[rabbitmq-discuss] Management API questions

Mon Jan 10 12:34:49 GMT 2011

On 10 January 2011 11:53, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 10/01/11 09:00, James Casey wrote:
>>
>> I've written some Nagios plugins using the management API :
>> <http://github.com/jamesc/nagios-plugins-rabbitmq>  to do some remote
>> monitoring of a broker.
>
> Cool!
>
>> I just wanted to clarify some things I see
>> when running them.
>>
>> Currently I use 2 API calls:
>>
>> 1)  /api/aliveness-test
>>
>> I have a question here - is it understood that testing only 1 vhost is
>> enough to check the aliveness of the broker, or should all vhosts be
>> tested?
>
> It should be. The vhost is required for that call because the test does some
> work; it needs a vhost to do it in. However, while I can't necessarily
> predict all failure scenarios, it's very hard to think of one that would
> break one vhost and leave others working; vhosts are quite shallow inside
> Rabbit.
>
Ok great.  So I can setup a monitoring vhost which only that user has
access to (and the monitor user doesn't need access to my normal
vhosts used for application messages).

>> 2) /api/nodes
>>
>> I want to reduce the permissions of the monitoring user to the
>> minimum, in particular to not give it admin rights.  But I note that
>> /api/nodes is protected and only accessible by admin (while other
>> generic calls such as /api/overview) are not.  Is this a design
>> decision or a bug ?
>
> Somewhere in between I think. In future the user might be able to start /
> stop nodes, which would certainly require admin rights. I'm not sure there's
> a good reason other than that. I'll have a look at this.
>
One nice thing here might be a read-only mode as well as admin mode
for a user.  I can see situations where I would give end-users
read-only access to the higher level nodes/overview information
without giving them full admin access.

Maybe this can be done on the mochiweb config level too where one is
only allowed GETs and not PUT/POST/DELETEs.

> By the way, I had a look in the plugin code and I see you're pulling down
> /api/nodes/rabbit@(shortname). Is there a reason not to use /api/nodes,
> which will return detail for all nodes (if there's more than one node in the
> cluster)?

My thinking was that there would be a separate instance of the nagios
check bound to each underlying machine in the cluster so that the
alarm would appear on the right machine.  But I can see the use of
giving overall cluster metrics too.

I'll set up a cluster and have play with that.

cheers,

James.
>
>> Anyway, the management API is great and has made it very easy to write
>> these nagios checks.
>
> Thanks!
>
> Cheers, Simon
> --
> Simon MacMullen
> Staff Engineer, RabbitMQ
> SpringSource, a division of VMware
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>