OpenStack Manual Installation - 1st Topic: To Build Message Broker System
Notice: This series is to expect to use kernel 3.10.0-229.
These days, It's getting easier to build OpenStack infrastructure because so many contributors have been struggling with, working for OpenStack.
In this series, I will write not only how to install each service but also what this service is, how this service works so that I make my knowledge about OpenStack much more stronger.But I will not NOT write how these lines written with python script langues works, what this error number means actualy.
1st theme is about Meesage broker. What this is to:
Coordinate operation and status information among services. It typically runs on the controller node, generally speaking.
In Nova architecture, there is a componet named the queue which provides a central hub for passing message between daemons.
Nova creates several types of message queues to facilitate communication between the various daemons.
These include:
1. Topics queues:
To allow messages to be broadcaast to the number of particular class of the compute or volume daemons.
2. Fanout queues:
To be used for the advertising of the service capabilities to nova-scheduler workers.
3. Hosts queues:
To allow Nova to send messages to specific service on specific hosts.
So how to build message broker system?
1. To install RabbitMQ
# yum clean all && yum makecache
# yum install epel-release
# rpm --import https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
# yum install rabbitmq-server
# systemctl start rabbitmq-server
2. To configure RabbitMQ
# rabbitmqctl delete_user guest
# rabbitmqctl add_user rabbitadmin rabbitpass
Syntax:
rabbitmqctl add_user <account> <password>
# rabbitmqctl set_permissions rabbitmqauth ".*" ".*" ".*"
Syntax:
rabbitmqctl set_permission <account> <config> <write> <read>
1. <account>:
The name of the user to grant access to the specified virtual host
2. <config>:
A regular expression matching resource names for which the user is granted configure permissions.
3. <write>:
A regular expression matching resource names for which the user is granted write permission.
4. <read>:
A regular expression matching resource names for which the user is granted read permission.
# rabbitmqctl set_user_tags rabbitadmin administrator
# rabbitmqctl list_users
3. To make local certificate.
# mkdir /etc/rabbitmq/{testca, server, client}
# mkdir /etc/rabbitmq/testca/{certs, private}
# chmod 700 /etc/rabbitmq/testca/private
# echo 01 > /etc/rabbitmq/testca/private/serial
# touch /etc/rabbitmq/testca/private/index
# cd /etc/rabbitmq/testca
# openssl req \
-x509 -config openssl.cnf \
-newkey rsa:2048 -day 365 \
-out cacert.pem -outform PEM \
-subj /CN=MyTestCA/ -nodes \
# openssl x509 -in cacert.pem \
-out cacert.cer -outform DER
# cd ../server
# openssl genrsa -out key.pem 2048
# openssl req -new -key key.pem \
-out req.pem -outform PEM \
-subj /CN=$(hostname)/O=server/ -nodes
# cd ../client
# openssl genrsa -out key.pem 2048
# openssl req -new -key key.pem \
-out req.pem -outform PEM \
-subj /CN=$(hostname)/O=client/ -nodes
# cd ../testca
# openssl ca -config openssl.cnf \
-in ../server/req.pem \
-out ../server/cert.pem -notext -batch \
-extensions client_ca_extensions
# cd ../server
# openssl pkcs12 -export \
-out keycert.p12 -in cert.pem \
-inkey key.pem \
-passout pass:MySecretPassword
# cd ../testca
# openssl ca -config openssl.cnf \
-in ../client/req.pem -out ../client/cert.pem \
-notext -batch -extensions client_ca_extensions
# cd ../client
# openssl pkcs12 -export \
-out keycert.p12 -in cert.pem \
-inkey key.pem \
-passout pass:MySecretPassword
# 3. To complete installation
# cd
# firewall-cmd --add-port=5672/tcp --permanent
# firewall-cmd --add-port=5671/tcp --permanent
# firewall-cmd --reload
# systemctl restart rabbitmq-server
# grep -i ssl /var/log/rabbitmq/*
# systemctl enable rabbitmq-server
There will be updates for this page soon because it's not perfect.