puppet-rabbitmq
puppet-rabbitmq copied to clipboard
Published
20 hours ago •
voxpupuli
voxpupuli
module does not properly handle erlang_secret
- Puppet: puppet 4.10
- Ruby: (part of puppet package)
- Distribution: Ubuntu 18.04 (but puppet from puppet repo)
- Module version: 9.0.0
How to reproduce (e.g Puppet code you use)
class { 'rabbitmq':
config_cluster => true,
admin_enable => false,
management_enable => false,
cluster_nodes => ['server1.example.idk','server2.example.idk','server3.example.idk'],
cluster_node_type => 'disk',
erlang_cookie => $cluster_secret,
wipe_db_on_cookie_change => true,
}
where $cluster_secret is something invalid (like having a " in it or a newline..)
What are you seeing
% This file managed by Puppet
% Template Path: rabbitmq/templates/rabbitmq.config
[
{rabbit, [
{loopback_users, [<<"guest">>]},
{cluster_nodes, {['[email protected]', '[email protected]', '[email protected]'], disk}},
{cluster_partition_handling, ignore},
{tcp_listen_options, [
{backlog, 128},
{nodelay, true},
{linger, {true, 0}},
{exit_on_close, false}
]},
{default_user, <<"guest">>},
{default_pass, <<"guest">>}
]},
{kernel, [
]}
].
% EOF
puppet gets this from rabbitmq-server service:
Mar 29 13:22:55 p-sentry-rabbitmq03.example.idk systemd[1]: Starting RabbitMQ Messaging Server...
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk systemd[1]: rabbitmq-server.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: Error: Failed to initialize erlang distribution: {{shutdown,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {failed_to_start_child,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: auth,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {system_limit,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{erlang,list_to_atom,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: ["venivPiakKebrepchadcybelErAwtOfAryomHathVopdoyChadjajyoybrIdCimcoowcernEndObwuotorfOvotinkyunovyacGaFidtywerdyutsosatNujAmOcuvDecdashmewWaxBidkeHegogtibJeatEsyumhocjakHocvuckemancezNuep\"OvLibsojIdBaydDrebAvEsokKidseimWialrargicorfyortAcigjord9ocMedFedminyeifyebtiticmeidWyusEilbilAjIthyujidyuanFiashkGeyqueijBagPyajOlWaygyatPoksoybByhoiddOyRyevIjexEcColCejrefovGancocdeacMajSichTarOoHuBasfechfoajPal7CromFimakwudEmnibGacObpoadecCyuHofhedhojemNatdirdyeoftitJeikOwvOojsahelivEfsAgbyerfitIjOtjebyatyiattlapizVafAjBaftakVakIposmujBaujShiWeufEncehiuvDawsyibAmAsewHeksyewEvbocdoatGianjavpaymyaykGonnyatgig"],
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: []},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {auth,init_cookie,0,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{file,"auth.erl"},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {line,288}]},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {auth,init,1,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{file,"auth.erl"},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {line,140}]},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {gen_server,init_it,2,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{file,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: "gen_server.erl"},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {line,365}]},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {gen_server,init_it,6,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{file,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: "gen_server.erl"},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {line,333}]},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {proc_lib,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: init_p_do_apply,3,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [{file,"proc_lib.erl"},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {line,247}]}]}}},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {child,undefined,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: net_sup_dynamic,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: {erl_distribution,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: start_link,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [['rabbitmq-cli-67',
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: shortnames],
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: false]},
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: permanent,1000,supervisor,
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk rabbitmq[21516]: [erl_distribution]}}.
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk systemd[1]: rabbitmq-server.service: Control process exited, code=exited status=75
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk systemd[1]: rabbitmq-server.service: Failed with result 'exit-code'.
Mar 29 13:22:56 p-sentry-rabbitmq03.example.idk systemd[1]: Failed to start RabbitMQ Messaging Server.
Mar 29 13:26:17 p-sentry-rabbitmq03.example.idk systemd[1]: Starting RabbitMQ Messaging Server...
Mar 29 13:26:18 p-sentry-rabbitmq03.example.idk rabbitmq[22616]: Waiting for 'rabbit@p-sentry-rabbitmq03'
Mar 29 13:26:18 p-sentry-rabbitmq03.example.idk rabbitmq[22616]: pid is 22633
Mar 29 13:26:20 p-sentry-rabbitmq03.example.idk systemd[1]: Started RabbitMQ Messaging Server.
Mar 29 13:26:21 p-sentry-rabbitmq03.example.idk systemd[1]: Stopping RabbitMQ Messaging Server...
If I change the cookie to something valid it still fails (and logs above shows old cookie).. If I then "rm -f /etc/rabbitmq/rabbitmq.config" - and start service - it starts fine. I can then run puppet - which recreates rabbitmq.config file - and now rabbitmq-server starts just fine..
This entire problem would be avoided, by simply validating erlang_cookie is valid.. I'll do a PR for it soon.. but it also seems to indicate that changing the erlang_cookie using this module - does not actually make it take affect.. for some odd reason.. ?
