diff options
Diffstat (limited to 'templates/etc/rabbitmq')
-rw-r--r-- | templates/etc/rabbitmq/rabbitmq.config | 677 | ||||
-rw-r--r-- | templates/etc/rabbitmq/rabbitmq.config.j2 | 9 |
2 files changed, 686 insertions, 0 deletions
diff --git a/templates/etc/rabbitmq/rabbitmq.config b/templates/etc/rabbitmq/rabbitmq.config new file mode 100644 index 0000000..221da01 --- /dev/null +++ b/templates/etc/rabbitmq/rabbitmq.config | |||
@@ -0,0 +1,677 @@ | |||
1 | %% -*- mode: erlang -*- | ||
2 | %% ---------------------------------------------------------------------------- | ||
3 | %% RabbitMQ Sample Configuration File. | ||
4 | %% | ||
5 | %% See http://www.rabbitmq.com/configure.html for details. | ||
6 | %% ---------------------------------------------------------------------------- | ||
7 | [ | ||
8 | {rabbit, | ||
9 | [%% | ||
10 | %% Network Connectivity | ||
11 | %% ==================== | ||
12 | %% | ||
13 | |||
14 | %% By default, RabbitMQ will listen on all interfaces, using | ||
15 | %% the standard (reserved) AMQP port. | ||
16 | %% | ||
17 | %% {tcp_listeners, [5672]}, | ||
18 | |||
19 | %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. | ||
20 | %% For example, to listen only on localhost for both IPv4 and IPv6: | ||
21 | %% | ||
22 | %% {tcp_listeners, [{"127.0.0.1", 5672}, | ||
23 | %% {"::1", 5672}]}, | ||
24 | |||
25 | %% SSL listeners are configured in the same fashion as TCP listeners, | ||
26 | %% including the option to control the choice of interface. | ||
27 | %% | ||
28 | %% {ssl_listeners, [5671]}, | ||
29 | |||
30 | %% Number of Erlang processes that will accept connections for the TCP | ||
31 | %% and SSL listeners. | ||
32 | %% | ||
33 | %% {num_tcp_acceptors, 10}, | ||
34 | %% {num_ssl_acceptors, 1}, | ||
35 | |||
36 | %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection | ||
37 | %% and SSL handshake), in milliseconds. | ||
38 | %% | ||
39 | %% {handshake_timeout, 10000}, | ||
40 | |||
41 | %% Log levels (currently just used for connection logging). | ||
42 | %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing | ||
43 | %% order of verbosity. Defaults to 'info'. | ||
44 | %% | ||
45 | %% {log_levels, [{connection, info}, {channel, info}]}, | ||
46 | |||
47 | %% Set to 'true' to perform reverse DNS lookups when accepting a | ||
48 | %% connection. Hostnames will then be shown instead of IP addresses | ||
49 | %% in rabbitmqctl and the management plugin. | ||
50 | %% | ||
51 | %% {reverse_dns_lookups, true}, | ||
52 | |||
53 | %% | ||
54 | %% Security / AAA | ||
55 | %% ============== | ||
56 | %% | ||
57 | |||
58 | %% The default "guest" user is only permitted to access the server | ||
59 | %% via a loopback interface (e.g. localhost). | ||
60 | %% {loopback_users, [<<"guest">>]}, | ||
61 | %% | ||
62 | %% Uncomment the following line if you want to allow access to the | ||
63 | %% guest user from anywhere on the network. | ||
64 | %% {loopback_users, []}, | ||
65 | |||
66 | %% Configuring SSL. | ||
67 | %% See http://www.rabbitmq.com/ssl.html for full documentation. | ||
68 | %% | ||
69 | %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, | ||
70 | %% {certfile, "/path/to/server/cert.pem"}, | ||
71 | %% {keyfile, "/path/to/server/key.pem"}, | ||
72 | %% {verify, verify_peer}, | ||
73 | %% {fail_if_no_peer_cert, false}]}, | ||
74 | |||
75 | %% Choose the available SASL mechanism(s) to expose. | ||
76 | %% The two default (built in) mechanisms are 'PLAIN' and | ||
