Installing RabbitMQ on CentOS 6.2
First, we are going to do an old-school manual installation and configuration of RabbitMQ. There is a nice howto at the Sensu project over at GitHub.
First I have created a project directory similar to my “hello_puppet”-project that I wrote about in my last blog post and renamed everything accordingly.
Then I have added the box in vagrant and fired the whole thing up and connected to it:
{% highlight none %} vagrant box add dev_ops_central_box <path_to_your_box>/package.box chmod 0600 id_rsa.vagrant vagrant up vagrant ssh {% endhighlight %}
Lovin’ it. It’s just too easy for any software nerd out there. But that is how it should be: To make it dead easy to create a new playground for experiments of whatever kind. Let it be infrastructure or software development related. Just doesn’t matter any longer.
Let’s get all the stuff we need for RabbitMQ and then RabbitMQ itself.
We need to do everything as root
.
Then we install Erlang.
{% highlight none %} rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-6.noarch.rpm yum -y install erlang {% endhighlight %}
We also need git on our box. I should make that a standard, because it is essential for practically every configuration.
{% highlight none %} yum -y install git {% endhighlight %}
We can now concentrate on RabbitMQ itself by getting the RPM first.
{% highlight none %} rpm –import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc rpm -Uvh http://www.rabbitmq.com/releases/rabbitmq-server/v2.7.1/rabbitmq-server-2.7.1-1.noarch.rpm {% endhighlight %}
Next we need to create some SSL certificates. I will not go into detail about this and just quote Joe Miller who wrote the howto this blog is based on.
We need to make some SSL certs for our rabbitmq server and the sensu clients. I put a simple script up on github to help with this. You’ll want to change a few things in the openssl.cnf to for your organization if you use this in production. The script will generate a few files that we’ll need throughout the guide, so keep them nearby.
{% highlight none %} git clone https://github.com/joemiller/joemiller.me-intro-to-sensu.git cd joemiller.me-intro-to-sensu/ ./ssl_certs.sh clean ./ssl_certs.sh generate mkdir /etc/rabbitmq/ssl cp server_key.pem /etc/rabbitmq/ssl/ cp server_cert.pem /etc/rabbitmq/ssl/ cp testca/cacert.pem /etc/rabbitmq/ssl/ {% endhighlight %}
We continue with the configuration file of RabbitMQ.
{% highlight none %} touch /etc/rabbitmq/rabbitmq.conf {% endhighlight %}
Paste the following into it
{% highlight none %} [ {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"}, {certfile,"/etc/rabbitmq/ssl/server_cert.pem"}, {keyfile,"/etc/rabbitmq/ssl/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ]. {% endhighlight %}
Get that management console as well, might come in handy someday.
{% highlight none %} rabbitmq-plugins enable rabbitmq_management {% endhighlight %}
Let’s start up the whole thing.
{% highlight none %} /sbin/chkconfig rabbitmq-server on /etc/init.d/rabbitmq-server start {% endhighlight %}
Now, we want to point our browser from our host system to the rabbitmq management frontend. For that we need to set some port-forwarding in the Vagrantfile. Exit the box and add the following line and reload the box.
{% highlight none %} config.vm.forward_port 55672, 55672 vagrant reload {% endhighlight %}
You won’t be able to connect with your browser since the firewall of your vagrant box is still active, so connect to your box and deactivate the whole firewall.
{% highlight none %} vagrant ssh sudo /etc/init.d/iptables stop {% endhighlight %}
Open your browser on your host system and let it point to the following URL http://localhost:55672
where you can login with username guest
and password guest
.
There you go. Welcome to the wold of RabbitMQ.
One more thing. We have several potential brownfields that we need to refactore “someday”. Bad boy … Bad bad boy …
- For serious use of our configuration, aka production use, we need to use our own SSL certificates.
- Additionally we may not stop the whole firewall but apply specific rules.
- And last, we need to make git part of our standard configuration.
So far so good. Back in the old days we would have been happy with our result, but all the cool kids nowadays go for automation. In my next blog post I am going to automate the whole provisioning of RabbitMQ with Puppet. But for now …
Done for today!