[官方翻譯]RabbitMQ生產上線前準備

上線準備

1 多租戶權限

• 應用和虛擬主機一一對應,即一個應用對應一個虛擬主機. 好比系統分爲多個業務模塊,訂單業務對應一個虛擬主機,數據業務對應一個虛擬主機.

• 每一個微服務實例應用對應一個用戶,當有一個應用實例多個用戶,則須要考慮安全性和便利性.

• 評估所有應用所須要的隊列,消息量和大小,修改用戶的資源限制配置.

2 系統默認參數優化

經過rabbitmqctl status能夠看到當前節點的參數信息.

root@5d8b5909379c:/# rabbitmqctl status
Status of node rabbit@5d8b5909379c
[{pid,228},
 {running_applications,
     [{rabbitmq_management,"RabbitMQ Management Console","3.6.10"},
      {rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.6.10"},
      {rabbitmq_management_agent,"RabbitMQ Management Agent","3.6.10"},
      {rabbit,"RabbitMQ","3.6.10"},
      {mnesia,"MNESIA  CXC 138 12","4.14.2"},
      {inets,"INETS  CXC 138 49","6.3.4"},
      {amqp_client,"RabbitMQ AMQP Client","3.6.10"},
      {rabbit_common,
          "Modules shared by rabbitmq-server and rabbitmq-erlang-client",
          "3.6.10"},
      {xmerl,"XML parser","1.3.12"},
      {cowboy,"Small, fast, modular HTTP server.","1.0.4"},
      {cowlib,"Support library for manipulating Web protocols.","1.0.2"},
      {ranch,"Socket acceptor pool for TCP protocols.","1.3.0"},
      {ssl,"Erlang/OTP SSL application","8.1"},
      {public_key,"Public key infrastructure","1.3"},
      {crypto,"CRYPTO","3.7.2"},
      {os_mon,"CPO  CXC 138 46","2.4.1"},
      {compiler,"ERTS  CXC 138 10","7.0.3"},
      {syntax_tools,"Syntax tools","2.1.1"},
      {asn1,"The Erlang ASN1 compiler version 4.0.4","4.0.4"},
      {sasl,"SASL  CXC 138 11","3.0.2"},
      {stdlib,"ERTS  CXC 138 10","3.2"},
      {kernel,"ERTS  CXC 138 10","5.1.1"}]},
 {os,{unix,linux}},
 {erlang_version,
     "Erlang/OTP 19 [erts-8.2.1] [source] [64-bit] [smp:2:2] [async-threads:64] [hipe] [kernel-poll:true]\n"},
 {memory,
     [{total,71868640},
      {connection_readers,0},
      {connection_writers,0},
      {connection_channels,0},
      {connection_other,2832},
      {queue_procs,2832},
      {queue_slave_procs,0},
      {plugins,1327784},
      {other_proc,20779968},
      {mnesia,61624},
      {metrics,193408},
      {mgmt_db,342104},
      {msg_index,42584},
      {other_ets,2509304},
      {binary,462472},
      {code,24680786},
      {atom,1033401},
      {other_system,20620117}]},
 {alarms,[]},
 {listeners,[{clustering,25672,"::"},{amqp,5672,"::"},{http,15672,"::"}]},
 {vm_memory_high_watermark,0.4},
 {vm_memory_limit,3297615872},
 {disk_free_limit,50000000},
 {disk_free,82436243456},
 {file_descriptors,
     [{total_limit,1048476},
      {total_used,2},
      {sockets_limit,943626},
      {sockets_used,0}]},
 {processes,[{limit,1048576},{used,322}]},
 {run_queue,0},
 {uptime,12495},
 {kernel,{net_ticktime,60}}]

其中幾點比較重要的: running_applications 應用運行的一些參數 memory 內存參數 listeners 端口相關的信息 vm_memory_high_watermark 內存高使用率標記,超過這個值,將中止接收新消息 ,默認是0.4 vm_memory_limit 內存限制大小 默認大小是:系統內存vm_memory_high_watermark,例如個人機器是 8G內存,那麼可用的內存爲80.4=3.2G,也就是3G左右的可用內存 disk_free_limit 默認50M disk_free 當前空閒磁盤空間 file_descriptors 文件描述符設置 processes

對於vm_memory_high_watermark官方給的建議:

• 託管RabbitMQ的節點至少應該有128MB的內存可用。
• 推薦的vm_memory_high_watermark範圍是 0.40到0.66
• 不推薦使用0.7 以上的值,操做系統和文件系統必須至少佔用內存的30％,不然性能可能因爲分頁而嚴重惡化。

能夠經過rabbitmqctl設置,例如,直接使用absolute,能夠更加精確的控制使用內存.

rabbitmqctl set_vm_memory_high_watermark 0.4
rabbitmqctl set_vm_memory_high_watermark absolute 2G

配置文件配置,例如

[{rabbit, [{vm_memory_high_watermark, {absolute, "1024MiB"}}]}].

還能夠配合paging來使用,用來在到達告警值時,嘗試換頁來釋放內存.例如,下面在最大內存0.75倍時,開始換頁,到達最大內存後,依然阻塞.

[{rabbit, [{vm_memory_high_watermark_paging_ratio, 0.75},{vm_memory_high_watermark, 0.4}]}].

對於disk_free_limit官方的建議:

• {disk_free_limit,{mem_relative,1.0}} 最小建議磁盤空間大小應等同內存大小.例如,在一臺4g內存的rabbitmq主機上,若是磁盤空間大小4g,那麼rabbitmq將不在接收新消息,直到隊列被消費,磁盤空間有空閒爲止.
• {disk_free_limit,{mem_relative,1.5}} 生產環境下比較安全的磁盤空間大小應該是內存的1.5倍.例如在4g內存的rabbitmq節點上,那麼須要至少6g磁盤空間,若是向磁盤寫入4g,並重啓,那麼重啓後2g磁盤空間小於6g,rabbitmq將不在接收新消息.
• {disk_free_limit,{mem_relative,2.0}} 默認選擇 最保守的設置是使用全部的磁盤空間,若是但願能使用全部磁盤空間,就使用該設置.

能夠經過rabbitmqctl設置,例如 //大於set_vm_memory_high_watermark rabbitmqctl set_disk_free_limit 2G rabbitmqctl set_disk_free_limit mem_relative 1.0

配置文件配置,例如

[{rabbit, [{vm_memory_high_watermark, {absolute, "1024MiB"}}]}].

對於file_descriptors官方建議 最小50k.通常計算方式:文件描述符大小=併發鏈接數*95%*2+隊列數.

3 安全相關 建議使用tls安全加密.要排除已有問的加密方式例如sslv3

4 使用自動重連 默認啓用,自動重連和拓撲重連.自動重連不會從新建立隊列等,拓撲重連則會從新建立隊列等.

5 集羣

• 建議集羣的節點爲奇數個,3,...
• 建議publisher和consumer儘量的鏈接一個node,減小沒必要要的流量損失.
• 磁盤存儲一半節點就足夠了.

6 分區策略 若是沒有特別須要,可使用autoheal分區策略

7 時鐘同步 rabbitmq節點之間不須要同步,可是一些插件可能依賴時鐘.可使用NTP來保證時鐘同步.

因爲我的水平有限，若有問題請指出。