Merge pull request #690 from shivani-orch/rabbitmq-user-setup

Rabbitmq user setup
StackStorm · Mar 19, 2021 · 739d24e · 739d24e
2 parents 6e66733 + 5a5148c
commit 739d24e
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 26 deletions.
diff --git a/scripts/includes/common.sh b/scripts/includes/common.sh
@@ -123,6 +123,8 @@ check_st2_host_dependencies() {
 generate_random_passwords() {
   # Generate random password used for MongoDB user authentication
   ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
+  # Generate random password used for RabbitMQ user authentication
+  ST2_RABBITMQ_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
 }
 
 

diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh
@@ -273,6 +273,8 @@ check_st2_host_dependencies() {
 generate_random_passwords() {
   # Generate random password used for MongoDB user authentication
   ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
+  # Generate random password used for RabbitMQ user authentication
+  ST2_RABBITMQ_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
 }
 
 
@@ -465,7 +467,18 @@ install_st2_dependencies() {
   fi
 
   sudo apt-get install -y curl
+
+  # Various other dependencies needed by st2 and installer script
+  sudo apt-get install -y crudini
+}
+
+install_rabbitmq() {
+  # install RabbitMQ
   sudo apt-get install -y rabbitmq-server
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
 
   # Configure RabbitMQ to listen on localhost only
   sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
@@ -475,9 +488,6 @@ install_st2_dependencies() {
   else
     sudo service rabbitmq-server restart
   fi
-
-  # Various other dependencies needed by st2 and installer script
-  sudo apt-get install -y crudini
 }
 
 install_mongodb() {
@@ -596,6 +606,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -696,6 +710,7 @@ STEP="Check TCP ports and MongoDB storage requirements" && check_st2_host_depend
 STEP="Generate random password" && generate_random_passwords
 STEP="Configure Proxy" && configure_proxy
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user

diff --git a/scripts/st2bootstrap-deb.template.sh b/scripts/st2bootstrap-deb.template.sh
@@ -154,7 +154,18 @@ install_st2_dependencies() {
   fi
 
   sudo apt-get install -y curl
+
+  # Various other dependencies needed by st2 and installer script
+  sudo apt-get install -y crudini
+}
+
+install_rabbitmq() {
+  # install RabbitMQ
   sudo apt-get install -y rabbitmq-server
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
 
   # Configure RabbitMQ to listen on localhost only
   sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
@@ -164,9 +175,6 @@ install_st2_dependencies() {
   else
     sudo service rabbitmq-server restart
   fi
-
-  # Various other dependencies needed by st2 and installer script
-  sudo apt-get install -y crudini
 }
 
 install_mongodb() {
@@ -285,6 +293,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -385,6 +397,7 @@ STEP="Check TCP ports and MongoDB storage requirements" && check_st2_host_depend
 STEP="Generate random password" && generate_random_passwords
 STEP="Configure Proxy" && configure_proxy
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user

diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh
@@ -234,6 +234,8 @@ check_st2_host_dependencies() {
 generate_random_passwords() {
   # Generate random password used for MongoDB user authentication
   ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
+  # Generate random password used for RabbitMQ user authentication
+  ST2_RABBITMQ_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
 }
 
 
@@ -492,14 +494,7 @@ install_st2_dependencies() {
   if [[ -z "$is_epel_installed" ]]; then
     sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   fi
-  sudo yum -y install curl rabbitmq-server
-
-  # Configure RabbitMQ to listen on localhost only
-  sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
-
-  sudo systemctl start rabbitmq-server
-  sudo systemctl enable rabbitmq-server
-
+
   # Various other dependencies needed by st2 and installer script
   sudo yum -y install crudini
 
@@ -519,6 +514,21 @@ install_st2_dependencies() {
   fi
 }
 
+install_rabbitmq() {
+  sudo yum -y install curl rabbitmq-server
+
+  # Configure RabbitMQ to listen on localhost only
+  sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
+
+  sudo systemctl start rabbitmq-server
+  sudo systemctl enable rabbitmq-server
+
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
+}
+
 install_mongodb() {
   # Add key and repo for the latest stable MongoDB (4.0)
   sudo rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc
@@ -592,6 +602,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -709,6 +723,7 @@ STEP='Install repoquery tool' && install_yum_utils
 STEP="Generate random password" && generate_random_passwords
 
