The Erlang cookie is a string of alphanumeric characters that is used for communication between nodes in a RabbitMQ cluster and for various RabbitMQ CLI tool, such as the rabbitmqctl command, and is stored in a file. For example, on a Linux system, the global erlang cookie file is typically /var/lib/rabbitmq/.erlang.cookie. Here is an example of an Erlang cookie.
~]# cat /var/lib/rabbitmq/.erlang.cookie pZ34gghnSn87rf1qs
Global / Shared .erlang.cookie file
Technically, the global .erlang.cookie file will be located in the RabbitMQ home directory, which is defined in the main RabbitMQ log file. The global .erlang.cookie file is used by the RabbitMQ node and should be created when RabbitMQ is installed. The Erlang cookie value should not change when RabbitMQ is restarted.
=INFO REPORT==== 14-Oct-2020::20:47:15 === node : rabbit@server1 home dir : /var/lib/rabbitmq
The .erlang.cookie file should only be readable and writeable by the owner of the file, which means on a Linux system, the .erlang.cookie file should have -rw------- permission (0600). It is also OK for the .erlang.cookie file to have -r-------- (0400) permissions (read only).
~]# ls -la /var/lib/rabbitmq/ -rw-------. 1 rabbitmq rabbitmq 20 Apr 4 2019 .erlang.cookie
CLI tools and local .erlang.cookie file
When using CLI tool, such as the rabbitmqctl command, the .erlang.cookie file must be located in the users home directory. If you are SSH onto the RabbitMQ system as the rabbitmq user, then you would would using the /var/lib/rabbitmq/.erlang.cookie file, since the rabbitmq user's home directory is /var/lib/rabbitmq.
On the other hand, if you are connecting to the system as any other user, such as root or john.doe, you will need to copy the /var/lib/rabbitmq/.erlang.cookie file into the users home directory such as /root/.erlang.cookie or /home/john.doe/.erlang.cookie in order for the user to be able to use CLI tools, such as the rabbitmqctl command, and the users local .erlang.cookie file must contain the same exact alphanumeric string as the /var/lib/rabbitmq/.erlang.cookie file and also must have 0400 (read only) or 0600 (read/write) permissions.
The erlang cookie can be defined using the RABBITMQ_ERLANG_COOKIE variable. For example, if RabbitMQ is running on a Linux system, the export command can be used to define the erlang cookie.
Or if running RabbitMQ on Docker, the -e or --env option can be used to define the Erlang cookie. Whatever value is defined in RABBITMQ_ERLANG_COOKIE is what should be written to the .erlang.cookie file in the RabbitMQ Docker container.
docker run --env RABBITMQ_ERLANG_COOKIE=itsasecret rabbitmq:management
--erlang-cookie command line option
The --erlang-cookie command line option can be used, and will take precedence over the hidden .erlang.cookie files.
rabbitmqctl status --erlang-cookie itsasecret
The rabbitmq-diagnostics erlang_cookie_sources command can be used to display Erlang cookie information.
~]# rabbitmq-diagnostics erlang_cookie_sources Effective user: rabbitmq Effective home directory: /var/lib/rabbitmq Cookie file path: /var/lib/rabbitmq/.erlang.cookie Cookie file exists? true Cookie file type: regular Cookie file access: read Cookie file size: 21 Cookie CLI Switch --erlang-cookie value set? false --erlang-cookie value length: 0 Env variable (Deprecated) RABBITMQ_ERLANG_COOKIE value set? false RABBITMQ_ERLANG_COOKIE value length: 0