Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / rabbitmq / 4c9e7b6f87ab835a8b795a21f422b578ed134240 / . / README.rst
blob: 16f89e85c7d7660513aa5bb5567abb6d21dad18a [file] [log] [blame]
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]1=========================
2RabbitMQ messaging system
3=========================
4
5RabbitMQ is a complete and highly reliable enterprise messaging system based on the emerging AMQP standard.
6
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]7Sample pillars
8==============
9
10Standalone Broker
11-----------------
12
13RabbitMQ as AMQP broker with admin user and vhosts
14
15.. code-block:: yaml
16
17 rabbitmq:
18 server:
19 enabled: true
20 bind:
21 address: 0.0.0.0
22 port: 5672
23 secret_key: rabbit_master_cookie
24 admin:
25 name: adminuser
26 password: pwd
27 plugins:
28 - amqp_client
29 - rabbitmq_management
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]30 host:
31 '/monitor':
32 enabled: true
33 user: 'monitor'
34 password: 'password'
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]35
36RabbitMQ as a Stomp broker
37
38.. code-block:: yaml
39
40 rabbitmq:
41 server:
42 enabled: true
43 secret_key: rabbit_master_cookie
44 bind:
45 address: 0.0.0.0
46 port: 5672
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]47 host:
48 '/monitor':
49 enabled: true
50 user: 'monitor'
51 password: 'password'
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]52 plugins:
53 - rabbitmq_stomp
54
55RabbitMQ cluster
56----------------
57
58RabbitMQ as base cluster node
59
60.. code-block:: yaml
61
62 rabbitmq:
63 server:
64 enabled: true
65 bind:
66 address: 0.0.0.0
67 port: 5672
68 secret_key: rabbit_master_cookie
69 admin:
70 name: adminuser
71 password: pwd
72 cluster:
73 enabled: true
74 role: master
75 mode: disc
76 members:
77 - name: openstack1
78 host: 10.10.10.212
79 - name: openstack2
80 host: 10.10.10.213
81
82HA Queues definition
83
84.. code-block:: yaml
85
86 rabbitmq:
87 server:
88 enabled: true
89 ...
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]90 host:
91 '/monitor':
92 enabled: true
93 user: 'monitor'
94 password: 'password'
95 policies:
96 - name: HA
97 pattern: '^(?!amq\.).*'
98 definition: '{"ha-mode": "all"}'
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]99
100
101Enable TLS support
102------------------
103
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]104To enable support of TLS for rabbitmq-server you need to provide a path to cacert, server cert and private key :
105
106.. code-block:: yaml
107
108 rabbitmq:
109 server:
110 enabled: true
111 ...
112 ssl:
113 enabled: True
114 key_file: /etc/rabbitmq/ssl/key.pem
115 cert_file: /etc/rabbitmq/ssl/cert.pem
116 ca_file: /etc/rabbitmq/ssl/ca.pem
117
118To manage content of these files you can either use the following options:
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]119
120.. code-block:: yaml
121
122 rabbitmq:
123 server:
124 enabled: true
125 ...
126 ssl:
127 enabled: True
128
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]129 key_file: /etc/rabbitmq/ssl/key.pem
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]130 key: |
131 -----BEGIN RSA PRIVATE KEY-----
132 ...
133 -----END RSA PRIVATE KEY-------
134
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]135 ca_file: /etc/rabbitmq/ssl/ca.pem
136 cacert_chain: |
137 -----BEGIN CERTIFICATE-----
138 ...
139 -----END CERTIFICATE-------
140
141 cert_file: /etc/rabbitmq/ssl/cert.pem
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]142 cert: |
143 -----BEGIN CERTIFICATE-----
144 ...
145 -----END CERTIFICATE-------
146
147
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]148Or you can use the `salt.minion.cert` salt state which
149creates all required files according to defined reclass model [1]. In this case you need just to enable ssl and nothing more:
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]150
151.. code-block:: yaml
152
153 rabbitmq:
154 server:
155 enabled: true
156 ...
157 ssl:
158 enabled: True
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]159
160--
161
162Defaut port for TLS is **5671**:
163
164.. code-block:: yaml
165
166 rabbitmq:
167 server:
168 bind:
169 ssl:
170 port: 5671
171
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]172
1731. https://github.com/Mirantis/reclass-system-salt-model/tree/master/salt/minion/cert/rabbitmq
174
175
176
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]177Usage
178=====
179
180Check cluster status, example shows running cluster with 3 nodes: ctl-1, ctl-2, ctl-3
181
182.. code-block:: yaml
183
184 > rabbitmqctl cluster_status
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]185
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]186 Cluster status of node 'rabbit@ctl-1' ...
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]187 [{nodes,[{disc,['rabbit@ctl-1','rabbit@ctl-2','rabbit@ctl-3']}]},
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]188 {running_nodes,['rabbit@ctl-3','rabbit@ctl-2','rabbit@ctl-1']},
189 {partitions,[]}]
190 ...done.
191
192Setup management user.
193
194.. code-block:: yaml
195
196 > rabbitmqctl add_vhost vhost
197 > rabbitmqctl add_user user alive
198 > rabbitmqctl set_permissions -p vhost user ".*" ".*" ".*"
199 > rabbitmqctl set_user_tags user management
200
201EPD process is Erlang Port Mapper Daemon. It's a feature of the Erlang runtime that helps Erlang nodes to find each other. It's a pretty tiny thing and doesn't contain much state (other than "what Erlang nodes are running on this system?") so it's not a huge deal for it to still be running.
202Although it's running as user rabbitmq, it was started automatically by the Erlang VM when we started. We've considered adding "epmd -kill" to our shutdown script - but that would break any other Erlang apps running on the system; it's more "global" than RabbitMQ.
203
204Read more
205=========
206
207* http://www.rabbitmq.com/admin-guide.html
208* https://github.com/saltstack/salt-contrib/blob/master/states/rabbitmq_plugins.py
209* http://docs.saltstack.com/ref/states/all/salt.states.rabbitmq_user.html
210* http://stackoverflow.com/questions/14699873/how-to-reset-user-for-rabbitmq-management
211* http://www.rabbitmq.com/memory.html
212
213Clustering
214==========
215
216* http://www.rabbitmq.com/clustering.html#auto-config
217* https://github.com/jesusaurus/hpcs-salt-state/tree/master/rabbitmq
218* http://gigisayfan.blogspot.cz/2012/06/rabbit-mq-clustering-python-fabric.html
219* http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-Availability_Manual_Deployment_Guide#RabbitMQ_Installation
Filip Pytloun55a7ef02017-02-02 13:02:03 +0100[diff] [blame]220
221Documentation and Bugs
222======================
223
224To learn how to install and update salt-formulas, consult the documentation
225available online at:
226
227 http://salt-formulas.readthedocs.io/
228
229In the unfortunate event that bugs are discovered, they should be reported to
230the appropriate issue tracker. Use Github issue tracker for specific salt
231formula:
232
233 https://github.com/salt-formulas/salt-formula-rabbitmq/issues
234
235For feature requests, bug reports or blueprints affecting entire ecosystem,
236use Launchpad salt-formulas project:
237
238 https://launchpad.net/salt-formulas
239
240You can also join salt-formulas-users team and subscribe to mailing list:
241
242 https://launchpad.net/~salt-formulas-users
243
244Developers wishing to work on the salt-formulas projects should always base
245their work on master branch and submit pull request against specific formula.
246
247 https://github.com/salt-formulas/salt-formula-rabbitmq
248
249Any questions or feedback is always welcome so feel free to join our IRC
250channel:
251
252 #salt-formulas @ irc.freenode.net