf
# Disable plain text #management.tcp.port = 15672 #management.tcp.ip = 0.0.0.0 management.ssl.port = 15671 management.ssl.ip = 0.0.0.0 # rabbitmq 要有權限 read 這些 file management.ssl.cacertfile = /path/to/ca_certificate.pem management.ssl.certfile = /path/to/server_certificate.pem management.ssl.keyfile = /path/to/server_key.pem management.ssl.versions.1 = tlsv1.2 management.ssl.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384 management.ssl.ciphers.2 = ECDHE-ECDSA-AES256-SHA384 # Chrome@2024 未支援 ECDHE-ECDSA management.ssl.ciphers.3 = ECDHE-RSA-AES256-GCM-SHA384 management.ssl.ciphers.4 = ECDHE-RSA-AES256-SHA384
systemctl restart rabbitmq-server
安全設定
# CORS, HSTS, CSP headers management.cors.allow_origins.1 = https://origin1.org management.cors.max_age = 3600 management.hsts.policy = max-age=31536000; includeSubDomains management.csp.policy = default-src 'self'; script-src 'self' 'unsafe-eval' management.headers.xss_protection = 1; mode=block management.headers.frame_options = DENY management.headers.content_type_options = nosniff
Statistics Interval
By default the server will emit statistics events every 5 seconds (5000 ms).
# Statistics Interval (unit: ms) collect_statistics_interval = 15000
systemctl restart rabbitmq-server
Disable Statistics and Metric Collection
原因: 改用了 external monitoring solutions (Prometheus / Grafana)
management_agent.disable_metrics_collector = true
# disables the statistics but returns individual queue totals in the queues
page
management.disable_stats = true management.enable_queue_totals = true
P.S.
management.tcp.inactivity_timeout (default of 300 seconds)
controls HTTP(S) client's TCP connection inactivity timeout.
management.tcp.idle_timeout (default of 5 seconds)
controls the window of time in which the client has to send more data
management.tcp.request_timeout (default of 60 seconds)
controls the window of time in which the client has to send an HTTP request.
Notes
management.tcp.inactivity_timeout >= management.tcp.idle_timeout
rabbitmqadmin
For operator tasks over HTTP API
Tasks
- Nodes, Cluster, Replication
- Users, Access Control, Policies
- Parameters(list_parameters, set_parameter)
- Configuration (set_vm_memory_high_watermark)
- Virtual hosts (add_vhost, list_vhost_limits, restart_vhost)
- Monitoring (ping, status, list_queues, list_connections)
- Operations (eval, force_gc, close_connection, suspend_listeners)
- Queues (delete_queue, purge_queue)
e.g.
rabbitmqctl ping # Monitoring
rabbitmqctl status # Monitoring
rabbitmq-plugins
Actions
- list
- disable, enable
- is_enabled
e.g.
rabbitmq-plugins enable rabbitmq_management
rabbitmq-plugins is_enabled rabbitmq_management
Asking node rabbit@localhost if plugin rabbitmq_management is enabled... Plugin rabbitmq_management is enabled on node rabbit@localhost