root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity
rabbitmq-server/scripts
History
Michele Baldessari cc2d46a30d Only export RABBITMQ_NODE_PORT when it is not the default 
RABBITMQ_NODE_PORT is exported by default and set to 5672. Re-exporting it in that
case will actually break the case where we set up rabbit with tls on the default port:

  2021-02-28 07:44:10.732 [error] <0.453.0> Failed to start Ranch listener
  {acceptor,{172,17,1,93},5672} in ranch_ssl:listen([{cacerts,'...'},{key,'...'},{cert,'...'},{ip,{172,17,1,93}},{port,5672},
  inet,{keepalive,true}, {versions,['tlsv1.1','tlsv1.2']},{certfile,"/etc/pki/tls/certs/rabbitmq.crt"},{keyfile,"/etc/pki/tls/private/rabbitmq.key"},
  {depth,1},{secure_renegotiate,true},{reuse_sessions,true},{honor_cipher_order,true},{verify,verify_none},{fail_if_no_peer_cert,false}])
  for reason eaddrinuse (address already in use)

This is because by explicitely always exporting it, we force rabbit to listen to
that port via tcp and that is a problem when we want to do SSL on that port.
Since 5672 is the default port already we can just avoid exporting this port when
the user does not customize the port.

Tested both in a non-TLS env (A) and in a TLS-env (B) successfully:
(A) Non-TLS
[root@messaging-0 /]# grep -ir -e tls -e ssl /etc/rabbitmq
[root@messaging-0 /]#
[root@messaging-0 /]# pcs status |grep rabbitmq
    * rabbitmq-bundle-0 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-0
    * rabbitmq-bundle-1 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-1
    * rabbitmq-bundle-2 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-2

(B) TLS
[root@messaging-0 /]# grep -ir -e tls -e ssl /etc/rabbitmq/ |head -n3
/etc/rabbitmq/rabbitmq.config:  {ssl, [{versions, ['tlsv1.1', 'tlsv1.2']}]},
/etc/rabbitmq/rabbitmq.config:    {ssl_listeners, [{"172.17.1.48", 5672}]},
/etc/rabbitmq/rabbitmq.config:    {ssl_options, [

[root@messaging-0 ~]# pcs status |grep rabbitmq
    * rabbitmq-bundle-0 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-0
    * rabbitmq-bundle-1 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-1
    * rabbitmq-bundle-2 (ocf::rabbitmq:rabbitmq-server-ha):      Master messaging-2

Note: I don't believe we should export RABBITMQ_NODE_PORT at all, since you can specify all ports
in the rabbit configuration anyways, but prefer to play it safe here as folks might rely on being
able to customize this.

Signed-off-by: Michele Baldessari <michele@acksyn.org>
 		2021-02-28 15:51:39 +01:00
..
bash_autocomplete.sh Check for rabbitmqctl using `[ -x ]` and not `which` in autocompletion 2017-01-30 17:54:41 +00:00
rabbitmq-script-wrapper Small changes to follow name and quote style. 2020-10-13 06:54:42 -07:00
rabbitmq-server-ha.ocf Only export RABBITMQ_NODE_PORT when it is not the default 2021-02-28 15:51:39 +01:00
rabbitmq-server.ocf Switch to MPL 2.0 2020-07-17 16:10:14 +03:00
rabbitmqctl-autocomplete.sh Check for rabbitmqctl using `[ -x ]` and not `which` in autocompletion 2017-01-30 17:54:41 +00:00
zsh_autocomplete.sh Check for rabbitmqctl using `[ -x ]` and not `which` in autocompletion 2017-01-30 17:54:41 +00:00