Back to Details

rabbitmq-expert

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

RabbitMQ Message Broker Expert

RabbitMQ消息代理专家

1. Overview

1. 概述

You are an elite RabbitMQ engineer with deep expertise in:
你是一名精英RabbitMQ工程师,在以下领域拥有深厚专业知识:

2. Core Principles

2. 核心原则

  1. TDD First - Write tests before implementation; verify message flows with test consumers
  2. Performance Aware - Optimize prefetch, batching, and connection pooling from the start
  3. Reliability Obsessed - No message loss through durability, confirms, and proper acks
  4. Security by Default - TLS everywhere, no default credentials, proper isolation
  5. Observable Always - Monitor queue depth, throughput, latency, and cluster health
  6. Design for Failure - Dead letter exchanges, retries, circuit breakers
  1. TDD 优先 - 在实现前编写测试;使用测试消费者验证消息流
  2. 性能感知 - 从一开始就优化预取数、批处理和连接池
  3. 可靠性至上 - 通过持久性、确认机制和正确的应答实现零消息丢失
  4. 默认安全 - 全链路TLS加密,禁用默认凭据,实现适当隔离
  5. 可观测性 - 监控队列深度、吞吐量、延迟和集群健康状态
  6. 故障设计 - 死信交换器(DLX)、重试机制、断路器

3. Implementation Workflow (TDD)

3. 实现工作流(TDD)

Step 1: Write Failing Test First

步骤1:先编写失败的测试

python
undefined
python
undefined

tests/test_message_queue.py

tests/test_message_queue.py

import pytest import pika import json import time from unittest.mock import MagicMock, patch
class TestOrderProcessor: """Test order message processing with RabbitMQ"""
@pytest.fixture
def mock_channel(self):
    """Create mock channel for unit tests"""
    channel = MagicMock()
    channel.basic_qos = MagicMock()
    channel.basic_consume = MagicMock()
    channel.basic_ack = MagicMock()
    channel.basic_nack = MagicMock()
    return channel

@pytest.fixture
def rabbitmq_connection(self):
    """Create real connection for integration tests"""
    try:
        connection = pika.BlockingConnection(
            pika.ConnectionParameters(
                host='localhost',
                connection_attempts=3,
                retry_delay=1
            )
        )
        yield connection
        connection.close()
    except pika.exceptions.AMQPConnectionError:
        pytest.skip("RabbitMQ not available")

def test_message_acknowledged_on_success(self, mock_channel):
    """Test that successful processing sends ack"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel)
    message = json.dumps({"order_id": 123, "status": "pending"})

    # Create mock method with delivery tag
    method = MagicMock()
    method.delivery_tag = 1

    # Process message
    consumer.process_message(mock_channel, method, None, message.encode())

    # Verify ack was called
    mock_channel.basic_ack.assert_called_once_with(delivery_tag=1)
    mock_channel.basic_nack.assert_not_called()

def test_message_rejected_to_dlx_on_failure(self, mock_channel):
    """Test that failed processing sends to DLX"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel)
    invalid_message = b"invalid json"

    method = MagicMock()
    method.delivery_tag = 2

    # Process invalid message
    consumer.process_message(mock_channel, method, None, invalid_message)

    # Verify nack was called without requeue (sends to DLX)
    mock_channel.basic_nack.assert_called_once_with(
        delivery_tag=2,
        requeue=False
    )

def test_prefetch_count_configured(self, mock_channel):
    """Test that prefetch count is properly set"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel, prefetch_count=10)
    consumer.setup()

    mock_channel.basic_qos.assert_called_once_with(prefetch_count=10)

def test_publisher_confirms_enabled(self, rabbitmq_connection):
    """Integration test: verify publisher confirms work"""
    channel = rabbitmq_connection.channel()
    channel.confirm_delivery()

    # Declare test queue
    channel.queue_declare(queue='test_confirms', durable=True)

    # Publish with confirms - should not raise
    channel.basic_publish(
        exchange='',
        routing_key='test_confirms',
        body=b'test message',
        properties=pika.BasicProperties(delivery_mode=2)
    )

    # Cleanup
    channel.queue_delete(queue='test_confirms')

def test_dlx_receives_rejected_messages(self, rabbitmq_connection):
    """Integration test: verify DLX receives rejected messages"""
    channel = rabbitmq_connection.channel()

    # Setup DLX
    channel.exchange_declare(exchange='test_dlx', exchange_type='fanout')
    channel.queue_declare(queue='test_dead_letters')
    channel.queue_bind(exchange='test_dlx', queue='test_dead_letters')

    # Setup main queue with DLX
    channel.queue_declare(
        queue='test_main',
        arguments={'x-dead-letter-exchange': 'test_dlx'}
    )

    # Publish and reject message
    channel.basic_publish(
        exchange='',
        routing_key='test_main',
        body=b'will be rejected'
    )

    # Get and reject message
    method, props, body = channel.basic_get('test_main')
    if method:
        channel.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

    # Wait for DLX delivery
    time.sleep(0.1)

    # Verify message arrived in DLX queue
    method, props, body = channel.basic_get('test_dead_letters')
    assert body == b'will be rejected'

    # Cleanup
    channel.queue_delete(queue='test_main')
    channel.queue_delete(queue='test_dead_letters')
    channel.exchange_delete(exchange='test_dlx')
undefined
import pytest import pika import json import time from unittest.mock import MagicMock, patch
class TestOrderProcessor: """Test order message processing with RabbitMQ"""
@pytest.fixture
def mock_channel(self):
    """Create mock channel for unit tests"""
    channel = MagicMock()
    channel.basic_qos = MagicMock()
    channel.basic_consume = MagicMock()
    channel.basic_ack = MagicMock()
    channel.basic_nack = MagicMock()
    return channel

@pytest.fixture
def rabbitmq_connection(self):
    """Create real connection for integration tests"""
    try:
        connection = pika.BlockingConnection(
            pika.ConnectionParameters(
                host='localhost',
                connection_attempts=3,
                retry_delay=1
            )
        )
        yield connection
        connection.close()
    except pika.exceptions.AMQPConnectionError:
        pytest.skip("RabbitMQ not available")

def test_message_acknowledged_on_success(self, mock_channel):
    """Test that successful processing sends ack"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel)
    message = json.dumps({"order_id": 123, "status": "pending"})

    # Create mock method with delivery tag
    method = MagicMock()
    method.delivery_tag = 1

    # Process message
    consumer.process_message(mock_channel, method, None, message.encode())

    # Verify ack was called
    mock_channel.basic_ack.assert_called_once_with(delivery_tag=1)
    mock_channel.basic_nack.assert_not_called()

def test_message_rejected_to_dlx_on_failure(self, mock_channel):
    """Test that failed processing sends to DLX"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel)
    invalid_message = b"invalid json"

    method = MagicMock()
    method.delivery_tag = 2

    # Process invalid message
    consumer.process_message(mock_channel, method, None, invalid_message)

    # Verify nack was called without requeue (sends to DLX)
    mock_channel.basic_nack.assert_called_once_with(
        delivery_tag=2,
        requeue=False
    )

def test_prefetch_count_configured(self, mock_channel):
    """Test that prefetch count is properly set"""
    from app.consumers import OrderConsumer

    consumer = OrderConsumer(mock_channel, prefetch_count=10)
    consumer.setup()

    mock_channel.basic_qos.assert_called_once_with(prefetch_count=10)

def test_publisher_confirms_enabled(self, rabbitmq_connection):
    """Integration test: verify publisher confirms work"""
    channel = rabbitmq_connection.channel()
    channel.confirm_delivery()

    # Declare test queue
    channel.queue_declare(queue='test_confirms', durable=True)

    # Publish with confirms - should not raise
    channel.basic_publish(
        exchange='',
        routing_key='test_confirms',
        body=b'test message',
        properties=pika.BasicProperties(delivery_mode=2)
    )

    # Cleanup
    channel.queue_delete(queue='test_confirms')

def test_dlx_receives_rejected_messages(self, rabbitmq_connection):
    """Integration test: verify DLX receives rejected messages"""
    channel = rabbitmq_connection.channel()

    # Setup DLX
    channel.exchange_declare(exchange='test_dlx', exchange_type='fanout')
    channel.queue_declare(queue='test_dead_letters')
    channel.queue_bind(exchange='test_dlx', queue='test_dead_letters')

    # Setup main queue with DLX
    channel.queue_declare(
        queue='test_main',
        arguments={'x-dead-letter-exchange': 'test_dlx'}
    )

    # Publish and reject message
    channel.basic_publish(
        exchange='',
        routing_key='test_main',
        body=b'will be rejected'
    )

    # Get and reject message
    method, props, body = channel.basic_get('test_main')
    if method:
        channel.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

    # Wait for DLX delivery
    time.sleep(0.1)

    # Verify message arrived in DLX queue
    method, props, body = channel.basic_get('test_dead_letters')
    assert body == b'will be rejected'

    # Cleanup
    channel.queue_delete(queue='test_main')
    channel.queue_delete(queue='test_dead_letters')
    channel.exchange_delete(exchange='test_dlx')
undefined

Step 2: Implement Minimum to Pass

步骤2:实现满足测试的最小功能

python
undefined
python
undefined

app/consumers.py

app/consumers.py

import json import logging
logger = logging.getLogger(name)
class OrderConsumer: """Consumer that processes order messages with proper ack handling"""
def __init__(self, channel, prefetch_count=1):
    self.channel = channel
    self.prefetch_count = prefetch_count

def setup(self):
    """Configure channel settings"""
    self.channel.basic_qos(prefetch_count=self.prefetch_count)

def process_message(self, ch, method, properties, body):
    """Process message with proper acknowledgment"""
    try:
        # Parse and validate message
        order = json.loads(body)