77 | %% 'AMQPLAIN'. Additional mechanisms can be added via | ||
78 | %% plugins. | ||
79 | %% | ||
80 | %% See http://www.rabbitmq.com/authentication.html for more details. | ||
81 | %% | ||
82 | %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, | ||
83 | |||
84 | %% Select an authentication database to use. RabbitMQ comes bundled | ||
85 | %% with a built-in auth-database, based on mnesia. | ||
86 | %% | ||
87 | %% {auth_backends, [rabbit_auth_backend_internal]}, | ||
88 | |||
89 | %% Configurations supporting the rabbitmq_auth_mechanism_ssl and | ||
90 | %% rabbitmq_auth_backend_ldap plugins. | ||
91 | %% | ||
92 | %% NB: These options require that the relevant plugin is enabled. | ||
93 | %% See http://www.rabbitmq.com/plugins.html for further details. | ||
94 | |||
95 | %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to | ||
96 | %% authenticate a user based on the client's SSL certificate. | ||
97 | %% | ||
98 | %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms | ||
99 | %% list with the entry 'EXTERNAL'. | ||
100 | %% | ||
101 | %% {auth_mechanisms, ['EXTERNAL']}, | ||
102 | |||
103 | %% The rabbitmq_auth_backend_ldap plugin allows the broker to | ||
104 | %% perform authentication and authorisation by deferring to an | ||
105 | %% external LDAP server. | ||
106 | %% | ||
107 | %% For more information about configuring the LDAP backend, see | ||
108 | %% http://www.rabbitmq.com/ldap.html. | ||
109 | %% | ||
110 | %% Enable the LDAP auth backend by adding to or replacing the | ||
111 | %% auth_backends entry: | ||
112 | %% | ||
113 | %% {auth_backends, [rabbit_auth_backend_ldap]}, | ||
114 | |||
115 | %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and | ||
116 | %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp | ||
117 | %% configuration section later in this file and the README in | ||
118 | %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further | ||
119 | %% details. | ||
120 | %% | ||
121 | %% To use the SSL cert's CN instead of its DN as the username | ||
122 | %% | ||
123 | %% {ssl_cert_login_from, common_name}, | ||
124 | |||
125 | %% SSL handshake timeout, in milliseconds. | ||
126 | %% | ||
127 | %% {ssl_handshake_timeout, 5000}, | ||
128 | |||
129 | %% Password hashing implementation. Will only affect newly | ||
130 | %% created users. To recalculate hash for an existing user | ||
131 | %% it's necessary to update her password. | ||
132 | %% | ||
133 | %% {password_hashing_module, rabbit_password_hashing_sha256}, | ||
134 | |||
135 | %% Configuration entry encryption. | ||
136 | %% See http://www.rabbitmq.com/configure.html#configuration-encryption | ||
137 | %% | ||
138 | %% To specify the passphrase in the configuration file: | ||
139 | %% | ||
140 | %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} | ||
141 | %% | ||
142 | %% To specify the passphrase in an external file: | ||
143 | %% | ||
144 | %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} | ||
145 | %% | ||
146 | %% To make the broker request the passphrase when it starts: | ||
147 | %% | ||
148 | %% {config_entry_decoder, [{passphrase, prompt}]} | ||
149 | %% | ||
150 | %% To change encryption settings: | ||
151 | %% | ||
152 | %% {config_entry_decoder, [{cipher, aes_cbc256}, | ||
153 | %% {hash, sha512}, | ||
154 | %% {iterations, 1000}]} | ||
155 | |||
156 | %% | ||
157 | %% Default User / VHost | ||
158 | %% ==================== | ||
159 | %% | ||
160 | |||
161 | %% On first start RabbitMQ will create a vhost and a user. These | ||
