Page MenuHomeDevCentral

WIP: Configure RabbitMQ credentials from Vault
ClosedPublic

Authored by dereckson on Feb 9 2023, 23:19.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 13:53
Unknown Object (File)
Fri, Nov 22, 04:20
Unknown Object (File)
Tue, Nov 19, 05:07
Unknown Object (File)
Fri, Nov 15, 03:31
Unknown Object (File)
Thu, Nov 14, 20:09
Unknown Object (File)
Mon, Nov 11, 07:15
Unknown Object (File)
Sun, Nov 10, 03:25
Unknown Object (File)
Fri, Nov 8, 13:49
Subscribers
None

Details

Summary

RabbitMQ clusters need the following important credentials:

  • Erlang cookie, to allow cluster components to communicate
  • An administrator account to allow maintenance tasks

Both are stored in Vault, cookie can be set in host data volume,
administrator account is set when container is initialized.
A file-as-flag is then created to indicate that's part is done.

References:

Ref T752

Test Plan

Provision white-rabbit on docker-002

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
rabbitmq-vault
Build Status
Buildable 4430
Build 4697: arc lint + arc unit

Event Timeline

dereckson retitled this revision from Configure RabbitMQ credentials from Vault to WIP: Configure RabbitMQ credentials from Vault.Feb 10 2023, 01:27
dereckson added inline comments.
roles/paas-docker/containers/rabbitmq.sls
67

Switching do cmd.script, and wait 20 seconds RabbitMQ started:

docker logs white-rabbit
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0> Server startup complete; 7 plugins started.
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_prometheus
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_mqtt
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_web_stomp
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_stomp
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_management
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_web_dispatch
2023-02-10 00:28:41.201991+00:00 [info] <0.491.0>  * rabbitmq_management_agent
2023-02-10 00:28:58.228618+00:00 [info] <0.678.0> Created user 'root'
2023-02-10 00:28:58.279681+00:00 [info] <0.685.0> Successfully set user tags for user 'root' to [administrator]

How to properly escape password is still to determine, yaml_squote doesn't give correct result.

Rebased against docker-001 config. Ready to review.

Works correctly on docker-002 for white-rabbit container.

This revision is now accepted and ready to land.Feb 20 2023, 23:30