salt-formulas / salt-formula-rabbitmq Goto Github PK

View Code? Open in Web Editor NEW

4.0 17.0 29.0 161 KB

License: Other

SaltStack 32.58% HTML 6.07% Shell 16.78% Makefile 16.52% Scheme 28.04%

salt-formula-rabbitmq's Introduction

Usage

RabbitMQ is a complete and highly reliable enterprise messaging system based on the emerging AMQP standard.

Sample pillars

Standalone Broker

RabbitMQ as AMQP broker with admin user and vhosts:

rabbitmq:
  server:
    enabled: true
    memory:
      vm_high_watermark: 0.4
    bind:
      address: 0.0.0.0
      port: 5672
    secret_key: rabbit_master_cookie
    admin:
      name: adminuser
      password: pwd
    plugins:
    - amqp_client
    - rabbitmq_management
    host:
      '/monitor':
        enabled: true
        user: 'monitor'
        password: 'password'

RabbitMQ as a Stomp broker:

rabbitmq:
  server:
    enabled: true
    secret_key: rabbit_master_cookie
    bind:
      address: 0.0.0.0
      port: 5672
    host:
      '/monitor':
        enabled: true
        user: 'monitor'
        password: 'password'
    plugins_runas_user: rabbitmq
    plugins:
    - rabbitmq_stomp

RabbitMQ cluster

RabbitMQ as base cluster node:

rabbitmq:
  server:
    enabled: true
    master: openstack1
    {% if grains['host'] == 'openstack1' %}
    role: master
    {% else %}
    role: slave
    {% endif %}
    bind:
      address: 0.0.0.0
      port: 5672
    secret_key: rabbit_master_cookie
    admin:
      name: adminuser
      password: pwd
  cluster:
    enabled: true
    role: master
    mode: disc
    members:
    - name: openstack1
      host: 10.10.10.212
    - name: openstack2
      host: 10.10.10.213

HA Queues definition:

rabbitmq:
  server:
    enabled: true
    ...
    host:
      '/monitor':
        enabled: true
        user: 'monitor'
        password: 'password'
        policies:
        - name: HA
          pattern: '^(?!amq\.).*'
          definition: '{"ha-mode": "all"}'

Enable TLS support

To enable support of TLS for rabbitmq-server you need to provide a path to cacert, server cert and private key:

rabbitmq:
   server:
     enabled: true
     ...
     ssl:
       enabled: True
       key_file: /etc/rabbitmq/ssl/key.pem
       cert_file: /etc/rabbitmq/ssl/cert.pem
       ca_file: /etc/rabbitmq/ssl/ca.pem

To manage content of these files you can either use the following options:

rabbitmq:
   server:
     enabled: true
     ...
     ssl:
       enabled: True

       key_file: /etc/rabbitmq/ssl/key.pem
       key: |
       -----BEGIN RSA PRIVATE KEY-----
                 ...
       -----END RSA PRIVATE KEY-------

       ca_file: /etc/rabbitmq/ssl/ca.pem
       cacert_chain: |
       -----BEGIN CERTIFICATE-----
                 ...
       -----END CERTIFICATE-------

       cert_file: /etc/rabbitmq/ssl/cert.pem
       cert: |
       -----BEGIN CERTIFICATE-----
                 ...
       -----END CERTIFICATE-------

Or you can use the salt.minion.cert salt state which creates all required files according to defined reclass model. See https://github.com/Mirantis/reclass-system-salt-model/tree/master/salt/minion/cert/rabbitmq for details. In this case you need just to enable ssl and nothing more:

rabbitmq:
   server:
     enabled: true
     ...
     ssl:
       enabled: True

Defaut port for TLS is 5671:

rabbitmq:
  server:
    bind:
      ssl:
       port: 5671

Usage

Check cluster status, example shows running cluster with 3 nodes: ctl-1, ctl-2, ctl-3

> rabbitmqctl cluster_status

Cluster status of node 'rabbit@ctl-1' ...
[{nodes,[{disc,['rabbit@ctl-1','rabbit@ctl-2','rabbit@ctl-3']}]},
 {running_nodes,['rabbit@ctl-3','rabbit@ctl-2','rabbit@ctl-1']},
 {partitions,[]}]
...done.

