INSTALL RABBITMQ SERVER CENTOS 8

INSTALL RABBITMQ SERVER CENTOS 8

1. Install Erlang on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date and install all required dependency.

sudo dnf install epel-release
sudo dnf update

Step 2. Installing Erlang on CentOS 8.

Erlang packages are available in Github, Now we download the RPM package using wget the command-line tool:

wget https://github.com/rabbitmq/erlang-rpm/releases/download/v23.1.5/erlang-23.1.5-1.el8.x86_64.rpm

Then, install Erlang using the following command:

sudo dnf install erlang-23.1.5-1.el8.x86_64.rpm

Confirm installation by running the erl command:

erl

Step 3. Erlang Hello World Program.

Let’s start with a hello world program on Erlang. First, create a file Hello.erl with the following content:

nano hello.erl

Add the following content:

% This is a test Hello World Erlang Code
-module(hello).
-import(io,[fwrite/1]).
-export([helloworld/0]).

helloworld() ->
   fwrite("Hello, Erlang World!\n").

Compile it from the Erlang shell. Don’t forget the full-stop (“period“) at the end of each command:

2> hello:helloworld().
Hello, Erlang World!
ok
Install Erlang on CentOS 8

2: Add PackageCloud Yum Repository

A Yum repository with RabbitMQ packages is available from PackageCloud.

Create a new Repository file for RabbitMQ.

sudo vi /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo

Add:

[rabbitmq_rabbitmq-server]
name=rabbitmq_rabbitmq-server
baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

3: Install RabbitMQ on CentOS 8

Once you have configured RabbitMQ repository, install RabbitMQ Server on RHEL / CentOS 8 by running below commands.

sudo dnf makecache -y --disablerepo='*' --enablerepo='rabbitmq_rabbitmq-server'
sudo dnf -y install rabbitmq-server

Package details can be queried using rpm command with the option -qi.

$ rpm -qi rabbitmq-server 
 Name        : rabbitmq-server
 Version     : 3.7.10
 Release     : 1.el7
 Architecture: noarch
 Install Date: Thu 10 Jan 2019 09:30:38 AM EAT
 Group       : Development/Libraries
 Size        : 11000951
 License     : MPLv1.1 and MIT and ASL 2.0 and BSD
 Signature   : RSA/SHA1, Mon 07 Jan 2019 08:49:43 PM EAT, Key ID 6b73a36e6026dfca
 Source RPM  : rabbitmq-server-3.7.10-1.el7.src.rpm
 Build Date  : Mon 07 Jan 2019 08:49:42 PM EAT
 Build Host  : 43c1c4a4-ef2e-42eb-465d-e51a1986db83
 Relocations : (not relocatable)
 URL         : http://www.rabbitmq.com/
 Summary     : The RabbitMQ server
 Description :
 RabbitMQ is an open source multi-protocol messaging broker.

4: Start RabbitMQ Service

Now that you have RabbitMQ installed on RHEL 8, start and enable the service to start on system boot.

echo "127.0.0.1 $(hostname -s)" | sudo tee -a /etc/hosts
sudo systemctl enable --now rabbitmq-server.service

Check the status of RabbitMQ with:

$ systemctl status rabbitmq-server.service 
 ● rabbitmq-server.service - RabbitMQ broker
    Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: disabled)
    Active: active (running) since Thu 2019-01-10 09:38:09 EAT; 1min 56s ago
  Main PID: 2417 (beam.smp)
    Status: "Initialized"
     Tasks: 86 (limit: 11510)
    Memory: 84.1M
    CGroup: /system.slice/rabbitmq-server.service
            ├─2417 /usr/lib64/erlang/erts-9.3.3.7/bin/beam.smp -W w -A 64 -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 >
            ├─2583 /usr/lib64/erlang/erts-9.3.3.7/bin/epmd -daemon
            ├─2751 erl_child_setup 32768
            ├─2773 inet_gethost 4
            └─2774 inet_gethost 4
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:   ##  ##
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:   ##  ##      RabbitMQ 3.7.10. Copyright (C) 2007-2018 Pivotal Software, Inc.
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:   ##########  Licensed under the MPL.  See http://www.rabbitmq.com/
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:   ######  ##
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:   ##########  Logs: /var/log/rabbitmq/[email protected]
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:                     /var/log/rabbitmq/[email protected]_upgrade.log
 Jan 10 09:38:07 rhel8.local rabbitmq-server[2417]:               Starting broker…
 Jan 10 09:38:09 rhel8.local rabbitmq-server[2417]: systemd unit for activation check: "rabbitmq-server.service"
 Jan 10 09:38:09 rhel8.local systemd[1]: Started RabbitMQ broker.
 Jan 10 09:38:09 rhel8.local rabbitmq-server[2417]:  completed with 0 plugins.

