From f6b832bbe960760f38b1f07bca0b197a59fe6544efe9a5206cfb23ab382f954b Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 6 Feb 2017 15:30:49 +0000 Subject: [PATCH 1/4] Accepting request 455038 from devel:languages:erlang - Update to 3.5.8 Fixes logging issues on erlang 17+ Fixes MQTT password authentication error (CVE-2016-9877) (boo#1017642) OBS-URL: https://build.opensuse.org/request/show/455038 OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=69 --- rabbitmq-server-3.5.4.tar.gz | 3 --- rabbitmq-server-3.5.8.tar.gz | 3 +++ rabbitmq-server.changes | 7 +++++++ rabbitmq-server.spec | 4 ++-- 4 files changed, 12 insertions(+), 5 deletions(-) delete mode 100644 rabbitmq-server-3.5.4.tar.gz create mode 100644 rabbitmq-server-3.5.8.tar.gz diff --git a/rabbitmq-server-3.5.4.tar.gz b/rabbitmq-server-3.5.4.tar.gz deleted file mode 100644 index d3ee78c..0000000 --- a/rabbitmq-server-3.5.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f79814d5fd5574734f599ef570ddace02ce4e47a1441cd052c568cde4d6ca3a4 -size 3730770 diff --git a/rabbitmq-server-3.5.8.tar.gz b/rabbitmq-server-3.5.8.tar.gz new file mode 100644 index 0000000..0bfe117 --- /dev/null +++ b/rabbitmq-server-3.5.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b962df741fcbec078a1f5e8a1f6ec5823a22d25ada35b725585597f0fb1f6738 +size 3919501 diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index 33c4dbe..d4c1ce7 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jan 17 19:04:59 UTC 2017 - chris@intrbiz.com + +- Update to 3.5.8 + Fixes logging issues on erlang 17+ + Fixes MQTT password authentication error (CVE-2016-9877) (boo#1017642) + ------------------------------------------------------------------- Thu Apr 14 14:30:39 UTC 2016 - aplanas@suse.com diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index d4c6dc3..4ad9fc3 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -1,7 +1,7 @@ # # spec file for package rabbitmq-server # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %endif Name: rabbitmq-server -Version: 3.5.4 +Version: 3.5.8 Release: 0 Summary: The RabbitMQ Server License: MPL-1.1 From f044086eacfcf6e30b871b1cd1e240c4e9614fe9d52d54b25d6426a68894b434 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 6 Feb 2017 15:44:23 +0000 Subject: [PATCH 2/4] - fix source url OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=70 --- rabbitmq-server.changes | 5 +++++ rabbitmq-server.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index d4c1ce7..b1edf27 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Feb 6 15:43:18 UTC 2017 - mrueckert@suse.de + +- fix source url + ------------------------------------------------------------------- Tue Jan 17 19:04:59 UTC 2017 - chris@intrbiz.com diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index 4ad9fc3..df279fc 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -30,7 +30,7 @@ Summary: The RabbitMQ Server License: MPL-1.1 Group: System/Daemons Url: http://www.rabbitmq.com/ -Source: http://www.rabbitmq.com/releases/rabbitmq-server/v%{version}/%{name}-%{version}.tar.gz +Source: https://github.com/rabbitmq/rabbitmq-server/releases/download/rabbitmq_v3_5_8/rabbitmq-server-3.5.8.tar.gz Source1: rabbitmq-server.init # This comes from: http://hg.rabbitmq.com/rabbitmq-server/raw-file/2da625c0a436/packaging/common/rabbitmq-script-wrapper Source2: rabbitmq-script-wrapper From 5843c59cf0642efd8718e4875469ed026bd45bf07b58e682ff73c7fb52339563 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 6 Feb 2017 16:06:05 +0000 Subject: [PATCH 3/4] Accepting request 455065 from devel:languages:erlang - IMPORTANT CHANGE Require the epmd service instead of running our own version as rabbitmq user. This requires that you configure epmd to listen on more interfaces than just 127.0.0.1. For non systemd based distributions you can set EPMD_ADDRESSES in /etc/sysconfing/erlang. For systemd based distributions please follow /usr/share/doc/packages/erlang/README.SUSE IMPORTANT CHANGE This change is also documented in /usr/share/doc/packages/rabbitmq-server/README.SUSE OBS-URL: https://build.opensuse.org/request/show/455065 OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=71 --- README.SUSE | 12 ++++++++++++ rabbitmq-server.changes | 22 ++++++++++++++++++++++ rabbitmq-server.init | 4 ++-- rabbitmq-server.service | 1 + rabbitmq-server.spec | 5 ++++- 5 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 README.SUSE diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..fe936cc --- /dev/null +++ b/README.SUSE @@ -0,0 +1,12 @@ + RabbitMQ and EPMD +=================== + +RabbitMQ requires epmd to listen on more interfaces than just localhost. +The