文章目录
一、安装erlang环境
1、安装epel源
rpm -Uvh https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2、安装erlang
yum install erlang
3、测试是否安装成功:
erl -version
二、安装RabbitMQ
1、安装socat
在安装rabbitmq时提示依赖socat,所以先安装socat
yum install socat
2、导入RabbitMQ源
rpm -Uvh https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.8/rabbitmq-server-3.6.8-1.el7.noarch.rpm
3、安装RabbitMQ公共库秘钥
rpm --import https://www.rabbitmq.com/rabbitmq-release-signing-key.asc
4、安装RabbitMQ
yum install rabbitmq-server-3.6.8-1.el7.noarch.rpm
5、rabbitmq.config 配置文件路径
# find / -name "rabbitmq.config.example"
/usr/share/doc/rabbitmq-server-3.6.8/rabbitmq.config.example
# cp /usr/share/doc/rabbitmq-server-3.6.8/rabbitmq.config.example /etc/rabbitmq/
# cd /etc/rabbitmq/
# mv rabbitmq.config.example rabbitmq.config
6、RabbitMQ服务
以systemctl服务的方式启动、关闭
启动:systemctl start rabbitmq-server
查看状态: systemctl status rabbitmq-server
关闭: systemctl stop rabbitmq-server
以rabbitmq-server启动、关闭
启动: rabbitmq-server
后台启动: rabbitmq-server -detached
查看状态: rabbitmqctl status
关闭: rabbitmqctl stop
7、开启管理功能
rabbitmq-plugins enable rabbitmq_management
8、访问地址查看是否安装成功:
http://192.168.80.10:15672/
9、登录报错
输入账号密码并登录:guest guest
默认的账号guest登陆管理控制台,却提示登陆失败。
由于账号guest具有所有的操作权限,并且又是默认账号,出于安全因素的考虑,guest用户只能通过localhost登陆使用,并建议修改guest用户的密码以及新建其他账号管理使用rabbitmq.
9.1、新增用户
rabbitmqctl add_user admin admin
9.2、将其赋予超级管理员
rabbitmqctl set_user_tags admin administrator
三、搭建RabbitMQ集群
1、依次在各个节点上安装erlang环境和RabbitMQ(先按照上边的步骤)
这是以cache01为master节点,cache02和cache03为slave节点。
2、修改主机名及hosts文件
修改主机名,三台服务器都需要修改,依次修改为cache01,cache02,cache03
vi /etc/hostname
修改hosts文件,添加以下:
vi /etc/hosts
192.168.80.10 cache01
192.168.80.20 cache02
192.168.80.30 cache03
reboot //修改之后重启虚拟机生效
3、停止MQ服务
rabbimqctl stop
4、分发.erlang.cookie文件
rabbitmq是基于Erlang的,而Erlang是天然支持分布式的,通过.erlang.cookie解决分布式问题,因此首先要保证各rabbitmq节点的.erlang.cookie的文件内容一致。
4.1、查找单机的.erlang.cookie文件所在目录
find / -name ".erlang.cookie"
/var/lib/rabbitmq/.erlang.cookie
4.2、先备份原有cookie文件(各节点执行)
cp /var/lib/rabbitmq/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie.bak
4.3、复制master节点的文件到其它slave节点
scp /var/lib/rabbitmq/.erlang.cookie cache02:$PWD
scp /var/lib/rabbitmq/.erlang.cookie cache03:$PWD
5、启动集群:
5.1、使用-detached独立运行各个节点
rabbitmq-server -detached
5.2、slave 加入集群,对cache02和cache03分别执行下面操作
rabbitmqctl stop_app
rabbitmqctl join_cluster rabbit@cache01
rabbitmqctl start_app
5.2.1、如果需要移除集群节点
执行下面命令:
假设把rabbit@cache02退出集群,在rabbit@cache02上执行:
rabbitmqctl stop_app
在集群主节点上执行:
rabbitmqctl forget_cluster_node rabbit@cache02
5.2.1、移除后,如果需要再加入集群
单节点:
rabbitmqctl join_cluster rabbit@cache01
