Skip to content

Commit 99a1a84

Browse files
dumbbelldumbbell
authored
Merge pull request #10194 from rabbitmq/rabbitmq-server-10153-10159-followup
Follow-up to #10153 / #10159
2 parents 54ae406 + 1f1f424 commit 99a1a84

File tree

1 file changed

+76
-10
lines changed

1 file changed

+76
-10
lines changed

deps/rabbit/src/rabbit_peer_discovery.erl

Lines changed: 76 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -372,24 +372,32 @@ query_node_props(Nodes) when Nodes =/= [] ->
372372
%% By using a temporary intermediate hidden node, we ask Erlang not to
373373
%% connect everyone automatically.
374374
Context = rabbit_prelaunch:get_context(),
375-
VMArgs0 = ["-boot", "no_dot_erlang", "-hidden"],
376-
VMArgs1 = case Context of
375+
VMArgs0 = ["-hidden"],
376+
VMArgs1 = case init:get_argument(boot) of
377+
{ok, [[BootFileArg]]} ->
378+
["-boot", BootFileArg | VMArgs0];
379+
_ ->
380+
%% Note: start_clean is the default boot file
381+
%% defined in rabbitmq-defaults / CLEAN_BOOT_FILE
382+
["-boot", "start_clean" | VMArgs0]
383+
end,
384+
VMArgs2 = case Context of
377385
#{erlang_cookie := ErlangCookie,
378386
var_origins := #{erlang_cookie := environment}} ->
379-
["-setcookie", atom_to_list(ErlangCookie) | VMArgs0];
387+
["-setcookie", atom_to_list(ErlangCookie) | VMArgs1];
380388
_ ->
381-
VMArgs0
389+
VMArgs1
382390
end,
383-
VMArgs2 = maybe_add_tls_arguments(VMArgs1),
391+
VMArgs3 = maybe_add_tls_arguments(VMArgs2),
384392
PeerStartArg = case Context of
385393
#{nodename_type := longnames} ->
386394
#{name => PeerName,
387395
host => Suffix,
388396
longnames => true,
389-
args => VMArgs2};
397+
args => VMArgs3};
390398
_ ->
391399
#{name => PeerName,
392-
args => VMArgs2}
400+
args => VMArgs3}
393401
end,
394402
?LOG_DEBUG("Peer discovery: peer node arguments: ~tp",
395403
[PeerStartArg]),
@@ -421,7 +429,7 @@ maybe_add_tls_arguments(VMArgs0) ->
421429
add_tls_arguments(inet_tls, VMArgs0);
422430
{ok, [["inet6_tls"]]} ->
423431
add_tls_arguments(inet6_tls, VMArgs0);
424-
error ->
432+
_ ->
425433
VMArgs0
426434
end.
427435

@@ -436,19 +444,77 @@ add_tls_arguments(InetDistModule, VMArgs0) ->
436444
["-pa", filename:dirname(code:which(inet6_tls_dist))
437445
| ProtoDistArg]
438446
end,
447+
%% In the next case, RabbitMQ has been configured with additional Erlang VM arguments such as this:
448+
%%
449+
%% SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls
450+
%% -ssl_dist_opt server_cacertfile /etc/rabbitmq/ca_certificate.pem
451+
%% -ssl_dist_opt server_certfile /etc/rabbitmq/server_rmq0.local_certificate.pem
452+
%% -ssl_dist_opt server_keyfile /etc/rabbitmq/server_rmq0.local_key.pem
453+
%% -ssl_dist_opt server_verify verify_peer
454+
%% -ssl_dist_opt server_fail_if_no_peer_cert true
455+
%% -ssl_dist_opt client_cacertfile /etc/rabbitmq/ca_certificate.pem
456+
%% -ssl_dist_opt client_certfile /etc/rabbitmq/client_rmq0.local_certificate.pem
457+
%% -ssl_dist_opt client_keyfile /etc/rabbitmq/client_rmq0.local_key.pem
458+
%% -ssl_dist_opt client_verify verify_peer"
459+
%%
460+
%% `init:get_argument(ssl_dist_opt)' returns the following data structure:
461+
%%
462+
%% ([email protected])1> init:get_argument(ssl_dist_opt).
463+
%% {ok,[["server_cacertfile",
464+
%% "/etc/rabbitmq/ca_certificate.pem"],
465+
%% ["server_certfile",
466+
%% "/etc/rabbitmq/server_rmq0.local_certificate.pem"],
467+
%% ["server_keyfile","/etc/rabbitmq/server_rmq0.local_key.pem"],
468+
%% ["server_verify","verify_peer"],
469+
%% ["server_fail_if_no_peer_cert","true"],
470+
%% ["client_cacertfile","/etc/rabbitmq/ca_certificate.pem"],
471+
%% ["client_certfile",
472+
%% "/etc/rabbitmq/client_rmq0.local_certificate.pem"],
473+
%% ["client_keyfile","/etc/rabbitmq/client_rmq0.local_key.pem"],
474+
%% ["client_verify","verify_peer"]]}
475+
%%
476+
%% Which is then translated into arguments to `peer:start/1':
477+
%% #{args =>
478+
%% ["-ssl_dist_opt",
479+
%% "server_cacertfile",
480+
%% "/etc/rabbitmq/ca_certificate.pem",
481+
%% "-ssl_dist_opt","server_certfile",
482+
%% "/etc/rabbitmq/server_rmq2.local_certificate.pem",
483+
%% "-ssl_dist_opt","server_keyfile",
484+
%% "/etc/rabbitmq/server_rmq2.local_key.pem",
485+
%% "-ssl_dist_opt","server_verify",
486+
%% "verify_peer","-ssl_dist_opt",
487+
%% "server_fail_if_no_peer_cert",
488+
%% "true","-ssl_dist_opt",
489+
%% "client_cacertfile",
490+
%% "/etc/rabbitmq/ca_certificate.pem",
491+
%% "-ssl_dist_opt","client_certfile",
492+
%% "/etc/rabbitmq/client_rmq2.local_certificate.pem",
493+
%% "-ssl_dist_opt","client_keyfile",
494+
%% "/etc/rabbitmq/client_rmq2.local_key.pem",
495+
%% "-ssl_dist_opt","client_verify",
496+
%% "verify_peer","-pa",
497+
%% "/usr/local/lib/erlang/lib/ssl-11.0.3/ebin",
498+
%% "-proto_dist","inet_tls","-boot",
499+
%% "no_dot_erlang","-hidden"],
439500
VMArgs2 = case init:get_argument(ssl_dist_opt) of
440501
{ok, SslDistOpts0} ->
441502
SslDistOpts1 = [["-ssl_dist_opt" | SslDistOpt]
442503
|| SslDistOpt <- SslDistOpts0],
443504
SslDistOpts2 = lists:concat(SslDistOpts1),
444505
SslDistOpts2 ++ VMArgs1;
445-
error ->
506+
_ ->
446507
VMArgs1
447508
end,
509+
%% In the next case, RabbitMQ has been configured with additional Erlang VM arguments such as this:
510+
%%
511+
%% SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter_node_tls.config"
512+
%%
513+
%% This code adds the `ssl_dist_optfile' argument to the peer node's argument list
448514
VMArgs3 = case init:get_argument(ssl_dist_optfile) of
449515
{ok, [[SslDistOptfileArg]]} ->
450516
["-ssl_dist_optfile", SslDistOptfileArg | VMArgs2];
451-
error ->
517+
_ ->
452518
VMArgs2
453519
end,
454520
VMArgs3.

0 commit comments

Comments
 (0)