Messaging that just works

RabbitMQ

This is the RabbitMQ Server Administrator's Guide. (Note: it is still under development. Please contact us if you have any suggestions or wished-for features!)

See also this list of new community tools have appeared for 'dashboard' access to core management functionality.

Table of Contents

Building and installation

Please see the build and installation guides for instructions on compiling, installing, starting and shutting down the server. See the service guide for instructions on running the server as a Windows Service.

Default database contents

When the server first starts running, and detects that its database is uninitialised or has been deleted, it initialises a fresh database with the following resources:

  • a virtual host named /
  • a user named guest with a default password of guest, granted full access to the / virtual host.

It is advisable to change the password of the guest user to something private, particularly if your broker is accessible publicly.

Management overview

rabbitmqctl is a command line tool for managing a RabbitMQ broker. It performs all actions by connecting to one of the broker's node. By default that is the node named "rabbit" on the local host. This can be overridden by explicitly specifying the node name before the command using the "-n" flag, e.g. 

rabbitmqctl -n rabbit@shortstop add_user tonyg changeit

This command instructs the RabbitMQ broker at the Erlang node rabbit@shortstop to create a user named tonyg with (initial) password changeit.

On a host named "server.example.com", the node name of the RabbitMQ Erlang node will usually be rabbit@server (unless RABBITMQ_NODENAME has been set to some non-default value at broker startup time). The output of hostname -s is usually the correct suffix to use after the "@" sign.

rabbitmqctl produces verbose output by default. Quiet mode can be selected by specifying the "-q" flag, e.g. 

rabbitmqctl -q status

This option enables quiet mode and is useful when post-processing the results. Informational messages are suppressed when quiet mode is in effect.

Flags must precede all other parameters to rabbitmqctl.

Application and cluster management

Stopping the RabbitMQ node

rabbitmqctl stop

Stops the Erlang node on which RabbitMQ is running. To restart the node follow the instructions for Running the Server in the installation guide.

For example: 

rabbitmqctl stop

This command instructs the RabbitMQ node to terminate.

Stopping the RabbitMQ application

rabbitmqctl stop_app

Stops the RabbitMQ application, leaving the Erlang node running.

This command is typically run prior to performing other management actions that require the RabbitMQ application to be stopped, e.g. reset.

For example: 

rabbitmqctl stop_app

This command instructs the RabbitMQ node to stop the RabbitMQ application.

Starting the RabbitMQ application

rabbitmqctl start_app

Starts the RabbitMQ application.

This command is typically run after performing other management actions that required the RabbitMQ application to be stopped, e.g. reset.

For example: 

rabbitmqctl start_app

This command instructs the RabbitMQ node to start the RabbitMQ application.

Displaying the RabbitMQ broker status

rabbitmqctl status

Displays various information about the RabbitMQ broker, such as whether the RabbitMQ application on the current node, its version number, what nodes are part of the broker, which of these are running.

For example: 

rabbitmqctl status

This command displays information about the RabbitMQ broker.

Resetting a RabbitMQ node

rabbitmqctl reset
rabbitmqctl force_reset

Return a RabbitMQ node to its virgin state.

Removes the node from any cluster it belongs to, removes all data from the management database, such as configured users and vhosts, and deletes all persistent messages.

The force_reset command differs from reset in that it resets the node unconditionally, regardless of the current management database state and cluster configuration. It should only be used as a last resort if the database or cluster configuration has been corrupted.

For reset and force_reset to succeed the RabbitMQ application must have been stopped, e.g. with stop_app.

For example: 

rabbitmqctl reset

This command resets the RabbitMQ node.

Rotating log files

rabbitmqctl rotate_logs [suffix]

Instruct the RabbitMQ node to rotate the log files.

The RabbitMQ broker will attempt to append the current contents of the log file to the file with name composed of the original name and the suffix. It will create a new file if such a file does not already exist. When no suffix is specified, the empty log file is simply created at the original location; no rotation takes place.

When an error occurs while appending the contents of the old log file, the operation behaves in the same way as if no suffix was specified.

This command might be helpful when you are e.g. writing your own logrotate script and you do not want to restart the RabbitMQ node.

Example: 

rabbitmqctl rotate_logs .1

This command instructs the RabbitMQ node to append the current content of the log files to the files with names consisting of the original logs' names and ".1" suffix, e.g. rabbit.log.1. Finally, the old log files are reopened.

Cluster management

rabbitmqctl cluster clusternode ...
clusternode
Subset of the nodes of the cluster to which this node should be connected.

