From cfd6bbfb294a04f07fa3cc075d59e54bb19c6b0f Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mar 26 2019 18:00:24 +0000 Subject: Start the RabbitMQ SOP It's a bit light on details, but it's a start. Signed-off-by: Jeremy Cline --- diff --git a/docs/sysadmin-guide/sops/rabbitmq.rst b/docs/sysadmin-guide/sops/rabbitmq.rst new file mode 100644 index 0000000..c8ec977 --- /dev/null +++ b/docs/sysadmin-guide/sops/rabbitmq.rst @@ -0,0 +1,99 @@ +.. title: RabbitMQ SOP +.. slug: infra-rabbitmq +.. date: 2019-03-22 +.. taxonomy: Contributors/Infrastructure + +============ +RabbitMQ SOP +============ + +`RabbitMQ`_ is the message broker Fedora uses to allow applications to send each +other (or themselves) messages. + + +Contact Information +=================== + +Owner +----- +Fedora Infrastructure Team + +Contact +------- +#fedora-admin + +Servers +------- + +* rabbitmq0[1-3].phx2.fedoraproject.org +* rabbitmq0[1-3].stg.phx2.fedoraproject.org + +Purpose +------- + +General purpose publish-subscribe message broker as well as application-specific +messaging. + + +Description +=========== + +RabbitMQ is a message broker written in Erlang that offers a number of interfaces +including AMQP 0.9.1, AMQP 1.0, STOMP, and MQTT. At this time only AMQP 0.9.1 is +made available to clients. + +Fedora uses the RabbitMQ packages provided by the Red Hat Openstack repository as +it has a more up-to-date version. + +The Cluster +----------- + +RabbitMQ supports `clustering`_ a set of hosts into a single logical message +broker. The Fedora cluster is composed of 3 nodes, rabbitmq01-03, in both +staging and production. ``groups/rabbitmq.yml`` is the playbook that deploys +the cluster. + + +Virtual Hosts +------------- + +The cluster contains a number of virtual hosts. Each virtual host has its own +set of resources - exchanges, bindings, queues - and users are given permissions +by virtual host. + +/pubsub +^^^^^^^ + +The /pubsub virtual host is the generic publish-subscribe virtual host used by +most applications. Messages published via AMQP are sent to the "amq.topic" +exchange. Messages being bridged from fedmsg into AMQP are sent via +"zmq.topic". + + +/public_pubsub +^^^^^^^^^^^^^^ + +This virtual host has the "amq.topic" and "zmq.topic" exchanges from /pubsub +`federated`_ to it, and we allow anyone on the Internet to connect to this +virtual host. For the moment it is on the same broker cluster, but if people +abuse it it can be moved to a separate cluster. + + +Authentication +-------------- + +Clients authenticate to the broker using x509 certificates. The common name +of the certificate needs to match the username of a user in RabbitMQ. + + +Troubleshooting +=============== + +RabbitMQ offers a CLI, rabbitmqctl, which you can use on any node in the +cluster. It also offers a web interface for management and monitoring, but that +is not currently configured. + + +.. RabbitMQ:: https://www.rabbitmq.com/ +.. clustering:: https://www.rabbitmq.com/clustering.html +.. federated:: https://www.rabbitmq.com/federation.html