commit d5b74c688febfafb69ddc3881d9936e0268daa4c
author Abhishek Chanda <abhishek@cloudscaling.com> Fri Dec 12 02:15:55 2014 +0530
committer Abhishek Chanda <abhishek@cloudscaling.com> Fri Dec 12 02:20:09 2014 +0530
tree ea4315210981df8ff95d6acd0169f872ed28e919
parent 1fc6e18c4a690482d26ab3bf4dd208e48cde5f9a

Take an optional rabbit user name as input

Newer versions of rabbitmq (3.3 and later) do not allow the 'guest'
user to access on non-local interfaces.

- Added a new config RABBIT_USERID which defaults to stackrabbit
- Invoked config scripts using that variable

Adopted from:
https://review.openstack.org/#/c/107779/

Change-Id: I43a231c9611b4cc2e390b603aa3bfb49c915bdc5
Closes-Bug: #1343354
Co-Authored-By: Scott Moser <smoser@ubuntu.com>

lib/rpc_backend

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 4c1efa6..6afec37 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -7,7 +7,7 @@
 # Dependencies:
 #
 # - ``functions`` file
-# - ``RABBIT_{HOST|PASSWORD}`` must be defined when RabbitMQ is used
+# - ``RABBIT_{HOST|PASSWORD|USERID}`` must be defined when RabbitMQ is used
 # - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
 
 # ``stack.sh`` calls the entry points in this order:
@@ -68,6 +68,9 @@
 function cleanup_rpc_backend {
     if is_service_enabled rabbit; then
         # Obliterate rabbitmq-server
+        if [ -n "$RABBIT_USERID" ]; then
+            sudo rabbitmqctl delete_user "$RABBIT_USERID"
+        fi
         uninstall_package rabbitmq-server
         sudo killall epmd || sudo killall -9 epmd
         if is_ubuntu; then
@@ -180,15 +183,16 @@
                 # service is not started by default
                 restart_service rabbitmq-server
             fi
+            rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
             # change the rabbit password since the default is "guest"
-            sudo rabbitmqctl change_password guest $RABBIT_PASSWORD && break
+            sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
             [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
         done
         if is_service_enabled n-cell; then
             # Add partitioned access for the child cell
             if [ -z `sudo rabbitmqctl list_vhosts | grep child_cell` ]; then
                 sudo rabbitmqctl add_vhost child_cell
-                sudo rabbitmqctl set_permissions -p child_cell guest ".*" ".*" ".*"
+                sudo rabbitmqctl set_permissions -p child_cell $RABBIT_USERID ".*" ".*" ".*"
             fi
         fi
     elif is_service_enabled qpid; then
@@ -225,6 +229,7 @@
         iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
         iniset $file $section rabbit_hosts $RABBIT_HOST
         iniset $file $section rabbit_password $RABBIT_PASSWORD
+        iniset $file $section rabbit_userid $RABBIT_USERID
     fi
 }
 
@@ -239,6 +244,21 @@
     ( ! is_suse )
 }
 
+function rabbit_setuser {
+    local user="$1" pass="$2" found="" out=""
+    out=$(sudo rabbitmqctl list_users) ||
+        { echo "failed to list users" 1>&2; return 1; }
+    found=$(echo "$out" | awk '$1 == user { print $1 }' "user=$user")
+    if [ "$found" = "$user" ]; then
+        sudo rabbitmqctl change_password "$user" "$pass" ||
+            { echo "failed changing pass for '$user'" 1>&2; return 1; }
+    else
+        sudo rabbitmqctl add_user "$user" "$pass" ||
+            { echo "failed changing pass for $user"; return 1; }
+    fi
+    sudo rabbitmqctl set_permissions "$user" ".*" ".*" ".*"
+}
+
 # Set up the various configuration files used by the qpidd broker
 function _configure_qpid {