From 06e3449a05bd86cfb4595b36f1c20988faba35000b607cb187b8c4997e9d9d01 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Sat, 16 Feb 2019 05:55:42 +0000 Subject: [PATCH] Accepting request 676545 from home:gsantomaggio_suse:branches:network:messaging:amqp - Update to RabbitMQ version 3.7.12 - Full release notes: https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.7.12 - RabbitMQ 3.7.12 is a maintenance release. It focuses on bug fixes and minor usability improvements. This is the first release to require Erlang/OTP 20.3+. - inet_dist_listen_min and inet_dist_listen_max were removed from new style configuration. They wouldn't have any effect due to how configuration translation is performed. Use advanced.config or the RABBITMQ_DIST_PORT env variable to configure inet_dist_listen_* OBS-URL: https://build.opensuse.org/request/show/676545 OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=112 --- advanced.config.example | 109 ++++ rabbitmq-server-3.7.11.tar.xz | 3 - rabbitmq-server-3.7.12.tar.xz | 3 + rabbitmq-server.changes | 11 + rabbitmq-server.spec | 6 +- rabbitmq.conf.example | 179 +++++-- rabbitmq.config.example | 920 ++++++++++++++++++++++++++++++++++ 7 files changed, 1175 insertions(+), 56 deletions(-) create mode 100644 advanced.config.example delete mode 100644 rabbitmq-server-3.7.11.tar.xz create mode 100644 rabbitmq-server-3.7.12.tar.xz create mode 100644 rabbitmq.config.example diff --git a/advanced.config.example b/advanced.config.example new file mode 100644 index 0000000..d012070 --- /dev/null +++ b/advanced.config.example @@ -0,0 +1,109 @@ +[ + + + %% ---------------------------------------------------------------------------- + %% Advanced Erlang Networking/Clustering Options. + %% + %% See http://www.rabbitmq.com/clustering.html for details + %% ---------------------------------------------------------------------------- + %% Sets the net_kernel tick time. + %% Please see http://erlang.org/doc/man/kernel_app.html and + %% http://www.rabbitmq.com/nettick.html for further details. + %% + %% {kernel, [{net_ticktime, 60}]}, + %% ---------------------------------------------------------------------------- + %% RabbitMQ Shovel Plugin + %% + %% See http://www.rabbitmq.com/shovel.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_shovel, + [{shovels, + [%% A named shovel worker. + %% {my_first_shovel, + %% [ + + %% List the source broker(s) from which to consume. + %% + %% {sources, + %% [%% URI(s) and pre-declarations for all source broker(s). + %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, + %% {declarations, []} + %% ]}, + + %% List the destination broker(s) to publish to. + %% {destinations, + %% [%% A singular version of the 'brokers' element. + %% {broker, "amqp://"}, + %% {declarations, []} + %% ]}, + + %% Name of the queue to shovel messages from. + %% + %% {queue, <<"your-queue-name-goes-here">>}, + + %% Optional prefetch count. + %% + %% {prefetch_count, 10}, + + %% when to acknowledge messages: + %% - no_ack: never (auto) + %% - on_publish: after each message is republished + %% - on_confirm: when the destination broker confirms receipt + %% + %% {ack_mode, on_confirm}, + + %% Overwrite fields of the outbound basic.publish. + %% + %% {publish_fields, [{exchange, <<"my_exchange">>}, + %% {routing_key, <<"from_shovel">>}]}, + + %% Static list of basic.properties to set on re-publication. + %% + %% {publish_properties, [{delivery_mode, 2}]}, + + %% The number of seconds to wait before attempting to + %% reconnect in the event of a connection failure. + %% + %% {reconnect_delay, 2.5} + + %% ]} %% End of my_first_shovel + ]} + %% Rather than specifying some values per-shovel, you can specify + %% them for all shovels here. + %% + %% {defaults, [{prefetch_count, 0}, + %% {ack_mode, on_confirm}, + %% {publish_fields, []}, + %% {publish_properties, [{delivery_mode, 2}]}, + %% {reconnect_delay, 2.5}]} + ]}, + + {rabbitmq_auth_backend_ldap, [ + %% + %% Authorisation + %% ============= + %% + + %% The LDAP plugin can perform a variety of queries against your + %% LDAP server to determine questions of authorisation. See + %% http://www.rabbitmq.com/ldap.html#authorisation for more + %% information. + + %% Set the query to use when determining vhost access + %% + %% {vhost_access_query, {in_group, + %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + + %% Set the query to use when determining resource (e.g., queue) access + %% + %% {resource_access_query, {constant, true}}, + + %% Set queries to determine which tags a user has + %% + %% {tag_queries, []} + ]} +]. + + + diff --git a/rabbitmq-server-3.7.11.tar.xz b/rabbitmq-server-3.7.11.tar.xz deleted file mode 100644 index d8b2bb8..0000000 --- a/rabbitmq-server-3.7.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:20be5b67427508e4420d4ca0f7db6729db9374eb79388a8c1fa6737fea8ca912 -size 2593632 diff --git a/rabbitmq-server-3.7.12.tar.xz b/rabbitmq-server-3.7.12.tar.xz new file mode 100644 index 0000000..c46f1f2 --- /dev/null +++ b/rabbitmq-server-3.7.