[官方翻译]RabbitMQ 命令使用

时间 2019-12-19

原文原文链接

下面的命令参数,都可以在ui上进行操做,界面更加直观,可是命令在一些状况下,比较灵活java

1 权限系统/多租户系统git

rabbitmq经过vhost来实现多租户权限.一个rabbitmq 服务器能够有多个vhost,默认vhost为"/", 能够经过命令行或者管理界面添加vhostgithub

经过控制命令docker

$ sudo rabbitmqctl | grep _vhost
add_vhost <vhost> 一次只能添加一个
delete_vhost <vhost> 一次只能删除一个
list_vhosts [<vhostinfoitem> ...]

关于vhost有3条简单命令,增长,删除,查询服务器

$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc add_vhost /test_host
Creating vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/test_host
/
$sudo rabbitmqctl -n rabbit@zhaofeng-pc delete_vhost /test_host
Deleting vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_vhosts
Listing vhosts
/

为vhost添加用户,经过命令cookie

$ sudo rabbitmqctl | egrep "_permission|_user|_password"
add_user <username> <password>
delete_user <username>
authenticate_user <username> <password>
set_user_tagsset_user_tags <username> <tag> ... management:能够进入ui policymaker:能够进入ui并管理策略和vhosts参数 monitoring:能够进入ui,并能查看节点相关channel和connection administrator:能够操做一切
list_users
set_permissions [-p <vhost>] <user> <conf> <write> <read>
clear_permissions [-p <vhost>] <username>
list_permissions [-p <vhost>]
list_user_permissions <username>
change_password <username> <newpassword>
clear_password <username>

提供了11条关于user的命令,增长,删除,受权,设置标签,查询用户,查询权限,设置权限,清除权限,修改密码,清楚密码好比我建立一个管理员ui用户数据结构

$ sudo rabbitmqctl -n rabbit@zhaofeng-pc add_user fansin 1234
Creating user "fansin"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc set_user_tags fansin administrator
Setting tags for user "fansin" to [administrator]
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc list_users
Listing users
fansin	[administrator]
guest	[administrator]
test	[adminstrator]
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc delete_user fansin
Deleting user "fansin"

$sudo rabbitmqctl -n rabbit@zhaofeng-pc add_user fansin 1234
Creating user "fansin"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc authenticate_user fansin 1234
Authenticating user "fansin"
Success
$sudo rabbitmqctl -n rabbit@zhaofeng-pc add_vhost /test_host
Creating vhost "/test_host"
$ sudo rabbitmqctl -n rabbit@zhaofeng-pc set_permissions -p /test_host fansin '.*' '.*' '.*'
Setting permissions for user "fansin" in vhost "/test_host"
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_permissions -p /test_host
Listing permissions in vhost "/test_host"
fansin	.*	.*	.*
$sudo rabbitmqctl -n rabbit@zhaofeng-pc list_user_permissions fansin
Listing permissions for user "fansin"
/test_host	.*	.*	.*
$sudo rabbitmqctl -n rabbit@zhaofeng-pc clear_permissions -p /test_host fansin
Clearing permissions for user "fansin" in vhost "/test_host"

注意,若是用户不存在,则查询为空,authenticate_user必须是已经建立的用户,能够为用户提供更多的权限控制.app

2 监控rabbitmq使用学习

$ sudo rabbitmqctl | grep list_
    list_users
    list_vhosts [<vhostinfoitem> ...]
    list_permissions [-p <vhost>]
    list_user_permissions <username>
    list_parameters [-p <vhost>]
    list_global_parameters
    list_policies [-p <vhost>]
    list_queues [-p <vhost>] [--offline|--online|--local] [<queueinfoitem> ...]
    list_exchanges [-p <vhost>] [<exchangeinfoitem> ...]
    list_bindings [-p <vhost>] [<bindinginfoitem> ...]
    list_connections [<connectioninfoitem> ...]
    list_channels [<channelinfoitem> ...]
    list_consumers [-p <vhost>]

能够经过命令查询用户,vhost,队列,exchange,bindings,connection,channel,Consumer等,查询时 list_"要查询的参数+s",除了简单查询外,还能够限定参数.测试

<vhostinfoitem> 属性
    [name, tracing].

<queueinfoitem> 属性
    [name, durable, auto_delete,
    arguments, policy, pid, owner_pid, exclusive, exclusive_consumer_pid,
    exclusive_consumer_tag, messages_ready, messages_unacknowledged, messages,
    messages_ready_ram, messages_unacknowledged_ram, messages_ram,
    messages_persistent, message_bytes, message_bytes_ready,
    message_bytes_unacknowledged, message_bytes_ram, message_bytes_persistent,
    head_message_timestamp, disk_reads, disk_writes, consumers,
    consumer_utilisation, memory, slave_pids, synchronised_slave_pids, state].

