From 99d3f6607fa2277a51cff3ebcf9b9bb38f3d5ff1 Mon Sep 17 00:00:00 2001 From: Luke Bakken Date: Wed, 29 Nov 2017 06:34:10 -0800 Subject: [PATCH 1/6] Explicitly set our recommended open files limit Comment out the value --- packaging/RPMS/Fedora/rabbitmq-server.service | 4 ++++ packaging/debs/Debian/debian/rabbitmq-server.service | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/packaging/RPMS/Fedora/rabbitmq-server.service b/packaging/RPMS/Fedora/rabbitmq-server.service index 0fa04d623a..8304c35cf4 100644 --- a/packaging/RPMS/Fedora/rabbitmq-server.service +++ b/packaging/RPMS/Fedora/rabbitmq-server.service @@ -8,6 +8,10 @@ User=rabbitmq Group=rabbitmq NotifyAccess=all TimeoutStartSec=3600 +# Un-comment this setting if you need to increase RabbitMQ's +# open files limit +# LimitNOFILE=16384 +# # Note: systemd on CentOS 7 complains about in-line comments, # so only append them here # diff --git a/packaging/debs/Debian/debian/rabbitmq-server.service b/packaging/debs/Debian/debian/rabbitmq-server.service index f7edb8ea1d..3f6fbb17df 100644 --- a/packaging/debs/Debian/debian/rabbitmq-server.service +++ b/packaging/debs/Debian/debian/rabbitmq-server.service @@ -10,6 +10,10 @@ User=rabbitmq Group=rabbitmq NotifyAccess=all TimeoutStartSec=3600 +# Un-comment this setting if you need to increase RabbitMQ's +# open files limit +# LimitNOFILE=16384 +# # The following setting will automatically restart RabbitMQ # in the event of a failure. systemd service restarts are not a # replacement for service monitoring. Please see From a8f5d9df4464e77fa6c4127a8dfda9437410105c Mon Sep 17 00:00:00 2001 From: RabbitMQ CI Date: Wed, 13 Dec 2017 18:07:55 +0000 Subject: [PATCH 2/6] Add package changelog entries for 3.7.1-beta.1 --- packaging/RPMS/Fedora/rabbitmq-server.spec | 3 +++ packaging/debs/Debian/debian/changelog | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/packaging/RPMS/Fedora/rabbitmq-server.spec b/packaging/RPMS/Fedora/rabbitmq-server.spec index 7d0893c233..6c8b66fe52 100644 --- a/packaging/RPMS/Fedora/rabbitmq-server.spec +++ b/packaging/RPMS/Fedora/rabbitmq-server.spec @@ -234,6 +234,9 @@ systemctl try-restart %{name}.service >/dev/null 2>&1 || : rm -rf %{buildroot} %changelog +* Wed Dec 13 2017 info@rabbitmq.com 3.7.1~beta.1-1 +- New upstream release. + * Wed Nov 29 2017 info@rabbitmq.com 3.7.0-1 - New upstream release. diff --git a/packaging/debs/Debian/debian/changelog b/packaging/debs/Debian/debian/changelog index 79691c340b..56192ed75d 100644 --- a/packaging/debs/Debian/debian/changelog +++ b/packaging/debs/Debian/debian/changelog @@ -1,3 +1,9 @@ +rabbitmq-server (3.7.1~beta.1-1) unstable; urgency=low + + * New Upstream Release. + + -- RabbitMQ Team Wed, 13 Dec 2017 18:07:55 +0000 + rabbitmq-server (3.7.0-1) unstable; urgency=low * New Upstream Release. From b7c0c5a5b5e59df8717f95bd439d596620e81a09 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Fri, 8 Dec 2017 13:32:45 +0100 Subject: [PATCH 3/6] OCF RA: Avoid promoting nodes with same start time as master It may happen that two nodes have the same start time, and one of these is the master. When this happens, the node actually gets the same score as the master and can get promoted. There's no reason to avoid being stable here, so let's keep the same master in that scenario. (cherry picked from commit 62a4f7561171328cd1d62cab394d0bba269ea7ad) (cherry picked from commit 861f2a57f916a9829e9a11092ada2bb52bdaf028) --- scripts/rabbitmq-server-ha.ocf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/rabbitmq-server-ha.ocf b/scripts/rabbitmq-server-ha.ocf index 87bb7d4727..da6aee61bb 100755 --- a/scripts/rabbitmq-server-ha.ocf +++ b/scripts/rabbitmq-server-ha.ocf @@ -1608,6 +1608,11 @@ get_monitor() { ocf_log info "${LH} comparing us (start time: $our_start_time, score: $new_score) with $node (start time: $node_start_time, score: $node_score)" if [ $node_start_time -ne 0 -a $node_score -ne 0 -a $node_start_time -lt $our_start_time ]; then new_score=$((node_score - 10 < new_score ? node_score - 10 : new_score )) + elif [ $node_start_time -ne 0 -a $node_score -ne 0 -a $node_start_time -eq $our_start_time ] + # Do not get promoted if the other node is already master and we have the same start time + if is_master $node; then + new_score=$((node_score - 10 < new_score ? node_score - 10 : new_score )) + fi fi done fi From 8ab892e519eb3d5a4080fd76cf2c1c2251d84358 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Wed, 13 Dec 2017 20:51:32 +0100 Subject: [PATCH 4/6] OCF RA: Fix syntax error (cherry picked from commit a9b4a4ff97a96e798de51933fc44f61aa6bc88a3) --- scripts/rabbitmq-server-ha.ocf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/rabbitmq-server-ha.ocf b/scripts/rabbitmq-server-ha.ocf index da6aee61bb..a33f9bd97b 100755 --- a/scripts/rabbitmq-server-ha.ocf +++ b/scripts/rabbitmq-server-ha.ocf @@ -1608,7 +1608,7 @@ get_monitor() { ocf_log info "${LH} comparing us (start time: $our_start_time, score: $new_score) with $node (start time: $node_start_time, score: $node_score)" if [ $node_start_time -ne 0 -a $node_score -ne 0 -a $node_start_time -lt $our_start_time ]; then new_score=$((node_score - 10 < new_score ? node_score - 10 : new_score )) - elif [ $node_start_time -ne 0 -a $node_score -ne 0 -a $node_start_time -eq $our_start_time ] + elif [ $node_start_time -ne 0 -a $node_score -ne 0 -a $node_start_time -eq $our_start_time ]; then # Do not get promoted if the other node is already master and we have the same start time if is_master $node; then new_score=$((node_score - 10 < new_score ? node_score - 10 : new_score )) From ead58795ef4c8244fac5886c3b495f83128e67f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carl=20H=C3=B6rberg?= Date: Sat, 16 Dec 2017 12:31:34 +0100 Subject: [PATCH 5/6] Make adm group owner of /var/log/rabbitmq Adm should be group owner of everything in /var/log according to Debian/Ubuntu guidelines. Makes it possible for users in the adm group to read logs without sudo:ing. --- packaging/debs/Debian/debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/debs/Debian/debian/postinst b/packaging/debs/Debian/debian/postinst index 7d8f5ce1f3..1dac91a548 100644 --- a/packaging/debs/Debian/debian/postinst +++ b/packaging/debs/Debian/debian/postinst @@ -31,7 +31,7 @@ if ! getent passwd rabbitmq >/dev/null; then fi chown -R rabbitmq:rabbitmq /var/lib/rabbitmq -chown -R rabbitmq:rabbitmq /var/log/rabbitmq +chown -R rabbitmq:adm /var/log/rabbitmq chgrp rabbitmq /etc/rabbitmq chmod 2750 /etc/rabbitmq chmod 750 /var/lib/rabbitmq/mnesia From d630709ae7c81c59d0160ca74955a677f9994668 Mon Sep 17 00:00:00 2001 From: Luke Bakken Date: Mon, 18 Dec 2017 07:38:53 -0800 Subject: [PATCH 6/6] Ensure files created by RabbitMQ are not world-readable. Add gid bit to /var/log/rabbitmq to ensure sub-directories and files are group-id "adm" --- packaging/RPMS/Fedora/rabbitmq-server.service | 1 + packaging/debs/Debian/debian/postinst | 4 +--- packaging/debs/Debian/debian/rabbitmq-server.service | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packaging/RPMS/Fedora/rabbitmq-server.service b/packaging/RPMS/Fedora/rabbitmq-server.service index 8304c35cf4..0883893d8e 100644 --- a/packaging/RPMS/Fedora/rabbitmq-server.service +++ b/packaging/RPMS/Fedora/rabbitmq-server.service @@ -6,6 +6,7 @@ After=syslog.target network.target Type=notify User=rabbitmq Group=rabbitmq +UMask=0027 NotifyAccess=all TimeoutStartSec=3600 # Un-comment this setting if you need to increase RabbitMQ's diff --git a/packaging/debs/Debian/debian/postinst b/packaging/debs/Debian/debian/postinst index 1dac91a548..2ee220667d 100644 --- a/packaging/debs/Debian/debian/postinst +++ b/packaging/debs/Debian/debian/postinst @@ -49,7 +49,7 @@ case "$1" in # log directory to the owner and the group. Others won't # have any access to log files: this is in case sensitive # data are accidentally logged (like process crash data). - chmod 750 /var/log/rabbitmq + chmod 2750 /var/log/rabbitmq else # The package was already configured: it's an upgrade over # a previously installed version, or it's an install over @@ -80,5 +80,3 @@ esac #DEBHELPER# exit 0 - - diff --git a/packaging/debs/Debian/debian/rabbitmq-server.service b/packaging/debs/Debian/debian/rabbitmq-server.service index 3f6fbb17df..39cc46aaf0 100644 --- a/packaging/debs/Debian/debian/rabbitmq-server.service +++ b/packaging/debs/Debian/debian/rabbitmq-server.service @@ -8,6 +8,7 @@ Wants=network.target epmd@0.0.0.0.socket Type=notify User=rabbitmq Group=rabbitmq +UMask=0027 NotifyAccess=all TimeoutStartSec=3600 # Un-comment this setting if you need to increase RabbitMQ's