149 lines
4.8 KiB
Diff
149 lines
4.8 KiB
Diff
From c0b6356bbf5b9a1fb76b011486dfce258d395ef8 Mon Sep 17 00:00:00 2001
|
|
From: Peter Lemenkov <lemenkov@gmail.com>
|
|
Date: Fri, 6 Sep 2019 14:22:46 +0200
|
|
Subject: [PATCH] Restore users/perms/policies even if starting in a single
|
|
node mode
|
|
|
|
See https://bugzilla.redhat.com/1744467#c1
|
|
|
|
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
|
|
---
|
|
heartbeat/rabbitmq-cluster | 109 ++++++++++++++++++++-----------------
|
|
1 file changed, 58 insertions(+), 51 deletions(-)
|
|
|
|
diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster
|
|
index cf8ca21a6..7837e9e3c 100755
|
|
--- a/heartbeat/rabbitmq-cluster
|
|
+++ b/heartbeat/rabbitmq-cluster
|
|
@@ -114,6 +114,62 @@ rmq_wipe_data()
|
|
rm -rf $RMQ_DATA_DIR > /dev/null 2>&1
|
|
}
|
|
|
|
+rmq_restore_users_perms_policies()
|
|
+{
|
|
+ # Restore users, user permissions, and policies (if any)
|
|
+ BaseDataDir=`dirname $RMQ_DATA_DIR`
|
|
+ $RMQ_EVAL "
|
|
+ %% Run only if Mnesia is ready.
|
|
+ lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso
|
|
+ begin
|
|
+ Restore = fun(Table, PostprocessFun, Filename) ->
|
|
+ case file:consult(Filename) of
|
|
+ {error, _} ->
|
|
+ ok;
|
|
+ {ok, [Result]} ->
|
|
+ lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),
|
|
+ file:delete(Filename)
|
|
+ end
|
|
+ end,
|
|
+
|
|
+ %% Restore users
|
|
+
|
|
+ Upgrade = fun
|
|
+ ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};
|
|
+ ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}
|
|
+ end,
|
|
+
|
|
+ Downgrade = fun
|
|
+ ({internal_user, A, B, C}) -> {internal_user, A, B, C};
|
|
+ ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};
|
|
+ %% Incompatible scheme, so we will loose user's password ('B' value) during conversion.
|
|
+ %% Unfortunately, this case will require manual intervention - user have to run:
|
|
+ %% rabbitmqctl change_password <A> <somenewpassword>
|
|
+ ({internal_user, A, B, C, _}) -> {internal_user, A, B, C}
|
|
+ end,
|
|
+
|
|
+ %% Check db scheme first
|
|
+ [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),
|
|
+ case WildPattern of
|
|
+ %% Version < 3.6.0
|
|
+ {internal_user,'_','_','_'} ->
|
|
+ Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");
|
|
+ %% Version >= 3.6.0
|
|
+ {internal_user,'_','_','_','_'} ->
|
|
+ Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")
|
|
+ end,
|
|
+
|
|
+ NoOp = fun(X) -> X end,
|
|
+
|
|
+ %% Restore user permissions
|
|
+ Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),
|
|
+
|
|
+ %% Restore policies
|
|
+ Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")
|
|
+ end.
|
|
+ "
|
|
+}
|
|
+
|
|
rmq_local_node()
|
|
{
|
|
|
|
@@ -411,6 +467,7 @@ rmq_try_start() {
|
|
if [ -z "$join_list" ]; then
|
|
rmq_start_first
|
|
rc=$?
|
|
+ rmq_restore_users_perms_policies
|
|
return $rc
|
|
fi
|
|
|
|
@@ -437,58 +494,8 @@ rmq_try_start() {
|
|
return $RMQ_TRY_RESTART_ERROR_CODE
|
|
fi
|
|
|
|
- # Restore users, user permissions, and policies (if any)
|
|
- BaseDataDir=`dirname $RMQ_DATA_DIR`
|
|
- $RMQ_EVAL "
|
|
- %% Run only if Mnesia is ready.
|
|
- lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso
|
|
- begin
|
|
- Restore = fun(Table, PostprocessFun, Filename) ->
|
|
- case file:consult(Filename) of
|
|
- {error, _} ->
|
|
- ok;
|
|
- {ok, [Result]} ->
|
|
- lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result),
|
|
- file:delete(Filename)
|
|
- end
|
|
- end,
|
|
+ rmq_restore_users_perms_policies
|
|
|
|
- %% Restore users
|
|
-
|
|
- Upgrade = fun
|
|
- ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5};
|
|
- ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D}
|
|
- end,
|
|
-
|
|
- Downgrade = fun
|
|
- ({internal_user, A, B, C}) -> {internal_user, A, B, C};
|
|
- ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C};
|
|
- %% Incompatible scheme, so we will loose user's password ('B' value) during conversion.
|
|
- %% Unfortunately, this case will require manual intervention - user have to run:
|
|
- %% rabbitmqctl change_password <A> <somenewpassword>
|
|
- ({internal_user, A, B, C, _}) -> {internal_user, A, B, C}
|
|
- end,
|
|
-
|
|
- %% Check db scheme first
|
|
- [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]),
|
|
- case WildPattern of
|
|
- %% Version < 3.6.0
|
|
- {internal_user,'_','_','_'} ->
|
|
- Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\");
|
|
- %% Version >= 3.6.0
|
|
- {internal_user,'_','_','_','_'} ->
|
|
- Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\")
|
|
- end,
|
|
-
|
|
- NoOp = fun(X) -> X end,
|
|
-
|
|
- %% Restore user permissions
|
|
- Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"),
|
|
-
|
|
- %% Restore policies
|
|
- Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\")
|
|
- end.
|
|
- "
|
|
return $OCF_SUCCESS
|
|
}
|
|
|