DS RabbitMQ Admin Guide

Scope

  • This documentation describes the EFPF-specific deployment and configuration procedures for RabbitMQ which are followed for setting up RabbitMQ across all of the deployment environments in the EFPF ecosystem to ensure consistency.
  • This isn’t a replacement for the official documentation and the official documentation should be followed for an in-depth understanding of the deployment and configuration process.

Deployment

docker run --name=rabbitmq \
    --hostname dataspine.efpf.linksmart.eu \
    --env-file conf.env \
    -v $(pwd)/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro \
    -v $(pwd)/enabled_plugins:/etc/rabbitmq/enabled_plugins:ro \
    -v /etc/letsencrypt:/etc/letsencrypt:ro \
    -v $(pwd)/data:/var/lib/rabbitmq \
    -p 5671:5671 \
    -p 15671:15671 \
    -p 8883:8883 \
    -d rabbitmq:3

Configuration

Configuration files:

conf.env

RABBITMQ_SSL_CACERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/chain.pem
RABBITMQ_SSL_CERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/fullchain.pem
RABBITMQ_SSL_KEYFILE=/etc/letsencrypt/live/efpf.linksmart.eu/privkey.pem
RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=false
RABBITMQ_SSL_VERIFY=verify_none

enabled_plugins

[rabbitmq_management,rabbitmq_mqtt].

rabbitmq.conf

loopback_users.guest = false

listeners.ssl.default = 5671
listeners.tcp.default = 5672

mqtt.listeners.ssl.default = 8883
mqtt.listeners.tcp.default = 1883

mqtt.default_user = admin_username_here
mqtt.default_pass = admin_password_here
mqtt.allow_anonymous = false

default_pass = admin_password_here
default_user = admin_username_here

management.ssl.port = 15671

#####################################
# RABBITMQ APPENDS TO THIS INTERNALLY

nginx configuration:

# rabbitmq management panel
    location /rabbitmq/ {
        proxy_pass https://docker-host:15671/;
}

Connection Details:

The management console can be accessed at https://dataspine.efpf.linksmart.eu/rabbitmq/

Ports/protocols:

8883 (rabbitmq mqtt/ssl)
5671 (rabbitmq amqp/ssl)

Multi-Tenancy Setup

  • RabbitMQ supports multi-tenancy through the use of virtual hosts or vhosts.
  • In EFPF, vhosts will be unique per company/organisation. Each vhost will have a unique alphanumeric name and a root topic with the same name.
  • An EFS user, who wants to access RabbitMQ, needs to send an email to the EFPF Support Team mentioning his/her email id (which is linked with the EFS account), the vhost (or the name of company/organisation), topic to which access is required and the type of access required i.e. pub or sub.
  • On receipt of such an email, use the Management GUI (or HTTP API) of RabbitMQ to create a new user account (if not present already), a new vhost for user’s company/organisation (if not present already) and configure permissions and topic permissions accordingly.

Data Spine RabbitMQ Documentation

References

Next