Configure the VMware Cloud Director AMQP Service

The VMware Cloud Director AMQP service is used by system notifications, object extensions, and extension services. The system administrator can enable or disable this service and configure settings that the service uses when it sends notifications or messages generated by extensions.

AMQP, the Advanced Message Queuing Protocol, is an open standard for message queuing that supports flexible messaging for enterprise systems. VMware Cloud Director includes an AMQP service and defines a set of events that, when notifications are enabled, trigger publication of messages by this service.

By default, the VMware Cloud Director AMQP service sends unencrypted messages. You can configure the AMQP service to encrypt these messages by using SSL. You can also configure the service to verify the broker certificate by using the default JCEKS trust store of the Java runtime environment on the VMware Cloud Director cell, typically at $VCLOUD_HOME/jre/lib/security/cacerts.

To enable SSL with the VMware Cloud Director AMQP service:
  1. From the top navigation bar, select Administration.
  2. In the left panel, under Settings click Extensibility.
  3. Click Edit for the AMQP Broker section.
  4. Turn on the Use SSL toggle.
  5. Either turn on the Аccept all certificates toggle or provide one of the following:
  • An SSL certificate pathname
  • A JCEKS trust store pathname and password

For more information about AMQP, see http://www.amqp.org.

AMQP broker settings are established when you install and configure RabbitMQ or another AMQP broker to use with VMware Cloud Director. These values include the following items:

  • The fully qualified domain name of the RabbitMQ server host, for example amqp.example.com.
  • A user name and password that are valid for authenticating with RabbitMQ.
  • The port at which the broker listens for messages. The default is 5672.
  • The RabbitMQ virtual host. The default is "/".
Note: It is a good practice to test the AMQP settings before you change the configuration. See Test AMQP Settings.

Prerequisites

This operation is restricted to system administrators.

Procedure

  1. Retrieve the SystemSettings element.
  2. Examine the response to locate the link that you can use to retrieve the system's AmqpSettings element.
    This link has a rel attribute value of down and a type attribute value of application/vnd.vmware.admin.amqpSettings+xml, as shown here: 
    <Link href="https://vcloud.example.com/admin/extension/settings/amqp"
   rel="down"
   type="application/vnd.vmware.admin.amqpSettings+xml"/>
  3. Review or modify system AMQP settings.
    1. Retrieve the AmqpSettings element.
      Make a GET request to the href value of the application/vnd.vmware.admin.amqpSettings+xml link described in Step 2.
    2. Modify the contents of this element as necessary.
      See the schema reference for details of element contents.
    3. Update the modified element with the new contents.
      PUT the modified element to the href value of its rel="edit" link. See Update AMQP Settings

Example: Update AMQP Settings

This request modifies the AMQP settings for a cloud to require the use of SSL for AMQP connections. It also overrides the default value for AmqpPrefix, vcd, with a new value, myCloud.

Request: 
PUT https://vcloud.example.com/api/admin/extension/settings/amqp
Content-Type: application/vnd.vmware.admin.amqpSettings+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<AmqpSettings
   xmlns="http://www.vmware.com/vcloud/extension/v1.5">
   <AmqpHost />
   <AmqpPort>5672</AmqpPort>
   <AmqpUsername>guest</AmqpUsername>
   <AmqpPassword>Pa55w0rd</AmqpPassword>
   <AmqpExchange>systemExchange</AmqpExchange>
   <AmqpVHost>/</AmqpVHost>
   <AmqpUseSSL>true</AmqpUseSSL>
   <AmqpSslAcceptAll>false</vmext:AmqpSslAcceptAll>
   <AmqpPrefix>myCloud</vmext:AmqpPrefix>
</AmqpSettings>

The response includes information supplied in the request, and contains a number of Link elements inserted by the server. The value of AmqpPassword, which you must supply when you modify AmqpSettings (even if you are not changing its value), is never returned when you retrieve AmqpSettings.

Response: 
200 OK
Content-Type: application/vnd.vmware.admin.amqpSettings+xml
...
<AmqpSettings
   xmlns="http://www.vmware.com/vcloud/extension/v1.5"
   type="application/vnd.vmware.admin.amqpSettings+xml"
   href="https://vcloud.example.com/api/admin/extension/settings/amqp"
   ... >
   <vcloud:Link 
      rel="test" 
      type="application/vnd.vmware.admin.amqpSettingsTest+xml" 
      href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/test"/>
   <vcloud:Link
      rel="certificate:update"
      type="application/vnd.vmware.admin.certificateUpdateParams+xml"
      href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/updateAmqpCertificate" />
   <vcloud:Link
      rel="certificate:reset"
      href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/resetAmqpCertificate" />
   <vcloud:Link
      rel="truststore:update"
      type="application/vnd.vmware.admin.trustStoreUpdateParams+xml"
      href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/updateAmqpTruststore" />
   <vcloud:Link
      rel="truststore:reset"
      href="https://vcloud.example.com/api/admin/extension/settings/amqp/action/resetAmqpTruststore" />  
   <AmqpHost />
   <AmqpPort>5672</AmqpPort>
   <AmqpUsername>guest</AmqpUsername>
   <AmqpPassword />
   <AmqpExchange>systemExchange</AmqpExchange>
   <AmqpVHost>/</AmqpVHost>
   <AmqpUseSSL>true</AmqpUseSSL>
   <AmqpSslAcceptAll>false</vmext:AmqpSslAcceptAll>
   <AmqpPrefix>myCloud</vmext:AmqpPrefix>
</AmqpSettings>
Note: Link elements in the response are created by the server. See System Truststore Maintenance for information about using the action links in this section to manage the AMQP service SSL certificates and truststore. The system must have a valid AMQP certificate and truststore to use the secure sockets layer (https).