Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / rabbitmq / 8115f0f6e828f899c9c0c3cf40c9e36e5183835f / . / README.rst
blob: bab7652ccf38ef42d2f3e12fa1d6e66d3096087f [file] [log] [blame]
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]1=========================
2RabbitMQ messaging system
3=========================
4
5RabbitMQ is a complete and highly reliable enterprise messaging system based on the emerging AMQP standard.
6
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]7Sample pillars
8==============
9
10Standalone Broker
11-----------------
12
13RabbitMQ as AMQP broker with admin user and vhosts
14
15.. code-block:: yaml
16
17 rabbitmq:
18 server:
19 enabled: true
20 bind:
21 address: 0.0.0.0
22 port: 5672
23 secret_key: rabbit_master_cookie
24 admin:
25 name: adminuser
26 password: pwd
27 plugins:
28 - amqp_client
29 - rabbitmq_management
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]30 host:
31 '/monitor':
32 enabled: true
33 user: 'monitor'
34 password: 'password'
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]35
36RabbitMQ as a Stomp broker
37
38.. code-block:: yaml
39
40 rabbitmq:
41 server:
42 enabled: true
43 secret_key: rabbit_master_cookie
44 bind:
45 address: 0.0.0.0
46 port: 5672
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]47 host:
48 '/monitor':
49 enabled: true
50 user: 'monitor'
51 password: 'password'
Michael Polenchuk8115f0f2018-05-30 21:27:45 +0400[diff] [blame^]52 plugins_runas_user: rabbitmq
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]53 plugins:
54 - rabbitmq_stomp
55
56RabbitMQ cluster
57----------------
58
59RabbitMQ as base cluster node
60
61.. code-block:: yaml
62
63 rabbitmq:
64 server:
65 enabled: true
66 bind:
67 address: 0.0.0.0
68 port: 5672
69 secret_key: rabbit_master_cookie
70 admin:
71 name: adminuser
72 password: pwd
73 cluster:
74 enabled: true
75 role: master
76 mode: disc
77 members:
78 - name: openstack1
79 host: 10.10.10.212
80 - name: openstack2
81 host: 10.10.10.213
82
83HA Queues definition
84
85.. code-block:: yaml
86
87 rabbitmq:
88 server:
89 enabled: true
90 ...
Nick Metz208245c2017-12-03 16:18:33 +0100[diff] [blame]91 host:
92 '/monitor':
93 enabled: true
94 user: 'monitor'
95 password: 'password'
96 policies:
97 - name: HA
98 pattern: '^(?!amq\.).*'
99 definition: '{"ha-mode": "all"}'
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]100
101
102Enable TLS support
103------------------
104
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]105To enable support of TLS for rabbitmq-server you need to provide a path to cacert, server cert and private key :
106
107.. code-block:: yaml
108
109 rabbitmq:
110 server:
111 enabled: true
112 ...
113 ssl:
114 enabled: True
115 key_file: /etc/rabbitmq/ssl/key.pem
116 cert_file: /etc/rabbitmq/ssl/cert.pem
117 ca_file: /etc/rabbitmq/ssl/ca.pem
118
119To manage content of these files you can either use the following options:
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]120
121.. code-block:: yaml
122
123 rabbitmq:
124 server:
125 enabled: true
126 ...
127 ssl:
128 enabled: True
129
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]130 key_file: /etc/rabbitmq/ssl/key.pem
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]131 key: |
132 -----BEGIN RSA PRIVATE KEY-----
133 ...
134 -----END RSA PRIVATE KEY-------
135
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]136 ca_file: /etc/rabbitmq/ssl/ca.pem
137 cacert_chain: |
138 -----BEGIN CERTIFICATE-----
139 ...
140 -----END CERTIFICATE-------
141
142 cert_file: /etc/rabbitmq/ssl/cert.pem
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]143 cert: |
144 -----BEGIN CERTIFICATE-----
145 ...
146 -----END CERTIFICATE-------
147
148
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]149Or you can use the `salt.minion.cert` salt state which
150creates all required files according to defined reclass model [1]. In this case you need just to enable ssl and nothing more:
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]151
152.. code-block:: yaml
153
154 rabbitmq:
155 server:
156 enabled: true
157 ...