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7824225fb3b147fe3d477e1335a1f303dba0a0bf1fde9d3bd6f5f586fb678793 +size 2593204 diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index a52a169..5fa1fbf 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Feb 15 14:16:01 UTC 2019 - Gabriele Santomaggio + +- Update to RabbitMQ version 3.7.12 +- Full release notes: https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.7.12 +- RabbitMQ 3.7.12 is a maintenance release. It focuses on bug fixes and + minor usability improvements. This is the first release to require Erlang/OTP 20.3+. +- inet_dist_listen_min and inet_dist_listen_max were removed from new style configuration. + They wouldn't have any effect due to how configuration translation is performed. + Use advanced.config or the RABBITMQ_DIST_PORT env variable to configure inet_dist_listen_* + ------------------------------------------------------------------- Fri Feb 01 16:12:22 UTC 2019 - Gabriele Santomaggio diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index d2af671..099d3c2 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -33,7 +33,7 @@ %define _make_args DESTDIR="%{buildroot}" PREFIX="%{_prefix}" RMQ_ROOTDIR=%{_rabbit_libdir} RMQ_ERLAPP_DIR=%{_rabbit_erllibdir} MAN_INSTALL_PATH="%{_mandir}" DOC_INSTALL_DIR=%{buildroot}/%{_docdir} VERSION=%{version} V=1 Name: rabbitmq-server -Version: 3.7.11 +Version: 3.7.12 Release: 0 Summary: A message broker supporting AMQP, STOMP and MQTT License: MPL-1.1 @@ -51,6 +51,8 @@ Source7: rabbitmq-server.tmpfiles.d.conf Source8: README.SUSE # from https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.7.x/docs/rabbitmq.conf.example Source9: rabbitmq.conf.example +Source10: advanced.config.example +Source11: rabbitmq.config.example BuildRequires: elixir # https://www.rabbitmq.com/which-erlang.html BuildRequires: erlang < 22 @@ -154,6 +156,8 @@ install -p -D -m 0755 scripts/rabbitmq-server-ha.ocf %{buildroot}%{_exec_prefix} # install config files install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.conf +install -p -D -m 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/rabbitmq/advanced.config.example +install -p -D -m 0644 %{SOURCE11} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.config.example install -p -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq-env.conf # Copy all necessary lib files etc. diff --git a/rabbitmq.conf.example b/rabbitmq.conf.example index 71effad..08fe800 100644 --- a/rabbitmq.conf.example +++ b/rabbitmq.conf.example @@ -38,19 +38,19 @@ ## and TLS listeners. ## # num_acceptors.tcp = 10 -# num_acceptors.ssl = 1 +# num_acceptors.ssl = 10 -## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection -## and TLS handshake), in milliseconds. +## Maximum amount of time allowed for the AMQP 0-9-1 and AMQP 1.0 handshake +## (performed after socket connection and TLS handshake) to complete, in milliseconds. ## # handshake_timeout = 10000 ## Set to 'true' to perform reverse DNS lookups when accepting a -## connection. Hostnames will then be shown instead of IP addresses -## in rabbitmqctl and the management plugin. +## connection. rabbitmqctl and management UI will then display hostnames +## instead of IP addresses. Default value is `false`. ## -# reverse_dns_lookups = true +# reverse_dns_lookups = false ## ## Security, Access Control @@ -470,7 +470,7 @@ ## Disabling background GC may reduce latency for client operations, ## keeping it enabled may reduce median RAM usage by the binary heap ## (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html). -## +## ## Before trying this option, please take a look at the memory ## breakdown (http://www.rabbitmq.com/memory-use.html). ## @@ -509,10 +509,10 @@ # net_ticktime = 60 ## Inter-node communication port range. +## The parameters inet_dist_listen_min and inet_dist_listen_max +## can be configured in the classic config format only. ## Related doc guide: https://www.rabbitmq.com/networking.html#epmd-inet-dist-port-range. -## -# inet_dist_listen_min = 25672 -# inet_dist_listen_max = 25692 + ## ---------------------------------------------------------------------------- ## RabbitMQ Management Plugin @@ -533,18 +533,49 @@ ## # management.http_log_dir = /path/to/access.log -## Change the port on which the HTTP listener listens, -## specifying an interface for the web server to bind to. -## Also set the listener to use TLS and provide TLS options. +## HTTP listener and embedded Web server settings. +# ## See https://rabbitmq.com/management.html for details. +# +# management.tcp.port = 15672 +# management.tcp.ip = 0.0.0.0 +# +# management.tcp.shutdown_timeout = 7000 +# management.tcp.max_keepalive = 120 +# management.tcp.idle_timeout = 120 +# management.tcp.inactivity_timeout = 120 +# management.tcp.request_timeout = 120 +# management.tcp.compress = true + +## HTTPS listener settings. +## See https://rabbitmq.com/management.html and https://rabbitmq.com/ssl.html for details. ## +# management.ssl.port = 15671 +# management.ssl.cacertfile = /path/to/ca_certificate.pem +# management.ssl.certfile = /path/to/server_certificate.pem +# management.ssl.keyfile = /path/to/server_key.pem + +## More TLS options +# management.ssl.honor_cipher_order = true +# management.ssl.honor_ecc_order = true +# management.ssl.client_renegotiation = false +# management.ssl.secure_renegotiate = true + +## Supported TLS versions +# management.ssl.versions.1 = tlsv1.2 +# management.ssl.versions.2 = tlsv1.1 + +## Cipher suites the server is allowed to use +# management.ssl.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384 +# management.ssl.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384 +# management.ssl.ciphers.3 = ECDHE-ECDSA-AES256-SHA384 +# management.ssl.ciphers.4 = ECDHE-RSA-AES256-SHA384 +# management.ssl.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384 +# management.ssl.