summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Baldessari <michele@acksyn.org>2016-12-29 21:48:55 +0100
committerMichele Baldessari <michele@acksyn.org>2017-01-20 08:41:22 +0100
commit2f038b30e8f306d59f7e14471d88d7616026c6ff (patch)
tree59758a6e055b6398d7ff3744ee5706028cb7cb3e
parentb8e4fbe838fea2726fb2373e159e1879ddfabed8 (diff)
Make sure we bind the rabbit inter-cluster to a specific interface
Currently the inter-cluster communication port listens to all ip addresses: tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 25631/beam.smp In order to limit it to listen only to the network assigned to rabbitmq we need to add the following: {kernel, [ ... {inet_dist_use_interface, {172,17,0,16}}, ... ]} In order to do the conversion from an ip address to the Erlang representation we add a function that takes a string and returns a converted output. The (~400 randomly generated) IPv6/4 addresses at [1] have been parsed both via erl's built-in inet:parse_address() function and our ruby implementation. All converted ip addresses resulted in the same output [2], [3]. The only difference is that Erlang's parse_address() considers network ip addresses (e.g. 10.0.0.0) invalid whereas the ruby function does not. This should not be a problem as the use case here is to bind a service to a specific ip address on an interface and if anything we likely prefer the less strict behaviour, given that at least in theory it is perfectly valid for an interface to have a network address assigned to it. [1] http://acksyn.org/files/tripleo/ip-addresses.txt [2] http://acksyn.org/files/tripleo/ip-addresses-ruby.txt [3] http://acksyn.org/files/tripleo/ip-addresses-erl.txt Change-Id: I211c75b9bab25c545bcc7f90f34edebc92bba788 Partial-Bug: #1645898
-rw-r--r--lib/puppet/parser/functions/ip_to_erl_format.rb31
-rw-r--r--manifests/profile/base/rabbitmq.pp28
-rw-r--r--spec/functions/ip_to_erl_format_spec.rb11
3 files changed, 63 insertions, 7 deletions
diff --git a/lib/puppet/parser/functions/ip_to_erl_format.rb b/lib/puppet/parser/functions/ip_to_erl_format.rb
new file mode 100644
index 0000000..4c066b9
--- /dev/null
+++ b/lib/puppet/parser/functions/ip_to_erl_format.rb
@@ -0,0 +1,31 @@
+require 'ipaddr'
+
+# Custom function to convert an IP4/6 address from a string to the
+# erlang inet kernel format.
+# For example from "172.17.0.16" to {172,17,0,16}
+# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html
+# for more information.
+module Puppet::Parser::Functions
+ newfunction(:ip_to_erl_format, :type => :rvalue, :doc => "Convert an IP address to the erlang inet format.") do |arg|
+ if arg[0].class != String
+ raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String"
+ end
+ ip = IPAddr.new arg[0]
+ output = '{'
+ if ip.ipv6?
+ split_char = ':'
+ base = 16
+ else
+ split_char = '.'
+ base = 10
+ end
+ # to_string() prints the canonicalized form
+ ip.to_string().split(split_char).each {
+ |x| output += x.to_i(base).to_s + ','
+ }
+ # Remove the last spurious comma
+ output = output.chomp(',')
+ output += '}'
+ return output
+ end
+end
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index 15bab44..fd8de8f 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -34,6 +34,11 @@
# (Optional) RabbitMQ environment.
# Defaults to hiera('rabbitmq_environment').
#
+# [*inet_dist_interface*]
+# (Optional) Address to bind the inter-cluster interface
+# to. It is the inet_dist_use_interface option in the kernel variables
+# Defaults to hiera('rabbitmq::interface', undef).
+#
# [*nodes*]
# (Optional) Array of host(s) for RabbitMQ nodes.
# Defaults to hiera('rabbitmq_node_names', []).
@@ -44,12 +49,13 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::rabbitmq (
- $config_variables = hiera('rabbitmq_config_variables'),
- $environment = hiera('rabbitmq_environment'),
- $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
- $kernel_variables = hiera('rabbitmq_kernel_variables'),
- $nodes = hiera('rabbitmq_node_names', []),
- $step = hiera('step'),
+ $config_variables = hiera('rabbitmq_config_variables'),
+ $environment = hiera('rabbitmq_environment'),
+ $ipv6 = str2bool(hiera('rabbit_ipv6', false)),
+ $kernel_variables = hiera('rabbitmq_kernel_variables'),
+ $inet_dist_interface = hiera('rabbitmq::interface', undef),
+ $nodes = hiera('rabbitmq_node_names', []),
+ $step = hiera('step'),
) {
# IPv6 environment, necessary for RabbitMQ.
if $ipv6 {
@@ -60,6 +66,14 @@ class tripleo::profile::base::rabbitmq (
} else {
$rabbit_env = $environment
}
+ if $inet_dist_interface {
+ $real_kernel_variables = merge(
+ $kernel_variables,
+ { 'inet_dist_use_interface' => ip_to_erl_format($inet_dist_interface) },
+ )
+ } else {
+ $real_kernel_variables = $kernel_variables
+ }
$manage_service = hiera('rabbitmq::service_manage', true)
if $step >= 1 {
@@ -68,7 +82,7 @@ class tripleo::profile::base::rabbitmq (
class { '::rabbitmq':
config_cluster => $manage_service,
cluster_nodes => $nodes,
- config_kernel_variables => $kernel_variables,
+ config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
environment_variables => $rabbit_env,
}
diff --git a/spec/functions/ip_to_erl_format_spec.rb b/spec/functions/ip_to_erl_format_spec.rb
new file mode 100644
index 0000000..b587164
--- /dev/null
+++ b/spec/functions/ip_to_erl_format_spec.rb
@@ -0,0 +1,11 @@
+require 'spec_helper'
+require 'puppet'
+
+describe 'ip_to_erl_format' do
+ it { should run.with_params('192.168.2.1').and_return('{192,168,2,1}') }
+ it { should run.with_params('0.0.0.0').and_return('{0,0,0,0}') }
+ it { should run.with_params('5a40:79cf:8251:5dc5:1624:3c03:3c04:9ba8').and_return('{23104,31183,33361,24005,5668,15363,15364,39848}') }
+ it { should run.with_params('fe80::204:acff:fe17:bf38').and_return('{65152,0,0,0,516,44287,65047,48952}') }
+ it { should run.with_params('::1:2').and_return('{0,0,0,0,0,0,1,2}') }
+ it { should run.with_params('192.256.0.0').and_raise_error(IPAddr::InvalidAddressError) }
+end