Broker Security (RabbitMQ)
Cloudify uses RabbitMQ as its broker, and supports configurable security.
When installing the Cloudify Manager, RabbitMQ credentials can be provided in the configuration file before running
cfy_manager install or
cfy_manager configure. The default location of this configuration file is
It is suggested that you change the username to something other than the default. It is recommended that you use only upper and lower case letters and numbers for the username.
The username can be changed using the
rabbitmq.username setting in the configuration file.
It is recommended that you set the password to something strong that is known only to those who are authorized.
It is recommended that the password is comprised of only ASCII characters, excluding quotes, line feeds, and dollar signs, as these may cause the password to be set incorrectly during the installation.
The password can be changed using the
rabbitmq.password setting in the configuration file.
Communications with the broker is secured using SSL/TLS. The Cloudify Manager uses a CA certificate, which is deployed to the agents on managed compute nodes, and a server certificate (the “internal” certificate) that is used by RabbitMQ.
Those certificates can also be provided by the user using the
ssl_inputs setting in the configuration file. For more information about configuring the certificates, see the description in the article about Manager Architecture - Security
Cloudify agents require Python 2.7.9+ in order to connect to the RabbitMQ service on the manager using TLS 1.2 (recommended TLS version).
Cloudify agent for Windows is packed with Python 2.7.9 but will not install it if Python is already installed on the host.