To simulate the scenario:
VM1 setup:
Deny inbound AMQP 5672 (NON-SSL) added to FW
VM1 initiate connection over AMQP to VM1 (advanced.config file) (uses outbound 5672 to VM2)
With two shovel in the advanced config
VM2 setup:
Allow inbound AMQP 5672 (NON-SSL) added to FW
Just listener with empty advanced config
Result:
We can send data to VM2 from VM1 and the other way around on two different queue and that is sufficent.
As long as we initiate the connection from VM1 where all the config is.
- FW open inbound 5672, (5671 if cert and SSL) to VM2 (reciever host)
- Add both the queue in management or programatically (i.e Python)
- Add a user mysuer, administrator vhost / on VM1, 2
- FW (sender host) open outbound 5672 (5671)
- Advanced config on VM2 is empty, advancec config on VM1 has all the configuration
VM1 shovel_get_remote_data recieve on queue11 where source is VM2 and destination is VM1
VM1 shovel_put_local_data publish on queue22 where source is VM1 and destination is VM2
Information before you proceeed.
- Durable exchanges survive broker restart
- Topic exchanges route messages to one or many queues based on matching between a message routing key and the pattern that was used to bind a queue to an exchange.
- Before a queue can be used it has to be declared. Declaring a queue will cause it to be created if it does not already exist.
- Bindings are rules that exchanges use (among other things) to route messages to queues.
- Queue is like your destination in New York city
- Exchange is like JFK airport
- Bindings are routes from JFK to your destination. There can be zero or many ways to reach it
ref:
https://www.rabbitmq.com/tutorials/amqp-concepts.html
Shovel with self signed VM2 Server TLS
- 1 VM1->VM2, VM1<-VM2 Shovel 5672, empty config and VM2 Inbound 5672, VM1 Outbound 5672
- 2 VM1->VM2, VM1<-VM2 Shovel 5672 and 5671, add tcp listener in advanced.config to VM2, inbound 5671 VM2, Out 5671
- 3 1 VM1->VM2, VM1<-VM2 Shovel 5671 for uris, or keep 5672 one one uri
- 4 SSL:
- 5 Make CA, sever, key, pass for VM2
- 6 VM2 edit advanced, now just 5672 tcp listner, 5671 edit to ssl listner
- 7 VM2 add cert config