You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Tellier Benoit <bt...@apache.org> on 2020/12/11 05:42:45 UTC
James requires administrative rights on RabbitMQ (!!!)
Hello James DEVs !!!
I want to start a discussion around
https://issues.apache.org/jira/browse/JAMES-3475
Our issue is that James so far require administrative rights on RabbitMQ
server.
This of course means that sharing this RabbitMQ with other apps / James
servers of other tenant represent a data isolation / security issue,
that we leverage by giving James his own dedicated RabbitMQ server,
which don't help mutualizing costs.
Thus, I would like to leverage Cassandra to keep track of created queues.
This is a task that could be quickly tackled by Quan our intern, who
wants to learn about NoSQL. This could be a very good sandbox issue for him.
Feedback?
Benoit
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: James requires administrative rights on RabbitMQ (!!!)
Posted by Tellier Benoit <bt...@apache.org>.
Le 11/12/2020 à 14:53, Matthieu Baechler a écrit :
> Hi,
>
> On Fri, 2020-12-11 at 12:42 +0700, Tellier Benoit wrote:
>> Hello James DEVs !!!
>>
>> I want to start a discussion around
>> https://issues.apache.org/jira/browse/JAMES-3475
>>
>> Our issue is that James so far require administrative rights on
>> RabbitMQ
>> server.
>>
>> This of course means that sharing this RabbitMQ with other apps /
>> James
>> servers of other tenant represent a data isolation / security issue,
>> that we leverage by giving James his own dedicated RabbitMQ server,
>> which don't help mutualizing costs.
>>
>> Thus, I would like to leverage Cassandra to keep track of created
>> queues.
>>
>> This is a task that could be quickly tackled by Quan our intern, who
>> wants to learn about NoSQL. This could be a very good sandbox issue
>> for him.
>>
>> Feedback?
>
> What about using RabbitMQ virtualhost feature instead?
>
> https://www.rabbitmq.com/vhosts.html
Thanks. Needless to say, we already use that at the AMQP level.
I was unaware VHost restrictions did apply in the management plugin too.
I apologize, my argument is not the right one.
- Management API access freaks admins out - at least the one I know.
Stopping supporting it will calm them down ;-)
You know, these people have weird checklists, especially external
auditors might not be much open to debate ;-)
- Actually the management API is *so unstable* that we need a retrier
on it:
0135291 JAMES-2544 Use Feign retry mechanism to retry calls on RabbitMQ
management API
(I agree the commit miss a nice explanation message)
This setup relying on retires (not working without retries!) do not seem
like a "production-ready" thing.
I'd like to enhance this matter of fact!
Cheers,
Benoit
>
> Cheers,
>
> -- Matthieu Baechler
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: James requires administrative rights on RabbitMQ (!!!)
Posted by Matthieu Baechler <ma...@apache.org>.
Hi,
On Fri, 2020-12-11 at 12:42 +0700, Tellier Benoit wrote:
> Hello James DEVs !!!
>
> I want to start a discussion around
> https://issues.apache.org/jira/browse/JAMES-3475
>
> Our issue is that James so far require administrative rights on
> RabbitMQ
> server.
>
> This of course means that sharing this RabbitMQ with other apps /
> James
> servers of other tenant represent a data isolation / security issue,
> that we leverage by giving James his own dedicated RabbitMQ server,
> which don't help mutualizing costs.
>
> Thus, I would like to leverage Cassandra to keep track of created
> queues.
>
> This is a task that could be quickly tackled by Quan our intern, who
> wants to learn about NoSQL. This could be a very good sandbox issue
> for him.
>
> Feedback?
What about using RabbitMQ virtualhost feature instead?
https://www.rabbitmq.com/vhosts.html
Cheers,
-- Matthieu Baechler
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org