Avoid starting rabbitmq server as root

Starting rabbitmq-server causes rabbitmq (and dependent
processes) to start as root user, causing undesirable
results. epmd process stays running as root until killed
by OCF scripts. It is more desirable to start rabbitmq
manually when Puppet tells it to.

Additionally, rabbitmq-plugins must be run as root
(in order to set /etc/rabbitmq/enabled_plugins), but as
a consequence, it starts epmd and leaves it running.
This can be worked around by starting epmd as rabbitmq
user before evaluating any plugins.

Added test for ensuring all RabbitMQ related processes
are running as rabbitmq user.

Upstream proposed change:
voxpupuli/puppet-rabbitmq#403

Change-Id: Ia6e5392c9d16d1be0ea166a61402d2103c5d4453
Closes-Bug: #1483249

deployment/puppet/osnailyfacter/modular/rabbitmq/rabbitmq.pp

@@ -146,6 +146,12 @@
         before          => Class['nova::rabbitmq'],
       }
     }
+
+    include rabbitmq::params
+    tweaks::ubuntu_service_override { 'rabbitmq-server':
+      package_name => $rabbitmq::params::package_name,
+      service_name => $rabbitmq::params::service_name,
+    }
   }
 
 }

deployment/puppet/osnailyfacter/modular/rabbitmq/rabbitmq_post.rb

@@ -0,0 +1,16 @@
+require File.join File.dirname(__FILE__), '../test_common.rb'
+
+RABBITMQ_USER="rabbitmq"
+
+class RabbitMQPostTest < Test::Unit::TestCase
+
+  def test_rabbitmq_is_running
+    assert TestCommon::Process.running?('/usr/sbin/rabbitmq-server'), 'RabbitMQ is not running!'
+  end
+
+  def test_rabbitmq_running_as_rabbitmq_user
+    cmd = 'ps haxo user,cmd | egrep -v "su |grep "| egrep "rabbitmq|beam|epmd" | egrep -v "^' RABBITMQ_USER '"'
+    assert TestCommon::Process.run_successful?(cmd), "'#{cmd}' returns processes not running as #{RABBITMQ_USER}'"
+  end
+
+end

deployment/puppet/osnailyfacter/modular/rabbitmq/tasks.yaml

@@ -7,3 +7,5 @@
     puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/rabbitmq/rabbitmq.pp
     puppet_modules: /etc/puppet/modules
     timeout: 3600
+  test_post:
+    cmd: ruby /etc/puppet/modules/osnailyfacter/modular/rabbitmq/rabbitmq_post.rb

deployment/puppet/rabbitmq/manifests/init.pp

@@ -161,6 +161,15 @@
     }
   }
 
+  # Start epmd as rabbitmq so it doesn't run as root when installing plugins
+  exec { 'epmd_daemon':
+    command => 'epmd -daemon',
+    path    => '/bin:/sbin:/usr/bin:/usr/sbin',
+    user    => 'rabbitmq',
+    group   => 'rabbitmq',
+    unless  => 'pgrep epmd',
+  }
+
   if $admin_enable and $service_manage {
     include '::rabbitmq::install::rabbitmqadmin'
 
@@ -200,7 +209,6 @@
     -> Class['::rabbitmq::management'] -> Anchor['rabbitmq::end']
 
   # Make sure the various providers have their requirements in place.
-  Class['::rabbitmq::install'] -> Rabbitmq_plugin<| |>
-  Class['::rabbitmq::install::rabbitmqadmin'] -> Rabbitmq_exchange<| |>
-
+  Class['::rabbitmq::install'] -> Exec['epmd_daemon']
+    -> Rabbitmq_plugin<| |> -> Rabbitmq_exchange<| |>
 }

tests/noop/spec/hosts/rabbitmq/rabbitmq_spec.rb

@@ -30,6 +30,14 @@ def resource_parameter_value(resource_type, resource_name, parameter)
       end
       should contain_class('rabbitmq').with_config_variables(/#{log_levels}/)
     end
+
+    it "should start epmd before rabbitmq plugins" do
+      should contain_exec('epmd_daemon').that_comes_before('Rabbitmq_plugin[rabbitmq_management]')
+    end
+
+    it "should override service on package install" do
+      should contain_tweaks__ubuntu_service_override('rabbitmq-server')
+    end
   end
   test_ubuntu_and_centos manifest
 end