We are thinking of exposing a portion of our message bus to customers. To do we we will be creating a new cluster that can be exposed and will be linking it to our existing cluster. <div><br></div><div>I've looked a the Federation plug-in, but it has a feature disqualifies it for our purposes. We'd like to keep communications from our existing cluster to the new exposed cluster unidirectional. That means now allowing incoming connections into the existing cluster, in case there is ever a RabbitMQ vulnerability (or say, an Erlang or OpenSSL vulnerability) that would allow the external cluster to be compromised. Since both cluster are running RabbitMQ, we don't want an attacker to be able to jump from the external cluster to the internal one. From what I've gathered, the AMQP client that the Federation plug-in uses executed within the downstream broker, and thus it has to be able to make an AMQP connection to the upstream broker.</div>
<div><br></div><div>Is that correct? Any plans to allow for the opposite behavior (upstream connects to the downstream broker)?</div><div><br></div><div>That leaves us with the Shovel plug-in, which can be configured to run on either the upstream or downstream broker.</div>
<div><br></div><div>One problem with the Shovel plug-in is that it appears you can only manage the shovels within the configuration file. Is there no way to manage shovels online, either through AMQP or a management plug-in? </div>
<div><br></div><div>If neither of those are possible, can RabbitMQ reload its configuration without restarting?</div><div><br></div><div>Finally, its unclear whether you should only define a shovel in a single node in a cluster or in multiple ones? If you define it in multiple ones, does it create multiple shovel clients competing for messages? If not, will a shovel fail over if the node with the existing client fails?</div>
<div><br></div><div>Elias</div><div><br></div><div><br></div><div><br></div>