easiest solution is to set the listening address to "0.0.0.0". But +you can also limit it to certain interfaces/IPs. + +For non systemd based distributions you can set EPMD_ADDRESSES in +/etc/sysconfing/erlang. + +For systemd based distributions please follow +/usr/share/doc/packages/erlang/README.SUSE diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index b1edf27..378468b 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -3,6 +3,28 @@ Mon Feb 6 15:43:18 UTC 2017 - mrueckert@suse.de - fix source url +------------------------------------------------------------------- +Mon Feb 6 15:32:24 UTC 2017 - mrueckert@suse.de + +- IMPORTANT CHANGE + + Require the epmd service instead of running our own version as + rabbitmq user. + + This requires that you configure epmd to listen on more + interfaces than just 127.0.0.1. + + For non systemd based distributions you can set EPMD_ADDRESSES in + /etc/sysconfing/erlang. + + For systemd based distributions please follow + /usr/share/doc/packages/erlang/README.SUSE + + IMPORTANT CHANGE + + This change is also documented in + /usr/share/doc/packages/rabbitmq-server/README.SUSE + ------------------------------------------------------------------- Tue Jan 17 19:04:59 UTC 2017 - chris@intrbiz.com diff --git a/rabbitmq-server.init b/rabbitmq-server.init index 1ab8114..6cedb69 100644 --- a/rabbitmq-server.init +++ b/rabbitmq-server.init @@ -8,8 +8,8 @@ ### BEGIN INIT INFO # Provides: rabbitmq-server -# Required-Start: $local_fs $network $remote_fs -# Required-Stop: $local_fs $network $remote_fs +# Required-Start: $local_fs $network $remote_fs epmd +# Required-Stop: $local_fs $network $remote_fs epmd # Default-Start: 3 5 # Default-Stop: 0 1 2 4 6 # Description: RabbitMQ broker diff --git a/rabbitmq-server.service b/rabbitmq-server.service index 719e096..fd93837 100644 --- a/rabbitmq-server.service +++ b/rabbitmq-server.service @@ -1,6 +1,7 @@ [Unit] Description=RabbitMQ broker After=syslog.target network.target +Requires=epmd.service [Service] Type=notify diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index df279fc..6aa3e9b 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -39,6 +39,7 @@ Source4: rabbitmq-server.ocf Source5: rabbitmq-server.sysconfig Source6: rabbitmq-server.service Source7: rabbitmq-server.tmpfiles.d.conf +Source8: README.SUSE Patch0: no-nmap.patch Patch1: no-remove-common.patch BuildRequires: erlang @@ -52,6 +53,7 @@ BuildRequires: unzip BuildRequires: xmlto BuildRequires: zip Requires: erlang +Requires: erlang-epmd Requires: logrotate Provides: AMQP-server BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -106,6 +108,7 @@ This package includes the RabbitMQ AMQP language bindings for Erlang. %patch1 %define _rabbit_server_ocf `basename %{SOURCE4}` cp %{SOURCE4} %{_rabbit_server_ocf} +cp %{SOURCE8} . #patch10 -p1 %build @@ -230,7 +233,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf %dir /usr/lib/ocf/resource.d/rabbitmq %config(noreplace) %{_sysconfdir}/logrotate.d/rabbitmq-server %config(noreplace) %{_sysconfdir}/rabbitmq/rabbitmq.config -%doc LICENSE* README +%doc LICENSE* README README.SUSE %dir %{_rabbit_erllibdir}/plugins %exclude %{_rabbit_erllibdir}/plugins/* %exclude %{_libdir}/erlang/lib/amqp_client*/* From b41bc91f71071a698972bd0caa4e08e29ab80fec5b754593bf0c3ba380a62a82 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 13 Feb 2017 12:36:52 +0000 Subject: [PATCH 4/4] Accepting request 456720 from devel:languages:erlang - add buildrequires for xz to fix build on sle11 - drop no-remove-common.patch and no-nmap.patch: no longer needed - add back default config from the 3.5.8 package as 3.6.6 doesn't ship one anymore - rabbitmq-script-wrapper now directly talks to the scripts in _rabbit_erllibdir instead of having another indirection. - moved tmpfiles.d support into the main systemd install block - extracted make cmdline options into a variable - update to 3.6.6 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_6 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_5 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_4 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_3 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_2 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_1 https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_0 OBS-URL: https://build.opensuse.org/request/show/456720 OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=72 --- no-nmap.patch | 19 -- no-remove-common.patch | 12 - rabbitmq-script-wrapper | 8 +- rabbitmq-server-3.5.8.tar.gz | 3 - rabbitmq-server-3.6.6.tar.xz | 3 + rabbitmq-server.changes | 33 ++ rabbitmq-server.spec | 38 +-- rabbitmq.config.example | 594 +++++++++++++++++++++++++++++++++++ 8 files changed, 648 insertions(+), 62 deletions(-) delete mode 100644 no-nmap.patch delete mode 100644 no-remove-common.patch delete mode 100644 rabbitmq-server-3.5.8.tar.gz create mode 100644 rabbitmq-server-3.6.6.tar.xz create mode 100644 rabbitmq.config.example diff --git a/no-nmap.patch b/no-nmap.patch deleted file mode 100644 index 1025664..0000000 --- a/no-nmap.