Skip to main content

RabbitMQ Installation

RabbitMQ Overview

RabbitMQ is an Open Source Message Broker, it is a lightweight, robust and easy to deploy platform that enables Atria service components to securely communicate asynchronously with each other.

Messages are sent over encrypted channels using AMQPS, this is an industry standard for secure messaging.

RabbitMQ runs as a background service, by default we install this onto the Provisioning Server. Find out more at https://rabbitmq.com.

RabbitMQ Installation

Prior to Installation, setup the RabbitMQ_BASE Path

important

This will be a folder location where the files, logs and config for RabbitMQ will be stored. This is important as it ensures it is not stored in the User's profile.

  1. On your provisioning server, create a directory to where RabbitMQ_BASE path will be pointed going forward (i.e. C:\AtriaRabbitMQ)

  2. Set the EnvironmentVariable. Open PowerShell (admin) then run the commands:

$rabbitdir = 'C:\AtriaRabbitMQ'

[Environment]::SetEnvironmentVariable("RABBITMQ_BASE", $rabbitdir, "Machine")

This can be done manually as well as through the UI.

  1. Restart PowerShell and Verify that the EnvironmentVariable is set properly.
[Environment]::GetEnvironmentVariables()

Install Erlang

Before installing RabbitMQ, you will need to install Erlang. Erlang is the underlying programming language that RabbitMQ is built upon. Erlang is regularly updated and it's important that you install a version that is supported by RabbitMQ. Check here to see the current versions and compatibility before installing.

Navigate to the Erlang website (Downloads - Erlang/OTP) and select the Download Windows Installer button as shown below. Earlier versions can be found on the right-hand side of the page if required.

img

Once downloaded, open the installer and proceed with the install of Erlang. If you experience any issues with the install of Erlang or compatibility with RabbitMQ, please contact our support at support@getatria.com.

Install RabbitMQ

The Atria Installer domain account can also be used to install RabbitMQ

RabbitMQ is a required core component. This should be installed on the Provisioning Server. Open the Hyperlink to go to the RabbitMQ website (https://www.rabbitmq.com/install-windows.html#installer), Please select the highlighted link (As shown in the screenshot below) to download the RabbitMQ Application installer.

installing rabbitmq

Now, after these two pieces of software are installed (Erlang and RabbitMQ), using PowerShell, navigate to the below file path

C:\Program Files\RabbitMQ Server\rabbitmq_server-version\sbin\

For example, we have RabbitMQ Server 3.8.11 installed, so we navigate to the folder path of 'C:\Program Files\RabbitMQ Server\rabbitmq_server-3.8.11\sbin'.

img

Enable Management Web UI

.\rabbitmq-plugins enable rabbitmq_management

img

Once the above command successfully runs, restart the RabbitMQ service.

You can then access the management environment on the server via http://localhost:15672/.

Here is the login page when management plugin is successfully working:

img

Login with the default Username and Password:

  • Username: guest
  • Password: guest

Here is the look of the management dashboard once you successfully login:

img

Create Admin User

Next, we need to configure a RabbitMQ Web Account.

This is purely an account for administering RabbitMQ.

Please configure a new account for this and set the password in commands below. This will need to be used later in the configuration, so please save these credentials in a secure location.

info

You will need to run these commands from:

C:\Program Files\RabbitMQ Server\rabbitmq_server-version\sbin\
.\rabbitmqctl add_user 'rabbitmq admin account username' 'rabbitmq admin account password'
.\rabbitmqctl set_permissions -p / 'rabbitmq admin account username' ".*" ".*" ".*"
.\rabbitmqctl set_user_tags 'rabbitmq admin account username' administrator

Delete default guest user

Remove the inbuilt "Guest" account - Please do this with the command below.

 .\rabbitmqctl delete_user guest

RabbitMQ Configuration for Atria

Setup RabbitMQ CNAME Record:

Add a host record to your DNS server to ensure RabbitMQ instance can be accessible by atria:

CNAMETarget server
AtriaMessagingThis indicates to the server name where you have installed your RabbitMQ instance (Provisioning Server)

img

Ensure Network Connectivity for RabbitMQ

Use the following Powershell command on the Web Server to test the network connectivity between the Web Server and Provisioning Server for RabbitMQ:

tnc -ComputerName atriamessaging -Port 5672

After setting up the DNS record and confirming the network connectivity, you should test the RabbitMQ Web Management UI on your browser (i.e. http://atriamessaging.domain.local:15672)

Summary

You have now installed and configured RabbitMQ for Atria. Next, we will configure RabbitMQ to use SSL for secure communication before moving onto the installation of Atira.

FAQ

Does RabbitMQ only need to be installed on the main provisioning server or also on remote ad provisioning servers?

RabbitMQ will only be installed and configured on the Main Provisioning Server

Do all provisioning servers need to be able to reach all provisioning servers via ports 15671 and 15672?

The ports, (15671 – HTTPS, 15672 – HTTP, 5671 – AMQPS, 5672 - AMQP) will only be for the main provisioning server.We can keep SSL and Non-SSL Ports in the meantime just in case issues arise when setting it up

Do remote AD Web Services need to be connected with open ports according to the specifications to the main provisioning server or to the remote ad provisioning server?

By default web services are passing through 8095 together with the ports to contact the web and main provisioning, as we move forward all request will pass through AtriaHTTPTunnel (8101) and AtriaExternalApi (front-end web server via 80/443)

For which domain names do the certificates for RabbitMQ need to apply?**

The RabbitMQ certificate will be under the main domain. It will then be configured for the remote environment to point to the FQDN of the RabbitMQ and be accessible.

Does the SSL certificate for RabbitMQ then needs to be trusted not only in the primary location but also in all remote Ads as well?

Yes, the SSL certificate for RabbitMQ should be trusted on all remote ADs. You need to add the aliases to the certificate SAN Example:

Internal FQDN: AtriaMessaging.internal.local

Public FQDN: AtriaMessaging.company.com

Server FQDN: prov01.internal.local

The copy of the internal RootCA will be applied on the remote ADs (if self-signed), otherwise if this is a known certificate signer (verisign, etc) The FQDN should be resolvable on the DNS of the remote AD.