Customizing RabbitMQ messaging

Edit online

RabbitMQ is the Advanced Message Queuing Protocol message broker that is used within IBM® Power® Virtualization Center to send and receive notifications that are generated by the various PowerVC components. A TLS connection along with a client certificate and user name and password authentication is required to establish a connection to the RabbitMQ message broker in a PowerVC environment. This topic describes how to use RabbitMQ with PowerVC.

Connecting an application to RabbitMQ to receive PowerVC notifications

To connect an application to RabbitMQ to receive PowerVC notifications, follow these steps:

  1. Generate a key on your system. For example, openssl genrsa 2048 > key.pem
  2. Generate a certificate-signing request on your system.

    For example, openssl req -new -key key.pem -subj /CN=Example\ Messaging\ Client -out req.pem

  3. Transport the resulting certificate-signing request to the PowerVC system.
  4. Generate a certificate that is based on the certificate signing request.

    For example, openssl ca -batch -config /etc/pki/messages/ca/openssl.conf -extensions client_ext -in req.pem -out cert.pem -notext

  5. Copy the new certificate back to your system.
  6. Create a RabbitMQ user for your system on the PowerVC system.

    For example, su - rabbitmq -c "rabbitmqctl add_user <username> <password>"

  7. Assign the new user the necessary permissions.

    For example, su - rabbitmq -c "rabbitmqctl set_permissions <username> \".*\" \".*\" \".*\""

  8. Configure your RabbitMQ client to connect to port 5671 on the PowerVC system using TLS with the certificate, username, and password that you created in the steps above, the AMQPLAIN SASL authentication mechanism, and directed to the virtual host /.

For more information about RabbitMQ security, see the documentation for RabbitMQ and that of your chosen client.