Skip to main content
OpenSRE uses the RabbitMQ Management HTTP API to investigate message-bus incidents — checking queue backlogs, consumer health, broker-wide resource usage, cluster partition state, and connection patterns.

Prerequisites

  • RabbitMQ 3.12+ (3.13 recommended)
  • The rabbitmq_management plugin must be enabled on the broker:
  • Network access from the OpenSRE environment to the Management API port (default 15672)
  • A user with at least the monitoring tag (read-only access to all management endpoints)

Setup

Option 1: Interactive CLI

You will be prompted for host, management port, username, password, vhost, and whether to enable SSL.

Option 2: Environment variables

Add to your .env:

Option 3: Persistent store

Credentials are automatically persisted to ~/.opensre/integrations.json with 0o600 permissions:
Create a dedicated monitoring user so OpenSRE has read-only access:
The monitoring tag grants read access to all management endpoints without the ability to publish, consume, create, or delete any resources. The permissions line grants no configure or write access (^$ matches nothing), and read access to all resources (.*).

TLS configuration

SSL is disabled by default because most RabbitMQ Management API deployments use HTTP internally. For production environments exposed over the network, enable HTTPS:
Set RABBITMQ_VERIFY_SSL=false only when connecting to brokers with self-signed certificates in trusted networks.

Investigation tools

When OpenSRE investigates a RabbitMQ-related alert, five diagnostic tools are available:

Queue backlog

Lists queues ranked by pending message count (ready + unacknowledged). Returns queue name, vhost, state, message counts, consumer count, consumer utilisation, memory usage, and publish/deliver/ack rates. Results are scoped to the configured vhost.

Consumer health

Lists active consumers with per-queue diagnostics: consumer tag, ack mode, prefetch count, active state, and the channel/connection each consumer is bound to. Helps identify stalled or missing consumers behind a growing backlog.

Broker overview

Returns a cluster-wide summary: RabbitMQ version, cluster name, total message counts, publish/deliver rates, queue/consumer/connection/channel totals, plus alarm health-check status (memory, disk, and file-descriptor alarms).

Node health

Returns per-node resource utilisation: memory used vs. limit (with alarm flag), disk free vs. limit (with alarm flag), file descriptors, sockets, Erlang process usage, and cluster partition state. Essential for diagnosing backpressure, partitions, or node-level resource exhaustion.

Connection stats

Lists active connections sorted by receive byte rate. Reports user, vhost, protocol, channel count, peer host/port, TLS status, and recv/send byte rates. Helps spot connection exhaustion, slow consumers, or noisy publishers. Results are filtered to the configured vhost.

Verify

Expected output:

Troubleshooting

Security best practices

  • Use a dedicated monitoring user — never the default guest account or an administrator-tagged user.
  • Always enable TLS when the Management API is exposed over the network.
  • Keep passwords out of source control — use .env or the persistent store.
  • Rotate credentials periodically.
  • The Management API is read-only from OpenSRE’s perspective — no messages are published, consumed, or deleted.