Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid starting rabbitmq processes as root #403

Closed
wants to merge 1 commit into from
Closed

Avoid starting rabbitmq processes as root #403

wants to merge 1 commit into from

Conversation

mattymo
Copy link

@mattymo mattymo commented Oct 13, 2015

Rabbitmq-plugins must be run as root
(in order to set /etc/rabbitmq/enabled_plugins), but as
a consequence, it starts epmd and leaves it running.
This can be worked around by starting epmd as rabbitmq
user before evaluating any plugins.

@mattymo mattymo force-pushed the epmd-as-rabbitmq branch 2 times, most recently from 5a86458 to e95189a Compare October 13, 2015 14:42
@michaelklishin
Copy link

Not sure if this makes things any easier but it should be possible to simply run any rabbitmq* command line tool with the effective user you want and it will start epmd for you (well, the runtime will).

@mattymo
Copy link
Author

mattymo commented Oct 13, 2015

epmd will start if it's not running already if you run any rabbitmq* script. If you're running as root (which is required for rabbitmq-plugin script), it launches epmd. In many deployment scenarios, we need to enable plugins before starting any clustered mode.

@mattymo
Avoid starting rabbitmq processes as root
dc277a0 
Rabbitmq-plugins must be run as root
(in order to set /etc/rabbitmq/enabled_plugins), but as
a consequence, it starts empd and leaves it running.
This can be worked around by starting epmd as rabbitmq
user before evaluating any plugins.
openstack-gerrit pushed a commit to openstack-archive/fuel-library that referenced this pull request Oct 15, 2015
@mattymo
Avoid starting rabbitmq server as root
79f6c91 
Starting rabbitmq-server causes rabbitmq (and dependent
processes) to start as root user, causing undesirable
results. epmd process stays running as root until killed
by OCF scripts. It is more desirable to start rabbitmq
manually when Puppet tells it to.

Additionally, rabbitmq-plugins must be run as root
(in order to set /etc/rabbitmq/enabled_plugins), but as
a consequence, it starts epmd and leaves it running.
This can be worked around by starting epmd as rabbitmq
user before evaluating any plugins.

Added test for ensuring all RabbitMQ related processes
are running as rabbitmq user.

Upstream proposed change:
voxpupuli/puppet-rabbitmq#403

Change-Id: Ia6e5392c9d16d1be0ea166a61402d2103c5d4453
Closes-Bug: #1483249
@daenney
Copy link
Member

daenney commented Jan 7, 2016

What's the problem with running epmd as root? I see no explanation for this. epmd from what I can tell is the Erlang Port Mapper Daemon and generic to Erlang processes, not RabbitMQ specific. What are the consequences of running this as the RabbitMQ user if another Erlang process would also need this?

@bmjen
Copy link
Member

bmjen commented Jan 7, 2016

Agree with @daenney , also don't like that it's going to be the default for all users of the rabbitmq module.

@eputnam eputnam added needs-feedback Further information is requested needs-rebase labels Feb 17, 2017
@eputnam
Copy link
Member

eputnam commented Feb 17, 2017

Closing this because of inactivity. @mattymo if this is still an issue, please feel free to re-open and rebase!

@eputnam eputnam closed this Feb 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
needs-feedback Further information is requested needs-rebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mattymo @michaelklishin @daenney @bmjen @eputnam