官網(wǎng)簡(jiǎn)介 Virtual Hosts

RabbitMQ is multi-tenant system: connections, exchanges, queues, bindings, user permissions, policies and some other things belong to virtual hosts, logical groups of entities.
In RabbitMQ, virtual hosts are created and deleted using rabbitmqctl or HTTP API instead.

• RabbitMQ是多租戶系統(tǒng),不同的virtual host是相互獨(dú)立的.virtual hosts使用rabbitmqctl或者h(yuǎn)ttp api接口創(chuàng)建.

Virtual hosts provide logical grouping and separation of resources. Separation of physical resources is not a goal of virtual hosts and should be considered an implementation detail.
For example, resource permissions in RabbitMQ are scoped per virtual host. A user doesn't have global permissions, only permissions in one or more virtual hosts. User tags can be considered global permissions but they are an exception to the rule.

• virtual hosts提供資源的邏輯分組和分離.RabbitMQ中的資源權(quán)限的作用域是每個(gè)virtual host.

Virtual host creation involves a blocking cluster-wide transaction. Each node has to perform a number of setup steps which are moderately expensive. In practice it can take up to a few seconds for a virtual host to be created.
Definition export and import is the recommended way of pre-configuring many virtual hosts at deployment time.

• 創(chuàng)建virtual hosts會(huì)阻塞整個(gè)集群,比較耗性能.

• 其他說明,從RabbitMQ 3.7.0版本開始,可以設(shè)置vhost級(jí)別的最大客戶端連接數(shù)、最大queue數(shù)...

創(chuàng)建并使用Virtual Hosts

有2種方式創(chuàng)建Virtual Hosts,CLI工具或HTTP API endpoint(在管理界面新增)

這里演示CLI工具的方式

1. 創(chuàng)建Virtual Host

root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl add_vhost /demo
Creating vhost "/demo" ...

2. 需要給用戶賦權(quán),用戶才能訪問這個(gè)virtual host.
   set_permissions [-p <vhost>] <user> <conf> <write> <read>

root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl list_permissions -p /demo
Listing permissions in vhost "/demo" ...
root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl set_permissions -p /demo demoUser '.*' '.*' '.*'
Setting permissions for user "demoUser" in vhost "/demo" ...
root@CentOS7.3[/xxx/rabbitmq]#rabbitmqctl list_permissions -p /demo
Listing permissions in vhost "/demo" ...
demoUser        .*      .*      .*

3. 當(dāng)客戶端使用AMQP協(xié)議連接RabbitMQ時(shí),需要指定連接的virtual host;不指定則表示連默認(rèn)的virtual host為/.

spring.rabbitmq.username=demoUser
spring.rabbitmq.password=demoUser
spring.rabbitmq.virtual-host=/demo

客戶端連接成功,打印日志:

2019-03-26 13:39:14.691  INFO 14356 --- [nio-8081-exec-2] o.s.a.r.c.CachingConnectionFactory       : Created new connection: rabbitConnectionFactory#78461bc4:0/SimpleConnection@70e25c21 [delegate=amqp://demoUser@172.16.22.114:5672//demo, localPort= 51424]

Virtual Hosts的使用場(chǎng)景

多租戶的使用場(chǎng)景,比如主機(jī)資源緊缺情況下開發(fā)和測(cè)試共用一個(gè)RabbitMQ,可以使用Virtual Hosts將開發(fā)和測(cè)試隔離開.

rabbitmqctl命令參考如下:

root@CentOS7.3[/xxx/rabbitmq]#   rabbitmqctl help
Usage:
rabbitmqctl [-n <node>] [-t <timeout>] [-q] <command> [<command options>] 

Options:
    -n node
    -q
    -t timeout

Default node is "rabbit@server", where server is the local host. On a host 
named "server.example.com", the node name of the RabbitMQ Erlang node will 
usually be rabbit@server (unless RABBITMQ_NODENAME has been set to some 
non-default value at broker startup time). The output of hostname -s is usually 
the correct suffix to use after the "@" sign. See rabbitmq-server(1) for 
details of configuring the RabbitMQ broker.

Quiet output mode is selected with the "-q" flag. Informational messages are 
suppressed when quiet mode is in effect.

