DS RabbitMQ Admin Guide

Scope

This documentation includes EFPF account of deploying and configuring RabbitMQ which is followed for setting up RabbitMQ across all of the deployment environments in EFPF to ensure consistency. It isn’t a replacement for the official documentation and the official documentation should be followed for an in-depth understanding of the deployment and configuration process.

Deployment

docker run --name=rabbitmq \
    --hostname dataspine.efpf.linksmart.eu \
    --env-file conf.env \
    -v $(pwd)/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro \
    -v $(pwd)/enabled_plugins:/etc/rabbitmq/enabled_plugins:ro \
    -v /etc/letsencrypt:/etc/letsencrypt:ro \
    -v $(pwd)/data:/var/lib/rabbitmq \
    -p 5671:5671 \
    -p 15671:15671 \
    -p 8883:8883 \
    -d rabbitmq:3

Configuration

Configuration files:

conf.env

RABBITMQ_SSL_CACERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/chain.pem
RABBITMQ_SSL_CERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/fullchain.pem
RABBITMQ_SSL_KEYFILE=/etc/letsencrypt/live/efpf.linksmart.eu/privkey.pem
RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=false
RABBITMQ_SSL_VERIFY=verify_none

enabled_plugins

[rabbitmq_management,rabbitmq_mqtt].

rabbitmq.conf

loopback_users.guest = false

listeners.ssl.default = 5671
listeners.tcp.default = 5672

mqtt.listeners.ssl.default = 8883
mqtt.listeners.tcp.default = 1883

mqtt.default_user = admin_username_here
mqtt.default_pass = admin_password_here
mqtt.allow_anonymous = false

default_pass = admin_password_here
default_user = admin_username_here

management.ssl.port = 15671

#####################################
# RABBITMQ APPENDS TO THIS INTERNALLY

nginx configuration:

# rabbitmq management panel
    location /rabbitmq/ {
        proxy_pass https://docker-host:15671/;
}

Connection Details:

The management console can be accessed at https://dataspine.efpf.linksmart.eu/rabbitmq/

Ports/protocols:

8883 (rabbitmq mqtt/ssl)
5671 (rabbitmq amqp/ssl)

Multi-Tenancy Setup

  • RabbitMQ supports multi-tenancy through the use of virtual hosts or vhosts.
  • In EFPF, vhosts will be unique per company/organisation. Each vhost will have a unique alphanumeric name and a root topic with the same name.
  • An EFS user, who wants to access RabbitMQ, needs to send an email to the Data Spine Technical Support Team mentioning his/her email id (which is linked with the EFS account), the vhost (or the name of company/organisation), topic to which access is required and the type of access required i.e. pub or sub.
  • On receipt of such an email, use the Management GUI (or HTTP API) of RabbitMQ to create a new user account (if not present already), a new vhost for user’s company/organisation (if not present already) and configure permissions and topic permissions accordingly.

References

Next