162 | %% config items control what gets created. See | ||
163 | %% http://www.rabbitmq.com/access-control.html for further | ||
164 | %% information about vhosts and access control. | ||
165 | %% | ||
166 | %% {default_vhost, <<"/">>}, | ||
167 | %% {default_user, <<"guest">>}, | ||
168 | %% {default_pass, <<"guest">>}, | ||
169 | %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, | ||
170 | |||
171 | %% Tags for default user | ||
172 | %% | ||
173 | %% For more details about tags, see the documentation for the | ||
174 | %% Management Plugin at http://www.rabbitmq.com/management.html. | ||
175 | %% | ||
176 | %% {default_user_tags, [administrator]}, | ||
177 | |||
178 | %% | ||
179 | %% Additional network and protocol related configuration | ||
180 | %% ===================================================== | ||
181 | %% | ||
182 | |||
183 | %% Set the default AMQP heartbeat delay (in seconds). | ||
184 | %% | ||
185 | %% {heartbeat, 60}, | ||
186 | |||
187 | %% Set the max permissible size of an AMQP frame (in bytes). | ||
188 | %% | ||
189 | %% {frame_max, 131072}, | ||
190 | |||
191 | %% Set the max frame size the server will accept before connection | ||
192 | %% tuning occurs | ||
193 | %% | ||
194 | %% {initial_frame_max, 4096}, | ||
195 | |||
196 | %% Set the max permissible number of channels per connection. | ||
197 | %% 0 means "no limit". | ||
198 | %% | ||
199 | %% {channel_max, 128}, | ||
200 | |||
201 | %% Customising Socket Options. | ||
202 | %% | ||
203 | %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for | ||
204 | %% further documentation. | ||
205 | %% | ||
206 | %% {tcp_listen_options, [{backlog, 128}, | ||
207 | %% {nodelay, true}, | ||
208 | %% {exit_on_close, false}]}, | ||
209 | |||
210 | %% | ||
211 | %% Resource Limits & Flow Control | ||
212 | %% ============================== | ||
213 | %% | ||
214 | %% See http://www.rabbitmq.com/memory.html for full details. | ||
215 | |||
216 | %% Memory-based Flow Control threshold. | ||
217 | %% | ||
218 | %% {vm_memory_high_watermark, 0.4}, | ||
219 | |||
220 | %% Alternatively, we can set a limit (in bytes) of RAM used by the node. | ||
221 | %% | ||
222 | %% {vm_memory_high_watermark, {absolute, 1073741824}}, | ||
223 | %% | ||
224 | %% Or you can set absolute value using memory units. | ||
225 | %% | ||
226 | %% {vm_memory_high_watermark, {absolute, "1024M"}}, | ||
227 | %% | ||
228 | %% Supported units suffixes: | ||
229 | %% | ||
230 | %% k, kiB: kibibytes (2^10 bytes) | ||
231 | %% M, MiB: mebibytes (2^20) | ||
232 | %% G, GiB: gibibytes (2^30) | ||
233 | %% kB: kilobytes (10^3) | ||
234 | %% MB: megabytes (10^6) | ||
235 | %% GB: gigabytes (10^9) | ||
236 | |||
237 | %% Fraction of the high watermark limit at which queues start to | ||
238 | %% page message out to disc in order to free up memory. | ||
239 | %% | ||
240 | %% Values greater than 0.9 can be dangerous and should be used carefully. | ||
241 | %% | ||
242 | %% {vm_memory_high_watermark_paging_ratio, 0.5}, | ||
243 | |||
244 | %% Interval (in milliseconds) at which we perform the check of the memory | ||
245 | %% levels against the watermarks. | ||
246 | %% | ||
247 | %% {memory_monitor_interval, 2500}, | ||
248 | |||
249 | %% Set disk free limit (in bytes). Once free disk space reaches this | ||
250 | %% lower bound, a disk alarm will be set - see the documentation | ||
251 | %% listed above for more details. | ||
252 | %% | ||
253 | %% {disk_free_limit, 50000000}, | ||