RabbitMQ internal details are available on:

sudo rabbitmqctl status 

5: Enable the RabbitMQ Management Dashboard (Optional)

You can optionally enable the RabbitMQ Management Web dashboard for easy management.

$ sudo rabbitmq-plugins enable rabbitmq_management
 Enabling plugins on node [email protected]:
 rabbitmq_management
 The following plugins have been configured:
   rabbitmq_management
   rabbitmq_management_agent
   rabbitmq_web_dispatch
 Applying plugin configuration to [email protected]…
 The following plugins have been enabled:
   rabbitmq_management
   rabbitmq_management_agent
   rabbitmq_web_dispatch
 started 3 plugins.

The Web service should be listening on TCP port 15672

# ss -tunelp | grep 15672
tcp   LISTEN  0       128                    0.0.0.0:15672        0.0.0.0:*      users:(("beam.smp",pid=9525,fd=71)) uid:111 ino:39934 sk:9 <->

If you have an active Firewalld service, allow ports 5672 and 15672

sudo firewall-cmd --add-port={5672,15672}/tcp --permanent
sudo firewall-cmd --reload

Access it by opening the URL http://[server IP|Hostname]:15672

By default, the guest user exists and can connect only from localhost. You can log in with this user locally with the password “guest”

To be able to login on the network, create an admin user like below:

$ sudo rabbitmqctl add_user admin StrongPassword
Adding user "admin" …

$ sudo rabbitmqctl set_user_tags admin administrator
Setting tags for user "admin" to [administrator] …

Login with this admin username and the password assigned. You should see an interface similar to below.

Configuring iptables for a single instance of RabbitMQ

It’s common for developers to turn off iptables because it’s an annoyance, but for an integration or production system, this is a nonstarter (iptables needs to be turned on). Fortunately, configuring iptables is rather easy.

There are two ways of configuring iptables:

  1. Edit the iptables configuration directly.
  2. Use the iptables command to add or remove rules.

Using either method, we need to open of 1-3 ports, depending on your use-case:

  • 5672: The default port for AMQP connections.
  • 5673: The default port for TLS/SSL AMQP connections.
  • 15672: The default port for the RabbitMQ Management Console.

The RabbitMQ Management Console used to use the port 55672, so if you are using an older version of Rabbit, adjust accordingly.

Editing the iptables configuration file.

  1. Open the /etc/sysconfig/iptables file for editing.

Your current file should look like this.

\# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

We want to add the following entries to the top of the file, right under the :OUTPUT ACCEPT [2:120] line:

-A INPUT -p tcp -m tcp --dport 5672 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5673 -j ACCEPT

Your file should look something like this when you are done.

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:120]
-A INPUT -p tcp -m tcp --dport 15672 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5672 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5673 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
  1. Restart iptables.

sudo service iptables restart

Using the iptables command to add rules.

  1. For each port you need unblocked, you will follow the pattern:

sudo iptables -I INPUT 1 -p tcp --dport [port #] -j ACCEPT

So to unblock the non-SSL, SSL and Management Console:

sudo iptables -I INPUT 1 -p tcp --dport 5673 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 15672 -j ACCEPT

Note that the -I INPUT 1 literally means to register this rule before other rules. If you don’t do this, iptables will not open your port because a previous rule will supersede that rule, blocking access to the port.

  1. Now we need to save the configuration:

sudo service iptables save

  1. And restart iptables:

sudo service iptables restart

Leave a Reply

Your email address will not be published. Required fields are marked *