[rabbitmq-discuss] RabbitMQ ACL suggestions?

Jason J. W. Williams jasonjwwilliams at gmail.com
Wed Jun 29 23:25:20 BST 2011


>
> We've looked at doing passive queue declares to get queue depths for
> alerting, reporting and auto-scaling of our consumers. Unfortunately passive
> queue declares appear to require configure access. I can see why
> queue.declare requires this but passive commands perhaps should have a
> different bit setting?
>

We've moved to monitoring this with custom checks to the web API.


> In addition, we are currently doing all of our monitoring via the
> Management Plugin's API. Unfortunately to get any data, the user calling the
> API to list information requires administration access. I'd love to be able
> to let Nagios/Your_Monitoring_Solution_Here poll the Rabbit node and get
> data without giving it access to change all of the configuration state and
> remove users.
>

That's actually something I've been wanting to bring up on the list.
Currently, we give Nagios it's own user with admin access so it can use the
REST API. We also have a provisioning user that is used to create (via the
REST API) the various users our apps need in the individual Chef recipes (we
wrote a Chef "library" to abstract out the API). It would be nice to have a
"read only" admin type that doesn't allow that type of admin to
create/change permissions, because it looks like outside of being able to
change permissions that standard RMQ permissions apply to the API.

-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110629/82c25708/attachment.htm>


More information about the rabbitmq-discuss mailing list