Add support to changing the Rabbitmq password on update

Rabbitmq Password is set on the fresh deployment, but during update, if the password is changed, it is modified in all config files including rabbitmq config. But the rabbitmq connection fails because the new password is not successful applied to rabbitmq. Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'. Scenario: The password change is applied on Step1 when configuring Rabbitmq. Other services may be updated on different Steps. Till other services config is updated with new rabbitmq password, and restarted, the connections will get Access Denied response. It has cyclic dependency. So the passwords will be changes at Step1 and once all services are updated, the connections will work as is. Partial-Bug: #1611704 Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
2016-11-24 19:35:59 +05:30 · 2016-11-24 19:35:59 +05:30 · 76931e535c
parent a75c6c618e
commit 76931e535c
2 changed files with 30 additions and 0 deletions
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@ -43,6 +43,18 @@
 #   (Optional) Array of host(s) for RabbitMQ nodes.
 #   Defaults to hiera('rabbitmq_node_names', []).
 #
+# [*rabbitmq_pass*]
+#   (Optional) RabbitMQ Default Password.
+#   Defaults to hiera('rabbitmq::default_pass')
+#
+# [*rabbitmq_user*]
+#   (Optional) RabbitMQ Default User.
+#   Defaults to hiera('rabbitmq::default_user')
+#
+# [*stack_action*]
+#   (Optional) Action of the stack deployment.
+#   Defaults to hiera('stack_action')
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
@ -55,6 +67,9 @@ class tripleo::profile::base::rabbitmq (
  $kernel_variables    = hiera('rabbitmq_kernel_variables'),
  $inet_dist_interface = hiera('rabbitmq::interface', undef),
  $nodes               = hiera('rabbitmq_node_names', []),
+  $rabbitmq_pass       = hiera('rabbitmq::default_pass'),
+  $rabbitmq_user       = hiera('rabbitmq::default_user'),
+  $stack_action        = hiera('stack_action'),
  $step                = hiera('step'),
 ) {
  # IPv6 environment, necessary for RabbitMQ.
@ -103,6 +118,17 @@ class tripleo::profile::base::rabbitmq (
        environment_variables   => $rabbit_env,
      }
    }
+    # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency
+    # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action.
+    if $stack_action == 'UPDATE' {
+      # Required for changing password on update scenario. Password will be changed only when
+      # called explicity, if the rabbitmq service is already running.
+      rabbitmq_user { $rabbitmq_user :
+        password => $rabbitmq_pass,
+        provider => 'rabbitmqctl',
+        admin    => true,
+      }
+    }
  }

 }
--- a/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml
+++ b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml
@ -0,0 +1,4 @@
+---
+issues:
+  - Invoke rabbitmq_user resource explicity to apply password change during
+    update, if any.