Merge "Avoid starting rabbitmq server as root"

deployment/puppet/osnailyfacter/modular/rabbitmq/rabbitmq.pp

@@ -146,6 +146,12 @@ if $queue_provider == 'rabbitmq' {
         before          => Class['nova::rabbitmq'],
       }
     }
+
+    include rabbitmq::params
+    tweaks::ubuntu_service_override { 'rabbitmq-server':
+      package_name => $rabbitmq::params::package_name,
+      service_name => $rabbitmq::params::service_name,
+    }
   }
 
 }

deployment/puppet/osnailyfacter/modular/rabbitmq/rabbitmq_post.rb

@@ -0,0 +1,16 @@
+require File.join File.dirname(__FILE__), '../test_common.rb'
+
+RABBITMQ_USER="rabbitmq"
+
+class RabbitMQPostTest < Test::Unit::TestCase
+
+  def test_rabbitmq_is_running
+    assert TestCommon::Process.running?('/usr/sbin/rabbitmq-server'), 'RabbitMQ is not running!'
+  end
+
+  def test_rabbitmq_running_as_rabbitmq_user
+    cmd = 'ps haxo user,cmd | egrep -v "su |grep "| egrep "rabbitmq|beam|epmd" | egrep -v "^' RABBITMQ_USER '"'
+    assert TestCommon::Process.run_successful?(cmd), "'#{cmd}' returns processes not running as #{RABBITMQ_USER}'"
+  end
+
+end

deployment/puppet/osnailyfacter/modular/rabbitmq/tasks.yaml

@@ -7,3 +7,5 @@
     puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/rabbitmq/rabbitmq.pp
     puppet_modules: /etc/puppet/modules
     timeout: 3600
+  test_post:
+    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/rabbitmq/rabbitmq_post.rb

deployment/puppet/rabbitmq/manifests/init.pp

@@ -161,6 +161,15 @@ class rabbitmq(
     }
   }
 
+  # Start epmd as rabbitmq so it doesn't run as root when installing plugins
+  exec { 'epmd_daemon':
+    command => 'epmd -daemon',
+    path    => '/bin:/sbin:/usr/bin:/usr/sbin',
+    user    => 'rabbitmq',
+    group   => 'rabbitmq',
+    unless  => 'pgrep epmd',
+  }
+
   if $admin_enable and $service_manage {
     include '::rabbitmq::install::rabbitmqadmin'
 
@@ -200,7 +209,6 @@ class rabbitmq(
     -> Class['::rabbitmq::management'] -> Anchor['rabbitmq::end']
 
   # Make sure the various providers have their requirements in place.
-  Class['::rabbitmq::install'] -> Rabbitmq_plugin<| |>
-  Class['::rabbitmq::install::rabbitmqadmin'] -> Rabbitmq_exchange<| |>
-
+  Class['::rabbitmq::install'] -> Exec['epmd_daemon']
+    -> Rabbitmq_plugin<| |> -> Rabbitmq_exchange<| |>
 }

tests/noop/spec/hosts/rabbitmq/rabbitmq_spec.rb

@@ -30,6 +30,14 @@ describe manifest do
       end
       should contain_class('rabbitmq').with_config_variables(/#{log_levels}/)
     end
+
+    it "should start epmd before rabbitmq plugins" do
+      should contain_exec('epmd_daemon').that_comes_before('Rabbitmq_plugin[rabbitmq_management]')
+    end
+
+    it "should override service on package install" do
+      should contain_tweaks__ubuntu_service_override('rabbitmq-server')
+    end
   end
   test_ubuntu_and_centos manifest
 end