Skip to content

RabbitMQ Advanced Configurations

This section covers the following RabbitMQ advanced configurations:

  1. RabbitMQ High Availability

  2. RabbitMQ Advanced Configurations (SSL Configuration)

  3. Change Default RabbitMQ Port

  4. Upgrading RabbitMQ

RabbitMQ High Availability

Now, as RabbitMQ is being used by different Accops HyWorks Components, maintaining its high availability becomes very important, and it can be ensured in the following manner:

  1. Using an external load balancer

  2. Without a load balancer

Using an External Load Balancer

  1. Two RabbitMQ servers will be installed behind a load balancer.

  2. Accops module that push messages to queues (referred as publishers) will be configured with load balancer virtual address for RabbitMQ servers. Publishers can send messages to any of the RabbitMQ servers.

  3. Whereas the Accops modules, which consume the messages (referred as consumers) will be configured with both of the RabbitMQ server IPs. A message coming to any of the RabbitMQ servers via the load balancer will be picked by the consumers.

Without a Load Balancer

  1. Two RabbitMQ servers will be installed and configured without a load balancer.

  2. All publisher components will have the host addresses of both of the RabbitMQs, and they will be publishing the message on only a single server that is randomly picked and can send the message to the first successful server.

  3. Consumers are already listening on both of the servers and thus pick from any of the servers where the message has arrived.

Important

  • If the load balancer is not available in deployment: Both publisher and consumer components will be configured with the host addresses of both the RabbitMQ servers.

  • If the load balancer is available in deployment: The publisher will have the virtual address of the load balancer, and consumers will have the host addresses of both the RabbitMQ servers.

Configure RabbitMQ to use SSL

  1. Login using the local administrator privileges.

  2. Configure the RabbitMQ server using the RabbitMQ configuration steps.

  3. Enable the management console using the following steps:

    1. Open the Windows command prompt as an Administrator. Navigate to the RabbitMQ installation folder C:\Program Files\RabbitMQ Server\rabbitmq_server-3.12.2\sbin and enable the RabbitMQ management plugin by running the below command:

