RabbitMQ中的多租户VirtualHost

作者: luoluocaihong | 来源:发表于2019-03-26 14:34 被阅读0次

官网简介 Virtual Hosts

RabbitMQ is multi-tenant system: connections, exchanges, queues, bindings, user permissions, policies and some other things belong to virtual hosts, logical groups of entities.
In RabbitMQ, virtual hosts are created and deleted using rabbitmqctl or HTTP API instead.

RabbitMQ是多租户系统,不同的virtual host是相互独立的.virtual hosts使用rabbitmqctl或者http api接口创建.

Virtual hosts provide logical grouping and separation of resources. Separation of physical resources is not a goal of virtual hosts and should be considered an implementation detail.
For example, resource permissions in RabbitMQ are scoped per virtual host. A user doesn't have global permissions, only permissions in one or more virtual hosts. User tags can be considered global permissions but they are an exception to the rule.

virtual hosts提供资源的逻辑分组和分离.RabbitMQ中的资源权限的作用域是每个virtual host.

Virtual host creation involves a blocking cluster-wide transaction. Each node has to perform a number of setup steps which are moderately expensive. In practice it can take up to a few seconds for a virtual host to be created.
Definition export and import is the recommended way of pre-configuring many virtual hosts at deployment time.

创建virtual hosts会阻塞整个集群,比较耗性能.
其他说明,从RabbitMQ 3.7.0版本开始,可以设置vhost级别的最大客户端连接数、最大queue数...

创建并使用Virtual Hosts

有2种方式创建Virtual Hosts,CLI工具或HTTP API endpoint(在管理界面新增)

这里演示CLI工具的方式

创建Virtual Host

root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl add_vhost /demo
Creating vhost "/demo" ...

需要给用户赋权,用户才能访问这个virtual host.
set_permissions [-p <vhost>] <user> <conf> <write> <read>

root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl list_permissions -p /demo
Listing permissions in vhost "/demo" ...
root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl set_permissions -p /demo demoUser '.*' '.*' '.*'
Setting permissions for user "demoUser" in vhost "/demo" ...
root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl list_permissions -p /demo
Listing permissions in vhost "/demo" ...
demoUser        .*      .*      .*

当客户端使用AMQP协议连接RabbitMQ时,需要指定连接的virtual host;不指定则表示连默认的virtual host为/.

spring.rabbitmq.username=demoUser
spring.rabbitmq.password=demoUser
spring.rabbitmq.virtual-host=/demo

客户端连接成功,打印日志:

2019-03-26 13:39:14.691  INFO 14356 --- [nio-8081-exec-2] o.s.a.r.c.CachingConnectionFactory       : Created new connection: rabbitConnectionFactory#78461bc4:0/SimpleConnection@70e25c21 [delegate=amqp://demoUser@172.16.22.114:5672//demo, localPort= 51424]

Virtual Hosts的使用场景

多租户的使用场景,比如主机资源紧缺情况下开发和测试共用一个RabbitMQ,可以使用Virtual Hosts将开发和测试隔离开.

rabbitmqctl命令参考如下:

root@CentOS7.3[/xxx/rabbitmq]#   rabbitmqctl help
Usage:
rabbitmqctl [-n <node>] [-t <timeout>] [-q] <command> [<command options>] 

Options:
    -n node
    -q
    -t timeout

Default node is "rabbit@server", where server is the local host. On a host 
named "server.example.com", the node name of the RabbitMQ Erlang node will 
usually be rabbit@server (unless RABBITMQ_NODENAME has been set to some 
non-default value at broker startup time). The output of hostname -s is usually 
the correct suffix to use after the "@" sign. See rabbitmq-server(1) for 
details of configuring the RabbitMQ broker.

Quiet output mode is selected with the "-q" flag. Informational messages are 
suppressed when quiet mode is in effect.

Operation timeout in seconds. Only applicable to "list" commands. Default is 
"infinity".