Operation timeout in seconds. Only applicable to "list" commands. Default is 
"infinity".

Commands:
    stop [<pid_file>]
    stop_app
    start_app
    wait <pid_file>
    reset
    force_reset
    rotate_logs <suffix>

    join_cluster <clusternode> [--ram]
    cluster_status
    change_cluster_node_type disc | ram
    forget_cluster_node [--offline]
    rename_cluster_node oldnode1 newnode1 [oldnode2] [newnode2 ...]
    update_cluster_nodes clusternode
    force_boot
    sync_queue [-p <vhost>] queue
    cancel_sync_queue [-p <vhost>] queue
    purge_queue [-p <vhost>] queue
    set_cluster_name name

    add_user <username> <password>
    delete_user <username>
    change_password <username> <newpassword>
    clear_password <username>
    
            authenticate_user <username> <password>
          
    set_user_tags <username> <tag> ...
    list_users

    add_vhost <vhost>
    delete_vhost <vhost>
    list_vhosts [<vhostinfoitem> ...]
    set_permissions [-p <vhost>] <user> <conf> <write> <read>
    clear_permissions [-p <vhost>] <username>
    list_permissions [-p <vhost>]
    list_user_permissions <username>

    set_parameter [-p <vhost>] <component_name> <name> <value>
    clear_parameter [-p <vhost>] <component_name> <key>
    list_parameters [-p <vhost>]

    set_policy [-p <vhost>] [--priority <priority>] [--apply-to <apply-to>] 
<name> <pattern>  <definition>
    clear_policy [-p <vhost>] <name>
    list_policies [-p <vhost>]

    list_queues [-p <vhost>] [<queueinfoitem> ...]
    list_exchanges [-p <vhost>] [<exchangeinfoitem> ...]
    list_bindings [-p <vhost>] [<bindinginfoitem> ...]
    list_connections [<connectioninfoitem> ...]
    list_channels [<channelinfoitem> ...]
    list_consumers [-p <vhost>]
    status
    environment
    report
    eval <expr>

    close_connection <connectionpid> <explanation>
    trace_on [-p <vhost>]
    trace_off [-p <vhost>]
    set_vm_memory_high_watermark <fraction>
    set_vm_memory_high_watermark absolute <memory_limit>
    set_disk_free_limit <disk_limit>
    set_disk_free_limit mem_relative <fraction>

<vhostinfoitem> must be a member of the list [name, tracing].

The list_queues, list_exchanges and list_bindings commands accept an optional 
virtual host parameter for which to display results. The default value is "/".

<queueinfoitem> must be a member of the list [name, durable, auto_delete, 
arguments, policy, pid, owner_pid, exclusive, exclusive_consumer_pid, 
exclusive_consumer_tag, messages_ready, messages_unacknowledged, messages, 
messages_ready_ram, messages_unacknowledged_ram, messages_ram, 
messages_persistent, message_bytes, message_bytes_ready, 
message_bytes_unacknowledged, message_bytes_ram, message_bytes_persistent, 
head_message_timestamp, disk_reads, disk_writes, consumers, 
consumer_utilisation, memory, slave_pids, synchronised_slave_pids, state].

<exchangeinfoitem> must be a member of the list [name, type, durable, 
auto_delete, internal, arguments, policy].

<bindinginfoitem> must be a member of the list [source_name, source_kind, 
destination_name, destination_kind, routing_key, arguments].

<connectioninfoitem> must be a member of the list [pid, name, port, host, 
peer_port, peer_host, ssl, ssl_protocol, ssl_key_exchange, ssl_cipher, 
ssl_hash, peer_cert_subject, peer_cert_issuer, peer_cert_validity, state, 
channels, protocol, auth_mechanism, user, vhost, timeout, frame_max, 
channel_max, client_properties, recv_oct, recv_cnt, send_oct, send_cnt, 
send_pend, connected_at].

<channelinfoitem> must be a member of the list [pid, connection, name, number, 
user, vhost, transactional, confirm, consumer_count, messages_unacknowledged, 
messages_uncommitted, acks_uncommitted, messages_unconfirmed, prefetch_count, 
global_prefetch_count].