rabbitmqctl start_app
5.3、查看集群状态(任意一个节点操作)
rabbitmqctl cluster_status
5.4、设置镜像队列策略(任意一个节点操作)
rabbitmqctl set_policy ha-all "^" '{"ha-mode":"all"}'
5.5、查看策略:rabbitmqctl list_policies -p /
四、使用haproxy实现负载均衡
三台虚拟机安装rabbitmq :
192.168.80.10 cache01、
192.168.80.20 cache02、
192.168.80.30 cache03
第四台虚拟机安装haproxy:
192.168.80.40 cache04
1、安装HAproxy
yum install haproxy
2、新增配置信息
vi /etc/haproxy/haproxy.cfg
结尾添加:
###haproxy 监控页面地址是:http://192.168.68.131:9188/haproxy_status
listen admin_stats
bind *:9188
mode http
log 127.0.0.1 local3 err
stats refresh 60s
stats uri /haproxy_status
stats realm welcome login\ Haproxy
stats auth admin:123456
stats hide-version
stats admin if TRUE
###rabbitmq 集群配置,转发到
listen rabbitmq_cluster
bind *:5672
mode tcp
balance roundrobin
server rabbitnode1 192.168.80.10:5672 check inter 2000 rise 2 fall 3 weight 1
server rabbitnode2 192.168.80.20:5672 check inter 2000 rise 2 fall 3 weight 1
server rabbitnode3 192.168.80.30:5672 check inter 2000 rise 2 fall 3 weight 1
3、启动HAproxy负载
3.1、启动HAproxy负载
systemctl start haproxy
3.2、启动报错,cannot bind socket [0.0.0.0:9188]
执行命令:
setsebool -P haproxy_connect_any=1
然后再启动,查看状态 systemctl status haproxy
4、页面访问地址: http://192.168.80.40:9188/haproxy_status
五、TLS通信
1、使用tls-gen生成证书
若没有安装git,先按照以下步骤安装
yum -y install git
安装完验证:
git version
1.1、下载生成证件项目
cd /export/servers/
git clone https://github.com/michaelklishin/tls-gen tls-gen
1.2、生成证件文件
cd tls-gen/basic
# private key password
make PASSWORD=123456
make verify
make info
ls -l ./result
1.2.1、执行make,报错:/bin/sh: python3: command not found
1.2.1.1、安装python3-Python源代码编译安装
- 安装工具 yum-utils
它的功能是管理repository及扩展包的工具 (主要是针对repository)
yum install yum-utils
- 使用yum-builddep为Python3构建环境
安装缺失的软件依赖,使用下面的命令会自动处理.
yum-builddep python
- 下载Python3的源码包
Python源码包目录: https://www.python.org/ftp/python/
切换到你安装软件目录,我本地: cd /export/servers/
curl -O https://www.python.org/ftp/python/3.5.0/Python-3.8.0.tgz
- 解压安装
tar xf Python-3.8.0.tgz
cd Python-3.8.0
make
make install
python3 -V
2、拷贝证件文件到服务端指定目录
配置RabbitMQ SSL只会用到以下3个文件:
ca_certificate.pem
server_certificate.pem
server_key.pem
将这三个文件拷贝到RabbitMQ的/usr/local/rabbitmq/ssl/目录中。
mkdir /etc/rabbitmq/ssl
cp result/ca_certificate.pem /etc/rabbitmq/ssl
cp result/server_certificate.pem /etc/rabbitmq/ssl
cp result/server_key.pem /etc/rabbitmq/ssl
3、配置RabbitMQ开启SSL
vi /etc/rabbitmq/rabbitmq.config
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/ca_certificate.pem"},
{certfile,"/etc/rabbitmq/ssl/server_certificate.pem"},
{keyfile,"/etc/rabbitmq/ssl/server_key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
]}
].