<exchangeinfoitem> 属性
    [name, type, durable,
    auto_delete, internal, arguments, policy].

<bindinginfoitem> 属性
    [source_name, source_kind,
    destination_name, destination_kind, routing_key, arguments].

<connectioninfoitem> 属性
    [pid, name, port, host,
    peer_port, peer_host, ssl, ssl_protocol, ssl_key_exchange, ssl_cipher,
    ssl_hash, peer_cert_subject, peer_cert_issuer, peer_cert_validity, state,
    channels, protocol, auth_mechanism, user, vhost, timeout, frame_max,
    channel_max, client_properties, recv_oct, recv_cnt, send_oct, send_cnt,
    send_pend, connected_at].

<channelinfoitem> 属性
    [pid, connection, name, number,
    user, vhost, transactional, confirm, consumer_count, messages_unacknowledged,
    messages_uncommitted, acks_uncommitted, messages_unconfirmed, prefetch_count,
    global_prefetch_count].

3 动态切换log文件

经过rotate_log,动态切换log文件

$ sudo rabbitmqctl |grep _logs
    rotate_logs <suffix>
$sudo rabbitmqctl rotate_logs .2
Rotating logs to files with suffix ".2"
$ ls /var/log/rabbitmq/
rabbit@zhaofeng-pc.log      rabbit@zhaofeng-pc-sasl.log
rabbit@zhaofeng-pc.log.1    rabbit@zhaofeng-pc-sasl.log.1
rabbit@zhaofeng-pc.log.2    rabbit@zhaofeng-pc-sasl.log.2
rabbit@zhaofeng-pc.log.log  rabbit@zhaofeng-pc-sasl.log.log

4 启动ssl

rabbitmq可使用openssl来生成证书.生成的证书类型为.pem格式的,rabbitmq官方提供了简单的 openssl配置文件,若是须要更详细的,能够参考官方演示openssl.cnf 证书生成步骤比较复杂,要生成要19个文件,为了直接查看rabbitmq的ssl配置,我整合了一下证书生成过程,方便测试使用openssl-auto-ca 使用比较简单,只是测试能够,不用修改,直接生成须要的证书.若是想要学习请参考rabbitmq官方或者openssl官方.

使用 openssl-auto-ca 生成证书后,咱们获得相似下面的数据结构

zhaofeng@zhaofeng-pc:~/dev/docker/rabbitmq-cluster$ sh createcert.sh
省略过程.....
zhaofeng@zhaofeng-pc:~/dev/docker/rabbitmq-cluster$ tree myca/
myca/
├── client
│   ├── cert.pem
│   ├── keycert.p12
│   ├── key.pem
│   └── req.pem
├── root
│   ├── cacert.cer
│   ├── cacert.pem
│   ├── certs
│   │   ├── 01.pem
│   │   └── 02.pem
│   ├── index.txt
│   ├── index.txt.attr
│   ├── index.txt.attr.old
│   ├── index.txt.old
│   ├── private
│   │   └── cakey.pem
│   ├── serial
│   └── serial.old
└── server
    ├── cert.pem
    ├── keycert.p12
    ├── key.pem
    └── req.pem

5 directories, 19 files

证书生成完毕.

咱们仍是使用docker,建立一个新的容器

docker run -d --hostname my-rabbit-ssl --name my-rabbit-ssl -e RABBITMQ_ERLANG_COOKIE='secret cookie here' fansin/rabbitmq-cluster

rabbitmq 与以前动态增长配置不一样,此次不得不要在配置文件添加ssl的.最新的rabbitmq是没有配置文件的,只有插件记录文件,默认配置位置是在/etc/rabbitmq/rabbitmq.config,本身新建一个文件. ssl配置内容以下:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/cert/cacert.pem"},
                    {certfile,"/cert/server_cert.pem"},
                    {keyfile,"/cert/server_key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]},
  {rabbitmq_management,
  [{listener, [{port,     15671},
               {ssl,      true},
               {ssl_opts, [{cacertfile,"/cert/cacert.pem"},
                    {certfile,"/cert/server_cert.pem"},
                    {keyfile,"/cert/server_key.pem"}]}
              ]}
  ]}
].

注意细节两点

配置文件最后的'.',不能漏掉,否则会报配置文件未结束的异常.
当增长和删除配置的时候,注意最后一项配置没有','.

当正常启动后,management界面就会变成 https://ip:15672, 应用链接接口变为ip:5671 java链接时,须要添加一行代码

factory.useSslProtocol();//自动选择一项ssl加密方式

官方介绍了更多关于ssl,若是有特殊须要,参考官网文档.

因为我的水平有限，若有问题请指出。