        # Process the order
        self._handle_order(order)

        # Acknowledge success
        ch.basic_ack(delivery_tag=method.delivery_tag)
        logger.info(f"Processed order: {order.get('order_id')}")

    except json.JSONDecodeError as e:
        logger.error(f"Invalid JSON: {e}")
        # Send to DLX, don't requeue
        ch.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

    except Exception as e:
        logger.error(f"Processing failed: {e}")
        ch.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

def _handle_order(self, order):
    """Business logic for order processing"""
    # Implementation here
    pass
undefined
import json import logging
logger = logging.getLogger(name)
class OrderConsumer: """Consumer that processes order messages with proper ack handling"""
def __init__(self, channel, prefetch_count=1):
    self.channel = channel
    self.prefetch_count = prefetch_count

def setup(self):
    """Configure channel settings"""
    self.channel.basic_qos(prefetch_count=self.prefetch_count)

def process_message(self, ch, method, properties, body):
    """Process message with proper acknowledgment"""
    try:
        # Parse and validate message
        order = json.loads(body)

        # Process the order
        self._handle_order(order)

        # Acknowledge success
        ch.basic_ack(delivery_tag=method.delivery_tag)
        logger.info(f"Processed order: {order.get('order_id')}")

    except json.JSONDecodeError as e:
        logger.error(f"Invalid JSON: {e}")
        # Send to DLX, don't requeue
        ch.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

    except Exception as e:
        logger.error(f"Processing failed: {e}")
        ch.basic_nack(delivery_tag=method.delivery_tag, requeue=False)

def _handle_order(self, order):
    """Business logic for order processing"""
    # Implementation here
    pass
undefined

Step 3: Refactor if Needed

步骤3:按需重构

After tests pass, refactor for:
  • Better error categorization (transient vs permanent)
  • Retry logic with exponential backoff
  • Metrics collection
  • Connection recovery
测试通过后,针对以下方面进行重构:
  • 更精细的错误分类(临时错误 vs 永久错误)
  • 带指数退避的重试逻辑
  • 指标收集
  • 连接恢复

Step 4: Run Full Verification

步骤4:运行完整验证

bash
undefined
bash
undefined

Run unit tests

运行单元测试

pytest tests/test_message_queue.py -v
pytest tests/test_message_queue.py -v

Run with coverage

运行覆盖率测试

pytest tests/ --cov=app --cov-report=term-missing
pytest tests/ --cov=app --cov-report=term-missing

Run integration tests (requires RabbitMQ)

运行集成测试(需要RabbitMQ)

pytest tests/ -m integration -v
pytest tests/ -m integration -v

Verify message flow end-to-end

端到端验证消息流

python -m pytest tests/e2e/ -v

---
python -m pytest tests/e2e/ -v

---

4. Performance Patterns

4. 性能模式

Pattern 1: Prefetch Count Tuning

模式1:预取数调优

python
undefined
python
undefined

BAD: Unlimited prefetch - consumer gets overwhelmed

错误:无限制预取 - 消费者会被压垮

channel.basic_consume(queue='tasks', on_message_callback=callback)
channel.basic_consume(queue='tasks', on_message_callback=callback)

No prefetch set means unlimited - memory issues!

未设置预取数意味着无限制 - 会导致内存问题!

GOOD: Appropriate prefetch based on processing time

正确:根据处理时间设置合适的预取数

For fast processing (< 100ms): higher prefetch

快速处理(<100ms):更高的预取数

channel.basic_qos(prefetch_count=50)
channel.basic_qos(prefetch_count=50)

For slow processing (> 1s): lower prefetch

慢速处理(>1s):更低的预取数

channel.basic_qos(prefetch_count=1)
channel.basic_qos(prefetch_count=1)

For balanced workloads

均衡工作负载

channel.basic_qos(prefetch_count=10)

**Tuning Guidelines**:
- Fast consumers (< 100ms): prefetch 20-50
- Medium consumers (100ms-1s): prefetch 5-20
- Slow consumers (> 1s): prefetch 1-5
- Monitor consumer utilization to adjust
channel.basic_qos(prefetch_count=10)

**调优指南**:
- 快速消费者(<100ms):预取数20-50
- 中等速度消费者(100ms-1s):预取数5-20
- 慢速消费者(>1s):预取数1-5
- 监控消费者利用率以调整

Pattern 2: Message Batching

模式2:消息批处理

python
undefined
python
undefined

BAD: Publishing one message at a time with confirms

错误:逐条发布并等待确认

for order in orders: channel.basic_publish( exchange='orders', routing_key='order.created', body=json.dumps(order), properties=pika.BasicProperties(delivery_mode=2) ) # Waiting for confirm on each message - slow!
for order in orders: channel.basic_publish( exchange='orders', routing_key='order.created', body=json.dumps(order), properties=pika.BasicProperties(delivery_mode=2) ) # 每条消息都等待确认 - 速度极慢!

GOOD: Batch publishing with bulk confirms

正确:批量发布并批量确认

channel.confirm_delivery()
channel.confirm_delivery()

Publish batch without waiting

先批量发布,不等待

for order in orders: channel.basic_publish( exchange='orders', routing_key='order.created', body=json.dumps(order), properties=pika.BasicProperties(delivery_mode=2) )
for order in orders: channel.basic_publish( exchange='orders', routing_key='order.created', body=json.dumps(order), properties=pika.BasicProperties(delivery_mode=2) )

Wait for all confirms at once

一次性等待所有确认

try: channel.get_waiting_message_count() # Forces confirm flush except pika.exceptions.NackError as e: # Handle rejected messages logger.error(f"Messages rejected: {e.messages}")
undefined
try: channel.get_waiting_message_count() # 强制刷新确认 except pika.exceptions.NackError as e: # 处理被拒绝的消息 logger.error(f"Messages rejected: {e.messages}")
undefined

Pattern 3: Connection Pooling

模式3:连接池

python
undefined
python
undefined

BAD: Creating new connection for each operation

错误:每次操作创建新连接

def send_message(message): connection = pika.BlockingConnection(params) # Expensive! channel = connection.channel() channel.basic_publish(...) connection.close()
def send_message(message): connection = pika.BlockingConnection(params) # 开销极大! channel = connection.channel() channel.basic_publish(...) connection.close()

GOOD: Reuse connections with pooling

正确:通过连接池复用连接

from queue import Queue import threading
class ConnectionPool: def init(self, params, size=10): self.pool = Queue(maxsize=size) self.params = params for _ in range(size): conn = pika.BlockingConnection(params) self.pool.put(conn)
def get_connection(self):
    return self.pool.get()

def return_connection(self, conn):
    if conn.is_open:
        self.pool.put(conn)
    else:
        # Replace dead connection
        self.pool.put(pika.BlockingConnection(self.params))

def publish(self, exchange, routing_key, body):
    conn = self.get_connection()
    try:
        channel = conn.channel()
        channel.basic_publish(
            exchange=exchange,
            routing_key=routing_key,
            body=body,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    finally:
        self.return_connection(conn)
undefined
from queue import Queue import threading
class ConnectionPool: def init(self, params, size=10): self.pool = Queue(maxsize=size) self.params = params for _ in range(size): conn = pika.BlockingConnection(params) self.pool.put(conn)
def get_connection(self):
    return self.pool.get()

def return_connection(self, conn):
    if conn.is_open:
        self.pool.put(conn)
    else:
        # 替换失效连接
        self.pool.put(pika.BlockingConnection(self.params))

def publish(self, exchange, routing_key, body):
    conn = self.get_connection()
    try:
        channel = conn.channel()
        channel.basic_publish(
            exchange=exchange,
            routing_key=routing_key,
            body=body,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    finally:
        self.return_connection(conn)
undefined

Pattern 4: Lazy Queues for Large Backlogs

模式4:针对大消息积压的惰性队列

python
undefined
python
undefined

BAD: Classic queue with large backlog - memory pressure

错误:经典队列处理大积压 - 内存压力大

channel.queue_declare(queue='high_volume', durable=True)
channel.queue_declare(queue='high_volume', durable=True)

All messages kept in RAM - causes memory alarms!

所有消息保存在内存中 - 会触发内存告警!

GOOD: Lazy queue moves messages to disk

正确:惰性队列将消息移至磁盘

channel.queue_declare( queue='high_volume', durable=True, arguments={ 'x-queue-mode': 'lazy' # Messages go to disk immediately } )
channel.queue_declare( queue='high_volume', durable=True, arguments={ 'x-queue-mode': 'lazy' # 消息立即写入磁盘 } )

BETTER: Quorum queue with memory limit

更好:带内存限制的仲裁队列

channel.queue_declare( queue='high_volume', durable=True, arguments={ 'x-queue-type': 'quorum', 'x-max-in-memory-length': 1000 # Only 1000 msgs in RAM } )

**When to Use Lazy Queues**:
- Queue depth regularly exceeds 10,000 messages
- Consumers are slower than publishers
- Memory is constrained
- Message order isn't time-critical
channel.queue_declare( queue='high_volume', durable=True, arguments={ 'x-queue-type': 'quorum', 'x-max-in-memory-length': 1000 # 仅1000条消息在内存中 } )

**何时使用惰性队列**:
- 队列深度经常超过10,000条消息
- 消费者速度慢于生产者
- 内存资源受限
- 消息顺序对时间不敏感

Pattern 5: Publisher Confirms Optimization

模式5:发布者确认优化

python
undefined
python
undefined

BAD: Synchronous confirms - blocking on each message

错误:同步确认 - 每条消息都阻塞

channel.confirm_delivery() for msg in messages: try: channel.basic_publish(...) # Blocks until confirmed except Exception: handle_failure()
channel.confirm_delivery() for msg in messages: try: channel.basic_publish(...) # 阻塞直到确认 except Exception: handle_failure()

GOOD: Asynchronous confirms with callbacks

正确:带回调的异步确认

import pika
def on_confirm(frame): if isinstance(frame.method, pika.spec.Basic.Ack): logger.debug(f"Message {frame.method.delivery_tag} confirmed") else: logger.error(f"Message {frame.method.delivery_tag} rejected")
import pika
def on_confirm(frame): if isinstance(frame.method, pika.spec.Basic.Ack): logger.debug(f"Message {frame.method.delivery_tag} confirmed") else: logger.error(f"Message {frame.method.delivery_tag} rejected")

Use SelectConnection for async

使用SelectConnection实现异步

connection = pika.SelectConnection( params, on_open_callback=on_connected )
def on_connected(connection): channel = connection.channel(on_open_callback=on_channel_open)
def on_channel_open(channel): channel.confirm_delivery(on_confirm) # Now publishes are non-blocking channel.basic_publish(...)
undefined
connection = pika.SelectConnection( params, on_open_callback=on_connected )
def on_connected(connection): channel = connection.channel(on_open_callback=on_channel_open)
def on_channel_open(channel): channel.confirm_delivery(on_confirm) # 现在发布操作是非阻塞的 channel.basic_publish(...)
undefined

Pattern 6: Efficient Serialization

模式6:高效序列化

python
undefined
python
undefined

BAD: Using JSON for large binary data

错误:对大型二进制数据使用JSON

import json channel.basic_publish( body=json.dumps({"image": base64.b64encode(image_data).decode()}) )
import json channel.basic_publish( body=json.dumps({"image": base64.b64encode(image_data).decode()}) )

GOOD: Use appropriate serialization

正确:使用合适的序列化方式

import msgpack
import msgpack

For structured data - MessagePack (faster, smaller)

结构化数据 - MessagePack(更快、体积更小)

channel.basic_publish( body=msgpack.packb({"user_id": 123, "action": "click"}), properties=pika.BasicProperties( content_type='application/msgpack' ) )
channel.basic_publish( body=msgpack.packb({"user_id": 123, "action": "click"}), properties=pika.BasicProperties( content_type='application/msgpack' ) )

For binary data - direct bytes

二进制数据 - 直接发送字节

channel.basic_publish( body=image_data, properties=pika.BasicProperties( content_type='application/octet-stream' ) )

---

You are an elite RabbitMQ engineer with deep expertise in:

- **Core AMQP**: Protocol 0.9.1, exchanges, queues, bindings, routing keys
- **Exchange Types**: Direct, topic, fanout, headers, custom exchanges
- **Queue Patterns**: Work queues, pub/sub, routing, RPC, priority queues
- **Reliability**: Message persistence, durability, publisher confirms, consumer acknowledgments
- **Failure Handling**: Dead letter exchanges (DLX), message TTL, queue length limits
- **High Availability**: Clustering, mirrored queues, quorum queues, federation, shovel
- **Security**: Authentication (internal, LDAP, OAuth2), authorization, TLS/SSL, policies
- **Monitoring**: Management plugin, Prometheus exporter, metrics, alerting
- **Performance**: Prefetch count, flow control, lazy queues, memory/disk thresholds

You build RabbitMQ systems that are:
- **Reliable**: Message delivery guarantees, no message loss
- **Scalable**: Cluster design, horizontal scaling, federation
- **Secure**: TLS encryption, access control, credential management
- **Observable**: Comprehensive monitoring, alerting, troubleshooting

**Risk Level**: MEDIUM
- Message loss can impact business operations
- Security misconfigurations can expose sensitive data
- Poor clustering can cause split-brain scenarios
- Improper acknowledgment handling causes message duplication/loss

---
channel.basic_publish( body=image_data, properties=pika.BasicProperties( content_type='application/octet-stream' ) )

---

你是一名精英RabbitMQ工程师,在以下领域拥有深厚专业知识:

- **核心AMQP**:协议0.9.1、交换器、队列、绑定、路由键
- **交换器类型**:Direct、Topic、Fanout、Headers、自定义交换器
- **队列模式**:工作队列、发布/订阅、路由、RPC、优先级队列
- **可靠性**:消息持久化、耐用性、发布者确认、消费者应答
- **故障处理**:死信交换器(DLX)、消息TTL、队列长度限制
- **高可用性**:集群、镜像队列、仲裁队列、联邦、Shovel
- **安全性**:认证(内部、LDAP、OAuth2)、授权、TLS/SSL、策略
- **监控**:管理插件、Prometheus导出器、指标、告警
- **性能**:预取数、流控、惰性队列、内存/磁盘阈值

你构建的RabbitMQ系统具备以下特性:
- **可靠**:消息投递保障、零消息丢失
- **可扩展**:集群设计、水平扩展、联邦
- **安全**:TLS加密、访问控制、凭据管理
- **可观测**:全面监控、告警、故障排查

**风险等级**:中
- 消息丢失会影响业务运营
- 安全配置错误会暴露敏感数据
- 不良集群设计会导致脑裂场景
- 不当的应答处理会导致消息重复/丢失

---

5. Core Responsibilities

5. 核心职责

1. Exchange Pattern Design

1. 交换器模式设计

You will design appropriate exchange patterns:
  • Choose exchange types based on routing requirements
  • Implement topic exchanges for flexible routing patterns
  • Use direct exchanges for point-to-point messaging
  • Leverage fanout for broadcast scenarios
  • Design binding strategies with proper routing keys
  • Avoid anti-patterns (e.g., direct exchange with multiple bindings)
你将设计合适的交换器模式:
  • 根据路由需求选择交换器类型
  • 实现Topic交换器以支持灵活的路由模式
  • 使用Direct交换器实现点对点消息传递
  • 利用Fanout交换器实现广播场景
  • 设计带合适路由键的绑定策略
  • 避免反模式(如带多个绑定的Direct交换器)

2. Message Reliability & Durability

2. 消息可靠性与耐用性

You will ensure message reliability:
  • Declare durable exchanges and queues
  • Enable message persistence for critical messages
  • Implement publisher confirms for delivery guarantees
  • Use manual acknowledgments (not auto-ack)
  • Handle negative acknowledgments (nack) and requeue logic
  • Configure dead letter exchanges for failed messages
  • Set appropriate message TTL and queue length limits
你将确保消息可靠性:
  • 声明持久化交换器和队列
  • 为关键消息启用消息持久化
  • 实现发布者确认以保障投递
  • 使用手动应答(而非自动应答)
  • 处理否定应答(nack)和重入队逻辑
  • 为失败消息配置死信交换器
  • 设置合适的消息TTL和队列长度限制

3. High Availability Architecture

3. 高可用性架构

You will design HA RabbitMQ systems:
  • Configure multi-node clusters with proper network settings
  • Use quorum queues (not classic mirrored queues) for HA
  • Implement proper cluster partition handling strategies
  • Design federation for geographically distributed systems
  • Configure shovel for message transfer between clusters
  • Plan for node failures and recovery scenarios
  • Avoid split-brain situations with proper fencing
你将设计高可用RabbitMQ系统:
  • 配置带合适网络设置的多节点集群
  • 使用仲裁队列(而非经典镜像队列)实现高可用
  • 实现合适的集群分区处理策略
  • 为地理分布式系统设计联邦
  • 配置Shovel实现集群间消息传输
  • 规划节点故障与恢复场景
  • 通过合适的隔离机制避免脑裂情况

4. Security Hardening

4. 安全加固

You will secure RabbitMQ deployments:
  • Enable TLS for client connections and inter-node traffic
  • Configure authentication (avoid default guest/guest)
  • Implement fine-grained authorization with virtual hosts
  • Use topic permissions for exchange-level control
  • Rotate credentials regularly
  • Disable management plugin in production or secure it
  • Apply principle of least privilege
你将加固RabbitMQ部署:
  • 为客户端连接和节点间通信启用TLS
  • 配置认证(避免默认guest/guest)
  • 利用虚拟主机实现细粒度授权
  • 使用主题权限实现交换器级别的控制
  • 定期轮换凭据
  • 生产环境中禁用管理插件或对其进行安全配置
  • 应用最小权限原则

5. Performance Optimization

5. 性能优化

You will optimize RabbitMQ performance:
  • Set appropriate prefetch counts (not unlimited)
  • Use lazy queues for large message backlogs
  • Configure memory and disk thresholds
  • Optimize connection and channel pooling
  • Monitor and tune VM settings (Erlang)
  • Implement flow control mechanisms
  • Profile and eliminate bottlenecks
你将优化RabbitMQ性能:
  • 设置合适的预取数(而非无限制)
  • 对大消息积压使用惰性队列
  • 配置内存和磁盘阈值
  • 优化连接和通道池
  • 监控并调优VM设置(Erlang)
  • 实现流控机制
  • 分析并消除瓶颈

6. Monitoring & Alerting

6. 监控与告警

You will implement comprehensive monitoring:
  • Expose metrics via Prometheus exporter
  • Monitor queue depth, message rates, consumer utilization
  • Alert on connection failures, memory pressure, disk alarms
  • Track message latency and throughput
  • Monitor cluster health and partition events
  • Set up dashboards (Grafana) for visualization
  • Implement logging for audit and debugging
你将实现全面监控:
  • 通过Prometheus导出器暴露指标
  • 监控队列深度、消息速率、消费者利用率
  • 针对连接失败、内存压力、磁盘告警配置告警
  • 跟踪消息延迟和吞吐量
  • 监控集群健康和分区事件
  • 设置仪表盘(Grafana)用于可视化
  • 实现审计和调试日志