Setup management user:

> rabbitmqctl add_vhost vhost
> rabbitmqctl add_user user alive
> rabbitmqctl set_permissions -p vhost user ".*" ".*" ".*"
> rabbitmqctl set_user_tags user management

EPD process is Erlang Port Mapper Daemon. It's a feature of the Erlang runtime that helps Erlang nodes to find each other. It's a pretty tiny thing and doesn't contain much state (other than "what Erlang nodes are running on this system?") so it's not a huge deal for it to still be running.

Although it's running as user rabbitmq, it was started automatically by the Erlang VM when we started. We've considered adding "epmd -kill" to our shutdown script - but that would break any other Erlang apps running on the system; it's more "global" than RabbitMQ.

Clustering

Documentation and Bugs

http://salt-formulas.readthedocs.io/

Learn how to install and update salt-formulas
https://github.com/salt-formulas/salt-formula-rabbitmq/issues

In the unfortunate event that bugs are discovered, report the issue to the appropriate issue tracker. Use the Github issue tracker for a specific salt formula
https://launchpad.net/salt-formulas

For feature requests, bug reports, or blueprints affecting the entire ecosystem, use the Launchpad salt-formulas project
https://launchpad.net/~salt-formulas-users

Join the salt-formulas-users team and subscribe to mailing list if required
https://github.com/salt-formulas/salt-formula-rabbitmq

Develop the salt-formulas projects in the master branch and then submit pull requests against a specific formula
#salt-formulas @ irc.freenode.net

Use this IRC channel in case of any questions or feedback which is always welcome

salt-formula-rabbitmq's People

Contributors

Stargazers

Watchers

salt-formula-rabbitmq's Issues

Ability to change setting cluster_partition_handling

According to the documentation from rabbitmq it is not recommenced in all cases to use network partitions (see https://www.rabbitmq.com/partitions.html). So it should be possible to configure cluster_partition_handling to another value than autoheal. Right now it is hard coded to autoheal:

file://rabbitmq/files/rabbitmq.config

              {%- from "rabbitmq/map.jinja" import cluster with context %}
              {cluster_partition_handling, autoheal},
              {tcp_listen_options,
                        [binary,
                          {packet, raw},
                          {reuseaddr, true},
                          {backlog, 128},
                          {nodelay, true},
                          {exit_on_close, false},
                          {keepalive, true}
                         ]

My suggestion would be to leave it as default at autoheal. But in case someone need to change it, to do this via pillars. I will try to add an merge request in the next days to archive this.

Removing plugin from doesn't actually disable it

Removing plugin from the plugins list doesn't disable it, it lingers in enabled_plugins file forever. It can be a problem as some plugins can even stop server startup - and there is no way to disable them barring a manual intervention.

Probably this formula should manage enabled_plugins file directly (and take full ownership of its content).

Missing condition if component to be created already exist.

Creation of guest user, vhost fails if it exists. Issue appear on 2nd and additional run of the formula state.

Please confirm as a bug first or explanation.

----------
          ID: rabbitmq_vhost_/openstack
    Function: rabbitmq_vhost.present
        Name: /openstack
      Result: False
     Comment: Creating vhost "/openstack" ...
              Error: vhost_already_exists: /openstack
     Started: 13:22:49.768614
    Duration: 4428.495 ms
     Changes:   
----------
          ID: rabbitmq_user_openstack
    Function: rabbitmq_user.present
        Name: openstack
      Result: False
     Comment: One or more requisite failed: rabbitmq.server.vhost.rabbitmq_vhost_/openstack
     Started: 
    Duration: 
     Changes:   
----------
          ID: rabbitmq_policy_/openstack_HA
    Function: rabbitmq_policy.present
        Name: HA
      Result: True
     Comment: Setting policy "HA" for pattern "^(?!amq\\.).*" to "{\"ha-mode\": \"all\", \"message-ttl\": 120000}" with priority "0" ...
     Started: 13:22:54.230224
    Duration: 6098.298 ms
     Changes:   
              ----------
              new:
                  None
              old:
----------
          ID: rabbitmq_user_guest
    Function: rabbitmq_user.present
        Name: guest
      Result: False
     Comment: Creating user "guest" ...
              Error: user_already_exists: guest
     Started: 13:23:00.329836
    Duration: 9549.822 ms
     Changes:   
----------

Out of the box cluster pillar example results in errors when applied

    Function: file.managed
        Name: /etc/rabbitmq/rabbitmq.config
      Result: False
     Comment: Unable to manage file: Jinja error: argument of type 'StrictUndefined' is not iterable
              Traceback (most recent call last):
                File "/usr/lib/python2.7/site-packages/salt/utils/templates.py", line 380, in render_jinja_tmpl
                  output = template.render(**decoded_context)
                File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 969, in render
                  return self.environment.handle_exception(exc_info, True)
                File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 742, in handle_exception
                  reraise(exc_type, exc_value, tb)
                File "<template>", line 39, in top-level template code
              TypeError: argument of type 'StrictUndefined' is not iterable

              ; line 39

              ---
              [...]

