Installing Rabbitmq with clustering and SSL
------------------------------------------------------
>>>>>>>>>>>>>>> Rabbitmq Installation <<<<<<<<<<<<<<<<
------------------------------------------------------
# Installing Rabbitmq
yum install rabbitmq-server
or
apt-get install rabbitmq-server
# The above command will install rabbitmq-server on your machine.
# The below commands will be available after installing rabbitmq-server
rabbitmq-server
# and
rabbitmqctl
# The rabbitmq-server is ready now, you can use various options of rabbitmqctl to get details of users,acl,queues,bindings and cluster status
rabbitmqctl list_'users/bindings/queues/vhosts'
# Search for sample code for sending a message and receiving message from the rabbitmq-server
Here is one for you :)
http://github.com/rabbitmq/rabbitmq-tutorials/blob/master/python/send.py
http://github.com/rabbitmq/rabbitmq-tutorials/blob/master/python/receive.py
------------------------------------------------------
>>>>>>>>>>>>>>> Rabbitmq Clustering <<<<<<<<<<<<<<<<<<
------------------------------------------------------
# Follow the above installation process on the slave node
# Copy the .erlang.cookie from the other server
# Delete the existing .erlang.cookie
rm -vf ~rabbitmq/.erlang.cookie
# from rabbit1-server
rsync -avzP ~rabbitmq/.erlang.cookie root@rabbit2-server:~/rabbitmq/
# Follow below steps to add a node in clustering on rabbit2-server.
rabbitmqctl stop_app
rabbitmqctl reset
rabbitmqctl cluster rabbit@rabbit2-server rabbit@rabbit1-server
# If the above command gives error check if the rabbit2-server is able to resolve the hostname rabbit1-server.
# If not then add the entries in /etc/hosts.
# If everything goes "ok" continue with below steps.
rabbitmqctl start_app
# Check the cluster status on any of the node
rabbitmqctl cluster_status
Cluster status of node 'rabbit@rabbit1-server' ...
[{nodes,[{disc,['rabbit@rabbit2-server',
'rabbit@rabbit1-server']}]},
{running_nodes,['rabbit@rabbit2-server',
'rabbit@rabbit1-server']}]
...done.
# If you see the output as above you have successfully setup rabbitmq clustering
# You can test it by sending message on any any one server and check the clustering by listing the queues from other server
rabbitmqctl list_queues
# You will find the queues getting replicated
------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Rabbitmq ACL <<<<<<<<<<<<<<<<<<<<<
------------------------------------------------------
# ACL can be used to restrict user to configure, read, or write on vhost
# Vhost are similar to vhost on apache, we can create our own vhost and use them.
# The root vhost is "/"
# To view all the created vhost
rabbitmqctl list_vhosts
# Create a new user
rabbitmqctl add_user username password
# Set permissions for the user on vhost
rabbitmqctl set_permissions -p vhostpath username ".*" ".*" ".*"
# You can set permissions as per your requirement
rabbitmqctl set_permissions [-p <vhostpath>] <user> <conf> <write> <read>
# Check the given permissions using the below command
rabbitmqctl list_user_permissions username
# Now we can use the created user for connecting rabbitmq-server using the password specified earlier
------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Rabbitmq SSL <<<<<<<<<<<<<<<<<<<<<
------------------------------------------------------
# Copy the certificates on the client node.
# Create a key-cert.pem used by stunnel
cat certificate.key ca-cert.pem > key-cert.pem
# Use the above key-cert.pem in stunnel configuration
# Installing stunnel on all the clients
yum install stunnel
# Edit /etc/default/stunnel4
ENABLED=0
change it to
ENABLED=1
# Else everything will be as it is.
# Copy a sample stunnel configuration in /etc/stunnel directory
cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample /etc/stunnel/stunnel.conf
# Edit the /etc/stunnel/stunnel.conf
Comment below lines using ';'
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
Uncomment below lines by removing ';'
debug = 7
output = /var/log/stunnel4/stunnel.log
Edit and add below lines
cert = /path/to/key-cert.pem
[amqp]
client = yes
accept = 5673
connect = ipaddress:5671
# Restart stunnel
/etc/init.d/stunnel4 restart
# Check if the new port 5671 is listening or not
netstat -tnlp | grep 5671
# On Rabbitmq Server
# Get the certificates on to the server.
# Edit /etc/rabbitmq/rabbitmq.config
# Add below lines
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/path/to/cacert.crt"},
{certfile,"/path/to/certfile.pem"},
{keyfile,"/path/to/keyfile.key"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
