We are using rabbitmq 3.6.9 version install on a single linux box. As part of the client security vulnerability check following concerns are raised for rabbitmq server.
Can anyone please guide us on resolving the following vulnerabilities.
DOM-based Cross Site Scripting Vulnerability (http-client-side-xss)
jQuery Vulnerability: CVE-2012-6708 (jquery-cve-2012-6708)
jQuery Vulnerability: CVE-2014-6071 (jquery-cve-2014-6071)
Kindly provide your inputs.
RabbitMQ 3.6.9 is over two years old!
It makes absolutely no sense to run security checks on old software!
You should be using RabbitMQ 3.8.0 or 3.7.19.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Related
We have an framework 3.5 app that needs to interact with some RabbitMQ queues
RabbitMQ's .net client 3.4.3 does support framework 3.5, however is quite old, and I want to known if this version of the client can work out as a consumer for RabbitMQ newests versions
Does anyone knows?
Yes, the 3.4.3 .NET client should work with current RabbitMQ versions. The AMQP protocol has not changed.
The easiest way to verify is to try it out yourself, or, check out the .NET client code at that version and run the tests yourself.
https://github.com/rabbitmq/rabbitmq-dotnet-client/tree/rabbitmq_v3_4_3
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Does anyone successfully replace HornetQ by RabbitMQ in Wildfly 8?
I'm trying to use our enterprise messaging system and extract the logic of messaging from our base app server to separate the concern between messaging and our core product.
I looked on the web and did not find anything useful as how to change the standalone.xml
Any help, even if the answer is - it is not possible - would be great.
Thank you
My bounty is about to expire and I don't see help until now. So, I am answering as per my experience.
From question:
Any help, even if the answer is - it is not possible - would be great.
Don't know, but we don't need to do that. I have found a work around for that.
Answer is RUN RABBITMQ's OWN SERVER
I followed this link to install it on ubuntu server. Then I read these awesome and simple tutorials. Those six tutorials were great base to start with.
I am now integrating the project with my Java EE project which runs on Wildfly 9 server.
Best of luck to anyone who ends up here. Any constructive edits and answers are welcomed.
What is the impact on existing code to migrate from WebSphere MQ V6 to V7?
Can we make simply the change?
Like all good questions, the answer here is "it depends."
First of all, don't go to v7.0, go to V7.1 at least, better yet to V7.5.
Using client or bindings mode connections? You can upgrade the QMgr without touching a client-based app in most cases. Any version of WMQ client can talk to any version of WMQ server, however its best not to leave apps on an unsupported version of WMQ client. Of course, the app running on the old client won't get the new function such as automatic reconnect or performance improvements, even though the QMgr is at V7.5.
Using SSL? The SSLPEER element order changed and the commands to manage certificates changed. Good news, cert management is now performed with runmq*km commands living in the {mq install}/bin directory so you don't need to hunt down the GSKit directory and figure out whether to use gsk6*, gsk7* or gsk8* commands.
If you go from 32 to 64 bit, you may need to recompile programs or exits.
Correct settings for PATH, CLASSPATH and LIBPATH change across versions.
There's much more and it's well covered in the Infoceenter. Each Infocenter has a section on migration. Within that section, there's subsections by version and within those there are subsections by platform. Pick the target version of WMQ (that's V7.5, right? Say yes!) and and drill down. Start here:
Migration from V6.0 to V7.5
Migration from V6.0 to V7.1
Migration from V6.0 to V7.0
Many times, I get:
-Frozen, load goes to 5.0. Can't use my box.
-Just doesn't work.
Do following steps:
1.rabbitmq-plugins enable rabbitmq_management
2.service rabbitmq-server restart
3.browse to http://rabbitmq-server-ip:15672
4.login with
username: guest
password: guest
Dont forget to change your password later.
As sheki notes, rabbitmqctl is your first port of call for diagnostics, and for building monitoring on top of, but it's not suitable for actual monitoring directly being a manual command line.
