From 95975ef2c3cdbe20197d1496e4272b00c2e4cc6c8f8f0b88ef4a2281e7841d70 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 11 Sep 2018 06:26:35 +0000 Subject: [PATCH] - update config.template to use channel_max to 0 (old default, mitigate breakage in 3.6.16 change) OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=95 --- rabbitmq-server.changes | 6 + rabbitmq.config.example | 401 ++++++++++++++++++++++++++++++++-------- 2 files changed, 332 insertions(+), 75 deletions(-) diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index 1bf9483..227980c 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Sep 11 06:26:01 UTC 2018 - dmueller@suse.com + +- update config.template to use channel_max to 0 (old default, + mitigate breakage in 3.6.16 change) + ------------------------------------------------------------------- Mon Sep 10 12:46:56 UTC 2018 - dmueller@suse.com diff --git a/rabbitmq.config.example b/rabbitmq.config.example index 1a55401..95acf36 100644 --- a/rabbitmq.config.example +++ b/rabbitmq.config.example @@ -2,14 +2,16 @@ %% ---------------------------------------------------------------------------- %% RabbitMQ Sample Configuration File. %% -%% See http://www.rabbitmq.com/configure.html for details. +%% Related doc guide: http://www.rabbitmq.com/configure.html. See +%% http://rabbitmq.com/documentation.html for documentation ToC. %% ---------------------------------------------------------------------------- [ {rabbit, - [%% - %% Network Connectivity + [ + %% Networking %% ==================== %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. %% By default, RabbitMQ will listen on all interfaces, using %% the standard (reserved) AMQP port. @@ -22,32 +24,43 @@ %% {tcp_listeners, [{"127.0.0.1", 5672}, %% {"::1", 5672}]}, - %% SSL listeners are configured in the same fashion as TCP listeners, + %% TLS listeners are configured in the same fashion as TCP listeners, %% including the option to control the choice of interface. %% %% {ssl_listeners, [5671]}, + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - %% and SSL handshake), in milliseconds. + %% and TLS handshake), in milliseconds. %% %% {handshake_timeout, 10000}, - %% Log levels (currently just used for connection logging). - %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing - %% order of verbosity. Defaults to 'info'. + %% Log levels in decreasing order of verbosity: + %% * 'debug' + %% * 'info' + %% * 'warning' + %% * 'error' + %% * 'none' + %% Defaults to '{connection, info}' %% - %% {log_levels, [{connection, info}, {channel, info}]}, + %% {log_levels, [{channel, info}, {connection, info}, {federation, info}, {mirroring, info}]}, %% Set to 'true' to perform reverse DNS lookups when accepting a %% connection. Hostnames will then be shown instead of IP addresses %% in rabbitmqctl and the management plugin. %% - %% {reverse_dns_lookups, true}, + %% {reverse_dns_lookups, false}, %% - %% Security / AAA - %% ============== + %% Security, Access Control + %% ======================== %% + %% Related doc guide: http://www.rabbitmq.com/access-control.html. %% The default "guest" user is only permitted to access the server %% via a loopback interface (e.g. localhost). @@ -57,8 +70,10 @@ %% guest user from anywhere on the network. %% {loopback_users, []}, - %% Configuring SSL. - %% See http://www.rabbitmq.com/ssl.html for full documentation. + + %% TLS configuration. + %% + %% Related doc guide: http://www.rabbitmq.com/ssl.html. %% %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, %% {certfile, "/path/to/server/cert.pem"}, @@ -71,7 +86,7 @@ %% 'AMQPLAIN'. Additional mechanisms can be added via %% plugins. %% - %% See http://www.rabbitmq.com/authentication.html for more details. + %% Related doc guide: http://www.rabbitmq.com/authentication.html. %% %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, @@ -84,10 +99,10 @@ %% rabbitmq_auth_backend_ldap plugins. %% %% NB: These options require that the relevant plugin is enabled. - %% See http://www.rabbitmq.com/plugins.html for further details. + %% Related doc guide: http://www.rabbitmq.com/plugins.html for further details. %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - %% authenticate a user based on the client's SSL certificate. + %% authenticate a user based on the client's TLS certificate. %% %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms %% list with the entry 'EXTERNAL'. @@ -112,14 +127,46 @@ %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further %% details. %% - %% To use the SSL cert's CN instead of its DN as the username + %% To use the