Installing RabbitMQ

This topic only applies to Secret Server On-Premises.

Overview

What is RabbitMQ?

RabbitMQ is a robust message queuing software package that Secret Server uses to communicate with its distributed engines. For detailed information about RabbitMQ, go to the RabbitMQ website.

Why Install It?

RabbitMQ is an enterprise-ready alternative to MemoryMQ. While MemoryMQ is sufficient for basic and prototyping installations, RabbitMQ is the preferred messaging framework when the need for greater reliability and clustering arises.

For the highest scalability and reliability, Delinea recommends using RabbitMQ. MemoryMQ is an easier but less capable alternative and can be used for trials and proof of concepts but should not be used for production environments. Two exceptions are very small deployments and customers that do not use open-source software for compliance reasons.

RabbitMQ and Encryption

All data sent from or read by Secret Server from RabbitMQ is encrypted. If you would like to add SSL despite the data already being encrypted, please follow the Advanced installation of RabbitMQ with TLS use case. Please note that Delinea Support can help with non-SSL installations. For SSL installation, configuration, troubleshooting, and RabbitMQ clustering, please contact Delinea Professional Services to learn more about our Professional Services rates.

Downloading Delinea's RabbitMQ Helper

Please go to Delinea RabbitMQ Helper to download the most recent version.

Prerequisites

Secret Server only supports RabbitMQ on Windows operating systems. Secret Server is incompatible with the RabbitMQ Federation plugin.

RabbitMQ requires:

General Requirements

  • Windows Server 2008 or higher with PowerShell v3 support.
  • Nodes hosting RabbitMQ need a minimum of 4 GB RAM.
  • Nodes hosting RabbitMQ should have at least 128 MB of memory available at all times.
  • Disk space is not an issue, but it should not go below 50 MB (default value), especially if you host RabbitMQ on the same server as Secret Server.
  • Minimum of 2 vCPUs. This is an absolute minimum otherwise installation fails without much useful feedback to troubleshoot. We strongly recommend 4 vCPUs or more.
  • Ports 5672 (non-SSL) or 5671 (SSL) opened on the machine and firewall.

SSL Certificate

  • A server certificate of the PFX type and a root authority certificate of the CER type.

  • The PFX certificate should have:

    • A name that matches the RabbitMQ Fully qualified machine name.
    • If you plan on making a RabbitMQ cluster, add DNS names (SANs) to your certificate.
    • Your certificate must be a RSA certificate. CNG is not supported and will cause the installation to fail.
  • If you do not have an internal PKI and prefer not to use a public certificate, you can use a self-signed certificate.

Delinea will not assist with creating or troubleshooting self-signed certificates.

Installation

Task 1: Secret Server

In the Secret Server UI:

  1. Navigate to Admin > Distributed Engine.

  2. Access the Site Connectors tab and select Add Site Connector:

  3. On the Add Site Connector page, select either RabbitMQ or MemoryMQ in the Queue Type drop-down list. If at least 3 RabbitMQ nodes have been set up in a clustering setup, choose MemoryMQ (see the Cluster section in the RabbitMQ Helper documentation for more information):

  4. Type a name for your new site connector in the Name text box.

  5. Select the Enabled check box.

  6. Type the host name of the machine where you plan to install RabbitMQ, in the Host Name text box.

    The Engines need to be able to resolve this host name or the connection will fail. Inbound firewall rules must be created on the machine that is hosting the connector as well.
  7. Type either port 5672 (non-SSL) or 5671 (SSL) in the Port text box.

  8. Click the Save button.

  9. After the site connector is created, click the site connector's link. The Site Connector Details will page appear:

  10. Select the View Credentials button to retrieve the automatically generated credentials. The Site Connector Credentials pop-up will appear:


    You can ignore the informational message that the connectivity has not been validated for now, as you will be doing so after you install RabbitMQ on the host you have selected.

  11. Select the copy icons for both the User Name and Password values, to copy and store them for use in the next section.

  12. Select the OK button.

Task 2: RabbitMQ Host

  1. Download the Delinea RabbitMQ Helper

  2. Install the Delinea RabbitMQ Helper by running the downloaded MSI.

  3. Review the supported installation scenarios.

  4. Navigate to the installation folder at: %PROGRAMFILES%\Thycotic Software Ltd\RabbitMq Helper

  5. Launch Delinea.RabbitMq.Helper.exe, which opens the Windows PowerShell application.

  6. Issue a cmdlet command from the scenario that applies to your need.

  7. After installation completes, the helper opens a Web browser to the RabbitMQ management console. There is no need to interact with the site at this time, so you can minimize or close the page for now.

  8. Return to Secret Server, and go to the site connector you created in the previous section.

  9. Click the site connector's link. The Site Connector Details page will appear.

  10. Select the Validate Connectivity button.

  11. If everything is set up correctly, you will see "Validation Succeeded."

    1. If you see "Validation Failed," do the following:

      1. Ensure the RabbitMQ Windows service is running.
      2. Check the logs found under C:\Program Files\Thycotic Software Ltd\RabbitMq Site Connector\log.
      3. Check the Secret Server system log for a full error report.

Troubleshooting

Please refer to RabbitMQ Helper.