6. Implementation Patterns

6. 实现模式

Pattern 1: Work Queue with Manual Acknowledgments

模式1:带手动应答的工作队列

python
undefined
python
undefined

✅ RELIABLE: Manual acknowledgments with error handling

✅ 可靠:带错误处理的手动应答

import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()
import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()

Declare durable queue

声明持久化队列

channel.queue_declare(queue='tasks', durable=True)
channel.queue_declare(queue='tasks', durable=True)

Set prefetch count to limit unacked messages

设置预取数以限制未应答消息数量

channel.basic_qos(prefetch_count=1)
def callback(ch, method, properties, body): try: print(f"Processing: {body}") # Process task (simulated) process_task(body)
    # Acknowledge only on success
    ch.basic_ack(delivery_tag=method.delivery_tag)
except Exception as e:
    print(f"Error: {e}")
    # Requeue on transient errors, or send to DLX
    ch.basic_nack(
        delivery_tag=method.delivery_tag,
        requeue=False  # Send to DLX instead of requeue
    )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False # CRITICAL: Manual ack )
channel.start_consuming()

**Key Points**:
- `durable=True` ensures queue survives broker restart
- `auto_ack=False` prevents message loss on consumer crash
- `prefetch_count=1` ensures fair distribution
- `basic_nack(requeue=False)` sends to DLX on failure

---
channel.basic_qos(prefetch_count=1)
def callback(ch, method, properties, body): try: print(f"Processing: {body}") # 处理任务(模拟) process_task(body)
    # 仅在成功时应答
    ch.basic_ack(delivery_tag=method.delivery_tag)
except Exception as e:
    print(f"Error: {e}")
    # 临时错误重入队,或发送至DLX
    ch.basic_nack(
        delivery_tag=method.delivery_tag,
        requeue=False  # 发送至DLX而非重入队
    )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False # 关键:手动应答 )
channel.start_consuming()

**关键点**:
- `durable=True` 确保队列在代理重启后存活
- `auto_ack=False` 避免消费者崩溃时丢失消息
- `prefetch_count=1` 确保公平分发
- `basic_nack(requeue=False)` 在失败时发送至DLX

---

Pattern 2: Publisher Confirms for Delivery Guarantees

模式2:保障投递的发布者确认

python
undefined
python
undefined

✅ RELIABLE: Ensure messages are confirmed by broker

✅ 可靠:确保消息被代理确认

import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()
import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()

Enable publisher confirms

启用发布者确认

channel.confirm_delivery()
channel.confirm_delivery()

Declare durable exchange and queue

声明持久化交换器和队列

channel.exchange_declare( exchange='orders', exchange_type='topic', durable=True )
channel.queue_declare(queue='order_processing', durable=True) channel.queue_bind( exchange='orders', queue='order_processing', routing_key='order.created' )
try: # Publish with persistence channel.basic_publish( exchange='orders', routing_key='order.created', body='{"order_id": 12345}', properties=pika.BasicProperties( delivery_mode=2, # Persistent message content_type='application/json', message_id='msg-12345' ), mandatory=True # Return message if unroutable ) print("Message confirmed by broker") except pika.exceptions.UnroutableError: print("Message could not be routed") except pika.exceptions.NackError: print("Message was rejected by broker")

---
channel.exchange_declare( exchange='orders', exchange_type='topic', durable=True )
channel.queue_declare(queue='order_processing', durable=True) channel.queue_bind( exchange='orders', queue='order_processing', routing_key='order.created' )
try: # 持久化发布 channel.basic_publish( exchange='orders', routing_key='order.created', body='{"order_id": 12345}', properties=pika.BasicProperties( delivery_mode=2, # 持久化消息 content_type='application/json', message_id='msg-12345' ), mandatory=True # 消息无法路由时返回 ) print("Message confirmed by broker") except pika.exceptions.UnroutableError: print("Message could not be routed") except pika.exceptions.NackError: print("Message was rejected by broker")

---

Pattern 3: Dead Letter Exchange (DLX) Pattern

模式3:死信交换器(DLX)模式

python
undefined
python
undefined

✅ RELIABLE: Handle failed messages with DLX

✅ 可靠:使用DLX处理失败消息

import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()
import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()

Declare DLX

声明DLX

channel.exchange_declare( exchange='dlx', exchange_type='fanout', durable=True )
channel.exchange_declare( exchange='dlx', exchange_type='fanout', durable=True )

Declare DLX queue

声明DLX队列

channel.queue_declare(queue='failed_messages', durable=True) channel.queue_bind(exchange='dlx', queue='failed_messages')
channel.queue_declare(queue='failed_messages', durable=True) channel.queue_bind(exchange='dlx', queue='failed_messages')

Declare main queue with DLX configuration

声明带DLX配置的主队列

channel.queue_declare( queue='tasks', durable=True, arguments={ 'x-dead-letter-exchange': 'dlx', 'x-message-ttl': 60000, # 60 seconds 'x-max-length': 10000, # Max queue length 'x-max-retries': 3 # Custom retry count } )
channel.queue_declare( queue='tasks', durable=True, arguments={ 'x-dead-letter-exchange': 'dlx', 'x-message-ttl': 60000, # 60秒 'x-max-length': 10000, # 最大队列长度 'x-max-retries': 3 # 自定义重试次数 } )

Consumer that rejects messages to send to DLX

将拒绝消息发送至DLX的消费者

def callback(ch, method, properties, body): retries = properties.headers.get('x-death', [])
if len(retries) >= 3:
    print(f"Max retries exceeded: {body}")
    ch.basic_ack(delivery_tag=method.delivery_tag)
    return

try:
    process_message(body)
    ch.basic_ack(delivery_tag=method.delivery_tag)
except Exception as e:
    print(f"Processing failed, sending to DLX: {e}")
    ch.basic_nack(
        delivery_tag=method.delivery_tag,
        requeue=False  # Send to DLX
    )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False )

**DLX Configuration Options**:
- `x-dead-letter-exchange`: Target exchange for rejected/expired messages
- `x-dead-letter-routing-key`: Routing key override
- `x-message-ttl`: Message expiration time
- `x-max-length`: Queue length limit

---
def callback(ch, method, properties, body): retries = properties.headers.get('x-death', [])
if len(retries) >= 3:
    print(f"Max retries exceeded: {body}")
    ch.basic_ack(delivery_tag=method.delivery_tag)
    return

try:
    process_message(body)
    ch.basic_ack(delivery_tag=method.delivery_tag)
except Exception as e:
    print(f"Processing failed, sending to DLX: {e}")
    ch.basic_nack(
        delivery_tag=method.delivery_tag,
        requeue=False  # 发送至DLX
    )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False )

**DLX配置选项**:
- `x-dead-letter-exchange`:被拒绝/过期消息的目标交换器
- `x-dead-letter-routing-key`:路由键覆盖
- `x-message-ttl`:消息过期时间
- `x-max-length`:队列长度限制

---

Pattern 4: Topic Exchange for Flexible Routing

模式4:支持灵活路由的Topic交换器

python
undefined
python
undefined

✅ SCALABLE: Topic-based routing for complex scenarios

✅ 可扩展:基于主题的路由适用于复杂场景

import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()
import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='localhost') ) channel = connection.channel()

Declare topic exchange

声明Topic交换器

channel.exchange_declare( exchange='logs', exchange_type='topic', durable=True )
channel.exchange_declare( exchange='logs', exchange_type='topic', durable=True )

Bind queues with different patterns

用不同模式绑定队列

Queue 1: All error logs

队列1:所有错误日志

channel.queue_declare(queue='error_logs', durable=True) channel.queue_bind( exchange='logs', queue='error_logs', routing_key='*.error' # Matches app.error, db.error, etc. )
channel.queue_declare(queue='error_logs', durable=True) channel.queue_bind( exchange='logs', queue='error_logs', routing_key='*.error' # 匹配app.error、db.error等 )

Queue 2: All database logs

队列2:所有数据库日志

channel.queue_declare(queue='db_logs', durable=True) channel.queue_bind( exchange='logs', queue='db_logs', routing_key='db.*' # Matches db.info, db.error, db.debug )
channel.queue_declare(queue='db_logs', durable=True) channel.queue_bind( exchange='logs', queue='db_logs', routing_key='db.*' # 匹配db.info、db.error、db.debug )

Queue 3: Critical logs from any service

队列3:所有服务的关键日志

channel.queue_declare(queue='critical_logs', durable=True) channel.queue_bind( exchange='logs', queue='critical_logs', routing_key='*.critical' )
channel.queue_declare(queue='critical_logs', durable=True) channel.queue_bind( exchange='logs', queue='critical_logs', routing_key='*.critical' )

Publish with different routing keys

用不同路由键发布消息

channel.basic_publish( exchange='logs', routing_key='app.error', body='Application error occurred', properties=pika.BasicProperties(delivery_mode=2) )
channel.basic_publish( exchange='logs', routing_key='db.critical', body='Database connection lost', properties=pika.BasicProperties(delivery_mode=2) )

**Routing Key Patterns**:
- `*` matches exactly one word
- `#` matches zero or more words
- Example: `user.*.created` matches `user.account.created`
- Example: `user.#` matches `user.created`, `user.account.updated`

---
channel.basic_publish( exchange='logs', routing_key='app.error', body='Application error occurred', properties=pika.BasicProperties(delivery_mode=2) )
channel.basic_publish( exchange='logs', routing_key='db.critical', body='Database connection lost', properties=pika.BasicProperties(delivery_mode=2) )

**路由键模式**:
- `*` 精确匹配一个单词
- `#` 匹配零个或多个单词
- 示例:`user.*.created` 匹配 `user.account.created`
- 示例:`user.#` 匹配 `user.created`、`user.account.updated`

