标签:node01 14 管理 rabbitmq rabbitmqctl RabbitMQ rabbit root
一、多租户与权限
概述
每一个RabbitMQ服务器都能创建虚拟的消息服务器,我们称之为虚拟主机,简称vhost。每一个vhost本质上都是一个独立的小型RabbitMQ服务器,拥有自己独立的队列、交换器及绑定关系,它拥有自己独立的权限。vhost就像是虚拟机与物理服务器一样,各个实例见提供逻辑上的分离,为不同程序安全保密地运行数据,它既能将同一个RabbitMQ中的众多用户区分开,又可以避免队列和交换器等命名冲突。vhost之间是绝对隔离的,无法将vhost1中的交换器与vhost2中的队列进行绑定,这样既保证了安全性,又可以确保可移植性。
vhost命令使用
创建一个名为test的vhost
[root@node01 ~]# rabbitmqctl add_vhost test
Adding vhost "test" ...
列出vhost
[root@node01 ~]# rabbitmqctl list_vhosts
Listing vhosts ...
name
/
test
列出vhost相关信息,name表示名称;tracing表示是否使用了trace功能。
[root@node01 ~]# rabbitmqctl list_vhosts name tracing
Listing vhosts ...
name tracing
/ false
test false
[root@node01 ~]#
删除vhost
[root@node01 ~]# rabbitmqctl delete_vhost test
Deleting vhost "test" ...
[root@node01 ~]# rabbitmqctl list_vhosts
Listing vhosts ...
name
/
[root@node01 ~]#
RabbitMQ授权
AMQP协议中没有指定权限vhost级别还是爱服务器级别实现,由具体的应用自定义,在RabbitMQ中,权限控制是以vhost为单位的。当创建一个用户时,用户通常会被指派给至少一个vhost,并且智能访问被指派的vhost内的队列。交换器和绑定关系。RabbitMQ中的授予权限是指在vhost级别对用户而言的权限赋予。
授权命令:
rabbitmqctl set_permissions [ -p vhost ] { user } { conf } { write } { read }
e.g.
授予root用户可以访问主机test,所有资源上可配置、可写、可读的权限
[root@node01 ~]# rabbitmqctl add_user root 123321
Adding user "root" ...
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
[root@node01 ~]# rabbitmqctl set_permissions -p test root ".*" ".*" ".*"
Setting permissions for user "root" in vhost "test" ...
[root@node01 ~]#
授予root用户可访问虚拟主机test2,在以“queue”开头的资源上可配置权限并在资源上拥有可写、可读的权限,
[root@node01 ~]# rabbitmqctl add_vhost test2
Adding vhost "test2" ...
[root@node01 ~]# rabbitmqctl set_permissions -p test2 root "^queue.*" ".*" ".*"
Setting permissions for user "root" in vhost "test2" ...
[root@node01 ~]#
消除权限
[root@node01 ~]# rabbitmqctl clear_permissions -p test root
Clearing permissions for user "root" in vhost "test" ...
[root@node01 ~]#
显示虚拟主机上的权限
[root@node01 ~]# rabbitmqctl list_permissions -p test2
Listing permissions for vhost "test2" ...
user configure write read
root ^queue.* .* .*
显示用户的权限
在这里插入代码片[root@node01 ~]# rabbitmqctl list_user_permissions root
Listing permissions for user "root" ...
vhost configure write read
test2 ^queue.* .* .*
[root@node01 ~]#
二、用户管理
创建用户
创建一个用户名为root 密码为000000的用户
[root@node01 ~]# rabbitmqctl add_user test2 000000
Adding user "test2" ...
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
[root@node01 ~]#
为用户更改密码
[root@node01 ~]# rabbitmqctl change_password root 111111
Changing password for user "root" ...
[root@node01 ~]#
清除密码
[root@node01 ~]# rabbitmqctl clear_password test2
Clearing password for user "test2" ...
[root@node01 ~]#
通过密码验证用户
[root@node01 ~]# rabbitmqctl authenticate_user root 111111
Authenticating user "root" ...
Success
[root@node01 ~]# rabbitmqctl authenticate_user root 000000
Authenticating user "root" ...
