4.4 RabbitMQ
vCloud extensibility provides the capability to connect vCloud Director with external systems through the AMQP message bus provided by the RabbitMQ highly available cluster.
For high availability, at least two RabbitMQ load-balanced nodes running with RabbitMQ clustering enabled and mirrored queues must be configured.
RabbitMQ must have SSL/TLS communication enabled because vSphere Replication Cloud Service uses an encrypted connection. Optionally, the vCloud Director connection can be encrypted as well.
Table 7. Example of RabbitMQ Load Balancer Configuration
Attribute | Specification |
Virtual IP | … |
Port | 5671 |
Protocol | TCP |
Pool Members | … |
Persistence | None |
Application Type | TCP |
LB Algorithm | LEASTCONN |
Health check | Default TCP Monitor |
The RabbitMQ SSL configuration (/etc/rabbitmq/rabbitmq.conf) is as follows:
[
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1', tlsv1]}]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/server/cacert.pem"},
{certfile,"/etc/rabbitmq/server/cert.pem"},
{keyfile,"/etc/rabbitmq/server/key.pem"},
{versions, ['tlsv1.2', 'tlsv1.1', tlsv1]},
{ciphers, ["ECDHE-ECDSA-AES256-GCM-SHA384”,…]}
{verify,verify_none},
{fail_if_no_peer_cert,false}]}]}
].
All nodes must have identical certificate files: cacert.pem (SSL certificate of the signing Certificate Authority), cert.pem (RabbitMQ node certificate), and key.pem (private key of the RabbitMQ node certificate). The common name of cert.pem must be the FQDN of the load balancer VIP or a wild card certificate can be used instead.