Instruct the node to become member of a cluster with the specified nodes.

Cluster nodes can be of two types: disk or ram. Disk nodes replicate data in ram and on disk, thus providing redundancy in the event of node failure and recovery from global events such as power failure across all nodes. Ram nodes replicate data in ram only and are mainly used for scalability. A cluster must always have at least one disk node.

If the current node is to become a disk node it needs to appear in the cluster node list. Otherwise it becomes a ram node. If the node list is empty or only contains the current node then the node becomes a standalone, i.e. non-clustered, (disk) node.

After executing the cluster command, whenever the RabbitMQ application is started on the current node it will attempt to connect to the specified nodes, thus becoming an active node in the cluster comprising those nodes (and possibly others).

The list of nodes does not have to contain all the cluster's nodes; a subset is sufficient. Also, clustering generally succeeds as long as at least one of the specified nodes is active. Hence adjustments to the list are only necessary if the cluster configuration is to be altered radically.

For this command to succeed the RabbitMQ application must have been stopped, e.g. with stop_app. Furthermore, turning a standalone node into a clustered node requires the node be reset first, in order to avoid accidental destruction of data with the cluster command.

For more details see the clustering guide.

Example: 

rabbitmqctl cluster rabbit@tanto hare@elena

This command instructs the RabbitMQ node to join the cluster with nodes rabbit@tanto and hare@elena. If the node is one of these then it becomes a disk node, otherwise a ram node.

User management

Creating a user

rabbitmqctl add_user username password
username
The name of the user to create.
password
The password the created user will use to log in to the broker.

For example: 

rabbitmqctl add_user tonyg changeit

This command instructs the RabbitMQ broker to create a user named tonyg with (initial) password changeit.

Deleting a user

rabbitmqctl delete_user username
username
The name of the user to delete.

For example: 

rabbitmqctl delete_user tonyg

This command instructs the RabbitMQ broker to delete the user named tonyg.

Changing a user's password

rabbitmqctl change_password username newpassword
username
The name of the user whose password is to be changed.
newpassword
The new password for the user.

For example: 

rabbitmqctl change_password tonyg newpass

This command instructs the RabbitMQ broker to change the password for the user named tonyg to newpass.

Listing users

rabbitmqctl list_users

For example: 

rabbitmqctl list_users

This command instructs the RabbitMQ broker to list all users.

Access control

When an AMQP client establishes a connection to an AMQP server, it specifies a virtual host within which it intends to operate. A first level of access control is enforced at this point, with the server checking whether the user has any permissions to access the virtual hosts, and rejecting the connection attempt otherwise.

Resources, i.e. exchanges and queues, are named entities inside a particular virtual host; the same name denotes a different resource in each virtual host. A second level of access control is enforced when certain operations are performed on resources.

RabbitMQ distinguishes between configure, write and read operations on a resource. The configure operations create or destroy resources, or alter their behaviour. The write operations inject messages into a resource. And the read operations retrieve messages from a resource.

In order to perform an operation on a resource the user must have been granted the appropriate permissions for it. The following table shows what permissions on what type of resource are required for all the AMQP commands which perform permission checks.

AMQP command configure write read
exchange.declare exchange
exchange.delete exchange
queue.declare queue
queue.delete queue
queue.bind queue exchange
basic.publish exchange
basic.get queue
basic.consume queue
queue.purge queue

Permissions are expressed as a triple of regular expressions - one each for configure, write and read - on per-vhost basis. The user is granted the respective permission for operations on all resources with names matching the regular expressions. (Note: For convenience RabbitMQ maps AMQP's default exchange's blank name to 'amq.default' when performing permission checks.)

Some AMQP operations can create resources with server-generated names. Every user has configure, write and read permissions for such resources. However, the names are strong and not discoverable as part of the protocol, only through management functionality. Therefore these resources are in effect private to the user unless they choose to dilvuge their names to other users.

The regular expression ^$, i.e. matching nothing but the empty string, exactly covers resources with server-generated names. That, for example, allows an administrator to restrict a user to declaring private resources only.

RabbitMQ may cache the results of access control checks on a per-connection or per-channel basis. Hence changes to user permissions may only take effect when the user reconnects.

Creating a virtual host

rabbitmqctl add_vhost vhostpath
vhostpath
The name of the virtual host entry to create.

For example: 

rabbitmqctl add_vhost test

This command instructs the RabbitMQ broker to create a new virtual host called test.

Deleting a virtual host

rabbitmqctl delete_vhost vhostpath
vhostpath
The name of the virtual host entry to delete.