Error:
Error: failed to authenticate user "root"
user 'root' - invalid credentials
[root@node01 ~]#
删除用户
[root@node01 ~]# rabbitmqctl list_users
Listing users ...
user tags
test2 []
admin [administrator]
guest [administrator]
root []
[root@node01 ~]# rabbitmqctl delete_user root
Deleting user "root" ...
[root@node01 ~]# rabbitmqctl list_users
Listing users ...
user tags
test2 []
admin [administrator]
guest [administrator]
[root@node01 ~]#
用户的角色分类
- none:新创建用户的默认
- managerment:可访问web
- policymaker:包含management的所有权限
- monitoring:包含management的所有权限,可看到所有连接信道等
- administrator:代表最高权限
用户角色设置
[root@node01 ~]# rabbitmqctl set_user_tags test2 management
Setting tags for user "test2" to [management] ...
[root@node01 ~]# rabbitmqctl list_users -q
user tags
test2 [management]
admin [administrator]
guest [administrator]
[root@node01 ~]#
三、web端管理
概述
rabbitmqctl 管理不友好, RabbitMQ management插件可以提供web管理vhost、用户等,也可以用来管理队列、交换器、绑定器、策略、参数等。
开启RabbitMQ management
[root@node01 ~]# rabbitmq-plugins enable rabbitmq_management
Enabling plugins on node rabbit@node01:
rabbitmq_management
The following plugins have been configured:
rabbitmq_management
rabbitmq_management_agent
rabbitmq_web_dispatch
Applying plugin configuration to rabbit@node01...
Plugin configuration unchanged.
[root@node01 ~]#
查看插件使用状况
[root@node01 ~]# rabbitmq-plugins list
Listing plugins with pattern ".*" ...
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@node01
|/
[ ] rabbitmq_amqp1_0 3.8.14
[ ] rabbitmq_auth_backend_cache 3.8.14
[ ] rabbitmq_auth_backend_http 3.8.14
[ ] rabbitmq_auth_backend_ldap 3.8.14
[ ] rabbitmq_auth_backend_oauth2 3.8.14
[ ] rabbitmq_auth_mechanism_ssl 3.8.14
[ ] rabbitmq_consistent_hash_exchange 3.8.14
[ ] rabbitmq_event_exchange 3.8.14
[ ] rabbitmq_federation 3.8.14
[ ] rabbitmq_federation_management 3.8.14
[ ] rabbitmq_jms_topic_exchange 3.8.14
[E*] rabbitmq_management 3.8.14
[e*] rabbitmq_management_agent 3.8.14
[ ] rabbitmq_mqtt 3.8.14
[ ] rabbitmq_peer_discovery_aws 3.8.14
[ ] rabbitmq_peer_discovery_common 3.8.14
[ ] rabbitmq_peer_discovery_consul 3.8.14
[ ] rabbitmq_peer_discovery_etcd 3.8.14
[ ] rabbitmq_peer_discovery_k8s 3.8.14
[ ] rabbitmq_prometheus 3.8.14
[ ] rabbitmq_random_exchange 3.8.14
[ ] rabbitmq_recent_history_exchange 3.8.14
[ ] rabbitmq_sharding 3.8.14
[ ] rabbitmq_shovel 3.8.14
[ ] rabbitmq_shovel_management 3.8.14
[ ] rabbitmq_stomp 3.8.14
[ ] rabbitmq_top 3.8.14
[ ] rabbitmq_tracing 3.8.14
[ ] rabbitmq_trust_store 3.8.14
[e*] rabbitmq_web_dispatch 3.8.14
[ ] rabbitmq_web_mqtt 3.8.14
[ ] rabbitmq_web_mqtt_examples 3.8.14
[ ] rabbitmq_web_stomp 3.8.14
[ ] rabbitmq_web_stomp_examples 3.8.14
[root@node01 ~]#
其中标记为[E*]为显示启动
其中标记为[e*]为隐式启动
开启此功能后需要重启服务才可以正式生效
关闭RabbitMQ management
[root@node01 ~]# rabbitmq-plugins disable rabbitmq_management
登入web界面
四、应用管理
停止运行RabbitMQ的Erlang虚拟机和RabbitMQ服务应用。
如果指定pid_file,还需要等待指定进程的结束。
[root@node01 ~]# rabbitmqctl stop
停止运行RabbitMQ的Erlang虚拟机和RabbitMQ服务应用。
执行这个命令会阻塞直到Erlang虚拟机进程退出
[root@node01 ~]# rabbitmqctl shutdown
rabbitmqctl stop_app
停止RabbitMQ服务应用,但是Erlang虚拟机还是处于运行状态
rabbitmqctl start_app
启动RabbitMQ应用。用途是在执行了其他的管理操作之后,重新启动之前停止的RabbitMQ应用
rabbitmqctl wait [pid_file]
等待RabbitMQ应用的启动
rabbitmqctl reset
将RabbitMQ节点重置还原到最初状态
rabbitmqctl force_reset
强制将RabbitMQ节点重置还原到最初状态
rabbitmqctl rotate_logs [suffix]
指示RabbitMQ节点轮换日志文件。
rabbitmqctl hipe_compile {directory}
将RabbitMQ代码中用HIPE编译,并且编译后的.bean文件保存到指定的文件目录中。
HiPE:High Performance Erlang
.bean:Erlang编译器生成的文件格式,可以直接加载到Erlang虚拟机中运行的文件格式
五、集群管理
将节点加入指定集群
[root@node01 ~]# rabbitmqctl join_cluster {cluster_node} [--ram]
显示集群状态
[root@node01 ~]# rabbitmqctl cluster_status
Cluster status of node rabbit@node01 ...
