git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Kolla Ansible] RabbitMQ Interface Configuration


Hi Sven,

I replied to you on IRC.

We would accept this functionality back.
It looks like it was just an omission.

As a workaround, you can firewall it away yourself.

-yoctozepto

On Thu, Oct 15, 2020 at 6:53 PM Sven Kieske <S.Kieske at mittwald.de> wrote:
>
> Hi,
>
> I got a question regarding a change which was made, quite some time ago
> in kolla-ansible. The change in question is: https://review.opendev.org/#/c/584427/
>
> specifically the following diff, the file was moved to a new format and name, but the possibility
> to configure the used interface for rabbitmq/erlang was removed.
>
> May I ask if this was maybe by accident, or what the reason for the removal of these parameters was?
>
> I'm asking because I'm currently deploying Openstack and am in the
> process of hardening the configuration.
>
> It stood out to me, that the beam vm from rabbitmq listens on all
> interfaces[1], so I wanted to change that.
>
> If there is another way to change this via kolla-ansible, it would
> be very kind to let me know.
>
> Notice, I do not try to configure "ERL_EPMD_ADDRESS" (which we already do), but to control
> the TCP Port 25672, which, as far as I understood the rabbitmq docs, is controlled
> via the erlang/beam vm "inet_dist_use_interface" parameter, which was removed in this changeset.
>
> But I might be totally wrong, I find the RabbitMQ docs a little hard to parse at times.
>
> This is currently a deployment with 3 rabbitmq nodes, if that matters.
>
> Thank you very much for your time in advance!
>
> See here the relevant diff, for convenience:
>
> commit b163cb02d1486f8844ac52e619de7b62321e42b0
> Author: Paul Bourke <paul.bourke at oracle.com>
> Date:   Fri Jul 20 16:35:25 2018 +0100
>
>     Update rabbitmq to use new conf & clustering
>
>     Depends-On: I75e00312b36e1678b90a42cf58d24652323eff27
>     Change-Id: Ia716fabffca41eff816e59bbf9f4cab79ee8b72f
>
> diff --git a/ansible/roles/rabbitmq/templates/rabbitmq.config.j2 b/ansible/roles/rabbitmq/templates/rabbitmq.config.
> j2
> deleted file mode 100644
> index 960f9fb8a..000000000
> --- a/ansible/roles/rabbitmq/templates/rabbitmq.config.j2
> +++ /dev/null
> @@ -1,24 +0,0 @@
> -[
> -  {kernel, [
> -    {inet_dist_use_interface, {% raw %}{{% endraw %}{{ api_interface_address | regex_replace('\.', ',') }}}},
> -    {inet_dist_listen_min, {{ role_rabbitmq_cluster_port }}},
> -    {inet_dist_listen_max, {{ role_rabbitmq_cluster_port }}}
>
>
> [1]:
> ss -tulpn | awk '$5 ~ /0.0.0.0:|\[::\]:/ && /beam/'
> tcp   LISTEN  0       128                   0.0.0.0:25672         0.0.0.0:*      users:(("beam.smp",pid=194345,fd=63))
>
> --
> Mit freundlichen Grü�en / Regards
>
> Sven Kieske
> Systementwickler
>
>
> Mittwald CM Service GmbH & Co. KG
> Königsberger Stra�e 4-6
> 32339 Espelkamp
>
> Tel.: 05772 / 293-900
> Fax: 05772 / 293-333
>
> https://www.mittwald.de
>
> Geschäftsführer: Robert Meyer, Florian Jürgens
>
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
>
> Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit
> gemä� Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.
>