Virtual Hosts
Introduction
RabbitMQ is multi-tenant system: connections, exchanges, queues, bindings, user permissions, policies and some other things belong to virtual hosts, logical groups of entities. If you are familiar with virtual hosts in Apache or server blocks in Nginx, the idea is similar.
There is, however, one important difference: virtual hosts in Apache are defined
in the configuration file; that's not the case with RabbitMQ: virtual hosts are
created and deleted using rabbitmqctl
or the HTTP API instead.
Logical and Physical Separation
Virtual hosts provide logical grouping and separation of resources. Separation of physical resources is not a goal of virtual hosts, although certain resources can be limited for individual virtual hosts.
For example, resource permissions in RabbitMQ are scoped per virtual host. A user doesn't have global permissions, only permissions in one or more virtual hosts. User tags can be considered global permissions but they are an exception to the rule.
Therefore when talking about user permissions it is very important to clarify what virtual host(s) they apply to.
Virtual Hosts and Client Connections
A virtual host has a name. When an AMQP 0-9-1 client connects to RabbitMQ, it specifies a vhost name to connect to. If authentication succeeds and the username provided was granted permissions to the vhost, connection is established.
Connections to a vhost can only operate on exchanges, queues, bindings, and so on in that vhost. "Interconnection" of e.g. a queue and an exchange in different vhosts is only possible when an application connects to two vhosts at the same time. For example, an application can consume from one vhost then republishes into the other. This scenario can involve vhosts in different clusters or the same cluster (or a single node). RabbitMQ Shovel plugin is one example of such application.
Creating a Virtual Host
A virtual host can be created using CLI tools or an HTTP API endpoint.
A newly created vhost will have a default set of exchanges but no other entities and no user permissions. For a user to be able to connect and use the virtual host, permissions to it must be granted to every user that will use the vhost, e.g. using rabbitmqctl set_permissions.
Using CLI Tools
A virtual host can be created using rabbitmqctl's add_vhost
command
which accepts virtual host name as the only mandatory argument.
Here's an example that creates a virtual host named qa1
:
rabbitmqctl add_vhost qa1
Using HTTP API
A virtual host can be created using the PUT /api/vhosts/{name}
HTTP API endpoint
where {name}
is the name of the virtual host
Here's an example that uses curl to create a virtual host vh1
by contacting
a node at rabbitmq.local:15672
:
curl -u userename:pa$sw0rD -X PUT http://rabbitmq.local:15672/api/vhosts/vh1
Bulk Creation and Pre-provisioning
Virtual host creation involves a blocking cluster-wide transaction. Each node has to perform a number of setup steps which are moderately expensive. In practice it can take up to a few seconds for a virtual host to be created.
When a number of virtual hosts is created in a loop, CLI and HTTP API clients can outpace the actual rate of virtual host creation and experience timeouts. If that's the case operation timeout should be increased and delays should be introduced between operations.
Definition export and import is the recommended way of pre-configuring many virtual hosts at deployment time.
Virtual Host Metadata
Virtual hosts can have metadata associated with them:
- A description
- A set of tags
- Default queue type configured for the virtual host
All these settings are optional. They can be provided at virtual host creation time or updated later.
Using CLI Tools
The rabbitmqctl add_vhost
command accepts a virtual host name as well as a number of optional flags.
Here's an example that creates a virtual host named qa1
with quorum queues for default queue type,
a description and two tags:
rabbitmqctl add_vhost qa1 --description "QA env 1" --default-queue-type quorum
rabbitmqctl update_vhost_metadata
can be used to update all or some of the metadata values
demonstrated above:
rabbitmqctl update_vhost_metadata qa1 --description "QA environment for issue 1662" --default-queue-type quorum --tags qa,project-a,qa-1662
To inspect virtual host metadata, use rabbitmqctl list_vhosts
and provide the additional column(s):
rabbitmqctl -q --formatter=pretty_table list_vhosts name description tags default_queue_type
Using HTTP API
The PUT /api/vhosts/{name}
HTTP API endpoint
accepts a number of optional keys.