158 ssl:
159 enabled: True
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]160
161--
162
163Defaut port for TLS is **5671**:
164
165.. code-block:: yaml
166
167 rabbitmq:
168 server:
169 bind:
170 ssl:
171 port: 5671
172
Kirill Bespalovb0cd0ae2017-05-30 17:45:13 +0300[diff] [blame]173
1741. https://github.com/Mirantis/reclass-system-salt-model/tree/master/salt/minion/cert/rabbitmq
175
176
177
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]178Usage
179=====
180
181Check cluster status, example shows running cluster with 3 nodes: ctl-1, ctl-2, ctl-3
182
183.. code-block:: yaml
184
185 > rabbitmqctl cluster_status
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]186
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]187 Cluster status of node 'rabbit@ctl-1' ...
Kirill Bespalov09e52182017-05-10 14:20:30 +0300[diff] [blame]188 [{nodes,[{disc,['rabbit@ctl-1','rabbit@ctl-2','rabbit@ctl-3']}]},
Filip Pytlounef5b0af2015-10-06 16:28:32 +0200[diff] [blame]189 {running_nodes,['rabbit@ctl-3','rabbit@ctl-2','rabbit@ctl-1']},
190 {partitions,[]}]
191 ...done.
192
193Setup management user.
194
195.. code-block:: yaml
196
197 > rabbitmqctl add_vhost vhost
198 > rabbitmqctl add_user user alive
199 > rabbitmqctl set_permissions -p vhost user ".*" ".*" ".*"
200 > rabbitmqctl set_user_tags user management
201
202EPD process is Erlang Port Mapper Daemon. It's a feature of the Erlang runtime that helps Erlang nodes to find each other. It's a pretty tiny thing and doesn't contain much state (other than "what Erlang nodes are running on this system?") so it's not a huge deal for it to still be running.
203Although it's running as user rabbitmq, it was started automatically by the Erlang VM when we started. We've considered adding "epmd -kill" to our shutdown script - but that would break any other Erlang apps running on the system; it's more "global" than RabbitMQ.
204
205Read more
206=========
207
208* http://www.rabbitmq.com/admin-guide.html
209* https://github.com/saltstack/salt-contrib/blob/master/states/rabbitmq_plugins.py
210* http://docs.saltstack.com/ref/states/all/salt.states.rabbitmq_user.html
211* http://stackoverflow.com/questions/14699873/how-to-reset-user-for-rabbitmq-management
212* http://www.rabbitmq.com/memory.html
213
214Clustering
215==========
216
217* http://www.rabbitmq.com/clustering.html#auto-config
218* https://github.com/jesusaurus/hpcs-salt-state/tree/master/rabbitmq
219* http://gigisayfan.blogspot.cz/2012/06/rabbit-mq-clustering-python-fabric.html
220* http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-Availability_Manual_Deployment_Guide#RabbitMQ_Installation
Filip Pytloun55a7ef02017-02-02 13:02:03 +0100[diff] [blame]221
222Documentation and Bugs
223======================
224
225To learn how to install and update salt-formulas, consult the documentation
226available online at:
227
228 http://salt-formulas.readthedocs.io/
229
230In the unfortunate event that bugs are discovered, they should be reported to
231the appropriate issue tracker. Use Github issue tracker for specific salt
232formula:
233
234 https://github.com/salt-formulas/salt-formula-rabbitmq/issues
235
236For feature requests, bug reports or blueprints affecting entire ecosystem,
237use Launchpad salt-formulas project:
238
239 https://launchpad.net/salt-formulas
240
241You can also join salt-formulas-users team and subscribe to mailing list:
242
243 https://launchpad.net/~salt-formulas-users
244
245Developers wishing to work on the salt-formulas projects should always base
246their work on master branch and submit pull request against specific formula.
247
248 https://github.com/salt-formulas/salt-formula-rabbitmq
249
250Any questions or feedback is always welcome so feel free to join our IRC
251channel:
252
253 #salt-formulas @ irc.freenode.net