254 | %% | ||
255 | %% Or you can set it using memory units (same as in vm_memory_high_watermark) | ||
256 | %% {disk_free_limit, "50MB"}, | ||
257 | %% {disk_free_limit, "50000kB"}, | ||
258 | %% {disk_free_limit, "2GB"}, | ||
259 | |||
260 | %% Alternatively, we can set a limit relative to total available RAM. | ||
261 | %% | ||
262 | %% Values lower than 1.0 can be dangerous and should be used carefully. | ||
263 | %% {disk_free_limit, {mem_relative, 2.0}}, | ||
264 | |||
265 | %% | ||
266 | %% Misc/Advanced Options | ||
267 | %% ===================== | ||
268 | %% | ||
269 | %% NB: Change these only if you understand what you are doing! | ||
270 | %% | ||
271 | |||
272 | %% To announce custom properties to clients on connection: | ||
273 | %% | ||
274 | %% {server_properties, []}, | ||
275 | |||
276 | %% How to respond to cluster partitions. | ||
277 | %% See http://www.rabbitmq.com/partitions.html for further details. | ||
278 | %% | ||
279 | %% {cluster_partition_handling, ignore}, | ||
280 | |||
281 | %% Make clustering happen *automatically* at startup - only applied | ||
282 | %% to nodes that have just been reset or started for the first time. | ||
283 | %% See http://www.rabbitmq.com/clustering.html#auto-config for | ||
284 | %% further details. | ||
285 | %% | ||
286 | %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, | ||
287 | |||
288 | %% Interval (in milliseconds) at which we send keepalive messages | ||
289 | %% to other cluster members. Note that this is not the same thing | ||
290 | %% as net_ticktime; missed keepalive messages will not cause nodes | ||
291 | %% to be considered down. | ||
292 | %% | ||
293 | %% {cluster_keepalive_interval, 10000}, | ||
294 | |||
295 | %% Set (internal) statistics collection granularity. | ||
296 | %% | ||
297 | %% {collect_statistics, none}, | ||
298 | |||
299 | %% Statistics collection interval (in milliseconds). | ||
300 | %% | ||
301 | %% {collect_statistics_interval, 5000}, | ||
302 | |||
303 | %% Explicitly enable/disable hipe compilation. | ||
304 | %% | ||
305 | %% {hipe_compile, true}, | ||
306 | |||
307 | %% Number of times to retry while waiting for Mnesia tables in a cluster to | ||
308 | %% become available. | ||
309 | %% | ||
310 | %% {mnesia_table_loading_retry_limit, 10}, | ||
311 | |||
312 | %% Time to wait per retry for Mnesia tables in a cluster to become | ||
313 | %% available. | ||
314 | %% | ||
315 | %% {mnesia_table_loading_retry_timeout, 30000}, | ||
316 | |||
317 | %% Size in bytes below which to embed messages in the queue index. See | ||
318 | %% http://www.rabbitmq.com/persistence-conf.html | ||
319 | %% | ||
320 | %% {queue_index_embed_msgs_below, 4096}, | ||
321 | |||
322 | %% Whether or not to enable background GC. | ||
323 | %% | ||
324 | %% {background_gc_enabled, true}, | ||
325 | %% | ||
326 | %% Interval (in milliseconds) at which we run background GC. | ||
327 | %% | ||
328 | %% {background_gc_target_interval, 60000} | ||
329 | |||
330 | ]}, | ||
331 | |||
332 | %% ---------------------------------------------------------------------------- | ||
333 | %% Advanced Erlang Networking/Clustering Options. | ||
334 | %% | ||
335 | %% See http://www.rabbitmq.com/clustering.html for details | ||
336 | %% ---------------------------------------------------------------------------- | ||
337 | {kernel, | ||
338 | [%% Sets the net_kernel tick time. | ||
339 | %% Please see http://erlang.org/doc/man/kernel_app.html and | ||
