RabbitMQ:修订间差异
跳到导航
跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
(→LDAP) |
(→基本設定) |
||
| (未显示同一用户的15个中间版本) | |||
| 第3行: | 第3行: | ||
== 需求 == | == 需求 == | ||
在[[AWS]]上用<code> | 在[[AWS]]上用<code>t4g.nano</code>安裝(512 MB的記憶體),會在開機後就馬上吃到Swap空間(機器上設定512 MB的Swap),這邊建議建議開發環境至少用<code>t4g.micro</code>,正式環境的記憶體可以再往上開大。 | ||
要注意RabbitMQ預設要求要有40%(<code>0.4</code>)的記憶體是空閒的,不然會開始罷工。考慮到這點,建議在正式環境上可以多保留一些記憶體,或是將<code>0.4</code>調小一點。 | 要注意RabbitMQ預設要求要有40%(<code>0.4</code>)的記憶體是空閒的,不然會開始罷工。考慮到這點,建議在正式環境上可以多保留一些記憶體,或是將<code>0.4</code>調小一點。 | ||
| 第12行: | 第12行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo sudo | curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null; echo "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy main"; echo -e "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list; sudo apt update; sudo apt install -y rabbitmq-server | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| 第23行: | 第23行: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
登入的界面是<code>http://x.x.x.x:15672/</code>,預設的帳號是<code>guest</code>,密碼也是<code>guest</code>,雖然叫做guest,但是這組帳號是管理員。 | 登入的界面是<code>http://x.x.x.x:15672/</code>,預設的帳號是<code>guest</code>,密碼也是<code>guest</code>,雖然叫做guest,但是這組帳號是管理員。 所以這邊建議先建立<code>admin</code>帳號(並且給他adminstrator權限),接著移除<code>guest</code>帳號(因為這個名稱太雷): | ||
另外要注意的是,預設的<code>guest</code>帳號只能從本機<code>localhost</code>連線登入,如果要開放遠端可以連的話,可以 | <syntaxhighlight lang="bash"> | ||
sudo rabbitmqctl add_user admin pa55w0rd | |||
sudo rabbitmqctl set_user_tags admin administrator | |||
sudo rabbitmqctl delete_user guest | |||
</syntaxhighlight> | |||
另外要注意的是,預設的<code>guest</code>帳號只能從本機<code>localhost</code>連線登入,如果 不想要刪除,而想 要開放遠端可以連 線 的話,可以 修改<code>/etc/rabbitmq/rabbitmq.conf</code>設定(這個檔案有可能不存在,需要自己建立): | |||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
loopback_users = none | loopback_users = none | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== LDAP === | === LDAP === | ||
| 第55行: | 第59行: | ||
另外在<code>/etc/rabbitmq/advanced.config</code>內設定: | 另外在<code>/etc/rabbitmq/advanced.config</code>內設定: | ||
<syntaxhighlight> | <syntaxhighlight lang="text"> | ||
[{rabbitmq_auth_backend_ldap,[ | [{rabbitmq_auth_backend_ldap,[ | ||
{tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}, | {tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}, | ||
| 第91行: | 第95行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo rabbitmqctl stop_app | sudo rabbitmqctl stop_app; sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev; sudo rabbitmqctl start_app | ||
sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev | |||
sudo rabbitmqctl start_app | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| 第103行: | 第105行: | ||
sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}' | sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== 防火牆設定 == | |||
這邊依照官方所有有列出的TCP port資料<ref>{{Cite web |url=https://www.rabbitmq.com/networking.html |title=Networking and RabbitMQ |accessdate=2023-05-17 |language=en}}</ref>: | |||
