New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rabbitmq user setup #690
Rabbitmq user setup #690
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good addition! 👍
Left a few notes to address.
scripts/st2bootstrap-deb.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you use the crudini command to set the messaging URL in the st2.conf file? You can see similar example for setting the mongodb setting.
scripts/st2bootstrap-deb.template.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment above.
scripts/st2bootstrap-el7.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment above.
scripts/st2bootstrap-el7.template.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment above.
scripts/st2bootstrap-el8.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment above.
scripts/st2bootstrap-el8.template.sh
Outdated
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | ||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | ||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" | ||
sudo sed -i "/\[messaging\]/,/\[.*\]\|url/ {n; s#url.*=.*#url = $AMQP#}" /etc/st2/st2.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@armab We use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shivani-orch Looks like you got some more things to fix here.
scripts/st2bootstrap-deb.sh
Outdated
@@ -466,6 +468,10 @@ install_st2_dependencies() { | |||
|
|||
sudo apt-get install -y curl | |||
sudo apt-get install -y rabbitmq-server | |||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | |||
sudo rabbitmqctl delete_user guest | |||
rabbitmqctl set_user_tags stanley administrator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
scripts/st2bootstrap-deb.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
scripts/st2bootstrap-deb.template.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
scripts/st2bootstrap-el7.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el7.template.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el8.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el8.template.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add sudo to the rabbitmqctl command otherwise this will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el8.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el7.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el7.template.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-el8.template.sh
Outdated
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" | ||
sudo rabbitmqctl delete_user guest | ||
rabbitmqctl set_user_tags stanley administrator | ||
rabbitmqctl set_permissions -p / stanley ".*" ".*" ".*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rabbitmq-server is not started automatically on RHEL/CentOS. This section needs to be moved to after rabbitmq-server is started below.
scripts/st2bootstrap-deb.sh
Outdated
@@ -596,6 +602,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" | |||
AMQP="amqp://stanley:$ST2_RABBITMQ_PASSWORD@$RABBITMQHOST:5672/" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you remove the last slash at the end from this URI?
scripts/st2bootstrap-deb.template.sh
Outdated
@@ -285,6 +289,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the default value to 127.0.0.1?
scripts/st2bootstrap-el7.sh
Outdated
@@ -592,6 +598,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the default value to 127.0.0.1?
scripts/st2bootstrap-el7.template.sh
Outdated
@@ -231,6 +235,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the default value to 127.0.0.1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 I also think we don't need to allow configuring the RABBITMQHOST
outside of the script and just hardcode it like MongoDB example does.
The simple curl|bash
installer is expected to have hardcoded defaults to make sure the debugging in the community is easier and there is no configuration drift.
scripts/st2bootstrap-el8.sh
Outdated
@@ -596,6 +602,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the default value to 127.0.0.1?
scripts/st2bootstrap-el8.template.sh
Outdated
@@ -235,6 +239,11 @@ install_st2() { | |||
sudo crudini --set /etc/st2/st2.conf database username "stackstorm" | |||
sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" | |||
|
|||
# Configure [messaging] section in st2.conf (username password for RabbitMQ access) | |||
RABBITMQHOST="${RABBITMQHOST:-rabbitmq}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the default value to 127.0.0.1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
scripts/st2bootstrap-deb.sh
Outdated
sudo apt-get install -y rabbitmq-server | ||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
scripts/st2bootstrap-deb.template.sh
Outdated
sudo apt-get install -y rabbitmq-server | ||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
scripts/st2bootstrap-el7.sh
Outdated
sudo systemctl start rabbitmq-server | ||
sudo systemctl enable rabbitmq-server | ||
|
||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
scripts/st2bootstrap-el7.template.sh
Outdated
sudo systemctl start rabbitmq-server | ||
sudo systemctl enable rabbitmq-server | ||
|
||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
scripts/st2bootstrap-el8.sh
Outdated
@@ -524,8 +531,10 @@ install_st2_dependencies() { | |||
sudo systemctl start rabbitmq-server | |||
sudo systemctl enable rabbitmq-server | |||
|
|||
# Various other dependencies needed by st2 and installer script | |||
sudo yum -y install crudini | |||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
scripts/st2bootstrap-el8.template.sh
Outdated
@@ -163,8 +168,10 @@ install_st2_dependencies() { | |||
sudo systemctl start rabbitmq-server | |||
sudo systemctl enable rabbitmq-server | |||
|
|||
# Various other dependencies needed by st2 and installer script | |||
sudo yum -y install crudini | |||
sudo rabbitmqctl add_user stanley "${ST2_RABBITMQ_PASSWORD}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you change the username from stanley
to stackstorm
? This is to be consistent with the username that we used for MongoDB.
For security reasons, the guest account is removed and another user with administrative rights will be added.