340 | %% http://www.rabbitmq.com/nettick.html for further details. | ||
341 | %% | ||
342 | %% {net_ticktime, 60} | ||
343 | ]}, | ||
344 | |||
345 | %% ---------------------------------------------------------------------------- | ||
346 | %% RabbitMQ Management Plugin | ||
347 | %% | ||
348 | %% See http://www.rabbitmq.com/management.html for details | ||
349 | %% ---------------------------------------------------------------------------- | ||
350 | |||
351 | {rabbitmq_management, | ||
352 | [%% Pre-Load schema definitions from the following JSON file. See | ||
353 | %% http://www.rabbitmq.com/management.html#load-definitions | ||
354 | %% | ||
355 | %% {load_definitions, "/path/to/schema.json"}, | ||
356 | |||
357 | %% Log all requests to the management HTTP API to a file. | ||
358 | %% | ||
359 | %% {http_log_dir, "/path/to/access.log"}, | ||
360 | |||
361 | %% Change the port on which the HTTP listener listens, | ||
362 | %% specifying an interface for the web server to bind to. | ||
363 | %% Also set the listener to use SSL and provide SSL options. | ||
364 | %% | ||
365 | %% {listener, [{port, 12345}, | ||
366 | %% {ip, "127.0.0.1"}, | ||
367 | %% {ssl, true}, | ||
368 | %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, | ||
369 | %% {certfile, "/path/to/cert.pem"}, | ||
370 | %% {keyfile, "/path/to/key.pem"}]}]}, | ||
371 | |||
372 | %% One of 'basic', 'detailed' or 'none'. See | ||
373 | %% http://www.rabbitmq.com/management.html#fine-stats for more details. | ||
374 | %% {rates_mode, basic}, | ||
375 | |||
376 | %% Configure how long aggregated data (such as message rates and queue | ||
377 | %% lengths) is retained. Please read the plugin's documentation in | ||
378 | %% http://www.rabbitmq.com/management.html#configuration for more | ||
379 | %% details. | ||
380 | %% | ||
381 | %% {sample_retention_policies, | ||
382 | %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, | ||
383 | %% {basic, [{60, 5}, {3600, 60}]}, | ||
384 | %% {detailed, [{10, 5}]}]} | ||
385 | ]}, | ||
386 | |||
387 | %% ---------------------------------------------------------------------------- | ||
388 | %% RabbitMQ Shovel Plugin | ||
389 | %% | ||
390 | %% See http://www.rabbitmq.com/shovel.html for details | ||
391 | %% ---------------------------------------------------------------------------- | ||
392 | |||
393 | {rabbitmq_shovel, | ||
394 | [{shovels, | ||
395 | [%% A named shovel worker. | ||
396 | %% {my_first_shovel, | ||
397 | %% [ | ||
398 | |||
399 | %% List the source broker(s) from which to consume. | ||
400 | %% | ||
401 | %% {sources, | ||
402 | %% [%% URI(s) and pre-declarations for all source broker(s). | ||
403 | %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, | ||
404 | %% {declarations, []} | ||
405 | %% ]}, | ||
406 | |||
407 | %% List the destination broker(s) to publish to. | ||
408 | %% {destinations, | ||
409 | %% [%% A singular version of the 'brokers' element. | ||
410 | %% {broker, "amqp://"}, | ||
411 | %% {declarations, []} | ||
412 | %% ]}, | ||
413 | |||
414 | %% Name of the queue to shovel messages from. | ||
415 | %% | ||
416 | %% {queue, <<"your-queue-name-goes-here">>}, | ||
417 | |||
418 | %% Optional prefetch count. | ||
419 | %% | ||
420 | %% {prefetch_count, 10}, | ||
421 | |||
422 | %% when to acknowledge messages: | ||
423 | %% - no_ack: never (auto) | ||
424 | %% - on_publish: after each message is republished | ||
425 | %% - on_confirm: when the destination broker confirms receipt | ||