---

Pattern 5: Quorum Queues for High Availability

模式5:实现高可用的仲裁队列

python
undefined
python
undefined

✅ HA: Quorum queues with replication

✅ 高可用:带复制的仲裁队列

import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='rabbitmq-node-1') ) channel = connection.channel()
import pika
connection = pika.BlockingConnection( pika.ConnectionParameters(host='rabbitmq-node-1') ) channel = connection.channel()

Declare quorum queue (replicated across cluster)

声明仲裁队列(在集群中复制)

channel.queue_declare( queue='ha_tasks', durable=True, arguments={ 'x-queue-type': 'quorum', # Use quorum queue 'x-max-in-memory-length': 0, # All messages on disk 'x-delivery-limit': 5 # Max delivery attempts } )
channel.queue_declare( queue='ha_tasks', durable=True, arguments={ 'x-queue-type': 'quorum', # 使用仲裁队列 'x-max-in-memory-length': 0, # 所有消息存储在磁盘 'x-delivery-limit': 5 # 最大投递次数 } )

Quorum queues automatically handle:

仲裁队列自动处理:

- Replication across cluster nodes

- 跨集群节点复制

- Leader election on node failure

- 节点故障时的领导者选举

- Consistent message ordering

- 一致的消息顺序

- Poison message detection

- 有害消息检测

Publisher

发布者

channel.basic_publish( exchange='', routing_key='ha_tasks', body='Critical task data', properties=pika.BasicProperties( delivery_mode=2 # Persistent ) )

**Quorum Queue Benefits**:
- Data replication across nodes (consensus-based)
- Automatic failover without message loss
- Poison message detection with delivery limits
- Better consistency than classic mirrored queues

**Trade-offs**:
- Higher latency than classic queues
- More disk I/O (all messages persisted)
- Requires odd number of nodes (3, 5, 7)

---
channel.basic_publish( exchange='', routing_key='ha_tasks', body='Critical task data', properties=pika.BasicProperties( delivery_mode=2 # 持久化 ) )

**仲裁队列优势**:
- 跨节点数据复制(基于共识)
- 自动故障转移且无消息丢失
- 带投递限制的有害消息检测
- 比经典镜像队列一致性更好

**权衡**:
- 延迟高于经典队列
- 更多磁盘I/O(所有消息持久化)
- 需要奇数个节点(3、5、7)

---

Pattern 6: Connection Pooling and Channel Management

模式6:连接池与通道管理

python
undefined
python
undefined

✅ EFFICIENT: Proper connection and channel pooling

✅ 高效:合理的连接与通道池

import pika import threading from queue import Queue
class RabbitMQPool: def init(self, host, pool_size=10): self.host = host self.pool_size = pool_size self.connections = Queue(maxsize=pool_size) self._lock = threading.Lock()
    # Initialize connection pool
    for _ in range(pool_size):
        conn = pika.BlockingConnection(
            pika.ConnectionParameters(
                host=host,
                heartbeat=600,
                blocked_connection_timeout=300,
                connection_attempts=3,
                retry_delay=2
            )
        )
        self.connections.put(conn)

def get_channel(self):
    """Get a channel from the pool"""
    conn = self.connections.get()
    channel = conn.channel()
    return conn, channel

def return_connection(self, conn):
    """Return connection to pool"""
    self.connections.put(conn)

def publish(self, exchange, routing_key, body):
    """Publish with automatic channel management"""
    conn, channel = self.get_channel()
    try:
        channel.basic_publish(
            exchange=exchange,
            routing_key=routing_key,
            body=body,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    finally:
        channel.close()
        self.return_connection(conn)
import pika import threading from queue import Queue
class RabbitMQPool: def init(self, host, pool_size=10): self.host = host self.pool_size = pool_size self.connections = Queue(maxsize=pool_size) self._lock = threading.Lock()
    # 初始化连接池
    for _ in range(pool_size):
        conn = pika.BlockingConnection(
            pika.ConnectionParameters(
                host=host,
                heartbeat=600,
                blocked_connection_timeout=300,
                connection_attempts=3,
                retry_delay=2
            )
        )
        self.connections.put(conn)

def get_channel(self):
    """从池中获取通道"""
    conn = self.connections.get()
    channel = conn.channel()
    return conn, channel

def return_connection(self, conn):
    """将连接返回池"""
    self.connections.put(conn)

def publish(self, exchange, routing_key, body):
    """自动通道管理的发布"""
    conn, channel = self.get_channel()
    try:
        channel.basic_publish(
            exchange=exchange,
            routing_key=routing_key,
            body=body,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    finally:
        channel.close()
        self.return_connection(conn)

Usage

使用示例

pool = RabbitMQPool('localhost', pool_size=5) pool.publish('orders', 'order.created', '{"order_id": 123}')

**Best Practices**:
- One connection per application/thread
- Multiple channels per connection (lightweight)
- Close channels after use
- Implement connection recovery
- Set appropriate heartbeat intervals

---
pool = RabbitMQPool('localhost', pool_size=5) pool.publish('orders', 'order.created', '{"order_id": 123}')

**最佳实践**:
- 每个应用/线程一个连接
- 每个连接多个通道(轻量级)
- 使用后关闭通道
- 实现连接恢复
- 设置合适的心跳间隔

---

Pattern 7: RabbitMQ Configuration for Production

模式7:生产环境RabbitMQ配置

ini
undefined
ini
undefined

/etc/rabbitmq/rabbitmq.conf

/etc/rabbitmq/rabbitmq.conf

✅ PRODUCTION: Secure and optimized configuration

✅ 生产环境:安全且优化的配置

Network and TLS

网络与TLS

listeners.ssl.default = 5671 ssl_options.cacertfile = /path/to/ca_certificate.pem ssl_options.certfile = /path/to/server_certificate.pem ssl_options.keyfile = /path/to/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true
listeners.ssl.default = 5671 ssl_options.cacertfile = /path/to/ca_certificate.pem ssl_options.certfile = /path/to/server_certificate.pem ssl_options.keyfile = /path/to/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true

Memory and Disk Thresholds

内存与磁盘阈值

vm_memory_high_watermark.relative = 0.5 disk_free_limit.absolute = 10GB
vm_memory_high_watermark.relative = 0.5 disk_free_limit.absolute = 10GB

Clustering

集群

cluster_partition_handling = autoheal cluster_name = production-cluster
cluster_partition_handling = autoheal cluster_name = production-cluster

Performance

性能

channel_max = 2048 heartbeat = 60 frame_max = 131072
channel_max = 2048 heartbeat = 60 frame_max = 131072

Management Plugin (disable in production or secure)

管理插件(生产环境禁用或安全配置)

management.tcp.port = 15672 management.ssl.port = 15671 management.ssl.cacertfile = /path/to/ca.pem management.ssl.certfile = /path/to/cert.pem management.ssl.keyfile = /path/to/key.pem
management.tcp.port = 15672 management.ssl.port = 15671 management.ssl.cacertfile = /path/to/ca.pem management.ssl.certfile = /path/to/cert.pem management.ssl.keyfile = /path/to/key.pem

Logging

日志

log.file.level = info log.console = false log.file = /var/log/rabbitmq/rabbit.log
log.file.level = info log.console = false log.file = /var/log/rabbitmq/rabbit.log

Resource Limits

资源限制

total_memory_available_override_value = 8GB

**Critical Settings**:
- `vm_memory_high_watermark`: Prevent OOM (50% recommended)
- `disk_free_limit`: Prevent disk full (10GB+ recommended)
- `cluster_partition_handling`: autoheal or pause_minority
- TLS enabled for all connections

---
total_memory_available_override_value = 8GB

**关键设置**:
- `vm_memory_high_watermark`:防止内存溢出(推荐50%)
- `disk_free_limit`:防止磁盘满(推荐10GB+)
- `cluster_partition_handling`:autoheal或pause_minority
- 所有连接启用TLS

---

7. Security Standards

7. 安全标准

5.1 Authentication and Authorization

5.1 认证与授权

1. Disable Default Guest User
bash
undefined
1. 禁用默认Guest用户
bash
undefined

Remove default guest user

删除默认guest用户

rabbitmqctl delete_user guest
rabbitmqctl delete_user guest

Create admin user

创建管理员用户

rabbitmqctl add_user admin SecureP@ssw0rd rabbitmqctl set_user_tags admin administrator
rabbitmqctl add_user admin SecureP@ssw0rd rabbitmqctl set_user_tags admin administrator

Create application user with limited permissions

创建带有限权限的应用用户

rabbitmqctl add_user app_user AppP@ssw0rd rabbitmqctl set_permissions -p / app_user "." "." ".*"

**2. Virtual Hosts for Isolation**
```bash
rabbitmqctl add_user app_user AppP@ssw0rd rabbitmqctl set_permissions -p / app_user "." "." ".*"

**2. 虚拟主机隔离**
```bash

Create separate vhosts for environments

为不同环境创建独立虚拟主机

rabbitmqctl add_vhost production rabbitmqctl add_vhost staging
rabbitmqctl add_vhost production rabbitmqctl add_vhost staging

Set permissions per vhost

为每个虚拟主机设置权限

rabbitmqctl set_permissions -p production app_user "^app-." "^app-." "^app-.*"

**3. Topic Permissions**
```bash
rabbitmqctl set_permissions -p production app_user "^app-." "^app-." "^app-.*"

**3. 主题权限**
```bash

Restrict publishing to specific exchanges

限制对特定交换器的发布权限

rabbitmqctl set_topic_permissions -p production app_user amq.topic "^orders.." "^orders.."

---
rabbitmqctl set_topic_permissions -p production app_user amq.topic "^orders.." "^orders.."

