「RabbitMQ」:修訂間差異
跳至導覽
跳至搜尋
| (未顯示同一使用者於中間所作的 15 次修訂) | |||
| 第3行: | 第3行: | ||
== 需求 == | == 需求 == | ||
在[[AWS]]上用<code> | 在[[AWS]]上用<code>t4g.nano</code>安裝(512 MB的記憶體),會在開機後就馬上吃到Swap空間(機器上設定512 MB的Swap),這邊建議建議開發環境至少用<code>t4g.micro</code>,正式環境的記憶體可以再往上開大。 | ||
要注意RabbitMQ預設要求要有40%(<code>0.4</code>)的記憶體是空閒的,不然會開始罷工。考慮到這點,建議在正式環境上可以多保留一些記憶體,或是將<code>0.4</code>調小一點。 | 要注意RabbitMQ預設要求要有40%(<code>0.4</code>)的記憶體是空閒的,不然會開始罷工。考慮到這點,建議在正式環境上可以多保留一些記憶體,或是將<code>0.4</code>調小一點。 | ||
| 第12行: | 第12行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo sudo | curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null; echo "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy main"; echo -e "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list; sudo apt update; sudo apt install -y rabbitmq-server | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| 第23行: | 第23行: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
登入的界面是<code>http://x.x.x.x:15672/</code>,預設的帳號是<code>guest</code>,密碼也是<code>guest</code>,雖然叫做guest,但是這組帳號是管理員。 | 登入的界面是<code>http://x.x.x.x:15672/</code>,預設的帳號是<code>guest</code>,密碼也是<code>guest</code>,雖然叫做guest,但是這組帳號是管理員。所以這邊建議先建立<code>admin</code>帳號(並且給他adminstrator權限),接著移除<code>guest</code>帳號(因為這個名稱太雷): | ||
另外要注意的是,預設的<code>guest</code>帳號只能從本機<code>localhost</code>連線登入,如果要開放遠端可以連的話,可以 | <syntaxhighlight lang="bash"> | ||
sudo rabbitmqctl add_user admin pa55w0rd | |||
sudo rabbitmqctl set_user_tags admin administrator | |||
sudo rabbitmqctl delete_user guest | |||
</syntaxhighlight> | |||
另外要注意的是,預設的<code>guest</code>帳號只能從本機<code>localhost</code>連線登入,如果不想要刪除,而想要開放遠端可以連線的話,可以修改<code>/etc/rabbitmq/rabbitmq.conf</code>設定(這個檔案有可能不存在,需要自己建立): | |||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
loopback_users = none | loopback_users = none | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== LDAP === | === LDAP === | ||
| 第55行: | 第59行: | ||
另外在<code>/etc/rabbitmq/advanced.config</code>內設定: | 另外在<code>/etc/rabbitmq/advanced.config</code>內設定: | ||
<syntaxhighlight> | <syntaxhighlight lang="text"> | ||
[{rabbitmq_auth_backend_ldap,[ | [{rabbitmq_auth_backend_ldap,[ | ||
{tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}, | {tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}, | ||
| 第91行: | 第95行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo rabbitmqctl stop_app | sudo rabbitmqctl stop_app; sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev; sudo rabbitmqctl start_app | ||
sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev | |||
sudo rabbitmqctl start_app | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| 第103行: | 第105行: | ||
sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}' | sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== 防火牆設定 == | |||
這邊依照官方所有有列出的TCP port資料<ref>{{Cite web |url=https://www.rabbitmq.com/networking.html |title=Networking and RabbitMQ |accessdate=2023-05-17 |language=en}}</ref>: | |||
<syntaxhighlight lang="text"> | |||
1883,4369,5552,5551,5671,5672,6000-6500,8883,15671,15672,15674,15675,15692,25672,35672-35682,61613,61614 | |||
</syntaxhighlight> | |||
== 參考資料 == | |||
{{Reflist|2}} | |||
== 外部連結 == | == 外部連結 == | ||
於 2023年5月23日 (二) 09:13 的最新修訂
RabbitMQ是一套軟體。
需求
在AWS上用t4g.nano安裝(512 MB的記憶體),會在開機後就馬上吃到Swap空間(機器上設定512 MB的Swap),這邊建議建議開發環境至少用t4g.micro,正式環境的記憶體可以再往上開大。
要注意RabbitMQ預設要求要有40%(0.4)的記憶體是空閒的,不然會開始罷工。考慮到這點,建議在正式環境上可以多保留一些記憶體,或是將0.4調小一點。
安裝
RabbitMQ的安裝會跨越好幾個APT Repository:
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null; echo "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy main"; echo -e "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list; sudo apt update; sudo apt install -y rabbitmq-server
基本設定
通常我們會先打開Web管理界面:
sudo rabbitmq-plugins enable rabbitmq_management
登入的界面是http://x.x.x.x:15672/,預設的帳號是guest,密碼也是guest,雖然叫做guest,但是這組帳號是管理員。所以這邊建議先建立admin帳號(並且給他adminstrator權限),接著移除guest帳號(因為這個名稱太雷):
sudo rabbitmqctl add_user admin pa55w0rd
sudo rabbitmqctl set_user_tags admin administrator
sudo rabbitmqctl delete_user guest
另外要注意的是,預設的guest帳號只能從本機localhost連線登入,如果不想要刪除,而想要開放遠端可以連線的話,可以修改/etc/rabbitmq/rabbitmq.conf設定(這個檔案有可能不存在,需要自己建立):
loopback_users = none
LDAP
先安裝對應的plugin:
sudo apt-get install -y erlang-eldap; sudo rabbitmq-plugins enable rabbitmq_auth_backend_ldap
在/etc/rabbitmq/rabbitmq.conf內設定:
#
auth_backends.1 = ldap
auth_backends.2 = internal
auth_ldap.servers.1 = ldap.example.com
auth_ldap.dn_lookup_attribute = uid
auth_ldap.dn_lookup_base = dc=example,dc=com
auth_ldap.user_dn_pattern = uid=${username},ou=People,dc=example,dc=com
另外在/etc/rabbitmq/advanced.config內設定:
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}},
{management, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}]}
]}].
Cluster設定
建議至少三台機器,建議會是奇數(考慮到quorum)。
.erlang.cookie
先把rabbitmq-1-dev上的/var/lib/rabbitmq/.erlang.cookie複製到其他台。
DNS
每一台機器的/etc/hosts內要把其他機器的位置都設定進去,這邊有這三台機器:
- rabbitmq-1-dev
- rabbitmq-2-dev
- rabbitmq-3-dev
set_cluster_name
在rabbitmq-1-dev上把Cluster改名成rabbitmq-dev,預設的名稱會是主機的名稱(在這邊的例子就是rabbitmq-1-dev):
sudo rabbitmqctl set_cluster_name rabbitmq-dev
join_cluster
在rabbitmq-2-dev與rabbitmq-3-dev上加入:
sudo rabbitmqctl stop_app; sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev; sudo rabbitmqctl start_app
set_policy
在任何一台機器上設定Policy ha-two,設定會同步到其他機器上:
sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}'
防火牆設定
這邊依照官方所有有列出的TCP port資料[1]:
1883,4369,5552,5551,5671,5672,6000-6500,8883,15671,15672,15674,15675,15692,25672,35672-35682,61613,61614
參考資料
- ↑ Networking and RabbitMQ. [2023-05-17] (English).
外部連結
- 官方網站 (英文)