Configure RabbitMQ¶
Add service accounts¶
To configure the message broker for an application:
Add a user, in a private Pillar file, replacing
PASSWORD
with a strong password (uncheck Symbols) andUSERNAME
with a recognizable username:rabbitmq: users: USERNAME: password: "PASSWORD"
If the user is an administrative or service account, allow configure and write operations on all resources:
rabbitmq: users: USERNAME: password: "PASSWORD" write: true
To give the user access to the management interface, add:
rabbitmq: users: USERNAME: password: "PASSWORD" tags: - management
To give the user access to memory use, add:
rabbitmq: users: USERNAME: password: "PASSWORD" tags: - management - monitoring
Add the private Pillar file to the top file entry for the application.
Note
The default user named guest
is deleted by default. To retain the user, update the server’s Pillar file:
rabbitmq:
guest_enabled: True
Do not do this if a management interface port (15671, 15672) is open or proxied.
Proxy management interface¶
The RabbitMQ management plugin is enabled by default.
The management interface can be accessed at all times by using an SSH tunnel.
To proxy traffic through Apache instead, add to your server’s Pillar file, replacing SERVERNAME
:
apache:
public_access: True
sites:
rabbitmq:
configuration: rabbitmq
servername: SERVERNAME
Post-upgrade steps¶
As root:
rabbitmqctl enable_feature_flag all
Reference: Feature Flags