Here's an example that uses curl to create a virtual host qa1
by contacting
a node at rabbitmq.local:15672
. Quorum queues will be used for default queue type,
a description and two tags:
curl -u userename:pa$sw0rD -X PUT http://rabbitmq.local:15672/api/vhosts/qa1 \
-H "content-type: application/json" \
--data-raw '{"description": "QA environment 1", "tags": "qa,project-a", "default_queue_type": "quorum"}'
can be used to update all or some of the metadata values demonstrated above:
curl -u userename:pa$sw0rD -X PUT http://rabbitmq.local:15672/api/vhosts/qa1 \
-H "content-type: application/json" \
--data-raw '{"description": "QA environment for issue 1662", "tags": "qa,project-a,qa-1662", "default_queue_type": "quorum"}'
Virtual host metadata is returned by the GET /api/vhosts/{name}
endpoint:
curl -u userename:pa$sw0rD -X GET http://rabbitmq.local:15672/api/vhosts/qa1
Default Queue Type (DQT)
When a client declares a queue without explicitly specifying its type using the x-queue-type
header,
a configurable default type is used. The default can be overridden by specifying it in virtual host metadata (see above):
rabbitmqctl add_vhost qa1 --description "QA environment 1" --default-queue-type quorum --tags qa,project-a
Supported queue types are:
- "quorum"
- "stream"
- "classic"
The default is only effective for new queue declarations; updating the default will not affect queue type of any existing queues or streams because queue type is immutable and cannot be changed after declaration.
For queues that were declared without an explicitly set queue type, the effective virtual host default will be injected into the queue properties at definition export time.
Node-wide Default Queue Type (Node-wide DQT)
Instead of configuring the same default queue type for every virtual host
in the cluster, a node-wide default can be set using rabbitmq.conf
:
# supported values are: quorum, stream, classic, or a custom queue type module name
default_queue_type = quorum
When both the virtual host DQT and the node-wide DQT are set, the virtual host one will take precedence.
Migration to Quorum Queues: a Way to Relax Queue Property Equivalence Checks
Queue property equivalence check for queue type can be relaxed
using a boolean setting, quorum_queue.property_equivalence.relaxed_checks_on_redeclaration
,
makes it possible to relax queue property equivalence checks
for quorum queues.
Specifically, when a quorum queue is redeclared and the client-provided type is set to "classic", this setting will help avoid a channel exception, making it easier to migrate to quorum queues step by step, without upgrading all applications in a short period of time.
# this setting is meant to be used during transitionary periods when
# RabbitMQ default queue type is changed but not all applications have been
# updated yet
quorum_queue.property_equivalence.relaxed_checks_on_redeclaration = true
Deleting a Virtual Host
A virtual host can be deleted using CLI tools or an HTTP API endpoint.
Deleting a virtual host will permanently delete all entities (queues, exchanges, bindings, policies, permissions, etc) in it.
Using CLI Tools
A virtual host can be deleted using rabbitmqctl's delete_vhost
command
which accepts virtual host name as the only mandatory argument.
Here's an example that deletes a virtual host named qa1
:
rabbitmqctl delete_vhost qa1
Using HTTP API
A virtual host can be deleted using the DELETE /api/vhosts/{name}
HTTP API endpoint
where {name}
is the name of the virtual host.
Here's an example that uses curl to delete a virtual host vh1
by contacting
a node at rabbitmq.local:15672
:
curl -u userename:pa$sw0rD -X DELETE http://rabbitmq.local:15672/api/vhosts/vh1
Deletion Protection
A virtual host can be protected from deletion. Protected virtual hosts cannot be deleted until the protection is removed.
Using CLI Tools
rabbitmqctl enable_vhost_protection_from_deletion
is the command that marks a virtual host
as protected from deletion:
rabbitmqctl enable_vhost_protection_from_deletion "vhost-name"
An attempt to delete the virtual host then will fail with a specific message:
rabbitmqctl delete_vhost "vhost-name"
# ...
# => Error:
# => Cannot delete this virtual host: it is protected from deletion. To lift the protection, inspect and update its metadata
To remove the protection, use rabbitmqctl disable_vhost_protection_from_deletion
:
## removes virtual host deletion protection
rabbitmqctl disable_vhost_protection_from_deletion "vhost-name"
with the protection removed, the virtual host can be deleted again:
rabbitmqctl delete_vhost "vhost-name"
# => Deleting vhost "vhost-name" ...
To see whether a virtual host is protected from deletion, use list_vhosts
command with
an extra column, protected_from_deletion
:
rabbitmqctl list_vhosts name tags default_queue_type metadata protected_from_deletion --formatter=pretty_table
# => Listing vhosts ...
# => ┌───────────────────────────┬─────────────────────────┐
# => │ name │ protected_from_deletion │
# => ├───────────────────────────┼─────────────────────────┤
# => │ / │ false │
# => ├───────────────────────────┼─────────────────────────┤
# => │ vh1 │ true │
# => ├───────────────────────────┼─────────────────────────┤
# => │ vh2 │ false │
# => └───────────────────────────┴─────────── ──────────────┘
Using HTTP API
A virtual host can be protected from deletion using the POST /api/vhosts/{name}/deletion/protection
HTTP API endpoint
where {name}
is the name of the virtual host.