426 | %% | ||
427 | %% {ack_mode, on_confirm}, | ||
428 | |||
429 | %% Overwrite fields of the outbound basic.publish. | ||
430 | %% | ||
431 | %% {publish_fields, [{exchange, <<"my_exchange">>}, | ||
432 | %% {routing_key, <<"from_shovel">>}]}, | ||
433 | |||
434 | %% Static list of basic.properties to set on re-publication. | ||
435 | %% | ||
436 | %% {publish_properties, [{delivery_mode, 2}]}, | ||
437 | |||
438 | %% The number of seconds to wait before attempting to | ||
439 | %% reconnect in the event of a connection failure. | ||
440 | %% | ||
441 | %% {reconnect_delay, 2.5} | ||
442 | |||
443 | %% ]} %% End of my_first_shovel | ||
444 | ]} | ||
445 | %% Rather than specifying some values per-shovel, you can specify | ||
446 | %% them for all shovels here. | ||
447 | %% | ||
448 | %% {defaults, [{prefetch_count, 0}, | ||
449 | %% {ack_mode, on_confirm}, | ||
450 | %% {publish_fields, []}, | ||
451 | %% {publish_properties, [{delivery_mode, 2}]}, | ||
452 | %% {reconnect_delay, 2.5}]} | ||
453 | ]}, | ||
454 | |||
455 | %% ---------------------------------------------------------------------------- | ||
456 | %% RabbitMQ Stomp Adapter | ||
457 | %% | ||
458 | %% See http://www.rabbitmq.com/stomp.html for details | ||
459 | %% ---------------------------------------------------------------------------- | ||
460 | |||
461 | {rabbitmq_stomp, | ||
462 | [%% Network Configuration - the format is generally the same as for the broker | ||
463 | |||
464 | %% Listen only on localhost (ipv4 & ipv6) on a specific port. | ||
465 | %% {tcp_listeners, [{"127.0.0.1", 61613}, | ||
466 | %% {"::1", 61613}]}, | ||
467 | |||
468 | %% Listen for SSL connections on a specific port. | ||
469 | %% {ssl_listeners, [61614]}, | ||
470 | |||
471 | %% Number of Erlang processes that will accept connections for the TCP | ||
472 | %% and SSL listeners. | ||
473 | %% | ||
474 | %% {num_tcp_acceptors, 10}, | ||
475 | %% {num_ssl_acceptors, 1}, | ||
476 | |||
477 | %% Additional SSL options | ||
478 | |||
479 | %% Extract a name from the client's certificate when using SSL. | ||
480 | %% | ||
481 | %% {ssl_cert_login, true}, | ||
482 | |||
483 | %% Set a default user name and password. This is used as the default login | ||
484 | %% whenever a CONNECT frame omits the login and passcode headers. | ||
485 | %% | ||
486 | %% Please note that setting this will allow clients to connect without | ||
487 | %% authenticating! | ||
488 | %% | ||
489 | %% {default_user, [{login, "guest"}, | ||
490 | %% {passcode, "guest"}]}, | ||
491 | |||
492 | %% If a default user is configured, or you have configured use SSL client | ||
493 | %% certificate based authentication, you can choose to allow clients to | ||
494 | %% omit the CONNECT frame entirely. If set to true, the client is | ||
495 | %% automatically connected as the default user or user supplied in the | ||
496 | %% SSL certificate whenever the first frame sent on a session is not a | ||
497 | %% CONNECT frame. | ||
498 | %% | ||
499 | %% {implicit_connect, true} | ||
500 | ]}, | ||
501 | |||
502 | %% ---------------------------------------------------------------------------- | ||
503 | %% RabbitMQ MQTT Adapter | ||
504 | %% | ||
505 | %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md | ||
506 | %% for details | ||
507 | %% ---------------------------------------------------------------------------- | ||
508 | |||
509 | {rabbitmq_mqtt, | ||
510 | [%% Set the default user name and password. Will be used as the default login | ||