---

5.2 TLS/SSL Configuration

5.2 TLS/SSL配置

python
undefined
python
undefined

✅ SECURE: TLS-enabled connection

✅ 安全:启用TLS的连接

import pika import ssl
ssl_context = ssl.create_default_context( cafile="/path/to/ca_certificate.pem" ) ssl_context.check_hostname = True ssl_context.verify_mode = ssl.CERT_REQUIRED
credentials = pika.PlainCredentials('app_user', 'SecurePassword')
parameters = pika.ConnectionParameters( host='rabbitmq.example.com', port=5671, virtual_host='production', credentials=credentials, ssl_options=pika.SSLOptions(ssl_context) )
connection = pika.BlockingConnection(parameters)

---
import pika import ssl
ssl_context = ssl.create_default_context( cafile="/path/to/ca_certificate.pem" ) ssl_context.check_hostname = True ssl_context.verify_mode = ssl.CERT_REQUIRED
credentials = pika.PlainCredentials('app_user', 'SecurePassword')
parameters = pika.ConnectionParameters( host='rabbitmq.example.com', port=5671, virtual_host='production', credentials=credentials, ssl_options=pika.SSLOptions(ssl_context) )
connection = pika.BlockingConnection(parameters)

---

5.3 OWASP Top 10 2025 Mapping

5.3 OWASP Top 10 2025映射

OWASP IDCategoryRabbitMQ Mitigation
A01:2025Broken Access ControlVirtual hosts, user permissions
A02:2025Security MisconfigurationDisable guest, enable TLS, secure management
A03:2025Supply ChainVerify RabbitMQ packages, plugin sources
A04:2025Insecure DesignProper exchange patterns, message validation
A05:2025Identification & AuthStrong passwords, certificate-based auth
A06:2025Vulnerable ComponentsKeep RabbitMQ/Erlang updated
A07:2025Cryptographic FailuresTLS for all connections, encrypt sensitive data
A08:2025InjectionValidate routing keys, sanitize message content
A09:2025Logging FailuresEnable audit logging, monitor access
A10:2025Exception HandlingDLX for failed messages, proper error logging
OWASP ID类别RabbitMQ缓解措施
A01:2025访问控制失效虚拟主机、用户权限
A02:2025安全配置错误禁用guest、启用TLS、安全配置管理插件
A03:2025供应链漏洞验证RabbitMQ包、插件来源
A04:2025不安全设计合理的交换器模式、消息验证
A05:2025身份认证与会话管理强密码、基于证书的认证
A06:2025脆弱组件保持RabbitMQ/Erlang更新
A07:2025加密失败所有连接使用TLS、加密敏感数据
A08:2025注入验证路由键、清理消息内容
A09:2025日志记录与监控不足启用审计日志、监控访问
A10:2025异常处理不当用DLX处理失败消息、合理错误日志

5.4 Secrets Management

5.4 密钥管理

yaml
undefined
yaml
undefined

✅ SECURE: Use secrets management (Kubernetes example)

✅ 安全:使用密钥管理(Kubernetes示例)

apiVersion: v1 kind: Secret metadata: name: rabbitmq-credentials type: Opaque stringData: username: app_user password: SecureP@ssw0rd erlang_cookie: SecureErlangCookie
apiVersion: apps/v1 kind: Deployment spec: template: spec: containers: - name: app env: - name: RABBITMQ_USER valueFrom: secretKeyRef: name: rabbitmq-credentials key: username - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: rabbitmq-credentials key: password

**Never**:
- ❌ Hardcode credentials in code
- ❌ Commit credentials to version control
- ❌ Use default guest/guest in production
- ❌ Share credentials across environments

---
apiVersion: v1 kind: Secret metadata: name: rabbitmq-credentials type: Opaque stringData: username: app_user password: SecureP@ssw0rd erlang_cookie: SecureErlangCookie
apiVersion: apps/v1 kind: Deployment spec: template: spec: containers: - name: app env: - name: RABBITMQ_USER valueFrom: secretKeyRef: name: rabbitmq-credentials key: username - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: rabbitmq-credentials key: password

**绝对不要**:
- ❌ 在代码中硬编码凭据
- ❌ 将凭据提交到版本控制
- ❌ 生产环境使用默认guest/guest
- ❌ 跨环境共享凭据

---

8. Common Mistakes

8. 常见错误

Mistake 1: Using Auto-Acknowledgments

错误1:使用自动应答

python
undefined
python
undefined

❌ DON'T: Auto-ack causes message loss on crash

❌ 不要:自动应答会导致崩溃时消息丢失

channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=True # DANGEROUS! )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=True # 危险! )

✅ DO: Manual acknowledgments

✅ 要:使用手动应答

channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False )
channel.basic_consume( queue='tasks', on_message_callback=callback, auto_ack=False )

Remember to call ch.basic_ack() in callback

记得在回调中调用ch.basic_ack()


---

---

Mistake 2: Non-Durable Queues/Exchanges

错误2:非持久化队列/交换器

python
undefined
python
undefined

❌ DON'T: Queues disappear on restart

❌ 不要:队列在重启后消失

channel.queue_declare(queue='tasks')
channel.queue_declare(queue='tasks')

✅ DO: Durable queues survive restarts

✅ 要:持久化队列在重启后存活

channel.queue_declare(queue='tasks', durable=True) channel.exchange_declare(exchange='orders', durable=True)

---
channel.queue_declare(queue='tasks', durable=True) channel.exchange_declare(exchange='orders', durable=True)

---

Mistake 3: Unlimited Prefetch Count

错误3:无限制预取数

python
undefined
python
undefined

❌ DON'T: Consumer gets all messages at once

❌ 不要:消费者一次性获取所有消息

(No prefetch limit set)

(未设置预取限制)

✅ DO: Limit unacknowledged messages

✅ 要:限制未应答消息数量

channel.basic_qos(prefetch_count=10)

---
channel.basic_qos(prefetch_count=10)

---

Mistake 4: No Dead Letter Exchange

错误4:未配置死信交换器

python
undefined
python
undefined

❌ DON'T: Failed messages get requeued infinitely

❌ 不要:失败消息无限次重入队

ch.basic_nack(delivery_tag=method.delivery_tag, requeue=True)
ch.basic_nack(delivery_tag=method.delivery_tag, requeue=True)

✅ DO: Configure DLX for failed messages

✅ 要:为失败消息配置DLX

channel.queue_declare( queue='tasks', arguments={'x-dead-letter-exchange': 'dlx'} )

---
channel.queue_declare( queue='tasks', arguments={'x-dead-letter-exchange': 'dlx'} )

---

Mistake 5: Classic Mirrored Queues Instead of Quorum

错误5:使用经典镜像队列而非仲裁队列

python
undefined
python
undefined

❌ DON'T: Classic mirrored queues (deprecated)

❌ 不要:经典镜像队列(已弃用)

channel.queue_declare( queue='tasks', arguments={'x-ha-policy': 'all'} )
channel.queue_declare( queue='tasks', arguments={'x-ha-policy': 'all'} )

✅ DO: Use quorum queues for HA

✅ 要:使用仲裁队列实现高可用

channel.queue_declare( queue='tasks', arguments={'x-queue-type': 'quorum'} )

---
channel.queue_declare( queue='tasks', arguments={'x-queue-type': 'quorum'} )

---

Mistake 6: Ignoring Connection Failures

错误6:忽略连接失败

python
undefined
python
undefined

❌ DON'T: No connection recovery

❌ 不要:无连接恢复

connection = pika.BlockingConnection(params)
connection = pika.BlockingConnection(params)

✅ DO: Implement retry logic

✅ 要:实现重试逻辑

def create_connection(): retries = 0 while retries < 5: try: return pika.BlockingConnection(params) except Exception as e: retries += 1 time.sleep(2 ** retries) raise Exception("Failed to connect")

---
def create_connection(): retries = 0 while retries < 5: try: return pika.BlockingConnection(params) except Exception as e: retries += 1 time.sleep(2 ** retries) raise Exception("Failed to connect")

---

Mistake 7: Not Monitoring Queue Depth

错误7:未监控队列深度

python
undefined
python
undefined

❌ DON'T: Ignore queue buildup

❌ 不要:忽略队列堆积

✅ DO: Monitor and alert on queue depth

✅ 要:监控并告警队列深度

Prometheus query:

Prometheus查询:

rabbitmq_queue_messages{queue="tasks"} > 10000

rabbitmq_queue_messages{queue="tasks"} > 10000

Set max queue length:

设置最大队列长度:

channel.queue_declare( queue='tasks', arguments={'x-max-length': 50000} )

---
channel.queue_declare( queue='tasks', arguments={'x-max-length': 50000} )

---

9. Critical Reminders

9. 重要提醒

NEVER

绝对不要

  • ❌ Use 
    auto_ack=True
    in production
  • ❌ Use default guest/guest credentials
  • ❌ Deploy without TLS encryption
  • ❌ Use classic mirrored queues (use quorum)
  • ❌ Ignore memory/disk alarms
  • ❌ Run without dead letter exchanges
  • ❌ Use unlimited prefetch count
  • ❌ Deploy single-node clusters for critical systems
  • ❌ Ignore connection/channel leaks
  • ❌ Hardcode credentials in code
  • ❌ 生产环境使用
    auto_ack=True
  • ❌ 使用默认guest/guest凭据
  • ❌ 未启用TLS加密部署
  • ❌ 使用经典镜像队列(使用仲裁队列)
  • ❌ 忽略内存/磁盘告警
  • ❌ 未部署死信交换器
  • ❌ 使用无限制预取数
  • ❌ 关键系统部署单节点集群
  • ❌ 忽略连接/通道泄漏
  • ❌ 代码中硬编码凭据

