【东方瑞通】安装和配置rabbitmq

easthomeRT

重置serverX-a

1.yum update -y

reboot

2.yum install -y rabbitmq-server.noarch  --安装rabbitmq

3.systemctl start rabbitmq-server        --重启服务

4.rabbitmqctl delete_user guest            --删除guest

5.rabbitmqctl add_user rabbitmqauth redhat        --添加用户和密码

6.rabbitmqctl set_permissions rabbitmqauth ".*" ".*" ".*"    --设置权限（给了configure，write，和read权限，对应的是rabbitmq有权访问所有virtual host 队列

Setting permissions for user "rabbitmqauth" in vhost "/" ...        --显示结果

...done.

7.rabbitmqctl set_user_tags rabbitmqauth administrator        --授予后台管理员权限

Setting tags for user "rabbitmqauth" to [administrator] ...        --显示结果

...done.

8.rabbitmqctl list_users                            --查看用户

9.创建一个本地ca

mkdir /etc/rabbitmq/testca

cd /etc/rabbitmq/testca

mkdir certs private

chmod 700 private/

echo 01 > serial

touch index.txt

10.wget -P /etc/rabbitmq/testca/ http://classroom.example.com/materials/openssl.cnf      

--下载openssl.cnf 到testca目录

11.openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes     --创建ca的私钥key

openssl x509 -in cacert.pem -out cacert.cer -outform DER  --创建ca的公钥cer

12.mkdir -p /etc/rabbitmq/server  --创建server的公钥私钥

cd /etc/rabbitmq/server

openssl genrsa -out key.pem 2048

openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes

13.mkdir -p /etc/rabbitmq/client  --创建client的公钥私钥

cd /etc/rabbitmq/client

openssl genrsa -out key.pem 2048

openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes

14.cd ../testca/                --标识服务器证书请求并导出成为p12格式

openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions client_ca_extensions

cd ../server/

openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword

15.cd ../testca/                    --标识客户端证书请求并导出成为p12格式

openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions

../client/

openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword

note:吊销证书

cd /etc/rabbitmq/testca

openssl ca revoke certs/index_number.pem

16.wget -P /etc/rabbitmq/ http://classroom.example.com/materials/rabbitmq.config --下载rabbitmq.config 配置文件到/etc/rabbitmq/

17.firewall-cmd --add-port=5672/tcp --permanent  --添加防火墙策略

firewall-cmd --add-port=5671/tcp --permanent

firewall-cmd –reload

18.systemctl restart rabbitmq-server

19.grep -i SSL /var/log/rabbitmq/*     --查看日志中SSL 监听5671端口是否有记录

/var/log/rabbitmq/rabbit@server20-a.log:started SSL Listener on [::]:5671

/var/log/rabbitmq/rabbit@server20-a.log:stopped SSL Listener on [::]:5671

/var/log/rabbitmq/rabbit@server20-a.log:started SSL Listener on [::]:5671

20.netstat -nlp |grep 567*    --查看网络端口是否开启

tcp6       0      0 :::5671                 :::*                    LISTEN      2225/beam.smp      

tcp6       0      0 :::5672                 :::*                    LISTEN      2225/beam.smp      

21.systemctl enable rabbitmq-server.service   --开机启动

此文出自东方瑞通李岳老师，转载需注明出处。