Basics
Cluster name: rabbit@node01
Disk Nodes
rabbit@node01
RAM Nodes
rabbit@node02
rabbit@node03
Running Nodes
rabbit@node01
rabbit@node02
rabbit@node03
Versions
rabbit@node01: RabbitMQ 3.8.14 on Erlang 23.3.1
rabbit@node02: RabbitMQ 3.8.14 on Erlang 23.3.1
rabbit@node03: RabbitMQ 3.8.14 on Erlang 23.3.1
Maintenance status
Node: rabbit@node01, status: not under maintenance
Node: rabbit@node02, status: not under maintenance
Node: rabbit@node03, status: not under maintenance
Alarms
(none)
Network Partitions
(none)
Listeners
Node: rabbit@node01, interface: [::], port: 15672, protocol: http, purpose: HTTP API
Node: rabbit@node01, interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Node: rabbit@node01, interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Node: rabbit@node02, interface: [::], port: 15672, protocol: http, purpose: HTTP API
Node: rabbit@node02, interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Node: rabbit@node02, interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Node: rabbit@node03, interface: [::], port: 15672, protocol: http, purpose: HTTP API
Node: rabbit@node03, interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Node: rabbit@node03, interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Feature flags
Flag: drop_unroutable_metric, state: enabled
Flag: empty_basic_get_metric, state: enabled
Flag: implicit_default_bindings, state: enabled
Flag: maintenance_mode_status, state: enabled
Flag: quorum_queue, state: enabled
Flag: user_limits, state: enabled
Flag: virtual_host_metadata, state: enabled
[root@node01 ~]#
修改集群节点的类型
rabbitmqctl change_cluster_node_type { disc|ram }
将节点从集群中删除
rabbitmqctl forget_cluster_node [offline]
在集群中的节点应用启动前咨询clusternode节点最新信息,并更新相应的集群信息
rabbitmqctl update_cluster_nodes {clusternode}
确保节点可以启动,即使他不是最后一个关闭的节点
rabbitmqctl force_boot
指定未同步队列queue的slave镜像同步master镜像的内容
rabbitmqctl sync_queue [-p vhost] { queue }
取消队列queue同步镜像的操作
rabbitmqctl cancel_sync_queue queue
六、服务端状态
返回队列的详细信息
rabbitmqctl list_queues [ -p vhost] [ queueinfoitem … ]
queueinfoitem的值可以有很多 后续补充
[root@node01 ~]# rabbitmqctl list_queues
Timeout: 60.0 seconds ...
