From c0b6356bbf5b9a1fb76b011486dfce258d395ef8 Mon Sep 17 00:00:00 2001

From: Peter Lemenkov <lemenkov@gmail.com>

Date: Fri, 6 Sep 2019 14:22:46 +0200

Subject: [PATCH] Restore users/perms/policies even if starting in a single

 node mode

See https://bugzilla.redhat.com/1744467#c1

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>

---

 heartbeat/rabbitmq-cluster | 109 ++++++++++++++++++++-----------------

 1 file changed, 58 insertions(+), 51 deletions(-)

diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster

index cf8ca21a6..7837e9e3c 100755

--- a/heartbeat/rabbitmq-cluster

+++ b/heartbeat/rabbitmq-cluster

@@ -114,6 +114,62 @@ rmq_wipe_data()

 	rm -rf $RMQ_DATA_DIR > /dev/null 2>&1 

 }

+rmq_restore_users_perms_policies()

+{

+	# Restore users, user permissions, and policies (if any)

+	BaseDataDir=`dirname $RMQ_DATA_DIR`

+	$RMQ_EVAL "

+		%% Run only if Mnesia is ready.

+		lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso

+		begin

+			Restore = fun(Table, PostprocessFun, Filename) ->

+				case file:consult(Filename) of

+					{error, _} ->

+						ok;

+					{ok, [Result]} ->

+						lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),

+						file:delete(Filename)

+				end

+			end,

+

+			%% Restore users

+

+			Upgrade = fun

+				({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};

+				({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}

+			end,

+

+			Downgrade = fun

+				({internal_user, A, B, C}) -> {internal_user, A, B, C};

+				({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};

+				%% Incompatible scheme, so we will loose user's password ('B' value) during conversion.

+				%% Unfortunately, this case will require manual intervention - user have to run:

+				%%    rabbitmqctl change_password  <somenewpassword>

+				({internal_user, A, B, C, _}) -> {internal_user, A, B, C}

+			end,

+

+			%% Check db scheme first

+			[WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),

+			case WildPattern of

+				%% Version < 3.6.0

+				{internal_user,'_','_','_'} ->

+					Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");

+				%% Version >= 3.6.0

+				{internal_user,'_','_','_','_'} ->

+					Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")

+			end,

+

+			NoOp = fun(X) -> X end,

+

+			%% Restore user permissions

+			Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),

+

+			%% Restore policies

+			Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")

+		end.

+	"

+}

+

 rmq_local_node()

 {

@@ -411,6 +467,7 @@ rmq_try_start() {

 	if [ -z "$join_list" ]; then

 		rmq_start_first

 		rc=$?

+		rmq_restore_users_perms_policies

 		return $rc

 	fi

@@ -437,58 +494,8 @@ rmq_try_start() {

 		return $RMQ_TRY_RESTART_ERROR_CODE

 	fi

-	# Restore users, user permissions, and policies (if any)

-	BaseDataDir=`dirname $RMQ_DATA_DIR`

-	$RMQ_EVAL "

-		%% Run only if Mnesia is ready.

-		lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso

-		begin

-			Restore = fun(Table, PostprocessFun, Filename) ->

-				case file:consult(Filename) of

-					{error, _} ->

-						ok;

-					{ok, [Result]} ->

-						lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),

-						file:delete(Filename)

-				end

-			end,

+	rmq_restore_users_perms_policies

-			%% Restore users

-

-			Upgrade = fun

-				({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};

-				({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}

-			end,

-

-			Downgrade = fun

-				({internal_user, A, B, C}) -> {internal_user, A, B, C};

-				({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};

-				%% Incompatible scheme, so we will loose user's password ('B' value) during conversion.

-				%% Unfortunately, this case will require manual intervention - user have to run:

-				%%    rabbitmqctl change_password  <somenewpassword>

-				({internal_user, A, B, C, _}) -> {internal_user, A, B, C}

-			end,

-

-			%% Check db scheme first

-			[WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),

-			case WildPattern of

-				%% Version < 3.6.0

-				{internal_user,'_','_','_'} ->

-					Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");

-				%% Version >= 3.6.0

-				{internal_user,'_','_','_','_'} ->

-					Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")

-			end,

-

-			NoOp = fun(X) -> X end,

-

-			%% Restore user permissions

-			Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),

-

-			%% Restore policies

-			Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")

-		end.

-	"

 	return $OCF_SUCCESS

 }