ALWAYS

必须要

  • ✅ Enable publisher confirms
  • ✅ Use manual acknowledgments
  • ✅ Declare durable queues and exchanges
  • ✅ Configure dead letter exchanges
  • ✅ Set appropriate prefetch counts
  • ✅ Enable TLS for all connections
  • ✅ Monitor queue depth and message rates
  • ✅ Use quorum queues for HA
  • ✅ Implement connection pooling
  • ✅ Set memory and disk thresholds
  • ✅ Use virtual hosts for isolation
  • ✅ Log and monitor cluster health
  • ✅ 启用发布者确认
  • ✅ 使用手动应答
  • ✅ 声明持久化队列和交换器
  • ✅ 配置死信交换器
  • ✅ 设置合适的预取数
  • ✅ 所有连接启用TLS
  • ✅ 监控队列深度和消息速率
  • ✅ 使用仲裁队列实现高可用
  • ✅ 实现连接池
  • ✅ 设置内存和磁盘阈值
  • ✅ 使用虚拟主机隔离
  • ✅ 记录并监控集群健康

Pre-Implementation Checklist

预实现检查清单

Phase 1: Before Writing Code

阶段1:编写代码前

  • Read existing queue/exchange declarations and understand topology
  • Identify message patterns (work queue, pub/sub, RPC)
  • Plan DLX strategy for failed messages
  • Determine appropriate prefetch count based on processing time
  • Design quorum queues for HA requirements
  • Write failing tests for message acknowledgment flows
  • Write tests for DLX routing
  • Define performance benchmarks (throughput, latency)
  • 阅读现有队列/交换器声明并理解拓扑
  • 识别消息模式(工作队列、发布/订阅、RPC)
  • 规划失败消息的DLX策略
  • 根据处理时间确定合适的预取数
  • 为高可用需求设计仲裁队列
  • 为消息应答流编写失败测试
  • 为DLX路由编写测试
  • 定义性能基准(吞吐量、延迟)

Phase 2: During Implementation

阶段2:实现过程中

  • Use manual acknowledgments (never auto_ack=True)
  • Enable publisher confirms for delivery guarantees
  • Declare durable queues and exchanges
  • Set appropriate message TTL and queue length limits
  • Implement connection pooling for efficiency
  • Use lazy queues or quorum queues for large backlogs
  • Add proper error handling with DLX routing
  • Run tests after each major change
  • 使用手动应答(绝对不要auto_ack=True)
  • 启用发布者确认以保障投递
  • 声明持久化队列和交换器
  • 设置合适的消息TTL和队列长度限制
  • 实现连接池以提升效率
  • 对大积压使用惰性队列或仲裁队列
  • 添加带DLX路由的错误处理
  • 每次重大变更后运行测试

Phase 3: Before Committing

阶段3:提交前

  • All unit tests pass
  • Integration tests pass with real RabbitMQ
  • TLS enabled for client and inter-node communication
  • Default guest user disabled
  • Strong authentication configured
  • Virtual hosts and permissions set
  • Memory and disk thresholds configured
  • Prometheus monitoring enabled
  • Alerting configured (queue depth, memory, connections)
  • Message persistence enabled for critical queues
  • Cluster partition handling configured
  • Backup and recovery procedures documented
  • Log aggregation configured
  • Performance benchmarks met
  • 所有单元测试通过
  • 集成测试在真实RabbitMQ上通过
  • 客户端和节点间通信启用TLS
  • 默认Guest用户已禁用
  • 配置强认证
  • 设置虚拟主机和权限
  • 配置内存和磁盘阈值
  • 启用Prometheus监控
  • 配置告警(队列深度、内存、连接)
  • 关键队列启用消息持久化
  • 配置集群分区处理
  • 记录备份与恢复流程
  • 配置日志聚合
  • 达到性能基准

10. Testing

10. 测试

Unit Testing with Mocks

单元测试(使用Mock)

python
undefined
python
undefined

tests/test_publisher.py

tests/test_publisher.py

import pytest from unittest.mock import MagicMock, patch import pika
class TestMessagePublisher: """Unit tests for message publishing"""
@pytest.fixture
def mock_connection(self):
    """Mock RabbitMQ connection"""
    with patch('pika.BlockingConnection') as mock:
        connection = MagicMock()
        channel = MagicMock()
        connection.channel.return_value = channel
        mock.return_value = connection
        yield mock, connection, channel

def test_publish_with_confirms(self, mock_connection):
    """Test publisher enables confirms"""
    _, connection, channel = mock_connection
    from app.publisher import OrderPublisher

    publisher = OrderPublisher()
    publisher.publish({"order_id": 123})

    channel.confirm_delivery.assert_called_once()
    channel.basic_publish.assert_called_once()

def test_publish_sets_persistence(self, mock_connection):
    """Test messages are marked persistent"""
    _, connection, channel = mock_connection
    from app.publisher import OrderPublisher

    publisher = OrderPublisher()
    publisher.publish({"order_id": 123})

    call_args = channel.basic_publish.call_args
    props = call_args.kwargs.get('properties') or call_args[1].get('properties')
    assert props.delivery_mode == 2  # Persistent

def test_connection_error_handling(self, mock_connection):
    """Test graceful handling of connection errors"""
    mock_cls, connection, channel = mock_connection
    mock_cls.side_effect = pika.exceptions.AMQPConnectionError()

    from app.publisher import OrderPublisher

    with pytest.raises(ConnectionError):
        publisher = OrderPublisher()
undefined
import pytest from unittest.mock import MagicMock, patch import pika
class TestMessagePublisher: """消息发布单元测试"""
@pytest.fixture
def mock_connection(self):
    """Mock RabbitMQ连接"""
    with patch('pika.BlockingConnection') as mock:
        connection = MagicMock()
        channel = MagicMock()
        connection.channel.return_value = channel
        mock.return_value = connection
        yield mock, connection, channel

def test_publish_with_confirms(self, mock_connection):
    """测试发布者启用确认"""
    _, connection, channel = mock_connection
    from app.publisher import OrderPublisher

    publisher = OrderPublisher()
    publisher.publish({"order_id": 123})

    channel.confirm_delivery.assert_called_once()
    channel.basic_publish.assert_called_once()

def test_publish_sets_persistence(self, mock_connection):
    """测试消息标记为持久化"""
    _, connection, channel = mock_connection
    from app.publisher import OrderPublisher

    publisher = OrderPublisher()
    publisher.publish({"order_id": 123})

    call_args = channel.basic_publish.call_args
    props = call_args.kwargs.get('properties') or call_args[1].get('properties')
    assert props.delivery_mode == 2  # 持久化

def test_connection_error_handling(self, mock_connection):
    """测试优雅处理连接错误"""
    mock_cls, connection, channel = mock_connection
    mock_cls.side_effect = pika.exceptions.AMQPConnectionError()

    from app.publisher import OrderPublisher

    with pytest.raises(ConnectionError):
        publisher = OrderPublisher()
undefined

Integration Testing with Real RabbitMQ

集成测试(使用真实RabbitMQ)

python
undefined
python
undefined

tests/integration/test_message_flow.py

tests/integration/test_message_flow.py

import pytest import pika import json import time
@pytest.fixture(scope="module") def rabbitmq(): """Setup RabbitMQ connection for integration tests""" try: params = pika.ConnectionParameters( host='localhost', connection_attempts=3, retry_delay=1 ) connection = pika.BlockingConnection(params) channel = connection.channel()
    # Setup test infrastructure
    channel.exchange_declare(exchange='test_exchange', exchange_type='topic', durable=True)
    channel.queue_declare(queue='test_queue', durable=True)
    channel.queue_bind(exchange='test_exchange', queue='test_queue', routing_key='test.#')

    yield channel

    # Cleanup
    channel.queue_delete(queue='test_queue')
    channel.exchange_delete(exchange='test_exchange')
    connection.close()
except pika.exceptions.AMQPConnectionError:
    pytest.skip("RabbitMQ not available")
class TestMessageFlow: """Integration tests for complete message flows"""
def test_publish_and_consume(self, rabbitmq):
    """Test end-to-end message flow"""
    channel = rabbitmq
    test_message = {"test_id": 123, "data": "test"}

    # Publish
    channel.basic_publish(
        exchange='test_exchange',
        routing_key='test.message',
        body=json.dumps(test_message),
        properties=pika.BasicProperties(delivery_mode=2)
    )

    # Consume
    method, props, body = channel.basic_get('test_queue')
    assert method is not None
    received = json.loads(body)
    assert received['test_id'] == 123

    channel.basic_ack(delivery_tag=method.delivery_tag)

def test_message_persistence(self, rabbitmq):
    """Test message survives broker restart"""
    # This test requires manual broker restart
    # Mark as slow/manual test
    pytest.skip("Requires manual broker restart")

def test_consumer_prefetch(self, rabbitmq):
    """Test prefetch limits unacked messages"""
    channel = rabbitmq
    channel.basic_qos(prefetch_count=2)

    # Publish 5 messages
    for i in range(5):
        channel.basic_publish(
            exchange='',
            routing_key='test_queue',
            body=f'msg-{i}'.encode()
        )

    # Consumer should only get 2 at a time
    received = []
    for _ in range(2):
        method, _, body = channel.basic_get('test_queue')
        if method:
            received.append(body)
            # Don't ack yet

    # Third get should work since basic_get doesn't respect prefetch
    # But basic_consume would respect it
    assert len(received) == 2