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: plugins-src/rabbitmq-auth-backend-ldap/package.mk -=================================================================== ---- plugins-src/rabbitmq-auth-backend-ldap/package.mk.orig -+++ plugins-src/rabbitmq-auth-backend-ldap/package.mk -@@ -1,9 +1,9 @@ - RELEASABLE:=true - DEPS:=rabbitmq-server rabbitmq-erlang-client eldap-wrapper - --ifeq ($(shell nc -z localhost 389 && echo true),true) --WITH_BROKER_TEST_COMMANDS:=eunit:test([rabbit_auth_backend_ldap_unit_test,rabbit_auth_backend_ldap_test],[verbose]) --WITH_BROKER_TEST_CONFIG:=$(PACKAGE_DIR)/etc/rabbit-test --else -+#ifeq ($(shell nc -z localhost 389 && echo true),true) -+#WITH_BROKER_TEST_COMMANDS:=eunit:test([rabbit_auth_backend_ldap_unit_test,rabbit_auth_backend_ldap_test],[verbose]) -+#WITH_BROKER_TEST_CONFIG:=$(PACKAGE_DIR)/etc/rabbit-test -+#else - $(warning Not running LDAP tests; no LDAP server found on localhost) --endif -+#endif diff --git a/no-remove-common.patch b/no-remove-common.patch deleted file mode 100644 index 39e3381..0000000 --- a/no-remove-common.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: Makefile -=================================================================== ---- Makefile.orig -+++ Makefile -@@ -120,7 +120,6 @@ plugins: - mkdir -p $(PLUGINS_DIR) - PLUGINS_SRC_DIR="" $(MAKE) -C "$(PLUGINS_SRC_DIR)" plugins-dist PLUGINS_DIST_DIR="$(CURDIR)/$(PLUGINS_DIR)" VERSION=$(VERSION) - echo "Put your EZs here and use rabbitmq-plugins to enable them." > $(PLUGINS_DIR)/README -- rm -f $(PLUGINS_DIR)/rabbit_common*.ez - - # add -q to remove printout of warnings.... - check-xref: $(BEAM_TARGETS) $(PLUGINS_DIR) diff --git a/rabbitmq-script-wrapper b/rabbitmq-script-wrapper index 38611c5..193d34e 100644 --- a/rabbitmq-script-wrapper +++ b/rabbitmq-script-wrapper @@ -33,13 +33,13 @@ INIT_LOG_DIR=/var/log/rabbitmq SCRIPT=`basename $0` if [ `id -u` = `id -u rabbitmq` -a "$SCRIPT" = "rabbitmq-server" ] ; then - /usr/lib/rabbitmq/bin/rabbitmq-server "$@" 2> ${INIT_LOG_DIR}/startup_err > ${INIT_LOG_DIR}/startup_log + @RABBITMQ_ROOT@/sbin/rabbitmq-server "$@" 2> ${INIT_LOG_DIR}/startup_err > ${INIT_LOG_DIR}/startup_log elif [ `id -u` = `id -u rabbitmq` -o "$SCRIPT" = "rabbitmq-plugins" ] ; then - /usr/lib/rabbitmq/bin/${SCRIPT} "$@" + @RABBITMQ_ROOT@/sbin/${SCRIPT} "$@" elif [ `id -u` = 0 ] ; then - @SU_RABBITMQ_SH_C@ "/usr/lib/rabbitmq/bin/${SCRIPT} ${CMDLINE}" + @SU_RABBITMQ_SH_C@ "@RABBITMQ_ROOT@/sbin/${SCRIPT} ${CMDLINE}" else - /usr/lib/rabbitmq/bin/${SCRIPT} + @RABBITMQ_ROOT@/sbin/${SCRIPT} echo echo "Only root or rabbitmq should run ${SCRIPT}" echo diff --git a/rabbitmq-server-3.5.8.tar.gz b/rabbitmq-server-3.5.8.tar.gz deleted file mode 100644 index 0bfe117..0000000 --- a/rabbitmq-server-3.5.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b962df741fcbec078a1f5e8a1f6ec5823a22d25ada35b725585597f0fb1f6738 -size 3919501 diff --git a/rabbitmq-server-3.6.6.tar.xz b/rabbitmq-server-3.6.6.tar.xz new file mode 100644 index 0000000..7737f0a --- /dev/null +++ b/rabbitmq-server-3.6.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:395689bcf57fd48aed452fcd43ff9a992de40067d3ea5c44e14680d69db7b78e +size 2471724 diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index 378468b..83f326e 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Mon Feb 13 10:54:43 UTC 2017 - mrueckert@suse.de + +- add buildrequires for xz to fix build on sle11 + +------------------------------------------------------------------- +Thu Feb 9 11:38:59 UTC 2017 - mrueckert@suse.de + +- drop no-remove-common.patch and no-nmap.patch: + no longer needed + +------------------------------------------------------------------- +Thu Feb 9 11:27:40 UTC 2017 - mrueckert@suse.de + +- add back default config from the 3.5.8 package as 3.6.6 doesn't + ship one anymore +- rabbitmq-script-wrapper now directly talks to the scripts in + _rabbit_erllibdir instead of having another indirection. +- moved tmpfiles.d support into the main systemd install block +- extracted make cmdline options into a variable + +------------------------------------------------------------------- +Mon Feb 6 15:47:13 UTC 2017 - mrueckert@suse.de + +- update to 