当前位置：首页 > news >正文

RabbitMQ-Exporter 监控 TLS 加密的 RabbitMQ 集群

news 2025/11/7 7:20:28

以下是详细的配置步骤指南： Here is the detailed configuration guide:

1. 确认 RabbitMQ Management Plugin 的 TLS 配置

Verify RabbitMQ Management Plugin TLS Configuration

RabbitMQ 配置文件示例 (/etc/rabbitmq/rabbitmq.conf): RabbitMQ Configuration File Example (/etc/rabbitmq/rabbitmq.conf):

# 启用管理插件的 HTTPS 端口
# Enable Management Plugin HTTPS port
management.ssl.port = 15671

# 指定证书路径
# Specify certificate paths
management.ssl.cacertfile = /path/to/ca_certificate.pem
management.ssl.certfile   = /path/to/server_certificate.pem
management.ssl.keyfile    = /path/to/server_key.pem

# 证书验证设置
# Certificate verification settings
management.ssl.verify     = verify_peer
management.ssl.fail_if_no_peer_cert = false

验证 HTTPS 接口是否正常工作: Verify if HTTPS interface works properly:

curl -k -u <username>:<password> https://<rabbitmq_host>:15671/api/overview

2. 配置 RabbitMQ-Exporter 连接 TLS 加密的 RabbitMQ

Configure RabbitMQ-Exporter to Connect to TLS-encrypted RabbitMQ

方案 A: 使用 Docker Compose (推荐)

Solution A: Using Docker Compose (Recommended)

version: '3.8'
services:rabbitmq-exporter:image: kbudde/rabbitmq-exportercontainer_name: rabbitmq-exporterrestart: unless-stoppedports:- "9419:9419"environment:# RabbitMQ 连接信息 - 使用 HTTPS# RabbitMQ Connection Info - Use HTTPS- RABBIT_URL=https://rabbitmq-server:15671- RABBIT_USER=monitor_user- RABBIT_PASSWORD=your_password# TLS 配置选项# TLS Configuration Options- SKIP_VERIFY=false                    # 生产环境设为 false- CA_CERT_FILE=/certs/ca_cert.pem      # CA 证书路径# Exporter 配置# Exporter Configuration- PUBLISH_PORT=9419- OUTPUT_FORMAT=JSONvolumes:# 挂载证书文件# Mount certificate files- ./tls/ca_cert.pem:/certs/ca_cert.pem:ro

方案 B: 二进制文件直接运行

Solution B: Direct Binary Execution

./rabbitmq-exporter \--rabbit.url="https://rabbitmq-host:15671" \--rabbit.user="monitor_user" \--rabbit.password="password" \--ca-cert-file="/path/to/ca_certificate.pem" \--skip-verify=false \--publish-addr=":9419"

3. 环境变量详解 / Environment Variables Explained

环境变量 / Environment Variable	说明 / Description	示例值 / Example Value
`RABBIT_URL`	必须使用 HTTPS / Must use HTTPS	`https://host:15671`
`SKIP_VERIFY`	跳过证书验证 (测试用) / Skip certificate verification (for testing)	`false` (生产/production)
`CA_CERT_FILE`	CA 证书文件路径 / CA certificate file path	`/certs/ca.pem`
`CLIENT_CERT_FILE`	客户端证书 (双向 TLS) / Client certificate (mutual TLS)	`/certs/client.pem`
`CLIENT_KEY_FILE`	客户端密钥 / Client private key	`/certs/client-key.pem`
`PUBLISH_PORT`	Exporter 服务端口 / Exporter service port	`9419`

4. Prometheus 配置 / Prometheus Configuration

scrape_configs:- job_name: 'rabbitmq-cluster-tls'static_configs:- targets: ['rabbitmq-exporter:9419']metrics_path: '/metrics'labels:cluster: 'rabbitmq-tls-cluster'environment: 'production'

5. 故障排查指南 / Troubleshooting Guide

检查 Exporter 日志 / Check Exporter Logs

docker logs rabbitmq-exporter
# 查找错误信息 / Look for error messages

测试指标端点 / Test Metrics Endpoint

curl http://localhost:9419/metrics
# 应该返回 RabbitMQ 指标 / Should return RabbitMQ metrics

常见错误及解决方案 / Common Errors and Solutions

错误信息 / Error Message	原因 / Cause	解决方案 / Solution
`x509: certificate signed by unknown authority`	缺少 CA 证书 / Missing CA certificate	设置 `CA_CERT_FILE` 环境变量
`connection refused`	错误的端口或协议 / Wrong port or protocol	确认使用 `https://` 和 `15671` 端口
`permission denied`	证书文件权限问题 / Certificate file permission issue	确保文件可读 / Ensure files are readable

6. 集群监控配置 / Cluster Monitoring Configuration

单节点监控 (推荐) / Single Node Monitoring (Recommended)

environment:- RABBIT_URL=https://rabbitmq-loadbalancer:15671

多节点监控 / Multi-Node Monitoring

# 为每个节点配置单独的 job
# Configure separate jobs for each node
scrape_configs:- job_name: 'rabbitmq-node1'static_configs:- targets: ['exporter-node1:9419']- job_name: 'rabbitmq-node2'  static_configs:- targets: ['exporter-node2:9419']