From a2bc2e10b0de522a81faca62b7b620432b267fbb Mon Sep 17 00:00:00 2001 From: John Eckersberg Date: Mon, 9 Mar 2020 11:44:50 -0400 Subject: [PATCH] rabbitmq: Open ports 25673-25683 for CLI tools Since RabbitMQ 3.7.4, the CLI tools (rabbitmqctl and friends) parallelize the querying of information from cluster members. In order to receive stream data back, the cli instance binds and registers itself on an available port (default between 35672 and 35682, inclusive). If these ports are firewalled off, then rabbitmqctl commands such as list_queues will hang waiting for data from remote cluster members. This patch does two things: 1) Reconfigures rabbitmqctl to bind to 25673-25683 instead of the default range of 35672-35682. This ensures the ports are not in the ephemeral port range and avoids unintended collisions. 2) Opens the firewall on 25673-25683 to enable communication. Resolves: rhbz#1811680 Closes-Bug: #1866958 Change-Id: If5caa51cd9a3aef97d06d491dde1d5129cc1a569 --- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 3 +++ .../rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml | 1 + .../rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml | 1 + deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml | 1 + .../rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml | 1 + .../rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 1 + 6 files changed, 8 insertions(+) diff --git a/deployment/rabbitmq/rabbitmq-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-container-puppet.yaml index 0329f1b95c..217d1523b9 100644 --- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml @@ -119,6 +119,7 @@ outputs: - 4369 - 5672 - 25672 + - 25673-25683 monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} # RabbitMQ plugins initialization occurs on every node config_settings: @@ -146,6 +147,8 @@ outputs: RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"' RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs} + RABBITMQ_CTL_DIST_PORT_MIN: '25673' + RABBITMQ_CTL_DIST_PORT_MAX: '25683' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml index bda21e7dcb..92d76a3445 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml @@ -101,6 +101,7 @@ outputs: - 4369 - {get_param: NotifyPort} - 25672 + - 25673-25683 monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} # RabbitMQ plugins initialization occurs on every node global_config_settings: diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml index 780063bf21..1faefbb730 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml @@ -97,6 +97,7 @@ outputs: - 4369 - 5672 - 25672 + - 25673-25683 global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} config_settings: map_merge: diff --git a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml index 5ee29e6eb2..ee8fc4e7ec 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml @@ -97,6 +97,7 @@ outputs: - 4369 - 5672 - 25672 + - 25673-25683 monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml index 4050e7fc9f..04087c9973 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml @@ -102,6 +102,7 @@ outputs: - 4369 - {get_param: RpcPort} - 25672 + - 25673-25683 monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} global_config_settings: map_merge: diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml index 4ee670a404..6d50bdcba1 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml @@ -97,6 +97,7 @@ outputs: - 4369 - 5672 - 25672 + - 25673-25683 global_config_settings: {get_attr: [RabbitmqBase, role_data, global_config_settings]} config_settings: map_merge: