Creating Users and Getting Connection Strings
To connect to IBM Cloud® Messages for RabbitMQ, you need some users and some connection strings. Connection Strings for your deployment are displayed on the Dashboard Overview, in the Endpoints panel.
You can also grab connection strings from the CLI and the API.
A Messages for RabbitMQ deployment is provisioned with an admin user, and after you set the admin password, you can use its credentials to connect to your deployment.
Credentials and Connection Strings for more users
Access to your Messages for RabbitMQ deployment is not limited to the root user. You can create users by using the Service Credentials panel, the IBM CLI, or through the IBM Cloud Databases API.
All users on your deployment can use the connection strings, including connection strings for either public or private endpoints.
Not all users get the same privileges regarding administering RabbitMQ. To read more about which users get what privileges see the Managing Users page.
From the Service Credentials UI
- Navigate to the service dashboard for your service.
- Click Service Credentials to open the Service Credentials panel.
- Click New Credential.
- Choose a descriptive name for your new credential.
- (Optional) Specify whether the new credentials use a public or private endpoint. Use either
{ "service-endpoints": "public" }
/{ "service-endpoints": "private" }
in the Add Inline Configuration Parameters field to generate connection strings that use the specified endpoint. Use of the endpoint is not enforced. It controls which hostnames are in the connection strings. Public endpoints are generated by default. - Click Add to provision the new credentials. A username and password, and an associated RabbitMQ user is auto-generated.
The new credentials appear in the table, and the connection strings are available as JSON in a click-to-copy field under View Credentials.
From the CLI
If you manage your service through the IBM Cloud CLI and the cloud databases plug-in, you can create a new user with cdb user-create
. For example, to create a new user for
an "example-deployment", use the following command.
ibmcloud cdb user-create example-deployment <newusername> <newpassword>
Once the task is finished, you can retrieve the new user's connection strings with the ibmcloud cdb deployment-connections
command.
ibmcloud cdb deployment-connections example-deployment -u <newusername> [--endpoint-type <endpoint type>]
Full connection information is returned by the ibmcloud cdb deployment-connections
command with the --all
flag. To retrieve all the connection information for a deployment named "example-deployment", use
the following command.
ibmcloud cdb deployment-connections example-deployment -u <newusername> --all [--endpoint-type <endpoint type>]
If you don't specify a user, the deployment-connections
commands return information for the admin user by default. If you don't specify an endpoint type, the connection string returns the public endpoint by default. If your deployment
has only a private endpoint, you must specify --endpoint-type private
or the commands return an error. The user and endpoint type is not enforced. You can use any user on your deployment with either endpoint (if both exist on
your deployment).
To use the ibmcloud cdb
CLI commands, you must install the Cloud Databases plug-in.
From the API
The Foundation Endpoint that is shown on the Overview panel of your service provides the base URL to access this deployment through the API. To create and manage users, use the base URL with the /users
endpoint.
curl -X POST 'https://api.{region}.databases.cloud.ibm.com/v4/ibm/deployments/{id}/users' \
-H "Authorization: Bearer $APIKEY" \
-H "Content-Type: application/json" \
-d '{"username":"jane_smith", "password":"newsupersecurepassword"}'
To retrieve user's connection strings, use the base URL with the /users/{userid}/connections
endpoint. You must specify in the path which user and which type of endpoint (public or private) is used in the returned connection strings.
The user and endpoint type is not enforced. You can use any user on your deployment with either endpoint (if both exist on your deployment).
curl -X GET -H "Authorization: Bearer $APIKEY" 'https://api.{region}.databases.cloud.ibm.com/v4/ibm/deployments/{id}/users/{userid}/connections/{endpoint_type}'
Adding users to Service Credentials
Creating a new user from the CLI or API doesn't automatically populate that user's connection strings into Service Credentials. If you want to add them there, you can create a new credential with the existing user information.
Enter the username and password in the JSON field Add Inline Configuration Parameters, or specify a file where the JSON information is stored. For example, {"existing_credentials":{"username":"Robert","password":"supersecure"}}
.
Generating credentials from an existing user does not check for or create that user.
Connection String Breakdown
The amqps
Section
The "amqps" section contains information that is suited for your applications that make connections to RabbitMQ.
