[官方翻譯]RabbitMQ 命令使用

下面的命令參數,都可以在ui上進行操做,界面更加直觀,可是命令在一些狀況下,比較靈活

1 權限系統/多租戶系統

rabbitmq經過vhost來實現多租戶權限.一個rabbitmq 服務器能夠有多個vhost,默認vhost爲"/", 能夠經過命令行或者管理界面添加vhost

經過控制命令

$ sudo rabbitmqctl | grep _vhost
add_vhost <vhost> 一次只能添加一個
delete_vhost <vhost> 一次只能刪除一個
list_vhosts [<vhostinfoitem> ...]

關於vhost有3條簡單命令,增長,刪除,查詢

$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc add_vhost /test_host
Creating vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/test_host
/
$sudo rabbitmqctl -n rabbit@zhaofeng-pc delete_vhost /test_host
Deleting vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/

爲vhost添加用戶,經過命令

$ sudo rabbitmqctl | egrep "_permission|_user|_password"
add_user <username> <password>
delete_user <username>
authenticate_user <username> <password>
set_user_tagsset_user_tags <username> <tag> ... management:能夠進入ui policymaker:能夠進入ui並管理策略和vhosts參數 monitoring:能夠進入ui,並能查看節點相關channel和connection administrator:能夠操做一切
list_users
set_permissions [-p <vhost>] <user> <conf> <write> <read>
clear_permissions [-p <vhost>] <username>
list_permissions [-p <vhost>]
list_user_permissions <username>
change_password <username> <newpassword>
clear_password <username>

提供了11條關於user的命令,增長,刪除,受權,設置標籤,查詢用戶,查詢權限,設置權限,清除權限,修改密碼,清楚密碼 好比我建立一個管理員ui用戶

$ sudo rabbitmqctl -n rabbit@zhaofeng-pc add_user fansin 1234
Creating user "fansin"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc set_user_tags fansin administrator
Setting tags for user "fansin" to [administrator]
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc list_users
Listing users
fansin	[administrator]
guest	[administrator]
test	[adminstrator]
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc delete_user fansin
Deleting user "fansin"

$sudo rabbitmqctl -n rabbit@zhaofeng-pc add_user fansin 1234
Creating user "fansin"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc authenticate_user fansin 1234
Authenticating user "fansin"
Success
$sudo rabbitmqctl -n rabbit@zhaofeng-pc add_vhost /test_host
Creating vhost "/test_host"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc set_permissions -p /test_host fansin '.*' '.*' '.*'
Setting permissions for user "fansin" in vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_permissions -p /test_host
Listing permissions in vhost "/test_host"
fansin	.*	.*	.*
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_user_permissions fansin
Listing permissions for user "fansin"
/test_host	.*	.*	.*
$sudo rabbitmqctl -n rabbit@zhaofeng-pc clear_permissions -p /test_host fansin
Clearing permissions for user "fansin" in vhost "/test_host"

注意,若是用戶不存在,則查詢爲空,authenticate_user必須是已經建立的用戶,能夠爲用戶提供更多的權限控制.

2 監控rabbitmq使用

$ sudo rabbitmqctl | grep list_
    list_users
    list_vhosts [<vhostinfoitem> ...]
    list_permissions [-p <vhost>]
    list_user_permissions <username>
    list_parameters [-p <vhost>]
    list_global_parameters
    list_policies [-p <vhost>]
    list_queues [-p <vhost>] [--offline|--online|--local] [<queueinfoitem> ...]
    list_exchanges [-p <vhost>] [<exchangeinfoitem> ...]
    list_bindings [-p <vhost>] [<bindinginfoitem> ...]
    list_connections [<connectioninfoitem> ...]
    list_channels [<channelinfoitem> ...]
    list_consumers [-p <vhost>]

能夠經過命令查詢用戶,vhost,隊列,exchange,bindings,connection,channel,Consumer等,查詢時 list_"要查詢的參數+s",除了簡單查詢外,還能夠限定參數.

<vhostinfoitem> 屬性
    [name, tracing].

<queueinfoitem> 屬性
    [name, durable, auto_delete,
    arguments, policy, pid, owner_pid, exclusive, exclusive_consumer_pid,
    exclusive_consumer_tag, messages_ready, messages_unacknowledged, messages,
    messages_ready_ram, messages_unacknowledged_ram, messages_ram,
    messages_persistent, message_bytes, message_bytes_ready,
    message_bytes_unacknowledged, message_bytes_ram, message_bytes_persistent,
    head_message_timestamp, disk_reads, disk_writes, consumers,
    consumer_utilisation, memory, slave_pids, synchronised_slave_pids, state].

