When rotating a password, the code updates the password on the relation bag for the associated relation. However, if the username wasn't found in the relation data (e.g. if it was in app-data instead) then the code unfortunately overwrote the last key it looked at (and this was, randomly, private-address). This was due to a bug in the code. This patch fixes that problem. However, the charm (or at least certainly the rotating passwords code) doesn't support app data bags as it doesn't find the matching username to update the relation data. This means that it doesn't support rotating passwords with charms that use app-data. This is the note added to the README. Change-Id: I05dac3ae89318ceb28724f4a75d1377a62d32d1c Closes-Bug: #2051365
Overview
RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker.
The rabbitmq-server charm deploys RabbitMQ server and provides AMQP services to those charms that support the rabbitmq interface. The current list of such charms can be obtained from the Charm Store (the charms officially supported by the OpenStack Charms project are published by 'openstack-charmers').
NOTE: the charm doesn't officially support application data bags, and thus may not work correctly with them. See this bug for more details.
Usage
Configuration
This section covers common and/or important configuration options. See file
config.yaml
for the full list of options, along with their descriptions and
default values. See the Juju documentation for details
on configuring applications.
min-cluster-size
The min-cluster-size
option sets the number of rabbitmq-server units required
to form its cluster. It is best practice to use this option as doing so ensures
that the charm will wait until the cluster is up before accepting relations
from other client applications.
source
The source
option sets an alternate software source and can be passed during
or after deployment. The default behaviour is to use the Ubuntu package archive
for the underlying machine series. The most common value is a UCA cloud
pocket (e.g. 'cloud:bionic-train'). In the case of a non-OpenStack project,
there is no guarantee that a candidate will be found in the stated UCA pocket.
Note: Changing the value of this option post-deployment will trigger a software upgrade. See OpenStack upgrade in the OpenStack Charms Deployment Guide.
Deployment
To deploy a single rabbitmq-server unit:
juju deploy rabbitmq-server
To make use of AMQP services, simply add a relation between rabbitmq-server and an application that supports the rabbitmq interface. For instance:
juju add-relation rabbitmq-server:amqp nova-cloud-controller:amqp
Monitoring
To collect RabbitMQ metrics, add a relation between rabbitmq-server and
an application that supports the scrape
interface. For instance:
juju add-relation rabbitmq-server:scrape prometheus:scrape
Note: The scrape relation is only supported when the RabbitMQ version is >= 3.8.
The charm can be related to a dashboard charm like grafana to view visualization metrics:
juju add-relation rabbitmq-server:dashboards grafana:dashboards
To get alerts of RabbitMQ split-brain events, add a relation between rabbitmq-server and
an application that supports the prometheus-rules
interface. For instance:
juju add-relation rabbitmq-server:prometheus-rules prometheus:prometheus-rules
High availability
When more than one unit is deployed the charm will bring up a native RabbitMQ
HA active/active cluster. The min-cluster-size
option should be used (see
description above).
See Infrastructure high availability in the OpenStack Charms Deployment Guide for details.
TLS
Communication between the AMQP message queue and client services (OpenStack applications) can be TLS-encrypted. There are two methods for managing keys and certificates:
- with Vault
- manually (via charm options)
Vault can set up private keys and server certificates for an application. It also stores a central CA certificate for the cloud. See the vault charm for more information.
Vault is the recommended method and is what will be covered here.
The private key and server certificate (and its signing) are managed via a relation made to the vault application:
juju add-relation rabbitmq-server:certificates vault:certificates
Actions
This section lists Juju actions supported by the charm. Actions allow specific operations to be performed on a per-unit basis.
check-queues
cluster-status
complete-cluster-series-upgrade
list-unconsumed-queues
pause
resume
list-service-usernames
rotate-service-user-password
To display action descriptions run juju actions --schema rabbitmq-server
. If
the charm is not deployed then see file actions.yaml
.
Documentation
The OpenStack Charms project maintains two documentation guides:
- OpenStack Charm Guide: for project information, including development and support notes
- OpenStack Charms Deployment Guide: for charm usage information
Bugs
For general charm questions refer to the OpenStack Charm Guide.