Deleting a virtual host deletes all its exchanges, queues, user mappings and associated permissions.

For example: 

rabbitmqctl delete_vhost test

This command instructs the RabbitMQ broker to delete the virtual host called test.

Listing virtual hosts

rabbitmqctl list_vhosts

For example: 

rabbitmqctl list_vhosts

This command instructs the RabbitMQ broker to list all virtual hosts.

Setting user permissions

rabbitmqctl set_permissions [-p vhostpath] username regexp regexp regexp
vhostpath
The name of the virtual host to which to grant the user access, defaulting to /.
username
The name of the user to grant access to the specified virtual host.
regexp
The regular expressions for matching resource names for which the user is granted configure, write and read permissions, respectively.

For example: 

rabbitmqctl set_permissions -p /myvhost tonyg "^tonyg-.*" ".*" ".*"

This command instructs the RabbitMQ broker to grant the user named tonyg access to the virtual host called /myvhost, with configure permissions on all resources whose names starts with "tonyg-", and write and read permissions on all resources.

Clearing user permissions

rabbitmqctl clear_permissions [-p vhostpath] username
vhostpath
The name of the virtual host to which to deny the user access, defaulting to /.
username
The name of the user to grant access to the specified virtual host.

For example: 

rabbitmqctl clear_permissions -p /myvhost tonyg

This command instructs the RabbitMQ broker to deny the user named tonyg access to the virtual host called /myvhost.

Listing permissions in a virtual host

rabbitmqctl list_permissions [-p vhostpath]
vhostpath
The name of the virtual host for which to list the users that have been granted access to it, and their permissions. Defaults to /.

For example: 

rabbitmqctl list_permissions -p /myvhost

This command instructs the RabbitMQ broker to list all the users which have been granted access to the virtual host called /myvhost, and the permissions they have for operations on resources in that virtual host.

Listing user permissions

rabbitmqctl list_user_permissions username
username
The name of the user for which to list the permissions.

For example: 

rabbitmqctl list_user_permissions tonyg

This command instructs the RabbitMQ broker to list all the virtual hosts to which the user named tonyg has been granted access, and the permissions the user has for operations on resources in these virtual hosts.

Server Status

The server status queries interrogate the server and return a list of results with tab-delimited columns. Some queries (list_queues, list_exchanges and list_bindings) accept an optional vhost parameter. This parameter, if present, must be specified immediately after the query.

Listing queues of a virtual host

rabbitmqctl list_queues [-p vhostpath] [queueinfoitem ...]

Returns queue details. Queue details of the / virtual host are returned if the "-p" flag is absent. The "-p" flag can be used to override this default.

The queueinfoitem parameter is used to indicate which queue information items to include in the results. The column order in the results will match the order of the parameters. If no queueinfoitems are specified then queue name and depth are displayed. queueinfoitem can take any value from the list that follows:

name
The name of the queue with non-ASCII characters URL-escaped.
durable
Whether or not the queue survives server restarts.
auto_delete
Whether the queue will be deleted automatically when no longer used.
arguments
Queue arguments.
pid
Id of the Erlang process associated with the queue.
messages_ready
Number of messages ready to be delivered to clients.
messages_unacknowledged
Number of messages delivered to clients but not yet acknowledged.
messages_uncommitted
Number of messages published in as yet uncommitted transactions
messages
Sum of ready, unacknowledged and uncommitted messages (queue depth).
acks_uncommitted
Number of acknowledgements received in as yet uncommitted transactions.
consumers
Number of consumers.
transactions
Number of transactions.
memory
Bytes of memory consumed by the Erlang process associated with the queue, including stack, heap and internal structures.

For example: 

rabbitmqctl list_queues -p /myvhost messages consumers

This command displays the depth and number of consumers for each queue of the virtual host named /myvhost.

Listing exchanges of a virtual host

rabbitmqctl list_exchanges [-p vhostpath] [exchangeinfoitem ...]

Returns exchange details. Exchange details of the / virtual host are returned if the "-p" flag is absent. The "-p" flag can be used to override this default.

The exchangeinfoitem parameter is used to indicate which exchange information items to include in the results. The column order in the results will match the order of the parameters. If no exchangeinfoitems are specified then exchange name and type are displayed. exchangeinfoitem can take any value from the list that follows:

name
The name of the exchange with non-ASCII characters URL-escaped.
type
The exchange type (one of [direct, topic, headers, fanout]).
durable
Whether or not the exchange survives server restarts.
auto_delete
Whether the exchange will be deleted automatically when no longer used.
arguments
Exchange arguments.

