The vCloud Director AMQP service is used by system notifications, object extensions, and extension services. The system administrator can enable or disable this service and configure settings that the service uses when it sends notifications or messages generated by extensions.
AMQP, the Advanced Message Queuing Protocol, is an open standard for message queuing that supports flexible messaging for enterprise systems. vCloud Director includes an AMQP service and defines a set of events that, when notifications are enabled, trigger publication of messages by this service.
By default, the vCloud Director AMQP service sends unencrypted messages. You can configure the AMQP service to encrypt these messages by using SSL. You can also configure the service to verify the broker certificate by using the default JCEKS trust store of the Java runtime environment on the vCloud Director cell, typically at $VCLOUD_HOME/jre/lib/security/cacerts.
To enable SSL with the vCloud Director AMQP service:
1 |
In the vCloud Director Web console, click the Administration tab, and click Extensibility. |
2 | |
3 | |
4 |
Either select the Аccept all certificates check box or provide one of the following: |
■
| |
■
|
For more information about AMQP, see http://www.amqp.org.
AMQP broker settings are established when you install and configure RabbitMQ or another AMQP broker to use with vCloud Director. These values include the following items:
It is a good practice to test the AMQP settings before you change the configuration. See Test AMQP Settings.
1 | |||||||
2 | Examine the response to locate the link that you can use to retrieve the system's AmqpSettings element. This link has a rel attribute value of down and a type attribute value of application/vnd.vmware.admin.amqpSettings+xml, as shown here: <Link href="https://vcloud.example.com/admin/extension/settings/amqp" rel="down" type="application/vnd.vmware.admin.amqpSettings+xml"/> | ||||||
3 | Review or modify system AMQP settings.
|
This request modifies the AMQP settings for a cloud to require the use of SSL for AMQP connections. It also overrides the default value for AmqpPrefix, vcd, with a new value, myCloud.
PUT https://vcloud.example.com/api/admin/extension/settings/amqp Content-Type: application/vnd.vmware.admin.amqpSettings+xml ... <?xml version="1.0" encoding="UTF-8"?> <AmqpSettings xmlns="http://www.vmware.com/vcloud/extension/v1.5"> <AmqpHost /> <AmqpPort>5672</AmqpPort> <AmqpUsername>guest</AmqpUsername> <AmqpPassword>Pa55w0rd</AmqpPassword> <AmqpExchange>systemExchange</AmqpExchange> <AmqpVHost>/</AmqpVHost> <AmqpUseSSL>true</AmqpUseSSL> <AmqpSslAcceptAll>false</vmext:AmqpSslAcceptAll> <AmqpPrefix>myCloud</vmext:AmqpPrefix> </AmqpSettings>
The response includes information supplied in the request, and contains a number of Link elements inserted by the server. The value of AmqpPassword, which you must supply when you modify AmqpSettings (even if you are not changing its value), is never returned when you retrieve AmqpSettings.
200 OK Content-Type: application/vnd.vmware.admin.amqpSettings+xml ... <AmqpSettings xmlns="http://www.vmware.com/vcloud/extension/v1.5" type="application/vnd.vmware.admin.amqpSettings+xml" href="https://vcloud.example.com/api/admin/extension/settings/amqp" ... > <vcloud:Link rel="test" type="application/vnd.vmware.admin.amqpSettingsTest+xml" href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/test"/> <vcloud:Link rel="certificate:update" type="application/vnd.vmware.admin.certificateUpdateParams+xml" href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/updateAmqpCertificate" /> <vcloud:Link rel="certificate:reset" href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/resetAmqpCertificate" /> <vcloud:Link rel="truststore:update" type="application/vnd.vmware.admin.trustStoreUpdateParams+xml" href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/updateAmqpTruststore" /> <vcloud:Link rel="truststore:reset" href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/resetAmqpTruststore" /> <AmqpHost /> <AmqpPort>5672</AmqpPort> <AmqpUsername>guest</AmqpUsername> <AmqpPassword /> <AmqpExchange>systemExchange</AmqpExchange> <AmqpVHost>/</AmqpVHost> <AmqpUseSSL>true</AmqpUseSSL> <AmqpSslAcceptAll>false</vmext:AmqpSslAcceptAll> <AmqpPrefix>myCloud</vmext:AmqpPrefix> </AmqpSettings>
Link elements in the response are created by the server. See System Truststore and Keytab Maintenance for information about using the action links in this section to manage the AMQP service SSL certificates and truststore. The system must have a valid AMQP certificate and truststore to use the secure sockets layer (https).