From 24b7ea2b584776acee1426edbad2731a511aa85c Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Fri, 6 Nov 2015 12:38:41 -0600
Subject: [PATCH] Fixing /etc/rabbitmq permission bug

A change from the "Remove dir_mode from rabbit key distribution" commit caused
a bug where non-primary RabbitMQ containers would keep /etc/rabbitmq
permissions set to 0750 (the default is 0755).  This prevented the plugins
file from being read and it broke queue mirroring.

This patch ensures that the default permission of 0755 is set on RabbitMQ
and should prevent problems with future upgrades.

Closes-bug: 1513668

Change-Id: I62d6b09dad0eef0d9543442bb727f6c946d8738e
(cherry picked from commit 5862d0e894429929062119016517bddb88fb17a1)
---
 .../tasks/rabbitmq_ssl_key_distribute.yml           | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml
index 63c8d5f41f..91a61082f3 100644
--- a/playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml
+++ b/playbooks/roles/rabbitmq_server/tasks/rabbitmq_ssl_key_distribute.yml
@@ -41,3 +41,16 @@
     - "{{ rabbitmq_ssl_cert }}"
   tags:
     - rabbitmq-ssl
+
+# This is here because there was a different way of configuring SSL/TLS
+# for RabbitMQ that used a mode of 0750 for the RabbitMQ directory.  That has
+# since been updated but we need to ensure that old environments get this
+# critical update during upgrades.
+#
+# See bug 1513668 in Launchpad for more details.
+- name: Ensure /etc/rabbitmq is set to the default mode of 0755
+  file:
+    path: /etc/rabbitmq
+    mode: 0755
+  tags:
+    - rabbitmq-ssl