Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make private-chef::rabbitmq and partybus use veil #1123

Merged
merged 4 commits into from
Mar 8, 2017
Merged

make private-chef::rabbitmq and partybus use veil #1123

merged 4 commits into from
Mar 8, 2017

Conversation

srenatus
Copy link
Contributor

@srenatus srenatus commented Mar 7, 2017

This doesn't check the password, just sets it unconditionally

Rationale: checking if it's ok, and setting it if not is probably just
as expensive as just setting it unconditionally.

Also, when upgrading to 3.6.6, it takes an extra password change to
upgrade hashes from md5 to sha256 (new default).

Also changes the execute's name to "ensure password for rabbitmq user
..." so it's a little less confusing to have this executed on each
reconfigure.

@srenatus srenatus changed the title make private-chef::rabbitmq use veil [wip] make private-chef::rabbitmq use veil Mar 7, 2017
@irvingpop
Copy link

I've noticed that the not_if guards on those password resources will prevent this from ever firing after bootstrap (unless rabbit's data is blown away)

@srenatus
Copy link
Contributor Author

srenatus commented Mar 7, 2017

@irvingpop new installs should be covered by the add_user calls -- they include a password, too. or am I missing something? :)

@irvingpop
Copy link

My point was about password rotation - the way those not_if guards are written, they passwords will never be changed.

@srenatus
Copy link
Contributor Author

srenatus commented Mar 7, 2017

@irvingpop I'm afraid I still don't get it. As of now, the passwords would be changed unconditionally (the change removes the only_ifs). But this is part of why there's a WIP, so please disregard, I'll push some updates tomorrow)

@irvingpop
Copy link

Ah, I was tripped up by the not_if statements in the add user blocks. Your changes (removing the only_if statements) actually fix the issue I was seeing! Thank you!

@stevendanna stevendanna force-pushed the sr/rabbit-from-veil branch from f2df899 to f44464d Compare March 7, 2017 19:58
@stevendanna stevendanna changed the title [wip] make private-chef::rabbitmq use veil make private-chef::rabbitmq use veil Mar 7, 2017
@srenatus srenatus mentioned this pull request Mar 8, 2017
Merged
@srenatus srenatus changed the title make private-chef::rabbitmq use veil [wip] make private-chef::rabbitmq use veil Mar 8, 2017
@srenatus srenatus force-pushed the sr/rabbit-from-veil branch 2 times, most recently from 4ebf12b to 289e586 Compare March 8, 2017 10:39
@srenatus srenatus changed the title [wip] make private-chef::rabbitmq use veil make private-chef::rabbitmq use veil Mar 8, 2017
@marcparadise marcparadise mentioned this pull request Mar 8, 2017
Closed
16 tasks
@srenatus srenatus force-pushed the sr/rabbit-from-veil branch 5 times, most recently from 4978233 to 8b44b2a Compare March 8, 2017 12:51
@srenatus srenatus changed the title make private-chef::rabbitmq use veil make private-chef::rabbitmq and partybus use veil Mar 8, 2017
@srenatus srenatus force-pushed the sr/rabbit-from-veil branch from 7dc1958 to ccaf4fd Compare March 8, 2017 13:42
@srenatus srenatus merged commit 4ec1d01 into master Mar 8, 2017
@srenatus srenatus deleted the sr/rabbit-from-veil branch March 8, 2017 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendanna stevendanna stevendanna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@srenatus @irvingpop @stevendanna