diff options
author | Saravanan KR <skramaja@redhat.com> | 2016-11-24 19:35:59 +0530 |
---|---|---|
committer | Saravanan KR <skramaja@redhat.com> | 2017-02-03 16:15:50 +0530 |
commit | 76931e535c69ab437c4710dc749bc363f4533ea5 (patch) | |
tree | 409175c1b570494de1b673705c98ada0067d5d75 | |
parent | a75c6c618e34d74389b9963f994f5e18ec29674a (diff) |
Add support to changing the Rabbitmq password on update
Rabbitmq Password is set on the fresh deployment, but during
update, if the password is changed, it is modified in all config
files including rabbitmq config. But the rabbitmq connection fails
because the new password is not successful applied to rabbitmq.
Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'.
Scenario: The password change is applied on Step1 when configuring
Rabbitmq. Other services may be updated on different Steps. Till
other services config is updated with new rabbitmq password, and
restarted, the connections will get Access Denied response. It has
cyclic dependency. So the passwords will be changes at Step1 and
once all services are updated, the connections will work as is.
Partial-Bug: #1611704
Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
-rw-r--r-- | manifests/profile/base/rabbitmq.pp | 26 | ||||
-rw-r--r-- | releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml | 4 |
2 files changed, 30 insertions, 0 deletions
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index fd8de8f..1eaabf0 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -43,6 +43,18 @@ # (Optional) Array of host(s) for RabbitMQ nodes. # Defaults to hiera('rabbitmq_node_names', []). # +# [*rabbitmq_pass*] +# (Optional) RabbitMQ Default Password. +# Defaults to hiera('rabbitmq::default_pass') +# +# [*rabbitmq_user*] +# (Optional) RabbitMQ Default User. +# Defaults to hiera('rabbitmq::default_user') +# +# [*stack_action*] +# (Optional) Action of the stack deployment. +# Defaults to hiera('stack_action') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -55,6 +67,9 @@ class tripleo::profile::base::rabbitmq ( $kernel_variables = hiera('rabbitmq_kernel_variables'), $inet_dist_interface = hiera('rabbitmq::interface', undef), $nodes = hiera('rabbitmq_node_names', []), + $rabbitmq_pass = hiera('rabbitmq::default_pass'), + $rabbitmq_user = hiera('rabbitmq::default_user'), + $stack_action = hiera('stack_action'), $step = hiera('step'), ) { # IPv6 environment, necessary for RabbitMQ. @@ -103,6 +118,17 @@ class tripleo::profile::base::rabbitmq ( environment_variables => $rabbit_env, } } + # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency + # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action. + if $stack_action == 'UPDATE' { + # Required for changing password on update scenario. Password will be changed only when + # called explicity, if the rabbitmq service is already running. + rabbitmq_user { $rabbitmq_user : + password => $rabbitmq_pass, + provider => 'rabbitmqctl', + admin => true, + } + } } } diff --git a/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml new file mode 100644 index 0000000..351db74 --- /dev/null +++ b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml @@ -0,0 +1,4 @@ +--- +issues: + - Invoke rabbitmq_user resource explicity to apply password change during + update, if any. |