[Bug 1842408] Re: rabbitmq-server writes to /etc/rabbitmq
Bryce Harrington
1842408 at bugs.launchpad.net
Thu Nov 7 03:23:32 UTC 2019
Hi Hadmut,
Launchpad shouldn't have expired this bug, since you answered my
question. I've re-opened the bug report, however I'm not sure this is
going to be actionable for us, which I'll explain but first let me try
to answer your question:
> So the central problem is that it is not obvious how things are
supposed to be used and to work. Just having a umask different from 022
seems to break everything. Under what uid is rabbitmq-plugins supposed
to be used?
Referring to comment #5, it appears stock Ubuntu's rabbitmq-server is
expecting it to be under UID 111:
Adding system user `rabbitmq' (UID 111) ...
Unfortunately, even the stock rabbitmq-server has been proving to be a
bit... finicky... to support. For example, it's dependency requirements
are a bit stricter than we've been able to meet in past Ubuntu releases,
making it difficult even just to build the package on bionic and eoan -
which makes it unusually challenging to backport fixes.
But it sounds like you've gotten a bit far from a stock rabbitmq-server
config, involving Puppet and a plugin with some non-Debian assumptions
about the system. In doing so, I think you've found a legitimate flaw
in the service behavior, so I think we do need to keep this bug report
open. But, we have more fundamental issues that will need tackled
first, so let me set expectations we may not get to this problem for a
while.
I hope since your last comment you've sorted out a solution for
yourself. If not, I might suggest inquiring with Puppet, especially if
you have a support contract with them. If you're able to resolve the
issue let us know how you did, and maybe we can work out a way to ensure
that solution is reflected in the packaging for the future.
** Changed in: rabbitmq-server (Ubuntu)
Importance: Undecided => Low
** Changed in: rabbitmq-server (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to rabbitmq-server in Ubuntu.
https://bugs.launchpad.net/bugs/1842408
Title:
rabbitmq-server writes to /etc/rabbitmq
Status in rabbitmq-server package in Ubuntu:
Triaged
Bug description:
Hi,
I just ran into a design problem of the ubuntu/debian installation of rabbitmq-server.
I tried to configure rabbitmq with puppet, it didn't work, and I
debugged it.
Problem: the puppet plugin changes ownership of /etc/rabbitmq to root,
while the ubuntu/debian package requires it to be rabbitmq.rabbitmq,
because the tool rabbitmq-plugins needs to write to
/etc/rabbitmq/enabled_plugins and create
/etc/rabbitmq/enabled_plugins.tmp
So if the /etc/rabbitmq belongs root, rabbitmq-plugins can write only if run as root, but then it issues error message because ownership trouble with rabbitmq daemon, which expects things to be rabbitmq.
It is definitely a poor and insecure idea to give an /etc directory
ownership to a daemon and use it to store state information.
/etc/rabbitmq/enabled_plugins definitely belongs to /var/lib/rabbitmq,
and as far as I know, this is what linux design guides say.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: rabbitmq-server 3.6.10-1
ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18
Uname: Linux 4.15.0-58-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: LXDE
Date: Tue Sep 3 12:17:42 2019
InstallationDate: Installed on 2018-04-30 (491 days ago)
InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
PackageArchitecture: all
SourcePackage: rabbitmq-server
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.rabbitmq-server: [modified]
mtime.conffile..etc.default.rabbitmq-server: 2019-09-02T17:17:09.167373
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1842408/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list