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384 +# management.ssl.ciphers.7 = ECDH-ECDSA-AES256-SHA384 +# management.ssl.ciphers.8 = ECDH-RSA-AES256-SHA384 +# management.ssl.ciphers.9 = DHE-RSA-AES256-GCM-SHA384 -# management.listener.port = 15672 -# management.listener.ip = 127.0.0.1 -# management.listener.ssl = true -# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem -# management.listener.ssl_opts.certfile = /path/to/cert.pem -# management.listener.ssl_opts.keyfile = /path/to/key.pem ## One of 'basic', 'detailed' or 'none'. See ## http://rabbitmq.com/management.html#fine-stats for more details. @@ -583,13 +614,39 @@ # STOMP section # ======================================= -## Network Configuration. The format is generally the same as for the core broker. -## -# stomp.listeners.tcp.default = 61613 +## See https://rabbitmq.com/stomp.html for details. -## Same for ssl listeners +## TCP listeners. ## +# stomp.listeners.tcp.1 = 127.0.0.1:61613 +# stomp.listeners.tcp.2 = ::1:61613 + +## TCP listener settings +## +# stomp.tcp_listen_options.backlog = 2048 +# stomp.tcp_listen_options.recbuf = 131072 +# stomp.tcp_listen_options.sndbuf = 131072 +# +# stomp.tcp_listen_options.keepalive = true +# stomp.tcp_listen_options.nodelay = true +# +# stomp.tcp_listen_options.exit_on_close = true +# stomp.tcp_listen_options.send_timeout = 120 + +## Proxy protocol support +## +# stomp.proxy_protocol = false + +## TLS listeners +## See https://rabbitmq.com/stomp.html and https://rabbitmq.com/ssl.html for details. # stomp.listeners.ssl.default = 61614 +# +# ssl_options.cacertfile = path/to/cacert.pem +# ssl_options.certfile = path/to/cert.pem +# ssl_options.keyfile = path/to/key.pem +# ssl_options.verify = verify_peer +# ssl_options.fail_if_no_peer_cert = true + ## Number of Erlang processes that will accept connections for the TCP ## and TLS listeners. @@ -642,6 +699,52 @@ # MQTT section # ======================================= +## TCP listener settings. +## +# mqtt.listeners.tcp.1 = 127.0.0.1:61613 +# mqtt.listeners.tcp.2 = ::1:61613 + +## TCP listener options (as per the broker configuration). +## +# mqtt.tcp_listen_options.backlog = 4096 +# mqtt.tcp_listen_options.recbuf = 131072 +# mqtt.tcp_listen_options.sndbuf = 131072 +# +# mqtt.tcp_listen_options.keepalive = true +# mqtt.tcp_listen_options.nodelay = true +# +# mqtt.tcp_listen_options.exit_on_close = true +# mqtt.tcp_listen_options.send_timeout = 120 + +## TLS listener settings +## ## See https://rabbitmq.com/mqtt.html and https://rabbitmq.com/ssl.html for details. +# +# mqtt.listeners.ssl.default = 8883 +# +# ssl_options.cacertfile = /path/to/tls/ca_certificate_bundle.pem +# ssl_options.certfile = /path/to/tls/server_certificate.pem +# ssl_options.keyfile = /path/to/tls/server_key.pem +# ssl_options.verify = verify_peer +# ssl_options.fail_if_no_peer_cert = true +# + + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# mqtt.num_acceptors.tcp = 10 +# mqtt.num_acceptors.ssl = 10 + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to STOMP clients, other protocols +## like STOMP or AMQP have their own setting to enable proxy protocol. +## See the plugins or broker documentation for more information. +## +# mqtt.proxy_protocol = false + ## Set the default user name and password used for anonymous connections (when client ## provides no credentials). Anonymous connections are highly discouraged! ## @@ -672,34 +775,6 @@ ## # mqtt.prefetch = 10 -## TCP/SSL Configuration (as per the broker configuration). -## -# mqtt.listeners.tcp.default = 1883 - -## Same for ssl listener -## -# mqtt.listeners.ssl.default = 1884 - -## Number of Erlang processes that will accept connections for the TCP -## and TLS listeners. -## -# mqtt.num_acceptors.tcp = 10 -# mqtt.num_acceptors.ssl = 10 - -## TCP listener options (as per the broker configuration). -## -# mqtt.tcp_listen_options.backlog = 128 -# mqtt.tcp_listen_options.nodelay = true - -## Whether or not to enable proxy protocol support. -## Once enabled, clients cannot directly connect to the broker -## anymore. They must connect through a load balancer that sends the -## proxy protocol header to the broker at connection time. -## This setting applies only to STOMP clients, other protocols -## like STOMP or AMQP have their own setting to enable proxy protocol. -## See the plugins or broker documentation for more information. -## -# mqtt.proxy_protocol = false ## ---------------------------------------------------------------------------- ## RabbitMQ AMQP 1.0 Support @@ -729,7 +804,7 @@ ## See http://rabbitmq.com/logging.html and https://github.com/erlang-lager/lager for details. ## -## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +## Log directory, taken from the RABBITMQ_LOG_BASE env variable by default. ## # log.dir = /var/log/rabbitmq diff --git a/rabbitmq.config.example b/rabbitmq.config.example new file mode 100644 index 0000000..bedaec0 --- /dev/null +++ b/rabbitmq.config.example @@ -0,0 +1,920 @@ +%% -*- mode: erlang -*- +%% ---------------------------------------------------------------------------- +%% RabbitMQ Sample Configuration File. +%% +%% Related doc guide: http://www.rabbitmq.com/configure.html. See +%% http://rabbitmq.com/documentation.html for documentation ToC. +%% ---------------------------------------------------------------------------- +[ + {rabbit, + [%% + %% Networking + %% ==================== + %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. + + %% By default, RabbitMQ will listen on all interfaces, using + %% the standard (reserved) AMQP port. + %% + %% {tcp_listeners, [5672]}, + + %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. + %% For example, to listen only on localhost for both IPv4 and IPv6: + %% + %% {tcp_listeners, [{"127.0.0.1", 5672}, + %% {"::1", 5672}]}, + + %% TLS listeners are configured in the same fashion as TCP listeners, + %% including the option to control the choice of interface. + %% + %% {ssl_listeners, [5671]}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection + %% and TLS handshake), in milliseconds. + %% + %% {handshake_timeout, 10000}, + + %% Set to 'true' to perform reverse DNS lookups when accepting a + %% connection. Hostnames will then be shown instead of IP addresses + %% in rabbitmqctl and the management plugin. + %% + %% {reverse_dns_lookups, false}, + + %% + %% Security, Access