511 | %% if a connecting client provides no other login details. | ||
512 | %% | ||
513 | %% Please note that setting this will allow clients to connect without | ||
514 | %% authenticating! | ||
515 | %% | ||
516 | %% {default_user, <<"guest">>}, | ||
517 | %% {default_pass, <<"guest">>}, | ||
518 | |||
519 | %% Enable anonymous access. If this is set to false, clients MUST provide | ||
520 | %% login information in order to connect. See the default_user/default_pass | ||
521 | %% configuration elements for managing logins without authentication. | ||
522 | %% | ||
523 | %% {allow_anonymous, true}, | ||
524 | |||
525 | %% If you have multiple chosts, specify the one to which the | ||
526 | %% adapter connects. | ||
527 | %% | ||
528 | %% {vhost, <<"/">>}, | ||
529 | |||
530 | %% Specify the exchange to which messages from MQTT clients are published. | ||
531 | %% | ||
532 | %% {exchange, <<"amq.topic">>}, | ||
533 | |||
534 | %% Specify TTL (time to live) to control the lifetime of non-clean sessions. | ||
535 | %% | ||
536 | %% {subscription_ttl, 1800000}, | ||
537 | |||
538 | %% Set the prefetch count (governing the maximum number of unacknowledged | ||
539 | %% messages that will be delivered). | ||
540 | %% | ||
541 | %% {prefetch, 10}, | ||
542 | |||
543 | %% TCP/SSL Configuration (as per the broker configuration). | ||
544 | %% | ||
545 | %% {tcp_listeners, [1883]}, | ||
546 | %% {ssl_listeners, []}, | ||
547 | |||
548 | %% Number of Erlang processes that will accept connections for the TCP | ||
549 | %% and SSL listeners. | ||
550 | %% | ||
551 | %% {num_tcp_acceptors, 10}, | ||
552 | %% {num_ssl_acceptors, 1}, | ||
553 | |||
554 | %% TCP/Socket options (as per the broker configuration). | ||
555 | %% | ||
556 | %% {tcp_listen_options, [{backlog, 128}, | ||
557 | %% {nodelay, true}]} | ||
558 | ]}, | ||
559 | |||
560 | %% ---------------------------------------------------------------------------- | ||
561 | %% RabbitMQ AMQP 1.0 Support | ||
562 | %% | ||
563 | %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md | ||
564 | %% for details | ||
565 | %% ---------------------------------------------------------------------------- | ||
566 | |||
567 | {rabbitmq_amqp1_0, | ||
568 | [%% Connections that are not authenticated with SASL will connect as this | ||
569 | %% account. See the README for more information. | ||
570 | %% | ||
571 | %% Please note that setting this will allow clients to connect without | ||
572 | %% authenticating! | ||
573 | %% | ||
574 | %% {default_user, "guest"}, | ||
575 | |||
576 | %% Enable protocol strict mode. See the README for more information. | ||
577 | %% | ||
578 | %% {protocol_strict_mode, false} | ||
579 | ]}, | ||
580 | |||
581 | %% ---------------------------------------------------------------------------- | ||
582 | %% RabbitMQ LDAP Plugin | ||
583 | %% | ||
584 | %% See http://www.rabbitmq.com/ldap.html for details. | ||
585 | %% | ||
586 | %% ---------------------------------------------------------------------------- | ||
587 | |||
588 | {rabbitmq_auth_backend_ldap, | ||
589 | [%% | ||
590 | %% Connecting to the LDAP server(s) | ||
591 | %% ================================ | ||
592 | %% | ||
593 | |||
594 | %% Specify servers to bind to. You *must* set this in order for the plugin | ||
595 | %% to work properly. | ||
596 | %% | ||
597 | %% {servers, ["your-server-name-goes-here"]}, | ||
598 | |||
599 | %% Connect to the LDAP server using SSL | ||
