rabbitmq: Open ports 25673-25683 for CLI tools

Since RabbitMQ 3.7.4, the CLI tools (rabbitmqctl and friends)
parallelize the querying of information from cluster members.  In
order to receive stream data back, the cli instance binds and
registers itself on an available port (default between 35672 and
35682, inclusive).  If these ports are firewalled off, then
rabbitmqctl commands such as list_queues will hang waiting for data
from remote cluster members.

This patch does two things:

1) Reconfigures rabbitmqctl to bind to 25673-25683 instead of the
default range of 35672-35682.  This ensures the ports are not in the
ephemeral port range and avoids unintended collisions.

2) Opens the firewall on 25673-25683 to enable communication.

Resolves: rhbz#1811680

Change-Id: If5caa51cd9a3aef97d06d491dde1d5129cc1a569
(cherry picked from commit a2bc2e10b0)
(cherry picked from commit 40a1e5ba18)

deployment/rabbitmq/rabbitmq-container-puppet.yaml

@@ -122,6 +122,7 @@ outputs:
                   - 4369
                   - 5672
                   - 25672
+                  - 25673-25683
             rabbitmq::delete_guest_user: false
             rabbitmq::wipe_db_on_cookie_change: true
             rabbitmq::port: 5672
@@ -140,6 +141,8 @@ outputs:
               RABBITMQ_NODENAME: "rabbit@%{::hostname}"
               RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true}]"'
               RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: {get_param: RabbitAdditionalErlArgs}
+              RABBITMQ_CTL_DIST_PORT_MIN: '25673'
+              RABBITMQ_CTL_DIST_PORT_MAX: '25683'
               'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
             rabbitmq_kernel_variables:
               inet_dist_listen_min: '25672'

deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml

@@ -110,6 +110,7 @@ outputs:
                   - 4369
                   - {get_param: NotifyPort}
                   - 25672
+                  - 25673-25683
             rabbitmq::port: {get_param: NotifyPort}
             rabbitmq::interface:
               str_replace:

deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml

@@ -114,6 +114,7 @@ outputs:
                   - 4369
                   - 5672
                   - 25672
+                  - 25673-25683
       service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:

deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml

@@ -114,6 +114,7 @@ outputs:
                   - 4369
                   - 5672
                   - 25672
+                  - 25673-25683
       service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config:

deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml

@@ -110,6 +110,7 @@ outputs:
                   - 4369
                   - {get_param: RpcPort}
                   - 25672
+                  - 25673-25683
             rabbitmq::port: {get_param: RpcPort}
             rabbitmq::interface:
               str_replace:

deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml

@@ -114,6 +114,7 @@ outputs:
                   - 4369
                   - 5672
                   - 25672
+                  - 25673-25683
       service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]}
       # BEGIN DOCKER SETTINGS
       puppet_config: