rabbitmq: Deploy RabbitMQ Server
RabbitMQ is an AMQP message broker. It will be used by `xactmon` to pass messages between the components. Although RabbitMQ can be deployed in a high-availability cluster, we don't really need that level of robustness for `xactmon`, so we will just run a single instance. Deploying a single-host RabbitMQ server is pretty straightforward. We're using mTLS authentication; clients need to have a certificate issued by the *RabbitMQ CA* in order to connect to the message broker. The `rabbitmq-ca` _cert-manager_ ClusterIssuer issues these certificates for in-cluster services like `xactmon`.
This commit is contained in:
24
rabbitmq/rabbitmq.conf
Normal file
24
rabbitmq/rabbitmq.conf
Normal file
@@ -0,0 +1,24 @@
|
||||
# Send logs to container engine via stderr
|
||||
log.console = true
|
||||
log.console.level = info
|
||||
log.file = false
|
||||
|
||||
# Disable default (non-TLS) listener
|
||||
listeners.tcp = none
|
||||
|
||||
# Activate TLS listener on AMQPS port
|
||||
listeners.ssl.default = 5671
|
||||
ssl_options.certfile = /run/secrets/rabbitmq/cert/tls.crt
|
||||
ssl_options.keyfile = /run/secrets/rabbitmq/cert/tls.key
|
||||
|
||||
# Require mTLS authentication (client certificate)
|
||||
ssl_options.cacertfile = /etc/rabbitmq/ca.crt
|
||||
ssl_options.verify = verify_peer
|
||||
ssl_options.fail_if_no_peer_cert = true
|
||||
auth_mechanisms.1 = EXTERNAL
|
||||
ssl_cert_login_from = common_name
|
||||
|
||||
## Import user/permission definitions from JSON file
|
||||
definitions.import_backend = local_filesystem
|
||||
definitions.local.path = /etc/rabbitmq/definitions.json
|
||||
definitions.skip_if_unchanged = true
|
||||
Reference in New Issue
Block a user