TLS cert's CN instead of its DN as the username %% - %% {ssl_cert_login_from, common_name}, + %% {ssl_cert_login_from, distinguished_name}, - %% SSL handshake timeout, in milliseconds. + %% TLS handshake timeout, in milliseconds. %% %% {ssl_handshake_timeout, 5000}, + %% Makes RabbitMQ accept SSLv3 client connections by default. + %% DO NOT DO THIS IF YOU CAN HELP IT. + %% + %% {ssl_allow_poodle_attack, false}, + + %% Password hashing implementation. Will only affect newly + %% created users. To recalculate hash for an existing user + %% it's necessary to update her password. + %% + %% {password_hashing_module, rabbit_password_hashing_sha256}, + + %% Configuration entry encryption. + %% Related doc guide: http://www.rabbitmq.com/configure.html#configuration-encryption + %% + %% To specify the passphrase in the configuration file: + %% + %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} + %% + %% To specify the passphrase in an external file: + %% + %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} + %% + %% To make the broker request the passphrase when it starts: + %% + %% {config_entry_decoder, [{passphrase, prompt}]} + %% + %% To change encryption settings: + %% + %% {config_entry_decoder, [{cipher, aes_cbc256}, + %% {hash, sha512}, + %% {iterations, 1000}]} + %% %% Default User / VHost %% ==================== @@ -137,8 +184,7 @@ %% Tags for default user %% - %% For more details about tags, see the documentation for the - %% Management Plugin at http://www.rabbitmq.com/management.html. + %% Related doc guide: http://www.rabbitmq.com/management.html. %% %% {default_user_tags, [administrator]}, @@ -147,28 +193,55 @@ %% ===================================================== %% - %% Set the default AMQP heartbeat delay (in seconds). + %% Sets the default AMQP 0-9-1 heartbeat timeout in seconds. + %% Values lower than 6 can produce false positives and are not + %% recommended. %% - %% {heartbeat, 600}, + %% Related doc guides: + %% + %% * http://www.rabbitmq.com/heartbeats.html + %% * http://www.rabbitmq.com/networking.html + %% + %% {heartbeat, 60}, %% Set the max permissible size of an AMQP frame (in bytes). %% %% {frame_max, 131072}, + %% Set the max frame size the server will accept before connection + %% tuning occurs + %% + %% {initial_frame_max, 4096}, + %% Set the max permissible number of channels per connection. %% 0 means "no limit". %% - %% {channel_max, 128}, + {channel_max, 0}, - %% Customising Socket Options. + %% Set the max permissible number of client connections to the node. + %% `infinity` means "no limit". %% - %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for - %% further documentation. + %% This limit applies to client connections to all listeners (regardless of + %% the protocol, whether TLS is used and so on). CLI tools and inter-node + %% connections are exempt. %% - %% {tcp_listen_options, [binary, - %% {packet, raw}, - %% {reuseaddr, true}, - %% {backlog, 128}, + %% When client connections are rapidly opened in succession, it is possible + %% for the total connection count to go slightly higher than the configured limit. + %% The limit works well as a general safety measure. + %% + %% Clients that are hitting the limit will see their TCP connections fail or time out. + %% + %% Introduced in 3.6.13. + %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. + %% + %% {connection_max, infinity}, + + %% TCP socket options. + %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. + %% + %% {tcp_listen_options, [{backlog, 128}, %% {nodelay, true}, %% {exit_on_close, false}]}, @@ -176,7 +249,7 @@ %% Resource Limits & Flow Control %% ============================== %% - %% See http://www.rabbitmq.com/memory.html for full details. + %% Related doc guide: http://www.rabbitmq.com/memory.html, http://www.rabbitmq.com/memory-use.html. %% Memory-based Flow Control threshold. %% @@ -185,21 +258,66 @@ %% Alternatively, we can set a limit (in bytes) of RAM used by the node. %% %% {vm_memory_high_watermark, {absolute, 1073741824}}, + %% + %% Or you can set absolute value using memory units. + %% + %% {vm_memory_high_watermark, {absolute, "1024M"}}, + %% + %% Supported units suffixes: + %% + %% k, kiB: kibibytes (2^10 bytes) + %% M, MiB: mebibytes (2^20) + %% G, GiB: gibibytes (2^30) + %% kB: kilobytes (10^3) + %% MB: megabytes (10^6) + %% GB: gigabytes (10^9) %% Fraction of the high watermark limit at which queues start to %% page message out to disc in order to free up memory. + %% For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, + %% paging can begin as early as