|
|
9cf66a |
From c0b6356bbf5b9a1fb76b011486dfce258d395ef8 Mon Sep 17 00:00:00 2001
|
|
|
9cf66a |
From: Peter Lemenkov <lemenkov@gmail.com>
|
|
|
9cf66a |
Date: Fri, 6 Sep 2019 14:22:46 +0200
|
|
|
9cf66a |
Subject: [PATCH] Restore users/perms/policies even if starting in a single
|
|
|
9cf66a |
node mode
|
|
|
9cf66a |
|
|
|
9cf66a |
See https://bugzilla.redhat.com/1744467#c1
|
|
|
9cf66a |
|
|
|
9cf66a |
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
|
|
|
9cf66a |
---
|
|
|
9cf66a |
heartbeat/rabbitmq-cluster | 109 ++++++++++++++++++++-----------------
|
|
|
9cf66a |
1 file changed, 58 insertions(+), 51 deletions(-)
|
|
|
9cf66a |
|
|
|
9cf66a |
diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster
|
|
|
9cf66a |
index cf8ca21a6..7837e9e3c 100755
|
|
|
9cf66a |
--- a/heartbeat/rabbitmq-cluster
|
|
|
9cf66a |
+++ b/heartbeat/rabbitmq-cluster
|
|
|
9cf66a |
@@ -114,6 +114,62 @@ rmq_wipe_data()
|
|
|
9cf66a |
rm -rf $RMQ_DATA_DIR > /dev/null 2>&1
|
|
|
9cf66a |
}
|
|
|
9cf66a |
|
|
|
9cf66a |
+rmq_restore_users_perms_policies()
|
|
|
9cf66a |
+{
|
|
|
9cf66a |
+ # Restore users, user permissions, and policies (if any)
|
|
|
9cf66a |
+ BaseDataDir=`dirname $RMQ_DATA_DIR`
|
|
|
9cf66a |
+ $RMQ_EVAL "
|
|
|
9cf66a |
+ %% Run only if Mnesia is ready.
|
|
|
9cf66a |
+ lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso
|
|
|
9cf66a |
+ begin
|
|
|
9cf66a |
+ Restore = fun(Table, PostprocessFun, Filename) ->
|
|
|
9cf66a |
+ case file:consult(Filename) of
|
|
|
9cf66a |
+ {error, _} ->
|
|
|
9cf66a |
+ ok;
|
|
|
9cf66a |
+ {ok, [Result]} ->
|
|
|
9cf66a |
+ lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),
|
|
|
9cf66a |
+ file:delete(Filename)
|
|
|
9cf66a |
+ end
|
|
|
9cf66a |
+ end,
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ %% Restore users
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ Upgrade = fun
|
|
|
9cf66a |
+ ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};
|
|
|
9cf66a |
+ ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}
|
|
|
9cf66a |
+ end,
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ Downgrade = fun
|
|
|
9cf66a |
+ ({internal_user, A, B, C}) -> {internal_user, A, B, C};
|
|
|
9cf66a |
+ ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};
|
|
|
9cf66a |
+ %% Incompatible scheme, so we will loose user's password ('B' value) during conversion.
|
|
|
9cf66a |
+ %% Unfortunately, this case will require manual intervention - user have to run:
|
|
|
9cf66a |
+ %% rabbitmqctl change_password <somenewpassword>
|
|
|
9cf66a |
+ ({internal_user, A, B, C, _}) -> {internal_user, A, B, C}
|
|
|
9cf66a |
+ end,
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ %% Check db scheme first
|
|
|
9cf66a |
+ [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),
|
|
|
9cf66a |
+ case WildPattern of
|
|
|
9cf66a |
+ %% Version < 3.6.0
|
|
|
9cf66a |
+ {internal_user,'_','_','_'} ->
|
|
|
9cf66a |
+ Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");
|
|
|
9cf66a |
+ %% Version >= 3.6.0
|
|
|
9cf66a |
+ {internal_user,'_','_','_','_'} ->
|
|
|
9cf66a |
+ Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")
|
|
|
9cf66a |
+ end,
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ NoOp = fun(X) -> X end,
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ %% Restore user permissions
|
|
|
9cf66a |
+ Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),
|
|
|
9cf66a |
+
|
|
|
9cf66a |
+ %% Restore policies
|
|
|
9cf66a |
+ Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")
|
|
|
9cf66a |
+ end.