Control + %% ======================== + %% + %% Related doc guide: http://www.rabbitmq.com/access-control.html. + + %% The default "guest" user is only permitted to access the server + %% via a loopback interface (e.g. localhost). + %% {loopback_users, [<<"guest">>]}, + %% + %% Uncomment the following line if you want to allow access to the + %% guest user from anywhere on the network. + %% {loopback_users, []}, + + + %% TLS configuration. + %% + %% Related doc guide: http://www.rabbitmq.com/ssl.html. + %% + %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, + %% {certfile, "/path/to/server/cert.pem"}, + %% {keyfile, "/path/to/server/key.pem"}, + %% {verify, verify_peer}, + %% {fail_if_no_peer_cert, false}]}, + + %% Choose the available SASL mechanism(s) to expose. + %% The two default (built in) mechanisms are 'PLAIN' and + %% 'AMQPLAIN'. Additional mechanisms can be added via + %% plugins. + %% + %% Related doc guide: http://www.rabbitmq.com/authentication.html. + %% + %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, + + %% Select an authentication database to use. RabbitMQ comes bundled + %% with a built-in auth-database, based on mnesia. + %% + %% {auth_backends, [rabbit_auth_backend_internal]}, + + %% Configurations supporting the rabbitmq_auth_mechanism_ssl and + %% rabbitmq_auth_backend_ldap plugins. + %% + %% NB: These options require that the relevant plugin is enabled. + %% Related doc guide: http://www.rabbitmq.com/plugins.html for further details. + + %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to + %% authenticate a user based on the client's TLS certificate. + %% + %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms + %% list with the entry 'EXTERNAL'. + %% + %% {auth_mechanisms, ['EXTERNAL']}, + + %% The rabbitmq_auth_backend_ldap plugin allows the broker to + %% perform authentication and authorisation by deferring to an + %% external LDAP server. + %% + %% For more information about configuring the LDAP backend, see + %% http://www.rabbitmq.com/ldap.html. + %% + %% Enable the LDAP auth backend by adding to or replacing the + %% auth_backends entry: + %% + %% {auth_backends, [rabbit_auth_backend_ldap]}, + + %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and + %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp + %% configuration section later in this file and the README in + %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further + %% details. + %% + %% To use the TLS cert's CN instead of its DN as the username + %% + %% {ssl_cert_login_from, distinguished_name}, + + %% TLS handshake timeout, in milliseconds. + %% + %% {ssl_handshake_timeout, 5000}, + + %% Makes RabbitMQ accept SSLv3 client connections by default. + %% DO NOT DO THIS IF YOU CAN HELP IT. + %% + %% {ssl_allow_poodle_attack, false}, + + %% Password hashing implementation. Will only affect newly + %% created users. To recalculate hash for an existing user + %% it's necessary to update her password. + %% + %% When importing definitions exported from versions earlier + %% than 3.6.0, it is possible to go back to MD5 (only do this + %% as a temporary measure!) by setting this to rabbit_password_hashing_md5. + %% + %% To use SHA-512, set to rabbit_password_hashing_sha512. + %% + %% {password_hashing_module, rabbit_password_hashing_sha256}, + + %% Configuration entry encryption. + %% Related doc guide: http://www.rabbitmq.com/configure.html#configuration-encryption + %% + %% To specify the passphrase in the configuration file: + %% + %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} + %% + %% To specify the passphrase in an external file: + %% + %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} + %% + %% To make the broker request the passphrase when it starts: + %% + %% {config_entry_decoder, [{passphrase, prompt}]} + %% + %% To change encryption settings: + %% + %% {config_entry_decoder, [{cipher, aes_cbc256}, + %% {hash, sha512}, + %% {iterations, 1000}]} + + %% + %% Default User / VHost + %% ==================== + %% + + %% On first start RabbitMQ will create a vhost and a user. These + %% config items control what gets created. See + %% http://www.rabbitmq.com/access-control.html for further + %% information about vhosts and access control. + %% + %% {default_vhost, <<"/">>}, + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, + + %% Tags for default user + %% + %% Related doc guide: http://www.rabbitmq.com/management.html. + %% + %% {default_user_tags, [administrator]}, + + %% + %% Additional network and protocol related configuration + %% ===================================================== + %% + + %% Sets the default AMQP 0-9-1 heartbeat timeout in seconds. + %% Values lower than 6 can produce false positives and are not + %% recommended. + %% + %% Related doc guides: + %% + %% * http://www.rabbitmq.com/heartbeats.html + %% * http://www.rabbitmq.com/networking.html + %% + %% {heartbeat, 60}, + + %% Set the max permissible size of an AMQP frame (in bytes). + %% + %% {frame_max, 131072}, + + %% Set the max frame size the server will accept before connection + %% tuning occurs + %% + %% {initial_frame_max, 4096}, + + %% Set the max permissible number of channels per connection. + %% 0 means "no limit". + %% + %% {channel_max, 0}, + + %% Set the max permissible number of client connections to the node. + %% `infinity` means "no limit". + %% + %% This limit applies to client connections to all listeners (regardless of + %% the protocol, whether TLS is used and so on). CLI tools and inter-node + %% connections are exempt. + %% + %% When client connections are rapidly opened in succession, it is possible + %% for the total connection count to go slightly higher than the configured limit. + %% The limit works