openstack-manuals

rabbitmq "guest" user not able to connect from remote

Bug #1390419 reported by Thomas Stinner on 2014-11-07

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	Medium	Andreas Jaeger

Bug Description

To be able to use the guest user it should be removed from the loopback-users.

In /etc/rabbitmq/rabbitmq.config:

Add the following line:

{loopback_users, []}

-----------------------------------
Built: 2014-11-01T18:03:07 00:00
git SHA: 0b43451156b70284686b99d7964cdb179cb9d24c
URL: http://docs.openstack.org/juno/install-guide/install/zypper/content/ch_basic_environment.html

Tags:

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-11-07:

This issue seems specific to SUSE. What version of SLES/openSUSE are you using?

Changed in openstack-manuals:
status:	New → Incomplete

Revision history for this message

Thomas Stinner (thomas-stinner-h) wrote on 2014-11-10:

SLES 10 SP3 x86_64

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-07:

What do you think, Andreas?

Changed in openstack-manuals:
assignee:	nobody → Andreas Jaeger (jaegerandi)

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-12-17:

Thomas, SLES 10 or 11?

Revision history for this message

Vincent Untz (vuntz) wrote on 2014-12-18:

It doesn't seem to be specific to SUSE, it's actually mentioned in https://www.rabbitmq.com/access-control.html

Revision history for this message

Thomas Stinner (thomas-stinner-h) wrote on 2014-12-18:

I had the problem with SLES 11, not SLES 10. Sorry.

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-12-19:

Is this a recent change for rabbit? It should fail everywhere, shouldn't it?

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-12-19:

Looking at http://www.rabbitmq.com/release-notes/README-3.3.0.txt:

Security Fixes / Changes
========================

server
------
25603 prevent access using the default guest/guest credentials except via
localhost (since 1.0.0)

So, this should hit others as well - Fedora uses something more recent.

Changed in openstack-manuals:
status:	Incomplete → Confirmed
assignee:	Andreas Jaeger (jaegerandi) → nobody
assignee:	nobody → Andreas Jaeger (jaegerandi)
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-19: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143006

Changed in openstack-manuals:
status:	Confirmed → In Progress

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-19:

#10

Ubuntu, RHEL, CentOS, and Fedora appear to use RabbitMQ versions less than 3.3, so this issue shouldn't affect them unless you're using different RabbitMQ packages or building from source. Do SUSE variants use 3.3 or greater?

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-19:

#11

Clarification...

The versions of Ubuntu, RHEL, CentOS, and Fedora supported by the installation guide appear to use RabbitMQ versions less than 3.3. I'm looking for validation on SUSE variants.

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-12-19:

#12

SUSE packages now use 3.3.5 from https://build.opensuse.org/package/show/Cloud:OpenStack:Juno/rabbitmq-server

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-22:

#13

After further investigation, I think the installation guide should create a non-guest account in RabbitMQ (e.g, "openstack") and configure services to use it.

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-12-22:

#14

Matt, see also the duplicate https://bugs.launchpad.net/openstack-manuals/+bug/1404790

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-22:

#15

Andreas,

I ran through the installation guide on Ubuntu 14.04 and Fedora 20 and neither include a RabbitMQ version new enough to hit this issue. Outside of SUSE, people who hit the issue may use a newer (unsupported) version of Ubuntu or Fedora or install a newer version of RabbitMQ from rabbitmq.com or another site.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-23: Fix merged to openstack-manuals (master)

#16

Reviewed: https://review.openstack.org/143006
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=69c9c65daeda311b7ccf28f8cce480e9fc63f723
Submitter: Jenkins
Branch: master

commit 69c9c65daeda311b7ccf28f8cce480e9fc63f723
Author: Andreas Jaeger <email address hidden>
Date: Fri Dec 19 08:50:41 2014 +0100

Allow guest remote access to rabbitmq

Since RabbitMQ version 3.3.0, the guest user has no remote access,
document how to enable it for SUSE distros.

    Backport: juno
    Change-Id: I3032c8e867d3e367004907da8d8479dc61beca66
    Closes-Bug: #1390419

Changed in openstack-manuals:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-23: Fix proposed to openstack-manuals (stable/juno)

#17

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/143706

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-23: Fix merged to openstack-manuals (stable/juno)

#18

Reviewed: https://review.openstack.org/143706
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=d785cb2bce4e99d07da0600534a90d40f60f366b
Submitter: Jenkins
Branch: stable/juno

commit d785cb2bce4e99d07da0600534a90d40f60f366b
Author: Andreas Jaeger <email address hidden>
Date: Fri Dec 19 08:50:41 2014 +0100

Allow guest remote access to rabbitmq

Since RabbitMQ version 3.3.0, the guest user has no remote access,
document how to enable it for SUSE distros.

    Backport: juno
    Change-Id: I3032c8e867d3e367004907da8d8479dc61beca66
    Closes-Bug: #1390419
    (cherry picked from commit 69c9c65daeda311b7ccf28f8cce480e9fc63f723)