|
|
|
9cf66a |
+ "
|
|
|
9cf66a |
+}
|
|
|
9cf66a |
+
|
|
|
9cf66a |
rmq_local_node()
|
|
|
9cf66a |
{
|
|
|
9cf66a |
|
|
|
9cf66a |
@@ -411,6 +467,7 @@ rmq_try_start() {
|
|
|
9cf66a |
if [ -z "$join_list" ]; then
|
|
|
9cf66a |
rmq_start_first
|
|
|
9cf66a |
rc=$?
|
|
|
9cf66a |
+ rmq_restore_users_perms_policies
|
|
|
9cf66a |
return $rc
|
|
|
9cf66a |
fi
|
|
|
9cf66a |
|
|
|
9cf66a |
@@ -437,58 +494,8 @@ rmq_try_start() {
|
|
|
9cf66a |
return $RMQ_TRY_RESTART_ERROR_CODE
|
|
|
9cf66a |
fi
|
|
|
9cf66a |
|
|
|
9cf66a |
- # Restore users, user permissions, and policies (if any)
|
|
|
9cf66a |
- BaseDataDir=`dirname $RMQ_DATA_DIR`
|
|
|
9cf66a |
- $RMQ_EVAL "
|
|
|
9cf66a |
- %% Run only if Mnesia is ready.
|
|
|
9cf66a |
- lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso
|
|
|
9cf66a |
- begin
|
|
|
9cf66a |
- Restore = fun(Table, PostprocessFun, Filename) ->
|
|
|
9cf66a |
- case file:consult(Filename) of
|
|
|
9cf66a |
- {error, _} ->
|
|
|
9cf66a |
- ok;
|
|
|
9cf66a |
- {ok, [Result]} ->
|
|
|
9cf66a |
- lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),
|
|
|
9cf66a |
- file:delete(Filename)
|
|
|
9cf66a |
- end
|
|
|
9cf66a |
- end,
|
|
|
9cf66a |
+ rmq_restore_users_perms_policies
|
|
|
9cf66a |
|
|
|
9cf66a |
- %% Restore users
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- Upgrade = fun
|
|
|
9cf66a |
- ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};
|
|
|
9cf66a |
- ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}
|
|
|
9cf66a |
- end,
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- Downgrade = fun
|
|
|
9cf66a |
- ({internal_user, A, B, C}) -> {internal_user, A, B, C};
|
|
|
9cf66a |
- ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};
|
|
|
9cf66a |
- %% Incompatible scheme, so we will loose user's password ('B' value) during conversion.
|
|
|
9cf66a |
- %% Unfortunately, this case will require manual intervention - user have to run:
|
|
|
9cf66a |
- %% rabbitmqctl change_password <somenewpassword>
|
|
|
9cf66a |
- ({internal_user, A, B, C, _}) -> {internal_user, A, B, C}
|
|
|
9cf66a |
- end,
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- %% Check db scheme first
|
|
|
9cf66a |
- [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),
|
|
|
9cf66a |
- case WildPattern of
|
|
|
9cf66a |
- %% Version < 3.6.0
|
|
|
9cf66a |
- {internal_user,'_','_','_'} ->
|
|
|
9cf66a |
- Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");
|
|
|
9cf66a |
- %% Version >= 3.6.0
|
|
|
9cf66a |
- {internal_user,'_','_','_','_'} ->
|
|
|
9cf66a |
- Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")
|
|
|
9cf66a |
- end,
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- NoOp = fun(X) -> X end,
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- %% Restore user permissions
|
|
|
9cf66a |
- Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),
|
|
|
9cf66a |
-
|
|
|
9cf66a |
- %% Restore policies
|
|
|
9cf66a |
- Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")
|
|
|
9cf66a |
- end.
|
|
|
9cf66a |
- "
|
|
|
9cf66a |
return $OCF_SUCCESS
|
|
|
9cf66a |
}
|
|
|
9cf66a |
|