                            {% endif %}

                           ]
                  }
                  {%- if 'rabbitmq_management' in server.plugins %},    <======================
                  {rabbitmq_management,
                            [{listener, [{port, {{ server.management.bind.port }} },
                                         {ip, "{{ server.management.bind.address }}" }
                                         {%- if server.management.get('ssl', {}).get('enabled', False) %},
                                         {ssl,true},
              [...]
              ---
     Started: 15:49:13.745648
    Duration: 113.444 ms
     Changes:

Standalone example is not working.

Hi,

Summary

standalone example is not working.

Error message

----------
          ID: rabbitmq_config
    Function: file.managed
        Name: /etc/rabbitmq/rabbitmq.config
      Result: False
     Comment: Unable to manage file: Jinja variable 'dict object' has no attribute 'memory'
     Started: 13:38:38.991718
    Duration: 63.842 ms
     Changes:

server.memory.vm_high_watermark is not set in the pillar example. This value is mandatory and not set in the default values.

Expected behaviour

It should work.

Possible fixes

Fix the README
Set a default value to server.memory.vm_high_watermark (0.4 could be a decent value)

Please give me your inputs and i can fix the issue :)

The admin user isn't created with the correct password

I can't access the RabbitMQ admin API using the admin credentials while it's working with the guest creds.

# salt 'ctl01*' pillar.items rabbitmq
[snip]
        server:
            ----------
            admin:
                ----------
                name:
                    admin
                password:
                    workshop
[snip]

root@ctl01:~# /root/rabbitmqadmin --host=172.16.10.101 --username=guest --password=guest list users
+-----------+--------------------------------+--------------------------------------------------+--------------------------+
|   name    |       hashing_algorithm        |                  password_hash                   |           tags           |
+-----------+--------------------------------+--------------------------------------------------+--------------------------+
| admin     | rabbit_password_hashing_sha256 | wH2UxYjW8HGxAo5ZaUd4cG3Kl1dx5vfxpYfYw2gXSbSgS3my | management administrator |
| guest     | rabbit_password_hashing_sha256 | V2obX8gwcm6veIBsPt60LE1Hyum/kWuqA+/5OTtq2qn7fx4A | administrator            |
| openstack | rabbit_password_hashing_sha256 | 4MHEHvbOL1uvjxaxoloTgowBN7KndPn+BynUMHGwuHUgClCX |                          |
+-----------+--------------------------------+--------------------------------------------------+--------------------------+
root@ctl01:~# /root/rabbitmqadmin --host=172.16.10.101 --username=admin --password=workshop list users
*** Access refused: /api/users
root@ctl01:~#

Samples for vhost configurations are wrong

On the README.rst example pillars configuration host/policy is described like this:

    virtual_hosts:
    - enabled: true
      host: '/monitor'
      user: 'monitor'
      password: 'password'
      policies:
      - name: HA
        pattern: '^(?!amq\.).*'
        definition: '{"ha-mode": "all"}'

but should look like this:

    host:
      '/monitor':
        enabled: true
        user: 'monitor'
        password: 'password'
        policies:
        - name: HA
          pattern: '^(?!amq\.).*'
          definition: '{"ha-mode": "all"}'

salt-formulas / salt-formula-rabbitmq Goto Github PK

salt-formula-rabbitmq's Introduction

Usage

Sample pillars

Standalone Broker

RabbitMQ cluster

Enable TLS support

Usage

Read more

Clustering

Documentation and Bugs

salt-formula-rabbitmq's People

Contributors

Stargazers

Watchers

Forkers

salt-formula-rabbitmq's Issues

Summary

Error message

Expected behaviour

Possible fixes

Recommend Projects

Recommend Topics

Recommend Org