well as a general safety measure. + %% + %% Clients that are hitting the limit will see their TCP connections fail or time out. + %% + %% Introduced in 3.6.13. + %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. + %% + %% {connection_max, infinity}, + + %% TCP socket options. + %% + %% Related doc guide: http://www.rabbitmq.com/networking.html. + %% + %% {tcp_listen_options, [{backlog, 128}, + %% {nodelay, true}, + %% {exit_on_close, false}]}, + + %% + %% Resource Limits & Flow Control + %% ============================== + %% + %% Related doc guide: http://www.rabbitmq.com/memory.html, http://www.rabbitmq.com/memory-use.html. + + %% Memory-based Flow Control threshold. + %% + %% {vm_memory_high_watermark, 0.4}, + + %% Alternatively, we can set a limit (in bytes) of RAM used by the node. + %% + %% {vm_memory_high_watermark, {absolute, 1073741824}}, + %% + %% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). + %% + %% {vm_memory_high_watermark, {absolute, "1024M"}}, + %% + %% Supported units suffixes: + %% + %% k, kiB: kibibytes (2^10 bytes) + %% M, MiB: mebibytes (2^20) + %% G, GiB: gibibytes (2^30) + %% kB: kilobytes (10^3) + %% MB: megabytes (10^6) + %% GB: gigabytes (10^9) + + %% Fraction of the high watermark limit at which queues start to + %% page message out to disc in order to free up memory. + %% For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, + %% paging can begin as early as when 20% of total available RAM is used by the node. + %% + %% Values greater than 1.0 can be dangerous and should be used carefully. + %% + %% One alternative to this is to use durable queues and publish messages + %% as persistent (delivery mode = 2). With this combination queues will + %% move messages to disk much more rapidly. + %% + %% Another alternative is to configure queues to page all messages (both + %% persistent and transient) to disk as quickly + %% as possible, see http://www.rabbitmq.com/lazy-queues.html. + %% + %% {vm_memory_high_watermark_paging_ratio, 0.5}, + + %% Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), + %% Introduced in 3.6.11. `rss` is the default as of 3.6.12. + %% See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. + %% {vm_memory_calculation_strategy, rss}, + + %% Interval (in milliseconds) at which we perform the check of the memory + %% levels against the watermarks. + %% + %% {memory_monitor_interval, 2500}, + + %% The total memory available can be calculated from the OS resources + %% - default option - or provided as a configuration parameter: + %% {total_memory_available_override_value, "5000MB"}, + + %% Set disk free limit (in bytes). Once free disk space reaches this + %% lower bound, a disk alarm will be set - see the documentation + %% listed above for more details. + %% + %% {disk_free_limit, 50000000}, + %% + %% Or you can set it using memory units (same as in vm_memory_high_watermark) + %% with RabbitMQ 3.6.0+. + %% {disk_free_limit, "50MB"}, + %% {disk_free_limit, "50000kB"}, + %% {disk_free_limit, "2GB"}, + + %% Alternatively, we can set a limit relative to total available RAM. + %% + %% Values lower than 1.0 can be dangerous and should be used carefully. + %% {disk_free_limit, {mem_relative, 2.0}}, + + %% + %% Clustering + %% ===================== + %% + + %% Queue master location strategy: + %% * <<"min-masters">> + %% * <<"client-local">> + %% * <<"random">> + %% + %% Related doc guide: https://www.rabbitmq.com/ha.html#queue-master-location + %% + %% {queue_master_locator, <<"client-local">>}, + + %% Batch size (number of messages) used during eager queue mirror synchronisation. + %% Related doc guide: https://www.rabbitmq.com/ha.html#batch-sync. When average message size is relatively large + %% (say, 10s of kilobytes or greater), reducing this value will decrease peak amount + %% of RAM used by newly joining nodes that need eager synchronisation. + %% + %% {mirroring_sync_batch_size, 4096}, + + %% Enables flow control between queue mirrors. + %% Disabling this can be dangerous and is not recommended. + %% When flow control is disabled, queue masters can outpace mirrors and not allow mirrors to catch up. + %% Mirrors will end up using increasingly more RAM, eventually triggering a memory alarm. + %% + %% {mirroring_flow_control, true}, + + %% Additional server properties to announce to connecting clients. + %% + %% {server_properties, []}, + + %% How to respond to cluster partitions. + %% Related doc guide: http://www.rabbitmq.com/partitions.html + %% + %% {cluster_partition_handling, ignore}, + + %% Mirror sync batch size, in messages. Increasing this will speed + %% up syncing but total batch size in bytes must not exceed 2 GiB. + %% Available in RabbitMQ 3.6.0 or later. + %% + %% {mirroring_sync_batch_size, 4096}, + + %% Make clustering happen *automatically* at startup - only applied + %% to nodes that have just been reset or started for the first time. + %% Related doc guide: http://www.rabbitmq.com/clustering.html#auto-config + %% + %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, + + %% Interval (in milliseconds) at which we send keepalive messages + %% to other cluster members. Note that this is not the same thing + %% as net_ticktime; missed keepalive messages will not cause nodes + %% to be considered down. + %% + %% {cluster_keepalive_interval, 10000}, + + %% + %% Statistics Collection + %% ===================== + %% + + %% Set (internal) statistics collection granularity. + %% + %% {collect_statistics, none}, + + %% Statistics collection interval (in milliseconds). Increasing + %% this will reduce the load on management database. + %% + %% {collect_statistics_interval, 5000}, + + %% Enables vhosts tracing. + %% + %% {trace_vhosts, []}, + + %% Explicitly enable/disable