Listing queues for vhost / ...
name messages
x-max-priority 0
[root@node01 ~]#
返回交换器的详细信息
rabbitmqctl list_exchanges [ -p vhost] [ exchangeinfoitem … ]
exchangeinfoitem的值可以有很多 后续补充
[root@node01 ~]# rabbitmqctl list_exchanges
Listing exchanges for vhost / ...
name type
amq.rabbitmq.trace topic
amq.match headers
direct
amq.direct direct
amq.headers headers
amq.topic topic
amq.fanout fanout
[root@node01 ~]#
返回绑定关系细节
rabbitmqctl list_bindings [ -p vhost] [ bingdinginfoitem … ]
bingdinginfoitem的值可以有很多 后续补充
[root@node01 ~]# rabbitmqctl list_bindings
Listing bindings for vhost /...
source_name source_kind destination_name destination_kind routing_key arguments
exchange x-max-priority queue x-max-priority []
[root@node01 ~]#
返回TCP/IP连接的统计信息
rabbitmqctl list_connections [ connectioninfoitem … ]
connectioninfoitem 的值可以有很多 后续补充
[root@node01 ~]# rabbitmqctl list_connections
Listing connections ...
[root@node01 ~]#
返回当前所有信道的信息
rabbitmqctl list_channels [ channelinfoitem … ]
[root@node01 ~]# rabbitmqctl list_channels
Listing channels ...
[root@node01 ~]#
列举消费者信息
rabbitmqctl list_consumers [ -p vhost]
[root@node01 ~]# rabbitmqctl list_consumers
Listing consumers in vhost / ...
[root@node01 ~]#
显示Broker的状态
[root@node01 ~]# rabbitmqctl status
Status of node rabbit@node01 ...
Runtime
OS PID: 61329
OS: Linux
Uptime (seconds): 20692
Is under maintenance?: false
RabbitMQ version: 3.8.14
Node name: rabbit@node01
Erlang configuration: Erlang/OTP 23 [erts-11.2] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
Erlang processes: 473 used, 1048576 limit
Scheduler run queue: 1
Cluster heartbeat timeout (net_ticktime): 60
Plugins
Enabled plugin file: /etc/rabbitmq/enabled_plugins
Enabled plugins:
* rabbitmq_management
* amqp_client
* rabbitmq_web_dispatch
* cowboy
* cowlib
* rabbitmq_management_agent
Data directory
Node data directory: /var/lib/rabbitmq/mnesia/rabbit@node01
Raft data directory: /var/lib/rabbitmq/mnesia/rabbit@node01/quorum/rabbit@node01
Config files
Log file(s)
* /var/log/rabbitmq/rabbit@node01.log
* /var/log/rabbitmq/rabbit@node01_upgrade.log
Alarms
(none)
Memory
Total memory used: 0.0959 gb
Calculation strategy: rss
Memory high watermark setting: 0.4 of available memory, computed to: 0.4095 gb
other_proc: 0.0324 gb (31.0 %)
code: 0.0283 gb (27.07 %)
allocated_unused: 0.0192 gb (18.36 %)
other_system: 0.0134 gb (12.82 %)
plugins: 0.004 gb (3.78 %)
other_ets: 0.0034 gb (3.28 %)
mgmt_db: 0.0015 gb (1.43 %)
atom: 0.0015 gb (1.39 %)
metrics: 0.0002 gb (0.22 %)
binary: 0.0002 gb (0.18 %)
queue_procs: 0.0001 gb (0.12 %)
mnesia: 0.0001 gb (0.11 %)
connection_other: 0.0001 gb (0.1 %)
msg_index: 0.0001 gb (0.09 %)
quorum_ets: 0.0 gb (0.05 %)
connection_channels: 0.0 gb (0.0 %)
connection_readers: 0.0 gb (0.0 %)
connection_writers: 0.0 gb (0.0 %)
queue_slave_procs: 0.0 gb (0.0 %)
quorum_queue_procs: 0.0 gb (0.0 %)
reserved_unallocated: 0.0 gb (0.0 %)
File Descriptors
Total: 6, limit: 927
Sockets: 0, limit: 832
Free Disk Space
Low free disk space watermark: 0.05 gb
Free disk space: 26.5672 gb
Totals
Connection count: 0
Queue count: 1
Virtual host count: 3
Listeners
Interface: [::], port: 15672, protocol: http, purpose: HTTP API
Interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
[root@node01 ~]#
对RabbitMQ节点进行健康检查
[root@node01 ~]# rabbitmqctl node_health_check
This command is DEPRECATED and will be removed in a future version.
It performs intrusive, opinionated health checks and requires a fully booted node.
Use one of the options covered in https://www.rabbitmq.com/monitoring.html#health-checks instead.
Timeout: 70 seconds ...
