From cc2d46a30ded0ef68f16a8f024fcf164739cfaaa Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Sun, 28 Feb 2021 15:49:26 +0100
Subject: [PATCH] Only export RABBITMQ_NODE_PORT when it is not the default

RABBITMQ_NODE_PORT is exported by default and set to 5672. Re-exporting it in that
case will actually break the case where we set up rabbit with tls on the default port:

  2021-02-28 07:44:10.732 [error] <0.453.0> Failed to start Ranch listener
  {acceptor,{172,17,1,93},5672} in ranch_ssl:listen([{cacerts,'...'},{key,'...'},{cert,'...'},{ip,{172,17,1,93}},{port,5672},
  inet,{keepalive,true}, {versions,['tlsv1.1','tlsv1.2']},{certfile,"/etc/pki/tls/certs/rabbitmq.crt"},{keyfile,"/etc/pki/tls/private/rabbitmq.key"},
  {depth,1},{secure_renegotiate,true},{reuse_sessions,true},{honor_cipher_order,true},{verify,verify_none},{fail_if_no_peer_cert,false}])
  for reason eaddrinuse (address already in use)

This is because by explicitely always exporting it, we force rabbit to listen to
that port via tcp and that is a problem when we want to do SSL on that port.
Since 5672 is the default port already we can just avoid exporting this port when
the user does not customize the port.

Tested both in a non-TLS env (A) and in a TLS-env (B) successfully:
(A) Non-TLS
[root@messaging-0 /]# grep -ir -e tls -e ssl /etc/rabbitmq
[root@messaging-0 /]#
[root@messaging-0 /]# pcs status |grep rabbitmq
    * rabbitmq-bundle-0 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-0
    * rabbitmq-bundle-1 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-1
    * rabbitmq-bundle-2 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-2

(B) TLS
[root@messaging-0 /]# grep -ir -e tls -e ssl /etc/rabbitmq/ |head -n3
/etc/rabbitmq/rabbitmq.config:  {ssl, [{versions, ['tlsv1.1', 'tlsv1.2']}]},
/etc/rabbitmq/rabbitmq.config:    {ssl_listeners, [{"172.17.1.48", 5672}]},
/etc/rabbitmq/rabbitmq.config:    {ssl_options, [

[root@messaging-0 ~]# pcs status |grep rabbitmq
    * rabbitmq-bundle-0 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-0
    * rabbitmq-bundle-1 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-1
    * rabbitmq-bundle-2 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-2

Note: I don't believe we should export RABBITMQ_NODE_PORT at all, since you can specify all ports
in the rabbit configuration anyways, but prefer to play it safe here as folks might rely on being
able to customize this.

Signed-off-by: Michele Baldessari <michele@acksyn.org>
---
 scripts/rabbitmq-server-ha.ocf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/rabbitmq-server-ha.ocf b/scripts/rabbitmq-server-ha.ocf
index 62172b824a..e6b71c4a7f 100755
--- a/scripts/rabbitmq-server-ha.ocf
+++ b/scripts/rabbitmq-server-ha.ocf
@@ -693,7 +693,9 @@ rmq_setup_env() {
     local dir
     H="$(get_hostname)"
     export RABBITMQ_NODENAME=$(rabbit_node_name $H)
-    export RABBITMQ_NODE_PORT=$OCF_RESKEY_node_port
+    if [ "$OCF_RESKEY_node_port" != "$OCF_RESKEY_node_port_default" ]; then
+        export RABBITMQ_NODE_PORT=$OCF_RESKEY_node_port
+    fi
     export RABBITMQ_PID_FILE=$OCF_RESKEY_pid_file
     MNESIA_FILES="${OCF_RESKEY_mnesia_base}/$(rabbit_node_name $H)"
     RMQ_START_TIME="${MNESIA_FILES}/ocf_server_start_time.txt"