'guest' user packets dropped from non localhost addresses on rabbitmq-server 3.3+
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
devstack |
Fix Released
|
Undecided
|
Abhishek Chanda |
Bug Description
As reported at http://
on rabbitmq 3.3.0 and newer (such as in Ubuntu 14.10), the 'guest' user can now only connect via localhost interfaces.
At least in my usage of devstack, the rabbitmq address ends up using a non 127.0.* address. the first thing to hit this is 'glance image-create'. You'd see errors on the g-api screen with:
2014-07-17 15:36:00.636 ERROR oslo.messaging.
On Ubuntu 14.10, to fix this, I had to write the following in /etc/rabbitmq/
[
{rabbit, [{loopback_users, []}]}
].
Then , just
sudo service rabbitmq-server restart
And everything was dandy.
Changed in devstack: | |
assignee: | Scott Moser (smoser) → Abhishek Chanda (abhishek-i) |
well, just for some more information, I was hoping i could avoid writing a config file by doing something like:
sudo rabbitmqctl set_permissions guest ".*" ".*" ".*"
but that doesnt allow the user to then access from non-localhost.
So I see 2 paths here:
a.) modify rabbit config file
this doesn't seem to be done anywhere else.
b.) use a different rabbit user , and create that user.
this should be possible and then we'd need to
* add a RABBIT_USERID variable (default to 'rabbit_stack') or something
* 'iniset' the 'rabbit_userid' to that value
* create the user and set the password
* ideally delete the user on stop
for some of my own reference, i'll include code to "set_user" (ensure the user exists and has the provided password):
error() { echo "$@" 1>&2; }
debug() { error "$@"; }
rabbit_setuser() {
local user="$1" pass="$2" found="" out=""
out=$(sudo rabbitmqctl list_users) ||
{ error "failed to list users"; return 1; }
found=$(echo "$out" | awk '$1 == user { print $1 }' "user=$user")
if [ "$found" = "$user" ]; then
debug "updating rabbitmq user '$user'"
sudo rabbitmqctl change_password "$user" "$pass" ||
{ error "failed changing pass for $user"; return 1; }
else
debug "adding new rabbitmq user '$user'"
sudo rabbitmqctl add_user "$user" "$pass" ||
{ error "failed changing pass for $user"; return 1; }
fi
}
rabbit_clearuser() {
sudo rabbitmqctl delete_user "$1"
}