For example: 

rabbitmqctl list_exchanges -p /myvhost name type

This command displays the name and type for each exchange of the virtual host named /myvhost.

Listing bindings of a virtual host

rabbitmqctl list_bindings [-p vhostpath]

By default the bindings for the / virtual host are returned. The "-p" flag can be used to override this default. Each result row will contain an exchange name, queue name, routing key and binding arguments, in that order. Non-ASCII characters will be URL-encoded.

Listing connections of a virtual host

rabbitmqctl list_connections
          [connectioninfoitem ...]

Returns TCP/IP connection statistics.

The connectioninfoitem parameter is used to indicate which connection information items to include in the results. The column order in the results will match the order of the parameters. If no connectioninfoitems are specified then user, peer address, peer port and connection state are displayed. connectioninfoitem can take any value from the list that follows:

pid
Id of the Erlang process associated with the connection.
address
Server IP address.
port
Server port.
peer_address
Peer address.
peer_port
Peer port.
state
Connection state (one of [starting, tuning, opening, running, closing, closed]).
channels
Number of channels using the connection.
user
Username associated with the connection.
vhost
Virtual host name with non-ASCII characters URL-escaped.
timeout
Connection timeout.
frame_max
Maximum frame size (bytes).
client_properties
Informational properties transmitted by the client during connection establishment.
recv_oct
Octets received.
recv_cnt
Packets received.
send_oct
Octets send.
send_cnt
Packets sent.
send_pend
Send queue size.

For example: 

rabbitmqctl list_connections send_pend server_port

This command displays the send queue size and server port for each connection.

Plugins

RabbitMQ provides a plugin mechanism allowing for additional OTP applications to be run within the broker node. Plugins should not be seen as a general purpose mechanism for writing applications, but instead as a specialised tool when additional functionality is required at the broker level.

The RabbitMQ plugin mechanism makes use of a custom OTP .boot file, to start additional OTP applications within the broker node, and thus comes with a number of caveats:

  • Custom Boot files require that all applications (including standard OTP applications) have explicit versions listed. This means that if your OTP installation is upgraded, then Rabbit will most likely not start until the plugin activation script is run again.
  • Since the plugin runs in the same node as the broker, it should not be assumed that any access controls configured on the broker will be observed by the plugin. Whilst plugins can interact with the ACL mechanism to ensure enforcement of security mechanisms, it is also possible for plugins to completely ignore security configuration.
  • Again, since the plugin runs in the same node as the broker, an action that results in the node halting will shut down the RabbitMQ broker as well. Well-written plugins can be built to avoid this occuring, however Administrators should be aware of the risks of installing plugins - especially those that are not known to have undergone a rigorous QA procedure.

Plugin Installation

  • Plugins will generally be available in two forms. The expected form for a packaged plugin will be a .ez erlang archive. Alternatively, more developmental plugins may be distributed directly from source control, whereby they will be a directory containing (at least) an ebin subdirectory.
  • In both cases, the plugin archive (or directory) should be placed into the plugins subdirectory within the rabbitmq-server installation directory (ie, the directory that the ebin directory resides within). If this directory does not exist, it can be safely created.
  • Once the desired plugins have been placed in the plugins directory, run the following as root: 
    rabbitmq-activate-plugins
    Note that on some platforms it has been observed that many spurious warnings are printed along the lines of: 
    *WARNING* mnesia: Object code (mnesia) out of date
    It is our experience that warnings of this variety can be safely ignored.
  • Upon successful completion of the script, restart Rabbit. All installed plugins will be started automatically.
  • Note for users with RabbitMQ installed as a Windows Service: When first activating, or deactivating, plugins, the 
    rabbitmq-service.bat install
    command will need to be re-run to ensure that the service configuration is updated to perform an appropriate boot sequence.

Plugin Un-installation

To remove an installed plugin from the broker, delete the .ez file or directory from the plugins directory, and re-run the rabbitmq-activate-plugins script. When the broker is restarted, the deleted plugin will no longer be started.

Disabling all Plugins

In the event of broker mis-behaviour, it is recommended that all plugins be disabled as a first port-of-call. Instead of manually removing all files from the plugins directory, the deactivate plugins script can be used to disable all plugins until rabbitmq-activate-plugins is next run. To do this, execute: 

rabbitmq-deactivate-plugins
When Rabbit is restarted, no custom plugins will be loaded.

About us RabbitMQ™ is a Trademark of Rabbit Technologies Ltd.