3.6.6 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_6 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_5 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_4 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_3 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_2 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_1 + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_0 + ------------------------------------------------------------------- Mon Feb 6 15:43:18 UTC 2017 - mrueckert@suse.de diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index 6aa3e9b..54b7f59 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -23,14 +23,16 @@ %define _initddir %{_sysconfdir}/init.d %endif +%define _make_args DESTDIR="%{buildroot}" PREFIX="%{_prefix}" RMQ_ROOTDIR=%{_rabbit_libdir} RMQ_ERLAPP_DIR=%{_rabbit_erllibdir} MAN_INSTALL_PATH="%{_mandir}" DOC_INSTALL_DIR=%{buildroot}/%{_docdir} VERSION=%{version} V=1 + Name: rabbitmq-server -Version: 3.5.8 +Version: 3.6.6 Release: 0 Summary: The RabbitMQ Server License: MPL-1.1 Group: System/Daemons Url: http://www.rabbitmq.com/ -Source: https://github.com/rabbitmq/rabbitmq-server/releases/download/rabbitmq_v3_5_8/rabbitmq-server-3.5.8.tar.gz +Source: http://www.rabbitmq.com/releases/rabbitmq-server/v%{version}/rabbitmq-server-%{version}.tar.xz Source1: rabbitmq-server.init # This comes from: http://hg.rabbitmq.com/rabbitmq-server/raw-file/2da625c0a436/packaging/common/rabbitmq-script-wrapper Source2: rabbitmq-script-wrapper @@ -40,8 +42,7 @@ Source5: rabbitmq-server.sysconfig Source6: rabbitmq-server.service Source7: rabbitmq-server.tmpfiles.d.conf Source8: README.SUSE -Patch0: no-nmap.patch -Patch1: no-remove-common.patch +Source9: rabbitmq.config.example BuildRequires: erlang BuildRequires: erlang-src BuildRequires: fdupes @@ -49,9 +50,11 @@ BuildRequires: libxslt # require python json module BuildRequires: python >= 2.6 BuildRequires: python-xml +BuildRequires: rsync BuildRequires: unzip BuildRequires: xmlto BuildRequires: zip +BuildRequires: xz Requires: erlang Requires: erlang-epmd Requires: logrotate @@ -104,29 +107,22 @@ This package includes the RabbitMQ AMQP language bindings for Erlang. %prep %setup -q -%patch0 -%patch1 %define _rabbit_server_ocf `basename %{SOURCE4}` cp %{SOURCE4} %{_rabbit_server_ocf} cp %{SOURCE8} . #patch10 -p1 %build -make all VERSION=%{version} -# %{?_smp_mflags} +make all %{_make_args} %{?_smp_mflags} %install -make install \ - TARGET_DIR=%{buildroot}%{_rabbit_erllibdir} \ - SBIN_DIR=%{buildroot}%{_rabbit_libdir}/bin \ - MAN_DIR=%{buildroot}%{_mandir} \ - DOC_INSTALL_DIR=%{buildroot}/%{_docdir} \ - VERSION=%{version} +make install %{_make_args} mkdir -p %{buildroot}%{_sbindir} %if 0%{?have_systemd} install -p -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}.service ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -p -D -m 0644 %{SOURCE7} %{buildroot}/usr/lib/tmpfiles.d/rabbitmq-server.conf %else # Install init scripts install -p -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/rabbitmq-server @@ -139,14 +135,14 @@ install -p -D -m 644 %{SOURCE5} %{buildroot}%{_localstatedir}/adm/fillup-templat %define _rabbit_wrapper %{_builddir}/`basename %{SOURCE2}` cp %{SOURCE2} %{_rabbit_wrapper} sed -i 's|@SU_RABBITMQ_SH_C@|su rabbitmq -s /bin/sh -c|' %{_rabbit_wrapper} -sed -i 's|/usr/lib/|%{_libdir}/|' %{_rabbit_wrapper} +sed -i 's|@RABBITMQ_ROOT@|%{_rabbit_erllibdir}/|' %{_rabbit_wrapper} install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmqctl install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmq-server install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmq-plugins install -p -D -m 0755 %{_rabbit_server_ocf} %{buildroot}%{_exec_prefix}/lib/ocf/resource.d/rabbitmq/rabbitmq-server # install config files -install -p -D -m 0644 docs/rabbitmq.config.example %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.config +install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.config # Copy all necessary lib files etc. install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/rabbitmq-server @@ -162,12 +158,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/rabbitmq mkdir -p %{buildroot}%{_localstatedir}/lib/rabbitmq/mnesia mkdir -p %{buildroot}%{_localstatedir}/log/rabbitmq -# tmpfiles.d for systemd -%if 0%{?have_systemd} -mkdir -p %{buildroot}%/usr/lib/tmpfiles.d -install -p -D -m 0644 %{SOURCE7} %{buildroot}/usr/lib/tmpfiles.d/rabbitmq-server.conf -%endif - # Build the list of files rm -f %{_builddir}/filelist.%{name}.rpm echo '%defattr(-,root,root, -)' >> %{_builddir}/filelist.