Add support to changing the Rabbitmq password on update

Rabbitmq Password is set on the fresh deployment, but during
update, if the password is changed, it is modified in all config
files including rabbitmq config. But the rabbitmq connection fails
because the new password is not successful applied to rabbitmq.
Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'.

Scenario: The password change is applied on Step1 when configuring
Rabbitmq. Other services may be updated on different Steps. Till
other services config is updated with new rabbitmq password, and
restarted, the connections will get Access Denied response. It has
cyclic dependency. So the passwords will be changes at Step1 and
once all services are updated, the connections will work as is.

Partial-Bug: #1611704
Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
This commit is contained in:
Saravanan KR 2016-11-24 19:35:59 +05:30
parent a75c6c618e
commit 76931e535c
2 changed files with 30 additions and 0 deletions

View File

@ -43,6 +43,18 @@
# (Optional) Array of host(s) for RabbitMQ nodes.
# Defaults to hiera('rabbitmq_node_names', []).
#
# [*rabbitmq_pass*]
# (Optional) RabbitMQ Default Password.
# Defaults to hiera('rabbitmq::default_pass')
#
# [*rabbitmq_user*]
# (Optional) RabbitMQ Default User.
# Defaults to hiera('rabbitmq::default_user')
#
# [*stack_action*]
# (Optional) Action of the stack deployment.
# Defaults to hiera('stack_action')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@ -55,6 +67,9 @@ class tripleo::profile::base::rabbitmq (
$kernel_variables = hiera('rabbitmq_kernel_variables'),
$inet_dist_interface = hiera('rabbitmq::interface', undef),
$nodes = hiera('rabbitmq_node_names', []),
$rabbitmq_pass = hiera('rabbitmq::default_pass'),
$rabbitmq_user = hiera('rabbitmq::default_user'),
$stack_action = hiera('stack_action'),
$step = hiera('step'),
) {
# IPv6 environment, necessary for RabbitMQ.
@ -103,6 +118,17 @@ class tripleo::profile::base::rabbitmq (
environment_variables => $rabbit_env,
}
}
# In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency
# to Service['rabbitmq-server'] will not work. Sticking with UPDATE action.
if $stack_action == 'UPDATE' {
# Required for changing password on update scenario. Password will be changed only when
# called explicity, if the rabbitmq service is already running.
rabbitmq_user { $rabbitmq_user :
password => $rabbitmq_pass,
provider => 'rabbitmqctl',
admin => true,
}
}
}
}

View File

@ -0,0 +1,4 @@
---
issues:
- Invoke rabbitmq_user resource explicity to apply password change during
update, if any.