Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a way for operator to override user policies #930

Closed
michaelklishin opened this issue Aug 23, 2016 · 2 comments
Closed

Provide a way for operator to override user policies #930

michaelklishin opened this issue Aug 23, 2016 · 2 comments
Assignees
@michaelklishin @hairyhum
Labels
effort-medium enhancement
Milestone
3.7.0

Comments

@michaelklishin
Copy link
Member

michaelklishin commented Aug 23, 2016
edited
Loading

So that e.g. queue limits can be enforced while retaining the ability of users to define their own policies. This is primarily relevant in hosted RabbitMQ scenarios.

Current thinking on how this should work is the following:

  • A new ctl command, rabbitmqctl set_operator_policy_override, that works almost like rabbitmqctl set_policy but only supports a subset of queue keys (see below)
  • Operator policy definitions are merged into "user policy" definitions (see below)
  • Operator policies are not global and scoped per vhost, the same way it currently works for "user policies"

There can be cases when operator policies can affect application semantics if we simply replace the user provided value. Consider the following:

  • A user policy sets max queue length to 10
  • An operator policy sets max queue length to 1000
  • Semantically an app assumes there can be no more than 10 messages enqueued at any given moment

We already faced a similar decision when implementing per-message TTL. If there are two TTL values in effect (one for the queue and one for the message), we pick the lower value. Our team
believes the same idea should work well for queue length limits.

Therefore, the idea with policy type merging is this:

  • Only support a subset of policy-defined optional queue arguments: message-ttl, expires, max-length, and max-length-bytes.
  • When merging, pick the lower value.

Since the idea with operator policy overrides is usually limit the amount of resources that can be consumed by a vhost (e.g. for tiered pricing in hosted services), this subset should be enough. We can gradually expand the list as we come up with more reasonable and safe ways to merge values.
@michaelklishin michaelklishin self-assigned this Aug 23, 2016
@michaelklishin michaelklishin added this to the 3.6.x milestone Aug 23, 2016
@michaelklishin
Copy link
Member Author

We'd like to get this into 3.6.x. Not yet clear if it's going to be possible.

This was referenced Aug 26, 2016
Merged
Merged
Merged
@michaelklishin michaelklishin modified the milestones: 3.7.0, 3.6.x Aug 31, 2016
@michaelklishin
Copy link
Member Author

Alright, this cannot make it into a 3.6.x release due to the internal database schema changes we have to introduce.

@michaelklishin michaelklishin mentioned this issue Sep 1, 2016
Closed
@michaelklishin michaelklishin reopened this Sep 1, 2016
@hairyhum hairyhum mentioned this issue Sep 6, 2016
Closed
michaelklishin added a commit to rabbitmq/rabbitmq-management that referenced this issue Jan 3, 2017
@michaelklishin
Switch operator policies and vhost limit endpoints to use dashes
e9e2e5d 
Like we already do with aliveness-check and a few other things.
These endpoints are new in 3.7.0/master and we should unify them while
we can.

Per suggestion from @acogoluegnes.

References rabbitmq/rabbitmq-server#500, rabbitmq/rabbitmq-server#501,
rabbitmq/rabbitmq-server#930.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelklishin michaelklishin

@hairyhum hairyhum

Labels
effort-medium enhancement
Projects
None yet
Milestone
3.7.0
Development

No branches or pull requests
2 participants
@michaelklishin @hairyhum