%{name}.rpm @@ -218,7 +208,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf %attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq %dir %{_sysconfdir}/rabbitmq %dir %{_rabbit_libdir} -%{_rabbit_libdir}/bin +#{_rabbit_libdir}/bin %dir %{_rabbit_libdir}/lib %{_rabbit_erllibdir} %if 0%{?have_systemd} @@ -233,7 +223,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf %dir /usr/lib/ocf/resource.d/rabbitmq %config(noreplace) %{_sysconfdir}/logrotate.d/rabbitmq-server %config(noreplace) %{_sysconfdir}/rabbitmq/rabbitmq.config -%doc LICENSE* README README.SUSE +%doc LICENSE* README* CODE_OF_CONDUCT.md CONTRIBUTING.md %dir %{_rabbit_erllibdir}/plugins %exclude %{_rabbit_erllibdir}/plugins/* %exclude %{_libdir}/erlang/lib/amqp_client*/* diff --git a/rabbitmq.config.example b/rabbitmq.config.example new file mode 100644 index 0000000..1a55401 --- /dev/null +++ b/rabbitmq.config.example @@ -0,0 +1,594 @@ +%% -*- mode: erlang -*- +%% ---------------------------------------------------------------------------- +%% RabbitMQ Sample Configuration File. +%% +%% See http://www.rabbitmq.com/configure.html for details. +%% ---------------------------------------------------------------------------- +[ + {rabbit, + [%% + %% Network Connectivity + %% ==================== + %% + + %% By default, RabbitMQ will listen on all interfaces, using + %% the standard (reserved) AMQP port. + %% + %% {tcp_listeners, [5672]}, + + %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. + %% For example, to listen only on localhost for both IPv4 and IPv6: + %% + %% {tcp_listeners, [{"127.0.0.1", 5672}, + %% {"::1", 5672}]}, + + %% SSL listeners are configured in the same fashion as TCP listeners, + %% including the option to control the choice of interface. + %% + %% {ssl_listeners, [5671]}, + + %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection + %% and SSL handshake), in milliseconds. + %% + %% {handshake_timeout, 10000}, + + %% Log levels (currently just used for connection logging). + %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing + %% order of verbosity. Defaults to 'info'. + %% + %% {log_levels, [{connection, info}, {channel, info}]}, + + %% Set to 'true' to perform reverse DNS lookups when accepting a + %% connection. Hostnames will then be shown instead of IP addresses + %% in rabbitmqctl and the management plugin. + %% + %% {reverse_dns_lookups, true}, + + %% + %% Security / AAA + %% ============== + %% + + %% The default "guest" user is only permitted to access the server + %% via a loopback interface (e.g. localhost). + %% {loopback_users, [<<"guest">>]}, + %% + %% Uncomment the following line if you want to allow access to the + %% guest user from anywhere on the network. + %% {loopback_users, []}, + + %% Configuring SSL. + %% See http://www.rabbitmq.com/ssl.html for full documentation. + %% + %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, + %% {certfile, "/path/to/server/cert.pem"}, + %% {keyfile, "/path/to/server/key.pem"}, + %% {verify, verify_peer}, + %% {fail_if_no_peer_cert, false}]}, + + %% Choose the available SASL mechanism(s) to expose. + %% The two default (built in) mechanisms are 'PLAIN' and + %% 'AMQPLAIN'. Additional mechanisms can be added via + %% plugins. + %% + %% See http://www.rabbitmq.com/authentication.html for more details. + %% + %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, + + %% Select an authentication database to use. RabbitMQ comes bundled + %% with a built-in auth-database, based on mnesia. + %% + %% {auth_backends, [rabbit_auth_backend_internal]}, + + %% Configurations supporting the rabbitmq_auth_mechanism_ssl and + %% rabbitmq_auth_backend_ldap plugins. + %% + %% NB: These options require that the relevant plugin is enabled. + %% See http://www.rabbitmq.com/plugins.html for further details. + + %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to + %% authenticate a user based on the client's SSL certificate. + %% + %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms + %% list with the entry 'EXTERNAL'. + %% + %% {auth_mechanisms, ['EXTERNAL']}, + + %% The rabbitmq_auth_backend_ldap plugin allows the broker to + %% perform authentication and authorisation by deferring to an + %% external LDAP server. + %% + %% For more information about configuring the LDAP backend, see + %% http://www.rabbitmq.com/ldap.html. + %% + %% Enable the LDAP auth backend by adding to or replacing the + %% auth_backends entry: + %% + %% {auth_backends, [rabbit_auth_backend_ldap]}, + + %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and + %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp + %% configuration section later in this file and the