Commands:
    stop [<pid_file>]
    stop_app
    start_app
    wait <pid_file>
    reset
    force_reset
    rotate_logs <suffix>

    join_cluster <clusternode> [--ram]
    cluster_status
    change_cluster_node_type disc | ram
    forget_cluster_node [--offline]
    rename_cluster_node oldnode1 newnode1 [oldnode2] [newnode2 ...]
    update_cluster_nodes clusternode
    force_boot
    sync_queue [-p <vhost>] queue
    cancel_sync_queue [-p <vhost>] queue
    purge_queue [-p <vhost>] queue
    set_cluster_name name

    add_user <username> <password>
    delete_user <username>
    change_password <username> <newpassword>
    clear_password <username>
    
            authenticate_user <username> <password>
          
    set_user_tags <username> <tag> ...
    list_users

    add_vhost <vhost>
    delete_vhost <vhost>
    list_vhosts [<vhostinfoitem> ...]
    set_permissions [-p <vhost>] <user> <conf> <write> <read>
    clear_permissions [-p <vhost>] <username>
    list_permissions [-p <vhost>]
    list_user_permissions <username>

    set_parameter [-p <vhost>] <component_name> <name> <value>
    clear_parameter [-p <vhost>] <component_name> <key>
    list_parameters [-p <vhost>]

    set_policy [-p <vhost>] [--priority <priority>] [--apply-to <apply-to>] 
<name> <pattern>  <definition>
    clear_policy [-p <vhost>] <name>
    list_policies [-p <vhost>]

    list_queues [-p <vhost>] [<queueinfoitem> ...]
    list_exchanges [-p <vhost>] [<exchangeinfoitem> ...]
    list_bindings [-p <vhost>] [<bindinginfoitem> ...]
    list_connections [<connectioninfoitem> ...]
    list_channels [<channelinfoitem> ...]
    list_consumers [-p <vhost>]
    status
    environment
    report
    eval <expr>

    close_connection <connectionpid> <explanation>
    trace_on [-p <vhost>]
    trace_off [-p <vhost>]
    set_vm_memory_high_watermark <fraction>
    set_vm_memory_high_watermark absolute <memory_limit>
    set_disk_free_limit <disk_limit>
    set_disk_free_limit mem_relative <fraction>

<vhostinfoitem> must be a member of the list [name, tracing].

The list_queues, list_exchanges and list_bindings commands accept an optional 
virtual host parameter for which to display results. The default value is "/".

<queueinfoitem> must be a member of the list [name, durable, auto_delete, 
arguments, policy, pid, owner_pid, exclusive, exclusive_consumer_pid, 
exclusive_consumer_tag, messages_ready, messages_unacknowledged, messages, 
messages_ready_ram, messages_unacknowledged_ram, messages_ram, 
messages_persistent, message_bytes, message_bytes_ready, 
message_bytes_unacknowledged, message_bytes_ram, message_bytes_persistent, 
head_message_timestamp, disk_reads, disk_writes, consumers, 
consumer_utilisation, memory, slave_pids, synchronised_slave_pids, state].

<exchangeinfoitem> must be a member of the list [name, type, durable, 
auto_delete, internal, arguments, policy].

<bindinginfoitem> must be a member of the list [source_name, source_kind, 
destination_name, destination_kind, routing_key, arguments].

<connectioninfoitem> must be a member of the list [pid, name, port, host, 
peer_port, peer_host, ssl, ssl_protocol, ssl_key_exchange, ssl_cipher, 
ssl_hash, peer_cert_subject, peer_cert_issuer, peer_cert_validity, state, 
channels, protocol, auth_mechanism, user, vhost, timeout, frame_max, 
channel_max, client_properties, recv_oct, recv_cnt, send_oct, send_cnt, 
send_pend, connected_at].

<channelinfoitem> must be a member of the list [pid, connection, name, number, 
user, vhost, transactional, confirm, consumer_count, messages_unacknowledged, 
messages_uncommitted, acks_uncommitted, messages_unconfirmed, prefetch_count, 
global_prefetch_count].

网友评论

本文标题：RabbitMQ中的多租户VirtualHost

本文链接：https://www.haomeiwen.com/subject/eadgvqtx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！