# Restart Rabbitmq server
/etc/init.d/rabbbitmq-server restart
# Verify the SSL listener has started
netstat -tnlp | grep 5671
------------------------------------------------------
>>>>>>>>>>>>>>> Rabbitmq Installation <<<<<<<<<<<<<<<<
------------------------------------------------------
# Installing Rabbitmq
yum install rabbitmq-server
or
apt-get install rabbitmq-server
# The above command will install rabbitmq-server on your machine.
# The below commands will be available after installing rabbitmq-server
rabbitmq-server
# and
rabbitmqctl
# The rabbitmq-server is ready now, you can use various options of rabbitmqctl to get details of users,acl,queues,bindings and cluster status
rabbitmqctl list_'users/bindings/queues/vhosts'
# Search for sample code for sending a message and receiving message from the rabbitmq-server
Here is one for you :)
http://github.com/rabbitmq/rabbitmq-tutorials/blob/master/python/send.py
http://github.com/rabbitmq/rabbitmq-tutorials/blob/master/python/receive.py
------------------------------------------------------
>>>>>>>>>>>>>>> Rabbitmq Clustering <<<<<<<<<<<<<<<<<<
------------------------------------------------------
# Follow the above installation process on the slave node
# Copy the .erlang.cookie from the other server
# Delete the existing .erlang.cookie
rm -vf ~rabbitmq/.erlang.cookie
# from rabbit1-server
rsync -avzP ~rabbitmq/.erlang.cookie root@rabbit2-server:~/rabbitmq/
# Follow below steps to add a node in clustering on rabbit2-server.
rabbitmqctl stop_app
rabbitmqctl reset
rabbitmqctl cluster rabbit@rabbit2-server rabbit@rabbit1-server
# If the above command gives error check if the rabbit2-server is able to resolve the hostname rabbit1-server.
# If not then add the entries in /etc/hosts.
# If everything goes "ok" continue with below steps.
rabbitmqctl start_app
# Check the cluster status on any of the node
rabbitmqctl cluster_status
Cluster status of node 'rabbit@rabbit1-server' ...
[{nodes,[{disc,['rabbit@rabbit2-server',
'rabbit@rabbit1-server']}]},
{running_nodes,['rabbit@rabbit2-server',
'rabbit@rabbit1-server']}]
...done.
# If you see the output as above you have successfully setup rabbitmq clustering
# You can test it by sending message on any any one server and check the clustering by listing the queues from other server
rabbitmqctl list_queues
# You will find the queues getting replicated
------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Rabbitmq ACL <<<<<<<<<<<<<<<<<<<<<
------------------------------------------------------
# ACL can be used to restrict user to configure, read, or write on vhost
# Vhost are similar to vhost on apache, we can create our own vhost and use them.
# The root vhost is "/"
# To view all the created vhost
rabbitmqctl list_vhosts
# Create a new user
rabbitmqctl add_user username password
# Set permissions for the user on vhost
rabbitmqctl set_permissions -p vhostpath username ".*" ".*" ".*"
# You can set permissions as per your requirement
rabbitmqctl set_permissions [-p <vhostpath>] <user> <conf> <write> <read>
# Check the given permissions using the below command
rabbitmqctl list_user_permissions username
# Now we can use the created user for connecting rabbitmq-server using the password specified earlier
------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Rabbitmq SSL <<<<<<<<<<<<<<<<<<<<<
------------------------------------------------------
# Copy the certificates on the client node.
# Create a key-cert.pem used by stunnel
cat certificate.key ca-cert.pem > key-cert.pem
# Use the above key-cert.pem in stunnel configuration
# Installing stunnel on all the clients
yum install stunnel
# Edit /etc/default/stunnel4
ENABLED=0
change it to
ENABLED=1
# Else everything will be as it is.
# Copy a sample stunnel configuration in /etc/stunnel directory
cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample /etc/stunnel/stunnel.conf
# Edit the /etc/stunnel/stunnel.conf
Comment below lines using ';'
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
Uncomment below lines by removing ';'
debug = 7
output = /var/log/stunnel4/stunnel.log
Edit and add below lines
cert = /path/to/key-cert.pem
[amqp]
client = yes
accept = 5673
connect = ipaddress:5671
# Restart stunnel
/etc/init.d/stunnel4 restart
# Check if the new port 5671 is listening or not
netstat -tnlp | grep 5671
# On Rabbitmq Server
# Get the certificates on to the server.
# Edit /etc/rabbitmq/rabbitmq.config
# Add below lines
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/path/to/cacert.crt"},
{certfile,"/path/to/certfile.pem"},
{keyfile,"/path/to/keyfile.key"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
# Restart Rabbitmq server
/etc/init.d/rabbbitmq-server restart
# Verify the SSL listener has started
netstat -tnlp | grep 5671