Checking health of node rabbit@node01 ...
Health check passed
[root@node01 ~]#
显示每个运行程序环境中每个变量的名称和值
[root@node01 ~]# rabbitmqctl environment
Application environment of node rabbit@node01 ...
[{amqp_client,
[{prefer_ipv6,false},{ssl_options,[]},{writer_gc_threshold,1000000000}]},
{asn1,[]},
{aten,
[{detection_threshold,0.99},
{heartbeat_interval,100},
{poll_interval,5000},
{scaling_factor,1.5}]},
{compiler,[]},
{cowboy,[]},
{cowlib,[]},
{credentials_obfuscation,[{enabled,true}]},
{crypto,[{fips_mode,false},{rand_cache_size,896}]},
{cuttlefish,[]},
{gen_batch_server,[]},
{goldrush,[]},
{inets,[]},
{jsx,[]},
{kernel,
[{inet_default_connect_options,[{nodelay,true}]},
{inet_dist_listen_max,25672},
{inet_dist_listen_min,25672},
{logger,
[{handler,default,logger_std_h,
#{config => #{type => standard_io},
formatter =>
{logger_formatter,
#{legacy_header => true,single_line => false}}}}]},
{logger_level,notice},
{logger_sasl_compatible,false},
{shell_docs_ansi,auto},
{shutdown_func,{rabbit_prelaunch,shutdown_func}}]},
......
{rabbitmq_prelaunch,[]},
{rabbitmq_web_dispatch,[]},
{ranch,[]},
{recon,[]},
{sasl,[{errlog_type,error},{sasl_error_logger,false}]},
{ssl,[]},
{stdlib,[]},
{stdout_formatter,[]},
{syntax_tools,[]},
{sysmon_handler,
[{busy_dist_port,true},
{busy_port,false},
{gc_ms_limit,0},
{heap_word_limit,0},
{port_limit,100},
{process_limit,100},
{schedule_ms_limit,0}]},
{tools,[{file_util_search_methods,[{[],[]},{"ebin","esrc"},{"ebin","src"}]}]},
{xmerl,[]}]
[root@node01 ~]#
为所有服务器状态生成一个服务器状态报告,并输出重定向到一个文件。
[root@node01 ~]# rabbitmqctl report > report.txt
[root@node01 ~]# cat report.txt |less
Reporting server status of node rabbit@node01 ...
Status of node rabbit@node01 ...
ESC[1mRuntimeESC[0m
OS PID: 61329
OS: Linux
Uptime (seconds): 21087
Is under maintenance?: false
RabbitMQ version: 3.8.14
Node name: rabbit@node01
Erlang configuration: Erlang/OTP 23 [erts-11.2] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]
Erlang processes: 473 used, 1048576 limit
Scheduler run queue: 1
Cluster heartbeat timeout (net_ticktime): 60
ESC[1mPluginsESC[0m
Enabled plugin file: /etc/rabbitmq/enabled_plugins
Enabled plugins:
* rabbitmq_management
* amqp_client
* rabbitmq_web_dispatch
* cowboy
* cowlib
* rabbitmq_management_agent
ESC[1mData directoryESC[0m
Node data directory: /var/lib/rabbitmq/mnesia/rabbit@node01
Raft data directory: /var/lib/rabbitmq/mnesia/rabbit@node01/quorum/rabbit@node01
ESC[1mConfig filesESC[0m
ESC[1mLog file(s)ESC[0m
* /var/log/rabbitmq/rabbit@node01.log
* /var/log/rabbitmq/rabbit@node01_upgrade.log
ESC[1mAlarmsESC[0m
(none)
七、HTTP API管理
RabbitMQ Management插件不仅提供了 web管理界面还提供了HTTP API接口来方便调用。
后续深入补充。
八、总结
根据管理展开,保罗对多租户、权限、用户、应用和集群管理、服务端状态等。这些都可以使用rabbitmqctl这一系列的工具来管理控制,rabbitmqctl也是RabbitMQ中最复杂的CLI管理工具。也学到了rabbitmq_management插件进行管理,后续还要深入理解rabbitmq_management提供的HTTP API接口的调用。
标签:node01,14,管理,rabbitmq,rabbitmqctl,RabbitMQ,rabbit,root 来源: https://blog.csdn.net/qq_32014795/article/details/115536782
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。