@@ -132,39 +132,14 @@ function install_rpc_backend {
132132 # Install rabbitmq-server
133133 install_package rabbitmq-server
134134 elif is_service_enabled qpid; then
135- local qpid_conf_file=/etc/qpid/qpidd.conf
136135 if is_fedora; then
137136 install_package qpid-cpp-server
138- if [[ $DISTRO =~ (rhel6) ]]; then
139- qpid_conf_file=/etc/qpidd.conf
140- # RHEL6 leaves "auth=yes" in /etc/qpidd.conf, it needs to
141- # be no or you get GSS authentication errors as it
142- # attempts to default to this.
143- sudo sed -i.bak 's/^auth=yes$/auth=no/' $qpid_conf_file
144- fi
145137 elif is_ubuntu; then
146138 install_package qpidd
147- sudo sed -i '/PLAIN/!s/mech_list: /mech_list: PLAIN /' /etc/sasl2/qpidd.conf
148- sudo chmod o+r /etc/qpid/qpidd.sasldb
149139 else
150140 exit_distro_not_supported "qpid installation"
151141 fi
152- # If AMQP 1.0 is specified, ensure that the version of the
153- # broker can support AMQP 1.0 and configure the queue and
154- # topic address patterns used by oslo.messaging.
155- if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
156- QPIDD=$(type -p qpidd)
157- if ! $QPIDD --help | grep -q "queue-patterns"; then
158- exit_distro_not_supported "qpidd with AMQP 1.0 support"
159- fi
160- if ! grep -q "queue-patterns=exclusive" $qpid_conf_file; then
161- cat <<EOF | sudo tee --append $qpid_conf_file
162- queue-patterns=exclusive
163- queue-patterns=unicast
164- topic-patterns=broadcast
165- EOF
166- fi
167- fi
142+ _configure_qpid
168143 elif is_service_enabled zeromq; then
169144 # NOTE(ewindisch): Redis is not strictly necessary
170145 # but there is a matchmaker driver that works
@@ -240,10 +215,9 @@ function iniset_rpc_backend {
240215 iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_qpid
241216 fi
242217 iniset $file $section qpid_hostname ${QPID_HOST:-$SERVICE_HOST}
243- if is_ubuntu ; then
244- QPID_PASSWORD=`sudo strings /etc/qpid/qpidd.sasldb | grep -B1 admin | head -1`
218+ if [ -n "$QPID_USERNAME" ] ; then
219+ iniset $file $section qpid_username $QPID_USERNAME
245220 iniset $file $section qpid_password $QPID_PASSWORD
246- iniset $file $section qpid_username admin
247221 fi
248222 elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
249223 iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
@@ -263,6 +237,83 @@ function qpid_is_supported {
263237 ( ! is_suse )
264238}
265239
240+ # Set up the various configuration files used by the qpidd broker
241+ function _configure_qpid {
242+
243+ # the location of the configuration files have changed since qpidd 0.14
244+ local qpid_conf_file
245+ if [ -e /etc/qpid/qpidd.conf ]; then
246+ qpid_conf_file=/etc/qpid/qpidd.conf
247+ elif [ -e /etc/qpidd.conf ]; then
248+ qpid_conf_file=/etc/qpidd.conf
249+ else
250+ exit_distro_not_supported "qpidd.conf file not found!"
251+ fi
252+
253+ # force the ACL file to a known location
254+ local qpid_acl_file=/etc/qpid/qpidd.acl
255+ if [ ! -e $qpid_acl_file ]; then
256+ sudo mkdir -p -m 755 `dirname $qpid_acl_file`
257+ sudo touch $qpid_acl_file
258+ sudo chmod o+r $qpid_acl_file
259+ fi
260+ sudo sed -i.bak '/^acl-file=/d' $qpid_conf_file
261+ echo "acl-file=$qpid_acl_file" | sudo tee --append $qpid_conf_file
262+
263+ sudo sed -i '/^auth=/d' $qpid_conf_file
264+ if [ -z "$QPID_USERNAME" ]; then
265+ # no QPID user configured, so disable authentication
266+ # and access control
267+ echo "auth=no" | sudo tee --append $qpid_conf_file
268+ cat <<EOF | sudo tee $qpid_acl_file
269+ acl allow all all
270+ EOF
271+ else
272+ # Configure qpidd to use PLAIN authentication, and add
273+ # QPID_USERNAME to the ACL:
274+ echo "auth=yes" | sudo tee --append $qpid_conf_file
275+ if [ -z "$QPID_PASSWORD" ]; then
276+ read_password QPID_PASSWORD "ENTER A PASSWORD FOR QPID USER $QPID_USERNAME"
277+ fi
278+ # Create ACL to allow $QPID_USERNAME full access
279+ cat <<EOF | sudo tee $qpid_acl_file
280+ group admin ${QPID_USERNAME}@QPID
281+ acl allow admin all
282+ acl deny all all
283+ EOF
284+ # Add user to SASL database
285+ if is_ubuntu; then
286+ install_package sasl2-bin
287+ elif is_fedora; then
288+ install_package cyrus-sasl-lib
289+ fi
290+ local sasl_conf_file=/etc/sasl2/qpidd.conf
291+ sudo sed -i.bak '/PLAIN/!s/mech_list: /mech_list: PLAIN /' $sasl_conf_file
292+ local sasl_db=`sudo grep sasldb_path $sasl_conf_file | cut -f 2 -d ":" | tr -d [:blank:]`
293+ if [ ! -e $sasl_db ]; then
294+ sudo mkdir -p -m 755 `dirname $sasl_db`
295+ fi
296+ echo $QPID_PASSWORD | sudo saslpasswd2 -c -p -f $sasl_db -u QPID $QPID_USERNAME
297+ sudo chmod o+r $sasl_db
298+ fi
299+
300+ # If AMQP 1.0 is specified, ensure that the version of the
301+ # broker can support AMQP 1.0 and configure the queue and
302+ # topic address patterns used by oslo.messaging.
303+ if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
304+ QPIDD=$(type -p qpidd)
305+ if ! $QPIDD --help | grep -q "queue-patterns"; then
306+ exit_distro_not_supported "qpidd with AMQP 1.0 support"
307+ fi
308+ if ! grep -q "queue-patterns=exclusive" $qpid_conf_file; then
309+ cat <<EOF | sudo tee --append $qpid_conf_file
310+ queue-patterns=exclusive
311+ queue-patterns=unicast
312+ topic-patterns=broadcast
313+ EOF
314+ fi
315+ fi
316+ }
266317
267318# Restore xtrace
268319$XTRACE
0 commit comments