<exchangeinfoitem> 屬性
    [name, type, durable,
    auto_delete, internal, arguments, policy].

<bindinginfoitem> 屬性
    [source_name, source_kind,
    destination_name, destination_kind, routing_key, arguments].

<connectioninfoitem> 屬性
    [pid, name, port, host,
    peer_port, peer_host, ssl, ssl_protocol, ssl_key_exchange, ssl_cipher,
    ssl_hash, peer_cert_subject, peer_cert_issuer, peer_cert_validity, state,
    channels, protocol, auth_mechanism, user, vhost, timeout, frame_max,
    channel_max, client_properties, recv_oct, recv_cnt, send_oct, send_cnt,
    send_pend, connected_at].

<channelinfoitem> 屬性
    [pid, connection, name, number,
    user, vhost, transactional, confirm, consumer_count, messages_unacknowledged,
    messages_uncommitted, acks_uncommitted, messages_unconfirmed, prefetch_count,
    global_prefetch_count].

3 動態切換log文件

經過rotate_log,動態切換log文件

$ sudo rabbitmqctl |grep _logs
    rotate_logs <suffix>
$sudo rabbitmqctl rotate_logs .2
Rotating logs to files with suffix ".2"
$ ls /var/log/rabbitmq/
rabbit@zhaofeng-pc.log      rabbit@zhaofeng-pc-sasl.log
rabbit@zhaofeng-pc.log.1    rabbit@zhaofeng-pc-sasl.log.1
rabbit@zhaofeng-pc.log.2    rabbit@zhaofeng-pc-sasl.log.2
rabbit@zhaofeng-pc.log.log  rabbit@zhaofeng-pc-sasl.log.log

4 啓動ssl

rabbitmq可使用openssl來生成證書.生成的證書類型爲.pem格式的,rabbitmq官方提供了簡單的 openssl配置文件,若是須要更詳細的,能夠參考官方演示openssl.cnf 證書生成步驟比較複雜,要生成要19個文件,爲了直接查看rabbitmq的ssl配置,我整合了一下證書 生成過程,方便測試使用openssl-auto-ca 使用比較簡單,只是測試能夠,不用修改,直接生成須要的證書.若是想要學習請參考rabbitmq官方 或者openssl官方.

使用 openssl-auto-ca 生成證書後,咱們獲得相似下面的數據結構

zhaofeng@zhaofeng-pc:~/dev/docker/rabbitmq-cluster$ sh createcert.sh
省略過程.....
zhaofeng@zhaofeng-pc:~/dev/docker/rabbitmq-cluster$ tree myca/
myca/
├── client
│   ├── cert.pem
│   ├── keycert.p12
│   ├── key.pem
│   └── req.pem
├── root
│   ├── cacert.cer
│   ├── cacert.pem
│   ├── certs
│   │   ├── 01.pem
│   │   └── 02.pem
│   ├── index.txt
│   ├── index.txt.attr
│   ├── index.txt.attr.old
│   ├── index.txt.old
│   ├── private
│   │   └── cakey.pem
│   ├── serial
│   └── serial.old
└── server
    ├── cert.pem
    ├── keycert.p12
    ├── key.pem
    └── req.pem

5 directories, 19 files

證書生成完畢.

咱們仍是使用docker,建立一個新的容器

docker run -d --hostname my-rabbit-ssl --name my-rabbit-ssl -e RABBITMQ_ERLANG_COOKIE='secret cookie here' fansin/rabbitmq-cluster

rabbitmq 與以前動態增長配置不一樣,此次不得不要在配置文件添加ssl的.最新的rabbitmq是沒有 配置文件的,只有插件記錄文件,默認配置位置是在/etc/rabbitmq/rabbitmq.config,本身新建 一個文件. ssl配置內容以下:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/cert/cacert.pem"},
                    {certfile,"/cert/server_cert.pem"},
                    {keyfile,"/cert/server_key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]},
  {rabbitmq_management,
  [{listener, [{port,     15671},
               {ssl,      true},
               {ssl_opts, [{cacertfile,"/cert/cacert.pem"},
                    {certfile,"/cert/server_cert.pem"},
                    {keyfile,"/cert/server_key.pem"}]}
              ]}
  ]}
].

注意細節兩點

1. 配置文件最後的'.',不能漏掉,否則會報配置文件未結束的異常.
2. 當增長和刪除配置的時候,注意最後一項配置沒有','.

當正常啓動後,management界面就會變成 https://ip:15672, 應用鏈接接口變爲ip:5671 java鏈接時,須要添加一行代碼

factory.useSslProtocol();//自動選擇一項ssl加密方式

官方介紹了更多關於ssl,若是有特殊須要,參考官網文檔.

因爲我的水平有限，若有問題請指出。