HiPE compilation. + %% + %% {hipe_compile, false}, + + %% Number of delegate processes to use for intra-cluster communication. + %% On a node which is part of cluster, has more than 16 cores and plenty of network bandwidth, + %% it may make sense to increase this value. + %% + %% {delegate_count, 16}, + + %% Number of times to retry while waiting for internal database tables (Mnesia tables) to sync + %% from a peer. In deployments where nodes can take a long time to boot, this value + %% may need increasing. + %% + %% {mnesia_table_loading_retry_limit, 10}, + + %% Amount of time in milliseconds which this node will wait for internal database tables (Mnesia tables) to sync + %% from a peer. In deployments where nodes can take a long time to boot, this value + %% may need increasing. + %% + %% {mnesia_table_loading_retry_timeout, 30000}, + + %% Size in bytes below which to embed messages in the queue index. + %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html + %% + %% {queue_index_embed_msgs_below, 4096}, + + %% Maximum number of queue index entries to keep in journal + %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html. + %% + %% {queue_index_max_journal_entries, 32768}, + + %% Number of credits that a queue process is given by the message store + %% By default, a queue process is given 4000 message store credits, + %% and then 800 for every 800 messages that it processes. + %% + %% {msg_store_credit_disc_bound, {4000, 800}}, + + %% Minimum number of messages with their queue position held in RAM required + %% to trigger writing their queue position to disk. + %% + %% This value MUST be higher than the initial msg_store_credit_disc_bound value, + %% otherwise paging performance may worsen. + %% + %% {msg_store_io_batch_size, 4096}, + + %% Number of credits that a connection, channel or queue are given. + %% + %% By default, every connection, channel or queue is given 400 credits, + %% and then 200 for every 200 messages that it sends to a peer process. + %% Increasing these values may help with throughput but also can be dangerous: + %% high credit flow values are no different from not having flow control at all. + %% + %% Related doc guide: https://www.rabbitmq.com/blog/2015/10/06/new-credit-flow-settings-on-rabbitmq-3-5-5/ + %% and http://alvaro-videla.com/2013/09/rabbitmq-internals-credit-flow-for-erlang-processes.html. + %% + %% {credit_flow_default_credit, {400, 200}}, + + %% Number of milliseconds before a channel operation times out. + %% + %% {channel_operation_timeout, 15000}, + + %% Number of queue operations required to trigger an explicit garbage collection. + %% Increasing this value may reduce CPU load and increase peak RAM consumption of queues. + %% + %% {queue_explicit_gc_run_operation_threshold, 1000}, + + %% Number of lazy queue operations required to trigger an explicit garbage collection. + %% Increasing this value may reduce CPU load and increase peak RAM consumption of lazy queues. + %% + %% {lazy_queue_explicit_gc_run_operation_threshold, 1000}, + + %% Number of times disk monitor will retry free disk space queries before + %% giving up. + %% + %% {disk_monitor_failure_retries, 10}, + + %% Milliseconds to wait between disk monitor retries on failures. + %% + %% {disk_monitor_failure_retry_interval, 120000}, + + %% Whether or not to enable background periodic forced GC runs for all + %% Erlang processes on the node in "waiting" state. + %% + %% Disabling background GC may reduce latency for client operations, + %% keeping it enabled may reduce median RAM usage by the binary heap + %% (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html). + %% + %% Before enabling this option, please take a look at the memory + %% breakdown (http://www.rabbitmq.com/memory-use.html). + %% + %% {background_gc_enabled, false}, + + %% Interval (in milliseconds) at which we run background GC. + %% + %% {background_gc_target_interval, 60000}, + + %% Message store operations are stored in a sequence of files called segments. + %% This controls max size of a segment file. + %% Increasing this value may speed up (sequential) disk writes but will slow down segment GC process. + %% DO NOT CHANGE THIS for existing installations. + %% + %% {msg_store_file_size_limit, 16777216}, + + %% Whether or not to enable file write buffering. + %% + %% {fhc_write_buffering, true}, + + %% Whether or not to enable file read buffering. Enabling + %% this may slightly speed up reads but will also increase + %% node's memory consumption, in particular on boot. + %% + %% {fhc_read_buffering, false} + + ]}, + + %% ---------------------------------------------------------------------------- + %% Advanced Erlang Networking/Clustering Options. + %% + %% Related doc guide: http://www.rabbitmq.com/clustering.html + %% ---------------------------------------------------------------------------- + {kernel, + [%% Sets the net_kernel tick time. + %% Please see http://erlang.org/doc/man/kernel_app.html and + %% http://www.rabbitmq.com/nettick.html for further details. + %% + %% {net_ticktime, 60} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Management Plugin + %% + %% Related doc guide: http://www.rabbitmq.com/management.html + %% ---------------------------------------------------------------------------- + + {rabbitmq_management, + [%% Preload schema definitions from a previously exported definitions file. See + %% http://www.rabbitmq.com/management.html#load-definitions + %% + %% {load_definitions, "/path/to/exported/definitions.json"}, + + %% Log all requests to the management HTTP API to a directory. + %% + %% {http_log_dir, "/path/to/rabbitmq/logs/http"}, + + %% Change the port on which the HTTP listener listens, + %% specifying an interface for the