<syntaxhighlight lang="text"> | |||
1883,4369,5552,5551,5671,5672,6000-6500,8883,15671,15672,15674,15675,15692,25672,35672-35682,61613,61614 | |||
</syntaxhighlight> | |||
== 參考資料 == | |||
{{Reflist|2}} | |||
== 外部連結 == | == 外部連結 == | ||
2023年5月23日 (二) 09:13的最新版本
RabbitMQ是一套软件。
需求
在AWS上用t4g.nano安装(512 MB的内存),会在开机后就马上吃到Swap空间(机器上设定512 MB的Swap),这边建议建议开发环境至少用t4g.micro,正式环境的内存可以再往上开大。
要注意RabbitMQ预设要求要有40%(0.4)的内存是空闲的,不然会开始罢工。考虑到这点,建议在正式环境上可以多保留一些内存,或是将0.4调小一点。
安装
RabbitMQ的安装会跨越好几个APT Repository:
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null; curl -1sLf https://ppa1.novemberain.com/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null; echo "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy main"; echo -e "deb [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main\ndeb [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main\ndeb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list; sudo apt update; sudo apt install -y rabbitmq-server
基本设定
通常我们会先打开Web管理界面:
sudo rabbitmq-plugins enable rabbitmq_management
登入的界面是http://x.x.x.x:15672/,预设的账号是guest,密码也是guest,虽然叫做guest,但是这组账号是管理员。所以这边建议先建立admin账号(并且给他adminstrator权限),接着移除guest账号(因为这个名称太雷):
sudo rabbitmqctl add_user admin pa55w0rd
sudo rabbitmqctl set_user_tags admin administrator
sudo rabbitmqctl delete_user guest
另外要注意的是,预设的guest账号只能从本机localhost连线登入,如果不想要删除,而想要开放远端可以连线的话,可以修改/etc/rabbitmq/rabbitmq.conf设定(这个档案有可能不存在,需要自己建立):
loopback_users = none
LDAP
先安装对应的plugin:
sudo apt-get install -y erlang-eldap; sudo rabbitmq-plugins enable rabbitmq_auth_backend_ldap
在/etc/rabbitmq/rabbitmq.conf内设定:
#
auth_backends.1 = ldap
auth_backends.2 = internal
auth_ldap.servers.1 = ldap.example.com
auth_ldap.dn_lookup_attribute = uid
auth_ldap.dn_lookup_base = dc=example,dc=com
auth_ldap.user_dn_pattern = uid=${username},ou=People,dc=example,dc=com
另外在/etc/rabbitmq/advanced.config内设定:
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}},
{management, {in_group, "cn=rabbitmqadmin,ou=Groups,dc=example,dc=com", "member"}}]}
]}].
Cluster设定
建议至少三台机器,建议会是奇数(考虑到quorum)。
.erlang.cookie
先把rabbitmq-1-dev上的/var/lib/rabbitmq/.erlang.cookie复制到其他台。
DNS
每一台机器的/etc/hosts内要把其他机器的位置都设定进去,这边有这三台机器:
- rabbitmq-1-dev
- rabbitmq-2-dev
- rabbitmq-3-dev
set_cluster_name
在rabbitmq-1-dev上把Cluster改名成rabbitmq-dev,预设的名称会是主机的名称(在这边的例子就是rabbitmq-1-dev):
sudo rabbitmqctl set_cluster_name rabbitmq-dev
join_cluster
在rabbitmq-2-dev与rabbitmq-3-dev上加入:
sudo rabbitmqctl stop_app; sudo rabbitmqctl join_cluster rabbit@rabbitmq-1-dev; sudo rabbitmqctl start_app
set_policy
在任何一台机器上设定Policy ha-two,设定会同步到其他机器上:
sudo rabbitmqctl set_policy ha-two "^ha\." '{"ha-mode":"exactly","ha-params":2,"ha-sync-mode":"automatic"}'
防火墙设定
这边依照官方所有有列出的TCP port资料[1]:
1883,4369,5552,5551,5671,5672,6000-6500,8883,15671,15672,15674,15675,15692,25672,35672-35682,61613,61614
参考资料
- ↑ Networking and RabbitMQ. [2023-05-17] (English).
外部链接
- 官方网站 (英文)