when 20% of total available RAM is used by the node. + %% + %% Values greater than 1.0 can be dangerous and should be used carefully. + %% + %% One alternative to this is to use durable queues and publish messages + %% as persistent (delivery mode = 2). With this combination queues will + %% move messages to disk much more rapidly. + %% + %% Another alternative is to configure queues to page all messages (both + %% persistent and transient) to disk as quickly + %% as possible, see http://www.rabbitmq.com/lazy-queues.html. %% %% {vm_memory_high_watermark_paging_ratio, 0.5}, + %% Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), + %% Introduced in 3.6.11. `rss` is the default as of 3.6.12. + %% See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. + %% {vm_memory_calculation_strategy, rss}, + + %% Interval (in milliseconds) at which we perform the check of the memory + %% levels against the watermarks. + %% + %% {memory_monitor_interval, 2500}, + + %% The total memory available can be calculated from the OS resources + %% - default option - or provided as a configuration parameter: + %% {total_memory_available_override_value, "5000MB"}, + %% Set disk free limit (in bytes). Once free disk space reaches this %% lower bound, a disk alarm will be set - see the documentation %% listed above for more details. %% %% {disk_free_limit, 50000000}, + %% + %% Or you can set it using memory units (same as in vm_memory_high_watermark) + %% {disk_free_limit, "50MB"}, + %% {disk_free_limit, "50000kB"}, + %% {disk_free_limit, "2GB"}, %% Alternatively, we can set a limit relative to total available RAM. %% - %% {disk_free_limit, {mem_relative, 1.0}}, + %% Values lower than 1.0 can be dangerous and should be used carefully. + %% {disk_free_limit, {mem_relative, 2.0}}, %% %% Misc/Advanced Options @@ -208,19 +326,41 @@ %% NB: Change these only if you understand what you are doing! %% - %% To announce custom properties to clients on connection: + %% Queue master location strategy: + %% * <<"min-masters">> + %% * <<"client-local">> + %% * <<"random">> + %% + %% Related doc guide: https://www.rabbitmq.com/ha.html#queue-master-location + %% + %% {queue_master_locator, <<"client-local">>}, + + %% Batch size (number of messages) used during eager queue mirror synchronisation. + %% Related doc guide: https://www.rabbitmq.com/ha.html#batch-sync. When average message size is relatively large + %% (say, 10s of kilobytes or greater), reducing this value will decrease peak amount + %% of RAM used by newly joining nodes that need eager synchronisation. + %% + %% {mirroring_sync_batch_size, 4096}, + + %% Enables flow control between queue mirrors. + %% Disabling this can be dangerous and is not recommended. + %% When flow control is disablied, queue masters can outpace mirrors and not allow mirrors to catch up. + %% Mirrors will end up using increasingly more RAM, eventually triggering a memory alarm. + %% + %% {mirroring_flow_control, true}, + + %% Additional server properties to announce to connecting clients. %% %% {server_properties, []}, %% How to respond to cluster partitions. - %% See http://www.rabbitmq.com/partitions.html for further details. + %% Related doc guide: http://www.rabbitmq.com/partitions.html %% %% {cluster_partition_handling, ignore}, %% Make clustering happen *automatically* at startup - only applied %% to nodes that have just been reset or started for the first time. - %% See http://www.rabbitmq.com/clustering.html#auto-config for - %% further details. + %% Related doc guide: http://www.rabbitmq.com/clustering.html#auto-config %% %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, @@ -239,26 +379,122 @@ %% %% {collect_statistics_interval, 5000}, - %% Explicitly enable/disable hipe compilation. + %% Enables vhosts tracing. %% - %% {hipe_compile, true}, + %% {trace_vhosts, []}, - %% Timeout used when waiting for Mnesia tables in a cluster to - %% become available. + %% Explicitly enable/disable HiPE compilation. %% - %% {mnesia_table_loading_timeout, 30000}, + %% {hipe_compile, false}, - %% Size in bytes below which to embed messages in the queue index. See - %% http://www.rabbitmq.com/persistence-conf.html + %% Number of delegate processes to use for intra-cluster communication. + %% On a node which is part of cluster, has more than 16 cores and plenty of network bandwidth, + %% it may make sense to increase this value. %% - %% {queue_index_embed_msgs_below, 4096} + %% {delegate_count, 16}, + + %% Number of times to retry while waiting for internal database tables (Mnesia tables) to sync + %% from a peer. In