Move rabbit's clustering port away from the ephemeral port range

Currently RabbitMQ cluster uses a predefined port 35672 for clustering.
This port belongs to so-called ephemeral ports range.

Ephemeral ports are the ports kernel assings to application if it
doesn't specify which port to open. So there is a small chance that this
application being started before RabbitMQ itself could grab this port.
While rather unlikely we did see this happen.

Selinux change should already be in place. On my Centos 7 we have:
rabbitmq_port_t                tcp      25672
corenet_tcp_bind_rabbitmq_port(rabbitmq_t)
corenet_tcp_connect_rabbitmq_port(rabbitmq_t)

First noted via:
https://bugzilla.redhat.com/show_bug.cgi?id=1357522

Closes-Bug: #1623818

Depends-On: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348
Change-Id: I995bd96c2a17614e954ea5bbae4d58998ef420dc

diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index a0669dc..e4a16e8 100644 (file)
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -58,7 +58,7 @@ outputs:
             dport:
               - 4369
               - 5672
-              - 35672
+              - 25672
         rabbitmq::delete_guest_user: false
         rabbitmq::wipe_db_on_cookie_change: true
         rabbitmq::port: '5672'
@@ -68,8 +68,8 @@ outputs:
           RABBITMQ_NODENAME: "rabbit@%{::hostname}"
           RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
         rabbitmq_kernel_variables:
-          inet_dist_listen_min: '35672'
-          inet_dist_listen_max: '35672'
+          inet_dist_listen_min: '25672'
+          inet_dist_listen_max: '25672'
         rabbitmq_config_variables:
           tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
           cluster_partition_handling: 'pause_minority'