Configure RabbitMQ

Add service accounts

To configure the message broker for an application:

1. Add a user, in a private Pillar file, replacing PASSWORD with a strong password (uncheck Symbols) and USERNAME with a recognizable username:

   rabbitmq:
     users:
       USERNAME:
         password: "PASSWORD"
   

2. If the user is an administrative or service account, allow configure and write operations on all resources:

   rabbitmq:
     users:
       USERNAME:
         password: "PASSWORD"
         write: true
   

3. To give the user access to the management interface, add:

   rabbitmq:
     users:
       USERNAME:
         password: "PASSWORD"
         tags:
           - management
   

4. To give the user access to memory use, add:

   rabbitmq:
     users:
       USERNAME:
         password: "PASSWORD"
         tags:
           - management
           - monitoring
   

5. Add the private Pillar file to the top file entry for the application.

Note

The default user named guest is deleted by default. To retain the user, update the server’s Pillar file:

rabbitmq:
  guest_enabled: True

Do not do this if a management interface port (15671, 15672) is open or proxied.

Proxy management interface

The RabbitMQ management plugin is enabled by default.

The management interface can be accessed at all times by using an SSH tunnel.

To proxy traffic through Apache instead, add to your service’s Pillar file, replacing SERVERNAME:

apache:
  public_access: True
  sites:
    rabbitmq:
      configuration: rabbitmq
      servername: SERVERNAME