rabbitmq "guest" user not able to connect from remote

Bug #1390419 reported by Thomas Stinner
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Andreas Jaeger

Bug Description

To be able to use the guest user it should be removed from the loopback-users.

In /etc/rabbitmq/rabbitmq.config:

Add the following line:

   {loopback_users, []}

-----------------------------------
Built: 2014-11-01T18:03:07 00:00
git SHA: 0b43451156b70284686b99d7964cdb179cb9d24c
URL: http://docs.openstack.org/juno/install-guide/install/zypper/content/ch_basic_environment.html

Revision history for this message
Matt Kassawara (ionosphere80) wrote :

This issue seems specific to SUSE. What version of SLES/openSUSE are you using?

Changed in openstack-manuals:
status: New → Incomplete
Revision history for this message
Thomas Stinner (thomas-stinner-h) wrote :

SLES 10 SP3 x86_64

Revision history for this message
Matt Kassawara (ionosphere80) wrote :

What do you think, Andreas?

Changed in openstack-manuals:
assignee: nobody → Andreas Jaeger (jaegerandi)
Revision history for this message
Andreas Jaeger (jaegerandi) wrote :

Thomas, SLES 10 or 11?

Revision history for this message
Vincent Untz (vuntz) wrote :

It doesn't seem to be specific to SUSE, it's actually mentioned in https://www.rabbitmq.com/access-control.html

Revision history for this message
Thomas Stinner (thomas-stinner-h) wrote :

I had the problem with SLES 11, not SLES 10. Sorry.

Revision history for this message
Andreas Jaeger (jaegerandi) wrote :

Is this a recent change for rabbit? It should fail everywhere, shouldn't it?

Revision history for this message
Andreas Jaeger (jaegerandi) wrote :

Looking at http://www.rabbitmq.com/release-notes/README-3.3.0.txt:

Security Fixes / Changes
========================

server
------
25603 prevent access using the default guest/guest credentials except via
      localhost (since 1.0.0)

So, this should hit others as well - Fedora uses something more recent.

Changed in openstack-manuals:
status: Incomplete → Confirmed
assignee: Andreas Jaeger (jaegerandi) → nobody
assignee: nobody → Andreas Jaeger (jaegerandi)
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143006

Changed in openstack-manuals:
status: Confirmed → In Progress
Revision history for this message
Matt Kassawara (ionosphere80) wrote :

Ubuntu, RHEL, CentOS, and Fedora appear to use RabbitMQ versions less than 3.3, so this issue shouldn't affect them unless you're using different RabbitMQ packages or building from source. Do SUSE variants use 3.3 or greater?

Revision history for this message
Matt Kassawara (ionosphere80) wrote :

Clarification...

The versions of Ubuntu, RHEL, CentOS, and Fedora supported by the installation guide appear to use RabbitMQ versions less than 3.3. I'm looking for validation on SUSE variants.

Revision history for this message
Andreas Jaeger (jaegerandi) wrote :
Revision history for this message
Matt Kassawara (ionosphere80) wrote :

After further investigation, I think the installation guide should create a non-guest account in RabbitMQ (e.g, "openstack") and configure services to use it.

Revision history for this message
Andreas Jaeger (jaegerandi) wrote :
Revision history for this message
Matt Kassawara (ionosphere80) wrote :

Andreas,

I ran through the installation guide on Ubuntu 14.04 and Fedora 20 and neither include a RabbitMQ version new enough to hit this issue. Outside of SUSE, people who hit the issue may use a newer (unsupported) version of Ubuntu or Fedora or install a newer version of RabbitMQ from rabbitmq.com or another site.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/143006
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=69c9c65daeda311b7ccf28f8cce480e9fc63f723
Submitter: Jenkins
Branch: master

commit 69c9c65daeda311b7ccf28f8cce480e9fc63f723
Author: Andreas Jaeger <email address hidden>
Date: Fri Dec 19 08:50:41 2014 +0100

    Allow guest remote access to rabbitmq

    Since RabbitMQ version 3.3.0, the guest user has no remote access,
    document how to enable it for SUSE distros.

    Backport: juno
    Change-Id: I3032c8e867d3e367004907da8d8479dc61beca66
    Closes-Bug: #1390419

Changed in openstack-manuals:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-manuals (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/143706

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-manuals (stable/juno)

Reviewed: https://review.openstack.org/143706
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=d785cb2bce4e99d07da0600534a90d40f60f366b
Submitter: Jenkins
Branch: stable/juno

commit d785cb2bce4e99d07da0600534a90d40f60f366b
Author: Andreas Jaeger <email address hidden>
Date: Fri Dec 19 08:50:41 2014 +0100

    Allow guest remote access to rabbitmq

    Since RabbitMQ version 3.3.0, the guest user has no remote access,
    document how to enable it for SUSE distros.

    Backport: juno
    Change-Id: I3032c8e867d3e367004907da8d8479dc61beca66
    Closes-Bug: #1390419
    (cherry picked from commit 69c9c65daeda311b7ccf28f8cce480e9fc63f723)

tags: added: in-stable-juno
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-manuals 15.0.0

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.