From a1dcc16f3addd43c229553706b2ba080cde7ea31 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 22 Jul 2016 08:40:25 +0200
Subject: Move rabbit's clustering port away from the ephemeral port range

Currently RabbitMQ cluster uses a predefined port 35672 for clustering.
This port belongs to so-called ephemeral ports range.

Ephemeral ports are the ports kernel assings to application if it
doesn't specify which port to open. So there is a small chance that this
application being started before RabbitMQ itself could grab this port.
While rather unlikely we did see this happen.

Selinux change should already be in place. On my Centos 7 we have:
rabbitmq_port_t                tcp      25672
corenet_tcp_bind_rabbitmq_port(rabbitmq_t)
corenet_tcp_connect_rabbitmq_port(rabbitmq_t)

First noted via:
https://bugzilla.redhat.com/show_bug.cgi?id=1357522

Closes-Bug: #1623818

Depends-On: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348
Change-Id: I995bd96c2a17614e954ea5bbae4d58998ef420dc
---
 puppet/services/rabbitmq.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'puppet/services/rabbitmq.yaml')

diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index a0669dcd..e4a16e86 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -58,7 +58,7 @@ outputs:
             dport:
               - 4369
               - 5672
-              - 35672
+              - 25672
         rabbitmq::delete_guest_user: false
         rabbitmq::wipe_db_on_cookie_change: true
         rabbitmq::port: '5672'
@@ -68,8 +68,8 @@ outputs:
           RABBITMQ_NODENAME: "rabbit@%{::hostname}"
           RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
         rabbitmq_kernel_variables:
-          inet_dist_listen_min: '35672'
-          inet_dist_listen_max: '35672'
+          inet_dist_listen_min: '25672'
+          inet_dist_listen_max: '25672'
         rabbitmq_config_variables:
           tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
           cluster_partition_handling: 'pause_minority'
-- 
cgit 1.2.3-korg