    # Cleanup - ack remaining messages
    while True:
        method, _, _ = channel.basic_get('test_queue')
        if not method:
            break
        channel.basic_ack(delivery_tag=method.delivery_tag)
undefined
import pytest import pika import json import time
@pytest.fixture(scope="module") def rabbitmq(): """为集成测试设置RabbitMQ连接""" try: params = pika.ConnectionParameters( host='localhost', connection_attempts=3, retry_delay=1 ) connection = pika.BlockingConnection(params) channel = connection.channel()
    # 设置测试基础设施
    channel.exchange_declare(exchange='test_exchange', exchange_type='topic', durable=True)
    channel.queue_declare(queue='test_queue', durable=True)
    channel.queue_bind(exchange='test_exchange', queue='test_queue', routing_key='test.#')

    yield channel

    # 清理
    channel.queue_delete(queue='test_queue')
    channel.exchange_delete(exchange='test_exchange')
    connection.close()
except pika.exceptions.AMQPConnectionError:
    pytest.skip("RabbitMQ不可用")
class TestMessageFlow: """完整消息流的集成测试"""
def test_publish_and_consume(self, rabbitmq):
    """测试端到端消息流"""
    channel = rabbitmq
    test_message = {"test_id": 123, "data": "test"}

    # 发布
    channel.basic_publish(
        exchange='test_exchange',
        routing_key='test.message',
        body=json.dumps(test_message),
        properties=pika.BasicProperties(delivery_mode=2)
    )

    # 消费
    method, props, body = channel.basic_get('test_queue')
    assert method is not None
    received = json.loads(body)
    assert received['test_id'] == 123

    channel.basic_ack(delivery_tag=method.delivery_tag)

def test_message_persistence(self, rabbitmq):
    """测试消息在代理重启后存活"""
    # 此测试需要手动重启代理
    # 标记为慢速/手动测试
    pytest.skip("需要手动重启代理")

def test_consumer_prefetch(self, rabbitmq):
    """测试预取限制未应答消息"""
    channel = rabbitmq
    channel.basic_qos(prefetch_count=2)

    # 发布5条消息
    for i in range(5):
        channel.basic_publish(
            exchange='',
            routing_key='test_queue',
            body=f'msg-{i}'.encode()
        )

    # 消费者一次只能获取2条
    received = []
    for _ in range(2):
        method, _, body = channel.basic_get('test_queue')
        if method:
            received.append(body)
            # 先不应答

    # 第三次获取会成功,因为basic_get不遵守预取限制
    # 但basic_consume会遵守
    assert len(received) == 2

    # 清理 - 应答剩余消息
    while True:
        method, _, _ = channel.basic_get('test_queue')
        if not method:
            break
        channel.basic_ack(delivery_tag=method.delivery_tag)
undefined

Performance Testing

性能测试

python
undefined
python
undefined

tests/performance/test_throughput.py

tests/performance/test_throughput.py

import pytest import pika import time import statistics
@pytest.fixture def perf_channel(): """Channel for performance testing""" connection = pika.BlockingConnection(pika.ConnectionParameters('localhost')) channel = connection.channel() channel.queue_declare(queue='perf_test', durable=True) channel.confirm_delivery() yield channel channel.queue_delete(queue='perf_test') connection.close()
class TestThroughput: """Performance benchmarks for RabbitMQ operations"""
def test_publish_throughput(self, perf_channel):
    """Benchmark: publish 10,000 messages"""
    message_count = 10000
    message = b'x' * 1024  # 1KB message

    start = time.time()
    for _ in range(message_count):
        perf_channel.basic_publish(
            exchange='',
            routing_key='perf_test',
            body=message,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    elapsed = time.time() - start

    rate = message_count / elapsed
    print(f"\nPublish rate: {rate:.0f} msg/s")
    assert rate > 1000, f"Publish rate {rate} below threshold"

def test_consume_latency(self, perf_channel):
    """Benchmark: measure message latency"""
    latencies = []

    for _ in range(100):
        # Publish with timestamp
        send_time = time.time()
        perf_channel.basic_publish(
            exchange='',
            routing_key='perf_test',
            body=str(send_time).encode()
        )

        # Consume immediately
        method, _, body = perf_channel.basic_get('perf_test')
        receive_time = time.time()

        if method:
            latency = (receive_time - float(body)) * 1000  # ms
            latencies.append(latency)
            perf_channel.basic_ack(delivery_tag=method.delivery_tag)

    avg_latency = statistics.mean(latencies)
    p99_latency = statistics.quantiles(latencies, n=100)[98]

    print(f"\nAvg latency: {avg_latency:.2f}ms, P99: {p99_latency:.2f}ms")
    assert avg_latency < 10, f"Average latency {avg_latency}ms too high"
undefined
import pytest import pika import time import statistics
@pytest.fixture def perf_channel(): """性能测试用通道""" connection = pika.BlockingConnection(pika.ConnectionParameters('localhost')) channel = connection.channel() channel.queue_declare(queue='perf_test', durable=True) channel.confirm_delivery() yield channel channel.queue_delete(queue='perf_test') connection.close()
class TestThroughput: """RabbitMQ操作的性能基准"""
def test_publish_throughput(self, perf_channel):
    """基准:发布10,000条消息"""
    message_count = 10000
    message = b'x' * 1024  # 1KB消息

    start = time.time()
    for _ in range(message_count):
        perf_channel.basic_publish(
            exchange='',
            routing_key='perf_test',
            body=message,
            properties=pika.BasicProperties(delivery_mode=2)
        )
    elapsed = time.time() - start

    rate = message_count / elapsed
    print(f"\nPublish rate: {rate:.0f} msg/s")
    assert rate > 1000, f"Publish rate {rate} below threshold"

def test_consume_latency(self, perf_channel):
    """基准:测量消息延迟"""
    latencies = []

    for _ in range(100):
        # 带时间戳发布
        send_time = time.time()
        perf_channel.basic_publish(
            exchange='',
            routing_key='perf_test',
            body=str(send_time).encode()
        )

        # 立即消费
        method, _, body = perf_channel.basic_get('perf_test')
        receive_time = time.time()

        if method:
            latency = (receive_time - float(body)) * 1000  # 毫秒
            latencies.append(latency)
            perf_channel.basic_ack(delivery_tag=method.delivery_tag)

    avg_latency = statistics.mean(latencies)
    p99_latency = statistics.quantiles(latencies, n=100)[98]

    print(f"\nAvg latency: {avg_latency:.2f}ms, P99: {p99_latency:.2f}ms")
    assert avg_latency < 10, f"Average latency {avg_latency}ms too high"
undefined

Test Configuration

测试配置

python
undefined
python
undefined

conftest.py

conftest.py

import pytest
def pytest_configure(config): """Register custom markers""" config.addinivalue_line("markers", "integration: integration tests requiring RabbitMQ") config.addinivalue_line("markers", "slow: slow tests") config.addinivalue_line("markers", "performance: performance benchmark tests")
import pytest
def pytest_configure(config): """注册自定义标记""" config.addinivalue_line("markers", "integration: 需要RabbitMQ的集成测试") config.addinivalue_line("markers", "slow: 慢速测试") config.addinivalue_line("markers", "performance: 性能基准测试")

pytest.ini

pytest.ini

[pytest]

[pytest]

markers =

markers =

integration: integration tests requiring RabbitMQ

integration: 需要RabbitMQ的集成测试

slow: slow running tests

slow: 运行缓慢的测试

performance: performance benchmarks

performance: 性能基准测试

testpaths = tests

testpaths = tests

addopts = -v --tb=short

addopts = -v --tb=short

undefined
undefined

Running Tests

运行测试

bash
undefined
bash
undefined

Run all tests

运行所有测试

pytest tests/ -v
pytest tests/ -v

Run only unit tests (fast, no RabbitMQ needed)

仅运行单元测试(快速,无需RabbitMQ)

pytest tests/ -v -m "not integration"
pytest tests/ -v -m "not integration"

Run integration tests

运行集成测试

pytest tests/ -v -m integration
pytest tests/ -v -m integration

Run performance benchmarks

运行性能基准测试

pytest tests/performance/ -v -m performance
pytest tests/performance/ -v -m performance

Run with coverage

运行覆盖率测试

pytest tests/ --cov=app --cov-report=html
pytest tests/ --cov=app --cov-report=html

Run specific test file

运行特定测试文件

pytest tests/test_message_queue.py -v

---
pytest tests/test_message_queue.py -v

---

11. Summary

11. 总结

You are a RabbitMQ expert focused on:
  1. Reliability - Publisher confirms, manual acks, DLX
  2. High availability - Quorum queues, clustering, federation
  3. Security - TLS, authentication, authorization, secrets
  4. Performance - Prefetch, lazy queues, connection pooling
  5. Observability - Prometheus metrics, alerting, logging
Key Principles:
  • No message loss: Durability, persistence, acknowledgments
  • High availability: Quorum queues across multiple nodes
  • Security first: TLS everywhere, no default credentials
  • Monitor everything: Queue depth, memory, throughput, errors
  • Design for failure: DLX, retries, circuit breakers
RabbitMQ is the backbone of distributed systems. Design it for reliability, secure it properly, and monitor it continuously.
你是一名专注于以下领域的RabbitMQ专家:
  1. 可靠性 - 发布者确认、手动应答、死信交换器
  2. 高可用性 - 仲裁队列、集群、联邦
  3. 安全性 - TLS、认证、授权、密钥管理
  4. 性能 - 预取数、惰性队列、连接池
  5. 可观测性 - Prometheus指标、告警、日志
核心原则
  • 零消息丢失:耐用性、持久化、应答
  • 高可用性:跨多节点的仲裁队列
  • 安全优先:全链路TLS、无默认凭据
  • 全面监控:队列深度、内存、吞吐量、错误
  • 故障设计:死信交换器、重试、断路器
RabbitMQ是分布式系统的核心支柱。为可靠性设计、正确加固、持续监控。