openstack/devstack
Code Issues Proposed changes

Take an optional rabbit user name as input

Browse Source 
Newer versions of rabbitmq (3.3 and later) do not allow the 'guest'
user to access on non-local interfaces.

- Added a new config RABBIT_USERID which defaults to stackrabbit
- Invoked config scripts using that variable

Adopted from:
https://review.openstack.org/#/c/107779/

Change-Id: I43a231c9611b4cc2e390b603aa3bfb49c915bdc5
Closes-Bug: #1343354
Co-Authored-By: Scott Moser <smoser@ubuntu.com>
This commit is contained in:
Abhishek Chanda 2014-12-12 02:15:55 +05:30
parent 1fc6e18c4a
commit d5b74c688f
5 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/keystone
View File

@ -214,6 +214,7 @@ function configure_keystone {
# Configure rabbitmq credentials # Configure rabbitmq credentials
if is_service_enabled rabbit; then if is_service_enabled rabbit; then
iniset $KEYSTONE_CONF DEFAULT rabbit_userid $RABBIT_USERID
iniset $KEYSTONE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD iniset $KEYSTONE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $KEYSTONE_CONF DEFAULT rabbit_host $RABBIT_HOST iniset $KEYSTONE_CONF DEFAULT rabbit_host $RABBIT_HOST
fi fi

4
lib/nova
View File

@ -587,8 +587,8 @@ function init_nova_cells {
fi fi
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1 $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
$NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1 $NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
fi fi
} }

26
lib/rpc_backend
View File

@ -7,7 +7,7 @@
# Dependencies: # Dependencies:
# #
# - ``functions`` file # - ``functions`` file
# - ``RABBIT_{HOST|PASSWORD}`` must be defined when RabbitMQ is used # - ``RABBIT_{HOST|PASSWORD|USERID}`` must be defined when RabbitMQ is used
# - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol # - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
@ -68,6 +68,9 @@ function check_rpc_backend {
function cleanup_rpc_backend { function cleanup_rpc_backend {
if is_service_enabled rabbit; then if is_service_enabled rabbit; then
# Obliterate rabbitmq-server # Obliterate rabbitmq-server
if [ -n "$RABBIT_USERID" ]; then
sudo rabbitmqctl delete_user "$RABBIT_USERID"
fi
uninstall_package rabbitmq-server uninstall_package rabbitmq-server
sudo killall epmd || sudo killall -9 epmd sudo killall epmd || sudo killall -9 epmd
if is_ubuntu; then if is_ubuntu; then
@ -180,15 +183,16 @@ function restart_rpc_backend {
# service is not started by default # service is not started by default
restart_service rabbitmq-server restart_service rabbitmq-server
fi fi
rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
# change the rabbit password since the default is "guest" # change the rabbit password since the default is "guest"
sudo rabbitmqctl change_password guest $RABBIT_PASSWORD && break sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
[[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password" [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
done done
if is_service_enabled n-cell; then if is_service_enabled n-cell; then
# Add partitioned access for the child cell # Add partitioned access for the child cell
if [ -z `sudo rabbitmqctl list_vhosts | grep child_cell` ]; then if [ -z `sudo rabbitmqctl list_vhosts | grep child_cell` ]; then
sudo rabbitmqctl add_vhost child_cell sudo rabbitmqctl add_vhost child_cell
sudo rabbitmqctl set_permissions -p child_cell guest ".*" ".*" ".*" sudo rabbitmqctl set_permissions -p child_cell $RABBIT_USERID ".*" ".*" ".*"
fi fi
fi fi
elif is_service_enabled qpid; then elif is_service_enabled qpid; then
@ -225,6 +229,7 @@ function iniset_rpc_backend {
iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
iniset $file $section rabbit_hosts $RABBIT_HOST iniset $file $section rabbit_hosts $RABBIT_HOST
iniset $file $section rabbit_password $RABBIT_PASSWORD iniset $file $section rabbit_password $RABBIT_PASSWORD
iniset $file $section rabbit_userid $RABBIT_USERID
fi fi
} }
@ -239,6 +244,21 @@ function qpid_is_supported {
( ! is_suse ) ( ! is_suse )
} }
function rabbit_setuser {
local user="$1" pass="$2" found="" out=""
out=$(sudo rabbitmqctl list_users) ||
{ echo "failed to list users" 1>&2; return 1; }
found=$(echo "$out" | awk '$1 == user { print $1 }' "user=$user")
if [ "$found" = "$user" ]; then
sudo rabbitmqctl change_password "$user" "$pass" ||
{ echo "failed changing pass for '$user'" 1>&2; return 1; }
else
sudo rabbitmqctl add_user "$user" "$pass" ||
{ echo "failed changing pass for $user"; return 1; }
fi
sudo rabbitmqctl set_permissions "$user" ".*" ".*" ".*"
}
# Set up the various configuration files used by the qpidd broker # Set up the various configuration files used by the qpidd broker
function _configure_qpid { function _configure_qpid {

4
lib/trove
View File

@ -134,6 +134,7 @@ function configure_trove {
rm -f $TROVE_CONF_DIR/trove-taskmanager.conf rm -f $TROVE_CONF_DIR/trove-taskmanager.conf
rm -f $TROVE_CONF_DIR/trove-conductor.conf rm -f $TROVE_CONF_DIR/trove-conductor.conf
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove` iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE
@ -145,6 +146,7 @@ function configure_trove {
if is_service_enabled tr-tmgr; then if is_service_enabled tr-tmgr; then
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove` iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
@ -157,6 +159,7 @@ function configure_trove {
# (Re)create trove conductor conf file if needed # (Re)create trove conductor conf file if needed
if is_service_enabled tr-cond; then if is_service_enabled tr-cond; then
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove` iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
@ -168,6 +171,7 @@ function configure_trove {
fi fi
# Set up Guest Agent conf # Set up Guest Agent conf
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin

1
stack.sh
View File

@ -643,6 +643,7 @@ initialize_database_backends && echo "Using $DATABASE_TYPE database backend" ||
# Rabbit connection info # Rabbit connection info
if is_service_enabled rabbit; then if is_service_enabled rabbit; then
RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST} RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT." read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi fi