I've found DataDog very good to monitor both the MQ details, plus the host platform in parallel. e.g. you can watch the queue levels and set alerts on queues backing-up, while also watching the CPU/memory/IO inflicted by these queue levels. It really helps to get ratios of resource usage, and the alerts are good. Having a uniform platform for both infrastructure and application level monitoring is surprisingly rare, but speeds up diagnoses of production issues hugely.
NewRelic is similar and also has a RabbitMQ plugin, although I've not used this plugin specifically, I've used NR for years and found it invaluable in diagnosing operational issues.
AppDynamics is another example. Similarly this allows you to drill down into your app from a high-level dashboard, and visually navigate from problems to causes. It's especially good with visualising the network of a distributed application across various services/servers. I've used this, for example, to find complex problems in .NET applications and SQL Server clusters using 3rd party Web Services (e.g. latency and its consequences to your app over chatty protocols). These things are very difficult to diagnose, especially for developers who are limited to checking their code. Diagnosing operational issues requires a much broader picture.
I gave up trying to even install and configure Nagios. I know it's the 'best' but it's the best of an old breed of self-configured beasts which we don't have time to manage. I didn't even get it going... and eventually turned to the more 'modern' cloud approach. Once you get over the trust factor, it's pretty liberating.
I'm using these APM platforms together* to aggregate data from:
Windows O/S level Event Logs/Services
Linux O/S level
AWS console level
RDS, EC2
Apache
MySQL
App integrations / custom NR plugins I've written
Rabbit MQ
*NewRelic can feed into Datadog! So if you are already using NR you don't need to install DD on those hosts as well.
Being able to view all these levels together gives you a view on the publishers, middleware, MQ servers, workers and front-end app - all in one dashboard.
I would highly recommend an approach like this, because just looking at one server alone leads you to a lot of head-scratching. Seeing an entire stack in one customisable dashboard is just so illuminating it takes most of the guesswork out of it.
Worried about installing these things? I found New Relic to be especially light-weight and unobtrusive. AppDynamics seemed to stress the host a bit more, but mostly that's because you had to run the visualisation tools on the host! (this may have changed). DataDog seems performant, but creates a lot of control panels/icons on the target host (perhaps just a visual impression).
To a four year old question - this answer probably wasn't available in 2011, but in 2015 these once 'startup' style APM services are just tens or hundred dollars a month for an unbelievably rich enterprise-level solution.
There are bunch of RabbitMQ monitoring plugins available for different monitoring systems like Nagios, Zabbix etc.
Look at http://www.rabbitmq.com/how.html#management
Using rabbitmqctl is the most straight forward solution to check the status of the node.
$ rabbitmqctl status
This should tell you the status of the RabbitMQ node.
If you have PRTG (or any probe system with a HTTP sensor check), you can check the server status described at the following page:
https://blog.cdemi.io/monitoring-rabbitmq-in-prtg/
In particular you have to
Enable Management Plugin
The rabbitmq-management plugin provides an HTTP-based API for management and monitoring of your RabbitMQ
server, along with a browser-based UI and a command line tool,
rabbitmqadmin. The management plugin is included in the RabbitMQ
distribution. To enable it, we need to run: rabbitmq-plugins enable
rabbitmq_management on the RabbitMQ nodes. For more details on the
Management plugin refer to RabbitMQ Documentation.
The web UI is located at: http://server-name:15672/ The HTTP API and
its documentation are both located at: http://server-name:15672/api/
Once done, you can check the overview of your server with the API:
http://server-name:15672/api/overview
Where you have a JSON with all details about the server, active connections, queues, etc.
This cmd will help you service rabbitmq-server status
OR try theseservice rabbitmq-server stop and service rabbitmq-server start then service rabbitmq-server status.
I'm looking at the repos and there are so many projects, not sure which are wrappers/clients and which is the actual project.
Is it Erlang?
Yes, it is Erlang. You can check this out by downloading the source for the server here:
http://www.rabbitmq.com/releases/rabbitmq-server/v2.3.1/
See Wikipedia: RabbitMQ
The RabbitMQ server is written in Erlang and is built on the Open Telecom Platform framework for clustering and failover.
The actual documentation/promo on http://rabbitmq.com is rather fluffy ;-)