4、重启RabbitMQ
rabbitmqctl stop
systemctl start rabbitmq-server
5、查看是否开启
netstat -aon|grep 5671 查看端口是否启用
或者
打开web页面,http://192.168.80.10:15672/#/
Ports and contexts中Listening ports,查看amqp/ssl 5671是否显示
6、客户端操作
6.1、拷出配置文件
将result下的server_certificate.pem、client_key.p12拷贝到客户端,我放在了/Users/xxx/mydata/rabbitmq-ssl
6.2、证书导入
利用java的keytool将证书导入,生成rabbitstore文件。
keytool -import -alias rabbit-server -file /Users/xxx/mydata/rabbitmq-ssl/server_certificate.pem -keystore /Users/xxx/mydata/rabbitmq-ssl/rabbitstore
6.3、springboot配置参数:
6.3.1、rabbitmq单机
spring:
application:
name: message-provider
#配置rabbitMq 服务器
rabbitmq:
# 单机
host: 192.168.80.10
port: 5671
username: admin
password: admin
virtual-host: demo_VH
publisher-confirms: true
ssl:
enabled: true
key-store: file:/Users/xxx/mydata/rabbitmq-ssl/client_key.p12
key-store-password: 123456
trust-store: file:/Users/xxx/mydata/rabbitmq-ssl/rabbitstore
trust-store-password: 123456
verifyHostname: false
6.3.2、rabbitmq集群+haproxy+tls
更改haproxy.cfg
vi /etc/haproxy/haproxy.cfg
更改rabbitmq集群配置,将监听的节点端口由5672更改为5671
springboot配置文件
spring:
application:
name: message-provider
#配置rabbitMq 服务器
rabbitmq:
# RabbitMQ集群配合haproxy
host: 192.168.80.40
port: 5672
username: admin
password: admin
virtual-host: demo_VH
publisher-confirms: true
ssl:
enabled: true
key-store: file:/Users/xxx/mydata/rabbitmq-ssl/client_key.p12
key-store-password: 123456
trust-store: file:/Users/xxx/mydata/rabbitmq-ssl/rabbitstore
trust-store-password: 123456
verifyHostname: false
6.4、java测试ssl连接:
package com.nadou.rabbitmq;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
import com.rabbitmq.client.*;
/**
*@ClassName ValidatingCert
*@Description TODO
*@Author xxx
*@Date 2020/1/19 3:31 PM
*@Version 1.0
**/
public class ValidatingCert {
// RabbitMQ服务端地址、端口、用户名、密码
private static final String ADDRESS = "192.168.80.40";
private static final int PORT = 5672;
private static final String USERNAME = "admin";
private static final String PASSWORD = "admin";
private static final String VIRTUALHOST = "demo_VH";
private static final String QUEUE_NAME = "rabbitmq-java-test";
// 使用tls-gen工具生成证书文件时设置的私钥密码
private static final String CLIENT_KEYSTORE_PASSWORD = "123456";
// 客户端证书文件client_key.p12路径
private static final String CLIENT_KEYSTORE_PATH = "/Users/xxx/mydata/rabbitmq-ssl/client_key.p12";
// 使用keytool生成证书文件时填写的密码
private static final String SERVER_KEYSTORE_PASSWORD = "123456";
// 使用keytool生成的服务端证书文件路径
private static final String SERVER_KEYSTORE_PATH = "/Users/xxx/mydata/rabbitmq-ssl/rabbitstore";
public static void main(String[] args) throws Exception{
{
char[] keyPassphrase = CLIENT_KEYSTORE_PASSWORD.toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream(CLIENT_KEYSTORE_PATH), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
char[] trustPassphrase = SERVER_KEYSTORE_PASSWORD.toCharArray();
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream(SERVER_KEYSTORE_PATH), trustPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("TLSv1.2");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ConnectionFactory factory = new ConnectionFactory();
factory.setHost(ADDRESS);
factory.setPort(PORT);
factory.setUsername(USERNAME);
factory.setPassword(PASSWORD);
factory.setVirtualHost(VIRTUALHOST);
factory.useSslProtocol(c);
// factory.enableHostnameVerification();
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
channel.queueDeclare(QUEUE_NAME, false, true, true, null);
channel.basicPublish("", QUEUE_NAME, null, "Hello, World".getBytes());
GetResponse chResponse = channel.basicGet(QUEUE_NAME, false);
if (chResponse == null) {
System.out.println("No message retrieved");
} else {
byte[] body = chResponse.getBody();
System.out.println("Received: " + new String(body));
}
channel.close();
conn.close();
}
}
}
六、集群常用命令
1、查看集群状态(任意一个节点操作)
rabbitmqctl cluster_status
2、关闭/启动应用程序
rabbitmqctl start_app
rabbitmqctl stop_app
3、关闭/启动MQ服务
rabbitmqctl stop
rabbitmq-server -detached
或者
systemctl start rabbitmq-server
4、rabbitmq日志存储位置
/var/log/rabbitmq
5、编辑用户
5.1、新增用户
rabbitmqctl add_user Username Password
5.2、删除用户
rabbitmqctl delete_user Username
5.3、修改用户的密码
rabbitmqctl change_password Username Newpassword
5.4、查看当前用户列表
rabbitmqctl list_users
1097
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