README in + %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further + %% details. + %% + %% To use the SSL cert's CN instead of its DN as the username + %% + %% {ssl_cert_login_from, common_name}, + + %% SSL handshake timeout, in milliseconds. + %% + %% {ssl_handshake_timeout, 5000}, + + %% + %% Default User / VHost + %% ==================== + %% + + %% On first start RabbitMQ will create a vhost and a user. These + %% config items control what gets created. See + %% http://www.rabbitmq.com/access-control.html for further + %% information about vhosts and access control. + %% + %% {default_vhost, <<"/">>}, + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, + + %% Tags for default user + %% + %% For more details about tags, see the documentation for the + %% Management Plugin at http://www.rabbitmq.com/management.html. + %% + %% {default_user_tags, [administrator]}, + + %% + %% Additional network and protocol related configuration + %% ===================================================== + %% + + %% Set the default AMQP heartbeat delay (in seconds). + %% + %% {heartbeat, 600}, + + %% Set the max permissible size of an AMQP frame (in bytes). + %% + %% {frame_max, 131072}, + + %% Set the max permissible number of channels per connection. + %% 0 means "no limit". + %% + %% {channel_max, 128}, + + %% Customising Socket Options. + %% + %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for + %% further documentation. + %% + %% {tcp_listen_options, [binary, + %% {packet, raw}, + %% {reuseaddr, true}, + %% {backlog, 128}, + %% {nodelay, true}, + %% {exit_on_close, false}]}, + + %% + %% Resource Limits & Flow Control + %% ============================== + %% + %% See http://www.rabbitmq.com/memory.html for full details. + + %% Memory-based Flow Control threshold. + %% + %% {vm_memory_high_watermark, 0.4}, + + %% Alternatively, we can set a limit (in bytes) of RAM used by the node. + %% + %% {vm_memory_high_watermark, {absolute, 1073741824}}, + + %% Fraction of the high watermark limit at which queues start to + %% page message out to disc in order to free up memory. + %% + %% {vm_memory_high_watermark_paging_ratio, 0.5}, + + %% Set disk free limit (in bytes). Once free disk space reaches this + %% lower bound, a disk alarm will be set - see the documentation + %% listed above for more details. + %% + %% {disk_free_limit, 50000000}, + + %% Alternatively, we can set a limit relative to total available RAM. + %% + %% {disk_free_limit, {mem_relative, 1.0}}, + + %% + %% Misc/Advanced Options + %% ===================== + %% + %% NB: Change these only if you understand what you are doing! + %% + + %% To announce custom properties to clients on connection: + %% + %% {server_properties, []}, + + %% How to respond to cluster partitions. + %% See http://www.rabbitmq.com/partitions.html for further details. + %% + %% {cluster_partition_handling, ignore}, + + %% Make clustering happen *automatically* at startup - only applied + %% to nodes that have just been reset or started for the first time. + %% See http://www.rabbitmq.com/clustering.html#auto-config for + %% further details. + %% + %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, + + %% Interval (in milliseconds) at which we send keepalive messages + %% to other cluster members. Note that this is not the same thing + %% as net_ticktime; missed keepalive messages will not cause nodes + %% to be considered down. + %% + %% {cluster_keepalive_interval, 10000}, + + %% Set (internal) statistics collection granularity. + %% + %% {collect_statistics, none}, + + %% Statistics collection interval (in milliseconds). + %% + %% {collect_statistics_interval, 5000}, + + %% Explicitly enable/disable hipe compilation. + %% + %% {hipe_compile, true}, + + %% Timeout used when waiting for Mnesia tables in a cluster to + %% become available. + %% + %% {mnesia_table_loading_timeout, 30000}, + + %% Size in bytes below which to embed messages in the queue index. See + %% http://www.rabbitmq.com/persistence-conf.html + %% + %% {queue_index_embed_msgs_below, 4096} + + ]}, + + %% ---------------------------------------------------------------------------- + %% Advanced Erlang Networking/Clustering Options. + %% + %% See http://www.rabbitmq.com/clustering.html for details + %% ---------------------------------------------------------------------------- + {kernel, + [%% Sets the net_kernel tick time. + %% Please see http://erlang.org/doc/man/kernel_app.html and + %% http://www.rabbitmq.com/nettick.html for further details. + %% + %% {net_ticktime, 60} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Management Plugin + %% + %% See http://www.rabbitmq.com/management.