600 | %% | ||
601 | %% {use_ssl, false}, | ||
602 | |||
603 | %% Specify the LDAP port to connect to | ||
604 | %% | ||
605 | %% {port, 389}, | ||
606 | |||
607 | %% LDAP connection timeout, in milliseconds or 'infinity' | ||
608 | %% | ||
609 | %% {timeout, infinity}, | ||
610 | |||
611 | %% Enable logging of LDAP queries. | ||
612 | %% One of | ||
613 | %% - false (no logging is performed) | ||
614 | %% - true (verbose logging of the logic used by the plugin) | ||
615 | %% - network (as true, but additionally logs LDAP network traffic) | ||
616 | %% | ||
617 | %% Defaults to false. | ||
618 | %% | ||
619 | %% {log, false}, | ||
620 | |||
621 | %% | ||
622 | %% Authentication | ||
623 | %% ============== | ||
624 | %% | ||
625 | |||
626 | %% Pattern to convert the username given through AMQP to a DN before | ||
627 | %% binding | ||
628 | %% | ||
629 | %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, | ||
630 | |||
631 | %% Alternatively, you can convert a username to a Distinguished | ||
632 | %% Name via an LDAP lookup after binding. See the documentation for | ||
633 | %% full details. | ||
634 | |||
635 | %% When converting a username to a dn via a lookup, set these to | ||
636 | %% the name of the attribute that represents the user name, and the | ||
637 | %% base DN for the lookup query. | ||
638 | %% | ||
639 | %% {dn_lookup_attribute, "userPrincipalName"}, | ||
640 | %% {dn_lookup_base, "DC=gopivotal,DC=com"}, | ||
641 | |||
642 | %% Controls how to bind for authorisation queries and also to | ||
643 | %% retrieve the details of users logging in without presenting a | ||
644 | %% password (e.g., SASL EXTERNAL). | ||
645 | %% One of | ||
646 | %% - as_user (to bind as the authenticated user - requires a password) | ||
647 | %% - anon (to bind anonymously) | ||
648 | %% - {UserDN, Password} (to bind with a specified user name and password) | ||
649 | %% | ||
650 | %% Defaults to 'as_user'. | ||
651 | %% | ||
652 | %% {other_bind, as_user}, | ||
653 | |||
654 | %% | ||
655 | %% Authorisation | ||
656 | %% ============= | ||
657 | %% | ||
658 | |||
659 | %% The LDAP plugin can perform a variety of queries against your | ||
660 | %% LDAP server to determine questions of authorisation. See | ||
661 | %% http://www.rabbitmq.com/ldap.html#authorisation for more | ||
662 | %% information. | ||
663 | |||
664 | %% Set the query to use when determining vhost access | ||
665 | %% | ||
666 | %% {vhost_access_query, {in_group, | ||
667 | %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, | ||
668 | |||
669 | %% Set the query to use when determining resource (e.g., queue) access | ||
670 | %% | ||
671 | %% {resource_access_query, {constant, true}}, | ||
672 | |||
673 | %% Set queries to determine which tags a user has | ||
674 | %% | ||
675 | %% {tag_queries, []} | ||
676 | ]} | ||
677 | ]. | ||
diff --git a/templates/etc/rabbitmq/rabbitmq.config.j2 b/templates/etc/rabbitmq/rabbitmq.config.j2 new file mode 100644 index 0000000..97ae132 --- /dev/null +++ b/templates/etc/rabbitmq/rabbitmq.config.j2 | |||
@@ -0,0 +1,9 @@ | |||
1 | [ | ||
2 | {rabbit, [ | ||
3 | {% if rabbitmq_listeners is not defined %} | ||
4 | {tcp_listeners, [{{ rabbitmq_listen_port }}]} | ||
5 | {% elif rabbitmq_listeners is defined %} | ||
6 | {tcp_listeners, [{% for item in rabbitmq_listeners %}{"{{ item }}", {{ rabbitmq_listen_port }}}{% if not loop.last %}, {% endif %}{% endfor %}]} | ||
7 | {% endif %} | ||
8 | ]} | ||
9 | ]. | ||