Here's an example that uses curl to delete a virtual host vh1
by contacting
a node at rabbitmq.local:15672
:
curl -u userename:pa$sw0rD -X POST http://rabbitmq.local:15672/api/vhosts/vh1/deletion/protection
An attempt to delete the virtual host then will fail with a 412 Precondition Failed
status:
curl -sL -u guest:guest -X DELETE http://localhost:15672/api/vhosts/vh1/
# => < HTTP/1.1 412 Precondition Failed
The body will include a specific error, similar to what CLI tools output:
{
"error": "precondition_failed",
"reason": "Refusing to delete virtual host 'vh1' because it is protected from deletion"
}
To remove the protection, use DELETE /api/vhosts/{name}/deletion/protection
:
curl -u userename:pa$sw0rD -X POST http://rabbitmq.local:15672/api/vhosts/vh1/deletion/protection
with the protection removed, the virtual host can be deleted again:
curl -vv -sL -u guest:guest -X DELETE http://localhost:15672/api/vhosts/
# ...
# => < HTTP/1.1 204 No Content
To see whether a virtual host is protected from deletion, use the GET /api/vhosts
or GET /api/vhosts/{vhost}
endpoints and then inspec the metadata.protected_from_deletion
response body field:
curl -sL -u guest:guest -X GET http://localhost:15672/api/vhosts/vh1
# => {
# => "name": "vh1",
# => "description": "",
# => "tags": [],
# => "default_queue_type": "classic",
# => "protected_from_deletion": true,
# => "metadata": {
# => "description": "",
# => "tags": [],
# => "default_queue_type": "classic",
# => "protected_from_deletion": true
# => },
# => "tracing": false,
# => "cluster_state": {
# => "rabbit@sunnyside": "running"
# => }
# => }
Definition Imports
If a virtual host is created via a definition file, adding a new metadata key, "protected_from_deletion"
,
that is set to true
, will mark the virtual host as protected when it is created:
{
"name": "protected",
"description": "",
"metadata": {
"description": "This virtual host is protected from deletion with a special metadata key",
"tags": [],
"default_queue_type": "classic",
"protected_from_deletion": true
},
"tags": [],
"default_queue_type": "classic"
}
Limits
In some cases it is desirable to limit the maximum allowed number of queues or concurrent client connections in a vhost. Per-virtual host limits exist exactly for such cases.
These limits can be configured using rabbitmqctl
or HTTP API.
Configuring Limits Using rabbitmqctl
rabbitmqctl set_vhost_limits
is the command used to define vhost limits.
It requires a vhost parameter and a JSON document of limit definitions.
Configuring Max Connection Limit
To limit the total number of concurrent client connections in vhost
vhost_name
, use the following limit definition:
rabbitmqctl set_vhost_limits -p vhost_name '{"max-connections": 256}'
To block client connections to a vhost, set the limit to a zero:
rabbitmqctl set_vhost_limits -p vhost_name '{"max-connections": 0}'
To lift the limit, set it to a negative value:
rabbitmqctl set_vhost_limits -p vhost_name '{"max-connections": -1}'
Configuring Max Number of Queues
To limit the total number of queues in vhost
vhost_name
, use the following limit definition:
rabbitmqctl set_vhost_limits -p vhost_name '{"max-queues": 1024}'
To lift the limit, set it to a negative value:
rabbitmqctl set_vhost_limits -p vhost_name '{"max-queues": -1}'
Virtual Hosts and STOMP
Like AMQP 0-9-1, STOMP includes the concept of virtual hosts. See the STOMP guide for details.
Virtual Hosts and MQTT
Unlike AMQP 0-9-1 and STOMP, MQTT doesn't have the concept of virtual hosts. MQTT connections use a single RabbitMQ host by default. There are MQTT-specific convention and features that make it possible for clients to connect to a specific vhosts without any client library modifications. See the MQTT guide for details.