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user

diff --git a/scripts/st2bootstrap-el7.template.sh b/scripts/st2bootstrap-el7.template.sh
@@ -131,14 +131,7 @@ install_st2_dependencies() {
   if [[ -z "$is_epel_installed" ]]; then
     sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   fi
-  sudo yum -y install curl rabbitmq-server
-
-  # Configure RabbitMQ to listen on localhost only
-  sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
-
-  sudo systemctl start rabbitmq-server
-  sudo systemctl enable rabbitmq-server
-
+
   # Various other dependencies needed by st2 and installer script
   sudo yum -y install crudini
 
@@ -158,6 +151,21 @@ install_st2_dependencies() {
   fi
 }
 
+install_rabbitmq() {
+  sudo yum -y install curl rabbitmq-server
+
+  # Configure RabbitMQ to listen on localhost only
+  sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf'
+
+  sudo systemctl start rabbitmq-server
+  sudo systemctl enable rabbitmq-server
+
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
+}
+
 install_mongodb() {
   # Add key and repo for the latest stable MongoDB (4.0)
   sudo rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc
@@ -231,6 +239,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -348,6 +360,7 @@ STEP='Install repoquery tool' && install_yum_utils
 STEP="Generate random password" && generate_random_passwords
 
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user

diff --git a/scripts/st2bootstrap-el8.sh b/scripts/st2bootstrap-el8.sh
@@ -242,6 +242,8 @@ check_st2_host_dependencies() {
 generate_random_passwords() {
   # Generate random password used for MongoDB user authentication
   ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
+  # Generate random password used for RabbitMQ user authentication
+  ST2_RABBITMQ_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
 }
 
 
@@ -506,6 +508,11 @@ install_st2_dependencies() {
     sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
   fi
 
+  # Various other dependencies needed by st2 and installer script
+  sudo yum -y install crudini
+}
+
+install_rabbitmq() {
   # Install rabbit from packagecloud
   # Package are not in EPEL or CentOS repos - but this is required for erlang.
   # recommended by rabbit: https://www.rabbitmq.com/install-rpm.html#package-cloud
@@ -524,8 +531,10 @@ install_st2_dependencies() {
   sudo systemctl start rabbitmq-server
   sudo systemctl enable rabbitmq-server
 
-  # Various other dependencies needed by st2 and installer script
-  sudo yum -y install crudini
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
 }
 
 install_mongodb() {
@@ -602,6 +611,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -735,6 +748,7 @@ STEP='Install repoquery tool' && install_yum_utils
 STEP="Generate random password" && generate_random_passwords
 
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user

diff --git a/scripts/st2bootstrap-el8.template.sh b/scripts/st2bootstrap-el8.template.sh
@@ -145,6 +145,11 @@ install_st2_dependencies() {
     sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
   fi
 
+  # Various other dependencies needed by st2 and installer script
+  sudo yum -y install crudini
+}
+
+install_rabbitmq() {
   # Install rabbit from packagecloud
   # Package are not in EPEL or CentOS repos - but this is required for erlang.
   # recommended by rabbit: https://www.rabbitmq.com/install-rpm.html#package-cloud
@@ -163,8 +168,10 @@ install_st2_dependencies() {
   sudo systemctl start rabbitmq-server
   sudo systemctl enable rabbitmq-server
 
-  # Various other dependencies needed by st2 and installer script
-  sudo yum -y install crudini
+  sudo rabbitmqctl add_user stackstorm "${ST2_RABBITMQ_PASSWORD}"
+  sudo rabbitmqctl delete_user guest
+  sudo rabbitmqctl set_user_tags stackstorm administrator
+  sudo rabbitmqctl set_permissions -p / stackstorm ".*" ".*" ".*"
 }
 
 install_mongodb() {
@@ -241,6 +248,10 @@ install_st2() {
   sudo crudini --set /etc/st2/st2.conf database username "stackstorm"
   sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}"
 
+  # Configure [messaging] section in st2.conf (username password for RabbitMQ access)
+  AMQP="amqp://stackstorm:$ST2_RABBITMQ_PASSWORD@127.0.0.1:5672"
+  sudo crudini --set /etc/st2/st2.conf messaging url "${AMQP}"
+
   sudo st2ctl start
   sudo st2ctl reload --register-all
 }
@@ -374,6 +385,7 @@ STEP='Install repoquery tool' && install_yum_utils
 STEP="Generate random password" && generate_random_passwords
 
 STEP="Install st2 dependencies" && install_st2_dependencies
+STEP="Install st2 dependencies (RabbitMQ)" && install_rabbitmq
 STEP="Install st2 dependencies (MongoDB)" && install_mongodb
 STEP="Install st2" && install_st2
 STEP="Configure st2 user" && configure_st2_user