Field Name | Index | Description |
---|---|---|
Type |
Type of connection - for RabbitMQ, it is "uri" | |
Scheme |
Scheme for a URI - for RabbitMQ, it is "amqps" | |
Path |
Path for a uri | |
Authentication |
Username |
The username that you use to connect. |
Authentication |
Password |
A password for the user - might be shown as $PASSWORD |
Authentication |
Method |
How authentication takes place; "direct" authentication is handled by the driver. |
Hosts |
0... |
A hostname and port to connect to |
Composed |
0... |
A URI combining Scheme, Authentication, Host, and Path |
Certificate |
Name |
The allocated name for the self-signed certificate for database deployment |
Certificate |
Base64 |
A base64 encoded version of the certificate. |
0...
indicates that there might be one or more of these entries in an array.
For more information on using this information to connect, see the Connecting an External Application page.
The stomp_ssl
Section
The stomp_ssl
section contains the information that a STOMP client needs to connect to your deployment.
Field Name | Index | Description |
---|---|---|
Type |
Type of connection - for STOMP, it is stomp |
|
Authentication |
Username |
The username that you use to connect. |
Authentication |
Password |
A password for the user - might be shown as $PASSWORD |
Authentication |
Method |
How authentication takes place; "direct" authentication is handled by the driver. |
Hosts |
0... |
A hostname and port to connect to, also contains the protocol name "stomp-ssl" |
Composed |
0... |
A URI combining Authentication, Host, and TLS/SSL |
ssl |
The TLS/SSL setting needed for a connection. Should always be true . |
|
Certificate |
Name |
The allocated name for the self-signed certificate for database deployment |
Certificate |
Base64 |
A base64 encoded version of the certificate. |
0...
indicates that there might be one or more of these entries in an array.
The mqtts
Section
The mqtts
section contains the information that an MQTT client needs to connect to your deployment.
Field Name | Index | Description |
---|---|---|
Type |
Type of connection - for MQTTS it is uri . |
|
Scheme |
Scheme for a URI - in this case it is mqtts . |
|
Authentication |
Username |
The username that you use to connect. |
Authentication |
Password |
A password for the user - might be shown as $PASSWORD |
Authentication |
Method |
How authentication takes place; "direct" authentication is handled by the driver. |
Hosts |
0... |
A hostname and port to connect to. |
Composed |
0... |
A URI combining Authentication, Host, and Port used to connect. |
Certificate |
Name |
The allocated name for the self-signed certificate for database deployment |
Certificate |
Base64 |
A base64 encoded version of the certificate. |
0...
indicates that there might be one or more of these entries in an array.
The CLI and https Sections
The CLI
section contains information that is suited for the management plug-in and command-line clients that make connections to RabbitMQ.
Field Name | Index | Description |
---|---|---|
Bin |
The recommended binary to create a connection; in this case it is rabbitmqadmin . |
|
Composed |
A formatted command to establish a connection to your deployment. The command combines the Bin executable, Environment variable settings, and uses Arguments as command-line parameters. |
|
Environment |
A list of key/values you set as environment variables. | |
Arguments |
0... |
The information that is passed as arguments to the command shown in the Bin field. |
Certificate |
Base64 |
A self-signed certificate that is used to confirm that an application is connecting to the appropriate server. It is base64 encoded. |
Certificate |
Name |
The allocated name for the self-signed certificate. |
Type |
The type of package that uses this connection information; in this case cli . |
0...
indicates that there might be one or more of these entries in an array.
The https
section contains information that you can use to access the RabbitMQ management plug-in via web browser.
Field Name | Index | Description |
---|---|---|
Type |
Type of connection - for RabbitMQ, it is uri |
|
Scheme |
Scheme for a URI - for RabbitMQ, it is https |
|
Path |
Path for a URI | |
Authentication |
Username |
The username that you use to connect. |
Authentication |
Password |
A password for the user - might be shown as $PASSWORD |
Authentication |
Method |
How authentication takes place; "direct" authentication is handled by the driver. |
Hosts |
0... |
A hostname and port to connect to |
Composed |
0... |
A URI combining Scheme, Authentication, Host, and Path |
Certificate |
Name |
The allocated name for the self-signed certificate for database deployment |
Certificate |
Base64 |
A base64 encoded version of the certificate. |
0...
indicates that there might be one or more of these entries in an array.
For more information on using this information, see the Connecting with the RabbitMQ Management plug-in page.