deployments where nodes can take a long time to boot, this value + %% may need increasing. + %% + %% {mnesia_table_loading_retry_limit, 10}, + + %% Amount of time in milliseconds which this node will wait for internal database tables (Mnesia tables) to sync + %% from a peer. In deployments where nodes can take a long time to boot, this value + %% may need increasing. + %% + %% {mnesia_table_loading_retry_timeout, 30000}, + + %% Size in bytes below which to embed messages in the queue index. + %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html + %% + %% {queue_index_embed_msgs_below, 4096}, + + %% Maximum number of queue index entries to keep in journal + %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html. + %% + %% {queue_index_max_journal_entries, 32768}, + + %% Number of credits that a queue process is given by the message store + %% By default, a queue process is given 4000 message store credits, + %% and then 800 for every 800 messages that it processes. + %% + %% {msg_store_credit_disc_bound, {4000, 800}}, + + %% Minimum number of messages with their queue position held in RAM required + %% to trigger writing their queue position to disk. + %% + %% This value MUST be higher than the initial msg_store_credit_disc_bound value, + %% otherwise paging performance may worsen. + %% + %% {msg_store_io_batch_size, 4096}, + + %% Number of credits that a connection, channel or queue are given. + %% + %% By default, every connection, channel or queue is given 400 credits, + %% and then 200 for every 200 messages that it sends to a peer process. + %% Increasing these values may help with throughput but also can be dangerous: + %% high credit flow values are no different from not having flow control at all. + %% + %% Related doc guide: https://www.rabbitmq.com/blog/2015/10/06/new-credit-flow-settings-on-rabbitmq-3-5-5/ + %% and http://alvaro-videla.com/2013/09/rabbitmq-internals-credit-flow-for-erlang-processes.html. + %% + %% {credit_flow_default_credit, {400, 200}}, + + %% Number of milliseconds before a channel operation times out. + %% + %% {channel_operation_timeout, 15000}, + + %% Number of queue operations required to trigger an explicit garbage collection. + %% Increasing this value may reduce CPU load and increase peak RAM consumption of queues. + %% + %% {queue_explicit_gc_run_operation_threshold, 1000}, + + %% Number of lazy queue operations required to trigger an explicit garbage collection. + %% Increasing this value may reduce CPU load and increase peak RAM consumption of lazy queues. + %% + %% {lazy_queue_explicit_gc_run_operation_threshold, 1000}, + + %% Number of times disk monitor will retry free disk space queries before + %% giving up. + %% + %% {disk_monitor_failure_retries, 10}, + + %% Milliseconds to wait between disk monitor retries on failures. + %% + %% {disk_monitor_failure_retry_interval, 120000}, + + %% Whether or not to enable background GC. + %% + %% {background_gc_enabled, false}, + + %% Interval (in milliseconds) at which we run background GC. + %% + %% {background_gc_target_interval, 60000}, + + %% Message store operations are stored in a sequence of files called segments. + %% This controls max size of a segment file. + %% Increasing this value may speed up (sequential) disk writes but will slow down segment GC process. + %% DO NOT CHANGE THIS for existing installations. + %% + %% {msg_store_file_size_limit, 16777216}, + + %% Whether or not to enable file write buffering. + %% + %% {fhc_write_buffering, true}, + + %% Whether or not to enable file read buffering. Enabling + %% this may slightly speed up reads but will also increase + %% node's memory consumption, in particular on boot. + %% + {fhc_read_buffering, false} ]}, %% ---------------------------------------------------------------------------- %% Advanced Erlang Networking/Clustering Options. %% - %% See http://www.rabbitmq.com/clustering.html for details + %% Related doc guide: http://www.rabbitmq.com/clustering.html %% ---------------------------------------------------------------------------- {kernel, [%% Sets the net_kernel tick time. @@ -271,22 +507,22 @@ %% ---------------------------------------------------------------------------- %% RabbitMQ Management Plugin %% - %% See http://www.rabbitmq.com/management.html for details + %% Related doc guide: http://www.rabbitmq.com/management.html %% ---------------------------------------------------------------------------- {rabbitmq_management, - [%% Pre-Load schema definitions from the following JSON file. See + [%% Preload schema definitions from