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_management, + [%% Pre-Load schema definitions from the following JSON file. See + %% http://www.rabbitmq.com/management.html#load-definitions + %% + %% {load_definitions, "/path/to/schema.json"}, + + %% Log all requests to the management HTTP API to a file. + %% + %% {http_log_dir, "/path/to/access.log"}, + + %% Change the port on which the HTTP listener listens, + %% specifying an interface for the web server to bind to. + %% Also set the listener to use SSL and provide SSL options. + %% + %% {listener, [{port, 12345}, + %% {ip, "127.0.0.1"}, + %% {ssl, true}, + %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, + %% {certfile, "/path/to/cert.pem"}, + %% {keyfile, "/path/to/key.pem"}]}]}, + + %% One of 'basic', 'detailed' or 'none'. See + %% http://www.rabbitmq.com/management.html#fine-stats for more details. + %% {rates_mode, basic}, + + %% Configure how long aggregated data (such as message rates and queue + %% lengths) is retained. Please read the plugin's documentation in + %% http://www.rabbitmq.com/management.html#configuration for more + %% details. + %% + %% {sample_retention_policies, + %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, + %% {basic, [{60, 5}, {3600, 60}]}, + %% {detailed, [{10, 5}]}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Shovel Plugin + %% + %% See http://www.rabbitmq.com/shovel.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_shovel, + [{shovels, + [%% A named shovel worker. + %% {my_first_shovel, + %% [ + + %% List the source broker(s) from which to consume. + %% + %% {sources, + %% [%% URI(s) and pre-declarations for all source broker(s). + %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, + %% {declarations, []} + %% ]}, + + %% List the destination broker(s) to publish to. + %% {destinations, + %% [%% A singular version of the 'brokers' element. + %% {broker, "amqp://"}, + %% {declarations, []} + %% ]}, + + %% Name of the queue to shovel messages from. + %% + %% {queue, <<"your-queue-name-goes-here">>}, + + %% Optional prefetch count. + %% + %% {prefetch_count, 10}, + + %% when to acknowledge messages: + %% - no_ack: never (auto) + %% - on_publish: after each message is republished + %% - on_confirm: when the destination broker confirms receipt + %% + %% {ack_mode, on_confirm}, + + %% Overwrite fields of the outbound basic.publish. + %% + %% {publish_fields, [{exchange, <<"my_exchange">>}, + %% {routing_key, <<"from_shovel">>}]}, + + %% Static list of basic.properties to set on re-publication. + %% + %% {publish_properties, [{delivery_mode, 2}]}, + + %% The number of seconds to wait before attempting to + %% reconnect in the event of a connection failure. + %% + %% {reconnect_delay, 2.5} + + %% ]} %% End of my_first_shovel + ]} + %% Rather than specifying some values per-shovel, you can specify + %% them for all shovels here. + %% + %% {defaults, [{prefetch_count, 0}, + %% {ack_mode, on_confirm}, + %% {publish_fields, []}, + %% {publish_properties, [{delivery_mode, 2}]}, + %% {reconnect_delay, 2.5}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ Stomp Adapter + %% + %% See http://www.rabbitmq.com/stomp.html for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_stomp, + [%% Network Configuration - the format is generally the same as for the broker + + %% Listen only on localhost (ipv4 & ipv6) on a specific port. + %% {tcp_listeners, [{"127.0.0.1", 61613}, + %% {"::1", 61613}]}, + + %% Listen for SSL connections on a specific port. + %% {ssl_listeners, [61614]}, + + %% Additional SSL options + + %% Extract a name from the client's certificate when using SSL. + %% + %% {ssl_cert_login, true}, + + %% Set a default user name and password. This is used as the default login + %% whenever a CONNECT frame omits the login and passcode headers. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, [{login, "guest"}, + %% {passcode, "guest"}]}, + + %% If a default user is configured, or you have configured use SSL client + %% certificate based authentication, you can choose to allow clients to + %% omit the CONNECT frame entirely. If set to true, the client is + %% automatically connected as the default user or user supplied in the + %% SSL certificate whenever the first frame sent on a session is not a + %% CONNECT frame. + %% + %% {implicit_connect, true} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ MQTT Adapter + %% + %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md + %% for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_mqtt, + [%% Set the default user name and password. Will be used as the default login + %% if a connecting client provides no other login details. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, <<"guest">>}, + %% {default_pass, <<"guest">>}, + + %% Enable anonymous access. If this is set to false, clients MUST provide + %% login information in order to connect. See the default_user/default_pass + %% configuration elements for managing logins without authentication. + %% + %% {allow_anonymous, true}, + + %% If you have multiple chosts, specify the one to which the + %% adapter connects. + %% + %% {vhost, <<"/">>}, + + %% Specify the exchange to which messages from MQTT clients are published. + %% + %% {exchange, <<"amq.topic">>}, + + %% Specify TTL (time to live) to control the lifetime of non-clean sessions. + %% + %% {subscription_ttl, 1800000}, + + %% Set the prefetch count (governing the maximum number of unacknowledged + %% messages that will be delivered). + %% + %% {prefetch, 10}, + + %% TCP/SSL Configuration (as per the broker configuration). + %% + %% {tcp_listeners, [1883]}, + %% {ssl_listeners, []}, + + %% TCP/Socket options (as per the broker configuration). + %% + %% {tcp_listen_options, [binary, + %% {packet, raw}, + %% {reuseaddr, true}, + %% {backlog, 128}, + %% {nodelay, true}]} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ AMQP 1.0 Support + %% + %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md + %% for details + %% ---------------------------------------------------------------------------- + + {rabbitmq_amqp1_0, + [%% Connections that are not authenticated with SASL will connect as this + %% account. See the README for more information. + %% + %% Please note that setting this will allow clients to connect without + %% authenticating! + %% + %% {default_user, "guest"}, + + %% Enable protocol strict mode. See the README for more information. + %% + %% {protocol_strict_mode, false} + ]}, + + %% ---------------------------------------------------------------------------- + %% RabbitMQ LDAP Plugin + %% + %% See http://www.rabbitmq.com/ldap.html for details. + %% + %% ---------------------------------------------------------------------------- + + {rabbitmq_auth_backend_ldap, + [%% + %% Connecting to the LDAP server(s) + %% ================================ + %% + + %% Specify servers to bind to. You *must* set this in order for the plugin + %% to work properly. + %% + %% {servers, ["your-server-name-goes-here"]}, + + %% Connect to the LDAP server using SSL + %% + %% {use_ssl, false}, + + %% Specify the LDAP port to connect to + %% + %% {port, 389}, + + %% LDAP connection timeout, in milliseconds or 'infinity' + %% + %% {timeout, infinity}, + + %% Enable logging of LDAP queries. + %% One of + %% - false (no logging is performed) + %% - true (verbose logging of the logic used by the plugin) + %% - network (as true, but additionally logs LDAP network traffic) + %% + %% Defaults to false. + %% + %% {log, false}, + + %% + %% Authentication + %% ============== + %% + + %% Pattern to convert the username given through AMQP to a DN before + %% binding + %% + %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, + + %% Alternatively, you can convert a username to a Distinguished + %% Name via an LDAP lookup after binding. See the documentation for + %% full details. + + %% When converting a username to a dn via a lookup, set these to + %% the name of the attribute that represents the user name, and the + %% base DN for the lookup query. + %% + %% {dn_lookup_attribute, "userPrincipalName"}, + %% {dn_lookup_base, "DC=gopivotal,DC=com"}, + + %% Controls how to bind for authorisation queries and also to + %% retrieve the details of users logging in without presenting a + %% password (e.g., SASL EXTERNAL). + %% One of + %% - as_user (to bind as the authenticated user - requires a password) + %% - anon (to bind anonymously) + %% - {UserDN, Password} (to bind with a specified user name and password) + %% + %% Defaults to 'as_user'. + %% + %% {other_bind, as_user}, + + %% + %% Authorisation + %% ============= + %% + + %% The LDAP plugin can perform a variety of queries against your + %% LDAP server to determine questions of authorisation. See + %% http://www.rabbitmq.com/ldap.html#authorisation for more + %% information. + + %% Set the query to use when determining vhost access + %% + %% {vhost_access_query, {in_group, + %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + + %% Set the query to use when determining resource (e.g., queue) access + %% + %% {resource_access_query, {constant, true}}, + + %% Set queries to determine which tags a user has + %% + %% {tag_queries, []} + ]} +].