      rabbitmq-plugins enable rabbitmq_management

    2. Copy the following content in a file and save it as update_config.ps1.

      ```
$caCertFileName = "accopsmq_cert.pem"
$serverCertFileName = "accopsmq_cert.pem"
$serverPrivateKeyFileName = "accopsmq_key.pem"
$rabbitmqVersion = "3.12.2"
## Variables that should not need modification
$outPath = "$env:APPDATA\RabbitMQ"
$utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False
## Write advanced.config file in UTF-8 encoding without BOM
$advancedConfigText = @"
[{rabbit, [
    {ssl_options, [
        {cacertfile, "$caCertFileName"},
        {certfile, "$serverCertFileName"},
        {keyfile, "$serverPrivateKeyFileName"}
    ]}
]},
{rabbitmq_management, [
{listener, [
    {port, 15671},
    {ssl, true},
    {ssl_opts, [
    {cacertfile, "$caCertFileName"},
        {certfile, "$serverCertFileName"},
        {keyfile, "$serverPrivateKeyFileName"}
    ]}
]}
]}].
"@
[System.IO.File]::WriteAllLines("$outPath\advanced.config", 
$advancedConfigText, $utf8NoBomEncoding)
## Write rabbitmq.conf in UTF-8 encoding without BOM
$rabbitmqConfText = @"
listeners.ssl.default = 5671
ssl_options.versions.1 = tlsv1.2
message_interceptors.incoming.set_header_timestamp.overwrite = true
"@
[System.IO.File]::WriteAllLines("$outPath\rabbitmq.conf", $rabbitmqConfText, $utf8NoBomEncoding)
## Restart RabbitMQ Service
Restart-Service -Name RabbitMQ
```

  4. Copy the accopsmq_cert.pem and accopsmq_key.pem to %APPDATA%\RabbitMQ folder.

  5. Open PowerShell as an administrator and navigate to the folder where the file created in the previous step is saved.

  6. Run the file created in step 4 in PowerShell using the following command:

    .\update_config.ps1

  7. Ensure all the logs are seen, similar to the ones shown in the below image in the RabbitMQ logs located at %APPDATA%\RabbitMQ\log to ensure that RabbitMQ has started listening on the configured SSL port 5671.

    image.png

  8. Also, make sure that all the logs are seen similar to the one in the below image in RabbitMQ logs located at %APPDATA%\RabbitMQ\log to ensure that the RabbitMQ management console is also configured on SSL.

    image.png

  9. On the controller machine, navigate to https://localhost:15671 to access the RabbitMQ management console.

  10. Allow inbound connection to port 5671 in the Windows firewall.

Steps to generate certificates required for RabbitMQ SSL configuration

Here, openSSL is being used for certificate generation. Windows systems generally do not have OpenSSL installed. One of the options for running OpenSSL is through git bash, which can be downloaded from here.

The following commands can be used to generate a private key and certificate, which can be used in the next section for configuring SSL for RabbitMQ.

  1. Command to generate a private Key:

    • Windows

      winpty OpenSSL ecparam -out accopsmq_key.pem -name prime256v1 -genkey - Linux

      OpenSSL ecparam -out accopsmq_key.pem -name prime256v1 -genkey

    Note

    In the above commands, the ECC curve "prime256v1" has been chosen since it was found to be available on the machines that we tested. Some details of choosing the curve "prime256v1" are mentioned here.

    • In case the private key and certificate generated do not work for you, you may check with one of the curves listed in the output of the below command.

      OpenSSL ecparam -list_curves

  2. Command to generate certificate

    • Windows

      winpty OpenSSL req -new -key accopsmq_key.pem -x509 -nodes -days 365 -out accopsmq_cert.pem

    • Linux

      OpenSSL req -new -key accopsmq_key.pem -x509 -nodes -days 365 -out accopsmq_cert.pem

Change the default RabbitMQ Port

  1. Controller: Update the port in MMC > Advanced Config with Key[DVM Agent Queue Port].

  2. HyWorks VM Scale Booster: Update the port [key: RabbitMQ > Port] in the config file:

    1. Filename: appsettings.json

    2. Path: C:\Program Files (x86)\Accops\HyWorks VM Scale Booster

  3. Update the RabbitMQ port in the config file:

    1. Path: C:\Users\Administrator\AppData\Roaming\RabbitMQ

    2. File name: rabbitmq.config.example

    3. Changes:

      1. Existing string: %% {tcp_listeners, [5672]},

      2. Updated string: {tcp_listeners, [5673]}

      3. Please note that the comma is removed from the end.

      4. Save the file and rename it to rabbitmq.config.

    4. To reinstall RabbitMQ:

      ```
cd C:\\Program Files\\RabbitMQ Server\\rabbitmq_server-3.7.17\\sbin

rabbitmqctl.bat stop

rabbitmq-service.bat remove

rabbitmq-service.bat install

rabbitmq-service.bat start
```

Upgrade from the older to the newer RabbitMQ version

  1. Login using the local administrator privileges.

  2. Uninstall existing Erlang and RabbitMQ from the system.

  3. Go to the path: C:\Users\{username}\AppData\Roaming and delete the RabbitMQ folder from it.

    • Here, the username is the user who has installed RabbitMQ.

    • If you are unable to delete the RabbitMQ folder and get any exceptions, then please restart the system and try to delete it after a restart.

  4. Delete the Erlang cookies from the following locations. There will be a file called .erlang.cookie that needs to be deleted from these paths:

    • C:\Users\{Username}

    • C:\Windows\System32\config\systemprofile

  5. Download and install the supported Erlang OTP as a local administrator.

  6. Download and install a supported RabbitMQ as a local administrator.