web server to bind to. + %% Also set the listener to use TLS and provide TLS options. + %% + %% {listener, [{port, 12345}, + %% {ip, "127.0.0.1"}, + %% {ssl, true}, + %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, + %% {certfile, "/path/to/cert.pem"}, + %% {keyfile, "/path/to/key.pem"}]}]}, + + %% One of 'basic', 'detailed' or 'none'. See + %% http://www.rabbitmq.com/management.html#fine-stats for more details. + %% {rates_mode, basic}, + + %% Configure how long aggregated data (such as message rates and queue + %% lengths) is retained. Please read the plugin's documentation in + %% http://www.rabbitmq.com/management.html#configuration for more + %% details. + %% + %% {sample_retention_policies, + %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, + %% {basic, [{60, 5}, {3600, 60}]}, + %% {detailed, [{10, 5}]}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Shovel Plugin + %% + %% Related doc guide: http://www.rabbitmq.com/shovel.html + %% ---------------------------------------------------------------------------- + + {rabbitmq_shovel, + [{shovels, + [%% A named shovel worker. + %% {my_first_shovel, + %% [ + + %% List the source broker(s) from which to consume. + %% + %% {sources, + %% [%% URI(s) and pre-declarations for all source broker(s). + %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, + %% {declarations, []} + %% ]}, + + %% List the destination broker(s) to publish to. + %% {destinations, + %% [%% A singular version of the 'brokers' element. + %% {broker, "amqp://"}, + %% {declarations, []} + %% ]}, + + %% Name of the queue to shovel messages from. + %% + %% {queue, <<"your-queue-name-goes-here">>}, + + %% Optional prefetch count. + %% + %% {prefetch_count, 10}, + + %% when to acknowledge messages: + %% - no_ack: never (auto) + %% - on_publish: after each message is republished + %% - on_confirm: when the destination broker confirms receipt + %% + %% {ack_mode, on_confirm}, + + %% Overwrite fields of the outbound basic.publish. + %% + %% {publish_fields, [{exchange, <<"my_exchange">>}, + %% {routing_key, <<"from_shovel">>}]}, + + %% Static list of basic.properties to set on re-publication. + %% + %% {publish_properties, [{delivery_mode, 2}]}, + + %% The number of seconds to wait before attempting to + %% reconnect in the event of a connection failure. + %% + %% {reconnect_delay, 2.5} + + %% ]} %% End of my_first_shovel + ]} + %% Rather than specifying some values per-shovel, you can specify + %% them for all shovels here. + %% + %% {defaults, [{prefetch_count, 0}, + %% {ack_mode, on_confirm}, + %% {publish_fields, []}, + %% {publish_properties, [{delivery_mode, 2}]}, + %% {reconnect_delay, 2.5}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ STOMP Plugin + %% + %% Related doc guide: http://www.rabbitmq.com/stomp.html + %% ---------------------------------------------------------------------------- + + {rabbitmq_stomp, + [%% Network Configuration - the format is generally the same as for the broker + + %% Listen only on localhost (ipv4 & ipv6) on a specific port. + %% {tcp_listeners, [{"127.0.0.1", 61613}, + %% {"::1", 61613}]}, + + %% Listen for TLS connections on a specific port. + %% {ssl_listeners, [61614]}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% Additional TLS options + + %% Extract a name from the client's certificate when using TLS. + %% + %% {ssl_cert_login, true}, + + %% Set a default user name and password. This is used as the default login + %% whenever a CONNECT frame omits the login and passcode headers. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, [{login, "guest"}, + %% {passcode, "guest"}]}, + + %% If a default user is configured, or you have configured use TLS client + %% certificate based authentication, you can choose to allow clients to + %% omit the CONNECT frame entirely. If set to true, the client is + %% automatically connected as the default user or user supplied in the + %% TLS certificate whenever the first frame sent on a session is not a + %% CONNECT frame. + %% + %% {implicit_connect, true}, + + %% Whether or not to enable proxy protocol support. + %% Once enabled, clients cannot directly connect to the broker + %% anymore. They must connect through a load balancer that sends the + %% proxy protocol header to the broker at connection time. + %% This setting applies only to STOMP clients, other protocols + %% like MQTT or AMQP have their own setting to enable proxy protocol. + %% See the plugins or broker documentation for more information. + %% + %% {proxy_protocol, false} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ MQTT Plugin + %% + %% Related doc guide: https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md + %% + %% ---------------------------------------------------------------------------- + + {rabbitmq_mqtt, + [%% Set the default user name and password. Will be used as the default login + %% if a connecting client provides no other login details. