DS RabbitMQ Admin Guide

Notes

  • This guide primarily refers to the setup of DS RabbitMQ in the EFPF Development Environment.
  • In the EFPF Testing and Production Environments, the components of the Data Spine are deployed in the same internal network to minimise network latency as described here, and therefore, some configuration has changed.
  • In the EFPF Testing and Production Environments, the deployment and the initial configuration of the Data Spine components has been automated using Ansible Playbooks and Gitlab CI/CD infrastructure. This configuration is currently maintained in the EFPF Integration and Deployment repository.
  • Latest Connection Details: Link

Deployment

docker run --name=rabbitmq \
    --hostname dataspine.efpf.linksmart.eu \
    --env-file conf.env \
    -v $(pwd)/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro \
    -v $(pwd)/enabled_plugins:/etc/rabbitmq/enabled_plugins:ro \
    -v /etc/letsencrypt:/etc/letsencrypt:ro \
    -v $(pwd)/data:/var/lib/rabbitmq \
    -p 5671:5671 \
    -p 15671:15671 \
    -p 8883:8883 \
    -d rabbitmq:3

Configuration

Configuration files:

conf.env

RABBITMQ_SSL_CACERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/chain.pem
RABBITMQ_SSL_CERTFILE=/etc/letsencrypt/live/efpf.linksmart.eu/fullchain.pem
RABBITMQ_SSL_KEYFILE=/etc/letsencrypt/live/efpf.linksmart.eu/privkey.pem
RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=false
RABBITMQ_SSL_VERIFY=verify_none

enabled_plugins

[rabbitmq_management,rabbitmq_mqtt].

rabbitmq.conf

loopback_users.guest = false

listeners.ssl.default = 5671
listeners.tcp.default = 5672

mqtt.listeners.ssl.default = 8883
mqtt.listeners.tcp.default = 1883

mqtt.default_user = admin_username_here
mqtt.default_pass = admin_password_here
mqtt.allow_anonymous = false

default_pass = admin_password_here
default_user = admin_username_here

management.ssl.port = 15671

#####################################
# RABBITMQ APPENDS TO THIS INTERNALLY

nginx configuration:

# rabbitmq management panel
    location /rabbitmq/ {
        proxy_pass https://docker-host:15671/;
}

Connection Details:

The management console can be accessed at https://dataspine.efpf.linksmart.eu/rabbitmq/

Ports/protocols:

8883 (rabbitmq mqtt/ssl)
5671 (rabbitmq amqp/ssl)

Multi-Tenancy Setup

DEV & TEST Environments

  • RabbitMQ supports multi-tenancy through the use of virtual hosts or vhosts.
  • In EFPF, vhosts will be unique per company/organisation. Each vhost will have a unique alphanumeric name and a root topic with the same name.
  • An EFS user, who wants to access RabbitMQ, needs to send an email to the EFPF Support Team mentioning his/her email id (which is linked with the EFS account), the vhost (or the name of company/organisation), topic to which access is required and the type of access required i.e. pub or sub.
  • On receipt of such an email, use the Management GUI (or HTTP API) of RabbitMQ to create a new user account (if not present already), a new vhost for user’s company/organisation (if not present already) and configure permissions and topic permissions accordingly.

PROD Environment

  • RabbitMQ supports multi-tenancy through the use of virtual hosts or vhosts.
  • In EFPF, vhosts will be unique per company/organisation. Each vhost will have a unique alphanumeric name and a root topic with the same name. The name of the vhost is derived from the EFS users email Id - its the string following the @ symbol, with .’s replaced with -’s.
    • e.g. for user@companyx.com: Vhost = companyx-com
    • e.g. for user@department1.companyz.com: Vhost = department1-companyz-com
    • Exceptions:
      • user@gmail.com: Vhost = efpf-open-call-vhost
      • user@outlook.com: Vhost = efpf-open-call-vhost
  • An EFS user, who wants to access RabbitMQ, needs to visit the Pub/Sub Security Service Dashboard. Upon arrival at the Dashboard, a RabbitMQ account and company vhost will be automatically created, if one does not exist already. Otherwise, the EFS user will be assigned access to the existing company vhost.
  • The Pub Sub Security Service Dashboard can then be used to create and manage topics and topic permisisons in the Message Bus.

Data Spine RabbitMQ Documentation

References

Next