a previously exported definitions file. See %% http://www.rabbitmq.com/management.html#load-definitions %% - %% {load_definitions, "/path/to/schema.json"}, + %% {load_definitions, "/path/to/exported/definitions.json"}, - %% Log all requests to the management HTTP API to a file. + %% Log all requests to the management HTTP API to a directory. %% - %% {http_log_dir, "/path/to/access.log"}, + %% {http_log_dir, "/path/to/rabbitmq/logs/http"}, %% Change the port on which the HTTP listener listens, %% specifying an interface for the web server to bind to. - %% Also set the listener to use SSL and provide SSL options. + %% Also set the listener to use TLS and provide TLS options. %% %% {listener, [{port, 12345}, %% {ip, "127.0.0.1"}, @@ -313,7 +549,7 @@ %% ---------------------------------------------------------------------------- %% RabbitMQ Shovel Plugin %% - %% See http://www.rabbitmq.com/shovel.html for details + %% Related doc guide: http://www.rabbitmq.com/shovel.html %% ---------------------------------------------------------------------------- {rabbitmq_shovel, @@ -379,9 +615,9 @@ ]}, %% ---------------------------------------------------------------------------- - %% RabbitMQ Stomp Adapter + %% RabbitMQ STOMP Plugin %% - %% See http://www.rabbitmq.com/stomp.html for details + %% Related doc guide: http://www.rabbitmq.com/stomp.html %% ---------------------------------------------------------------------------- {rabbitmq_stomp, @@ -391,12 +627,18 @@ %% {tcp_listeners, [{"127.0.0.1", 61613}, %% {"::1", 61613}]}, - %% Listen for SSL connections on a specific port. + %% Listen for TLS connections on a specific port. %% {ssl_listeners, [61614]}, - %% Additional SSL options + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, - %% Extract a name from the client's certificate when using SSL. + %% Additional TLS options + + %% Extract a name from the client's certificate when using TLS. %% %% {ssl_cert_login, true}, @@ -409,21 +651,21 @@ %% {default_user, [{login, "guest"}, %% {passcode, "guest"}]}, - %% If a default user is configured, or you have configured use SSL client + %% If a default user is configured, or you have configured use TLS client %% certificate based authentication, you can choose to allow clients to %% omit the CONNECT frame entirely. If set to true, the client is %% automatically connected as the default user or user supplied in the - %% SSL certificate whenever the first frame sent on a session is not a + %% TLS certificate whenever the first frame sent on a session is not a %% CONNECT frame. %% %% {implicit_connect, true} ]}, %% ---------------------------------------------------------------------------- - %% RabbitMQ MQTT Adapter + %% RabbitMQ MQTT Plugin + %% + %% Related doc guide: https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md %% - %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md - %% for details %% ---------------------------------------------------------------------------- {rabbitmq_mqtt, @@ -460,25 +702,34 @@ %% %% {prefetch, 10}, - %% TCP/SSL Configuration (as per the broker configuration). + %% TLS listeners. + %% See http://www.rabbitmq.com/networking.html %% %% {tcp_listeners, [1883]}, %% {ssl_listeners, []}, - %% TCP/Socket options (as per the broker configuration). + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% See http://www.rabbitmq.com/networking.html %% - %% {tcp_listen_options, [binary, - %% {packet, raw}, - %% {reuseaddr, true}, - %% {backlog, 128}, - %% {nodelay, true}]} + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% TCP socket options. + %% See http://www.rabbitmq.com/networking.html + %% + %% {tcp_listen_options, [ + %% {backlog, 128}, + %% {linger, {true, 0}}, + %% {exit_on_close, false} + %% ]}, ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ AMQP 1.0 Support %% - %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md - %% for details + %% Related doc guide: https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md + %% %% ---------------------------------------------------------------------------- {rabbitmq_amqp1_0, @@ -498,7 +749,7 @@ %% ---------------------------------------------------------------------------- %% RabbitMQ LDAP Plugin %% - %% See http://www.rabbitmq.com/ldap.html for details. + %% Related doc guide: http://www.rabbitmq.com/ldap.html. %% %% ---------------------------------------------------------------------------- @@ -513,7 +764,7 @@ %% %% {servers, ["your-server-name-goes-here"]}, - %% Connect to the LDAP server using SSL + %% Connect to the LDAP server using TLS %% %% {use_ssl, false},