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + + %% Enable anonymous access. If this is set to false, clients MUST provide + %% login information in order to connect. See the default_user/default_pass + %% configuration elements for managing logins without authentication. + %% + %% {allow_anonymous, true}, + + %% If you have multiple chosts, specify the one to which the + %% adapter connects. + %% + %% {vhost, <<"/">>}, + + %% Specify the exchange to which messages from MQTT clients are published. + %% + %% {exchange, <<"amq.topic">>}, + + %% Specify TTL (time to live) to control the lifetime of non-clean sessions. + %% + %% {subscription_ttl, 1800000}, + + %% Set the prefetch count (governing the maximum number of unacknowledged + %% messages that will be delivered). + %% + %% {prefetch, 10}, + + %% TLS listeners. + %% See http://www.rabbitmq.com/networking.html + %% + %% {tcp_listeners, [1883]}, + %% {ssl_listeners, []}, + + %% Number of Erlang processes that will accept connections for the TCP + %% and TLS listeners. + %% See http://www.rabbitmq.com/networking.html + %% + %% {num_tcp_acceptors, 10}, + %% {num_ssl_acceptors, 1}, + + %% TCP socket options. + %% See http://www.rabbitmq.com/networking.html + %% + %% {tcp_listen_options, [ + %% {backlog, 128}, + %% {linger, {true, 0}}, + %% {exit_on_close, false} + %% ]}, + + %% Whether or not to enable proxy protocol support. + %% Once enabled, clients cannot directly connect to the broker + %% anymore. They must connect through a load balancer that sends the + %% proxy protocol header to the broker at connection time. + %% This setting applies only to MQTT clients, other protocols + %% like STOMP or AMQP have their own setting to enable proxy protocol. + %% See the plugins or broker documentation for more information. + %% + %% {proxy_protocol, false} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ AMQP 1.0 Support + %% + %% Related doc guide: https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md + %% + %% ---------------------------------------------------------------------------- + + {rabbitmq_amqp1_0, + [%% Connections that are not authenticated with SASL will connect as this + %% account. See the README for more information. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, "guest"}, + + %% Enable protocol strict mode. See the README for more information. + %% + %% {protocol_strict_mode, false} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ LDAP Plugin + %% + %% Related doc guide: http://www.rabbitmq.com/ldap.html. + %% + %% ---------------------------------------------------------------------------- + + {rabbitmq_auth_backend_ldap, + [%% + %% Connecting to the LDAP server(s) + %% ================================ + %% + + %% Specify servers to bind to. You *must* set this in order for the plugin + %% to work properly. + %% + %% {servers, ["your-server-name-goes-here"]}, + + %% Connect to the LDAP server using TLS + %% + %% {use_ssl, false}, + + %% Specify the LDAP port to connect to + %% + %% {port, 389}, + + %% LDAP connection timeout, in milliseconds or 'infinity' + %% + %% {timeout, infinity}, + + %% Enable logging of LDAP queries. + %% One of + %% - false (no logging is performed) + %% - true (verbose logging of the logic used by the plugin) + %% - network (as true, but additionally logs LDAP network traffic) + %% + %% Defaults to false. + %% + %% {log, false}, + + %% + %% Authentication + %% ============== + %% + + %% Pattern to convert the username given through AMQP to a DN before + %% binding + %% + %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, + + %% Alternatively, you can convert a username to a Distinguished + %% Name via an LDAP lookup after binding. See the documentation for + %% full details. + + %% When converting a username to a dn via a lookup, set these to + %% the name of the attribute that represents the user name, and the + %% base DN for the lookup query. + %% + %% {dn_lookup_attribute, "userPrincipalName"}, + %% {dn_lookup_base, "DC=gopivotal,DC=com"}, + + %% Controls how to bind for authorisation queries and also to + %% retrieve the details of users logging in without presenting a + %% password (e.g., SASL EXTERNAL). + %% One of + %% - as_user (to bind as the authenticated user - requires a password) + %% - anon (to bind anonymously) + %% - {UserDN, Password} (to bind with a specified user name and password) + %% + %% Defaults to 'as_user'. + %% + %% {other_bind, as_user}, + + %% + %% Authorisation + %% ============= + %% + + %% The LDAP plugin can perform a variety of queries against your + %% LDAP server to determine questions of authorisation. See + %% http://www.rabbitmq.com/ldap.html#authorisation for more + %% information. + + %% Set the query to use when determining vhost access + %% + %% {vhost_access_query, {in_group, + %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + + %% Set the query to use when determining resource (e.g., queue) access + %% + %% {resource_access_query, {constant, true}}, + + %% Set queries to determine which tags a user has + %% + %% {tag_queries, []} + ]}, + + %% Lager controls logging. + %% See https://github.com/basho/lager for more documentation + {lager, [ + %% + %% Log directory, taken from the RABBITMQ_LOG_BASE env variable by default. + %% {log_root, "/var/log/rabbitmq"}, + %% + %% All log messages go to the default "sink" configured with + %% the `handlers` parameter. By default, it has a single + %% lager_file_backend handler writing messages to "$nodename.log" + %% (ie. the value of $RABBIT_LOGS). + %% {handlers, [ + %% {lager_file_backend, [{file, "rabbit.log"}, + %% {level, info}, + %% {date, ""}, + %% {size, 0}]} + %% ]}, + %% + %% Extra sinks are used in RabbitMQ to categorize messages. By + %% default, those extra sinks are configured to forward messages + %% to the default sink (see above). "rabbit_log_lager_event" + %% is the default category where all RabbitMQ messages without + %% a category go. Messages in the "channel" category go to the + %% "rabbit_channel_lager_event" Lager extra sink, and so on. + %% {extra_sinks, [ + %% {rabbit_log_lager_event, [{handlers, [ + %% {lager_forwarder_backend, + %% [lager_event, info]}]}]}, + %% {rabbit_channel_lager_event, [{handlers, [ + %% {lager_forwarder_backend, + %% [lager_event, info]}]}]}, + %% {rabbit_connection_lager_event, [{handlers, [ + %% {lager_forwarder_backend, + %% [lager_event, info]}]}]}, + %% {rabbit_mirroring_lager_event, [{handlers, [ + %% {lager_forwarder_backend, + %% [lager_event, info]}]}]} + %% ]} + ]} +].