`rabbitmq` should be a default user
eveningsteps opened this issue · comments
not sure if this is an intended design decision, or pure oversight, but this took me quite a lot of time to narrow down.
consider the following section of Docker Compose, or an equivalent Nomad service definition with Docker task driver:
services:
rabbitmq:
image: rabbitmq:3.12-management-alpine
ports:
- "15672:15672"
- "5672:5672"
volumes:
- "./rabbitmq/etc/enabled_plugins:/etc/rabbitmq/enabled_plugins"
- "./rabbitmq/etc/definitions.json:/etc/rabbitmq/definitions.json"
- "./rabbitmq/etc/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf"
healthcheck:
test: rabbitmq-diagnostics ping
interval: 3s
timeout: 10s
retries: 60
the use of rabbitmq-diagnostics
in the health check section leads to the container crashing and exiting due to not having access to the access cookie (/var/lib/rabbitmq/.erlang.cookie
):
crash
2024-04-16 16:51:45.685285+00:00 [error] <0.148.0> Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> supervisor: {local,net_sup}
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> errorContext: start_error
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> reason: {"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces",
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> [{auth,init_no_setcookie,0,[{file,"auth.erl"},{line,313}]},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {auth,init,1,[{file,"auth.erl"},{line,165}]},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {gen_server,init_it,2,[{file,"gen_server.erl"},{line,851}]},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {gen_server,init_it,6,[{file,"gen_server.erl"},{line,814}]},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {proc_lib,init_p_do_apply,3,
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> [{file,"proc_lib.erl"},{line,240}]}]}
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> offender: [{pid,undefined},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {id,auth},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {mfargs,{auth,start_link,[]}},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {restart_type,permanent},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {significant,false},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {shutdown,2000},
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0> {child_type,worker}]
2024-04-16 16:51:45.701306+00:00 [error] <0.146.0>
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> crasher:
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> initial call: auth:init/1
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> pid: <0.148.0>
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> registered_name: []
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> exception error: "Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces"
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> in function auth:init_no_setcookie/0 (auth.erl, line 313)
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> in call from auth:init/1 (auth.erl, line 165)
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> in call from gen_server:init_it/2 (gen_server.erl, line 851)
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> in call from gen_server:init_it/6 (gen_server.erl, line 814)
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> ancestors: [net_sup,kernel_sup,<0.47.0>]
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> message_queue_len: 0
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> messages: []
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> links: [<0.146.0>]
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> dictionary: []
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> trap_exit: true
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> status: running
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> heap_size: 1598
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> stack_size: 28
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> reductions: 2279
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0> neighbours:
2024-04-16 16:51:45.701192+00:00 [error] <0.148.0>
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0>
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> BOOT FAILED
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> ===========
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> Exception during startup:
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0>
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> error:{badmatch,{error,{{shutdown,{failed_to_start_child,auth,{"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces",[{auth,init_no_setcookie,0,[{file,"auth.erl"},{line,313}]},{auth,init,1,[{file,"auth.erl"},{line,165}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,851}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}},{child,undefined,net_sup_dynamic,{erl_distribution,start_link,[#{clean_halt => false,name => rabbit_prelaunch_15@localhost,name_domain => shortnames,net_tickintensity => 4,net_ticktime => 60,supervisor => net_sup_dynamic}]},permanent,false,1000,supervisor,[erl_distribution]}}}}
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0>
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> rabbit_prelaunch_dist:duplicate_node_check/1, line 80
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> rabbit_prelaunch_dist:setup/1, line 23
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> rabbit_prelaunch:do_run/0, line 115
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> rabbit_prelaunch:run_prelaunch_first_phase/0, line 32
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> supervisor:do_start_child_i/3, line 420
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> supervisor:do_start_child/2, line 406
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> supervisor:-start_children/2-fun-0-/3, line 390
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0> supervisor:children_map/4, line 1256
2024-04-16 16:51:45.711346+00:00 [error] <0.132.0>
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> supervisor: {local,rabbit_prelaunch_sup}
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> errorContext: start_error
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> reason: {badmatch,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {error,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {{shutdown,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {failed_to_start_child,auth,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces",
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [{auth,init_no_setcookie,0,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [{file,"auth.erl"},{line,313}]},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {auth,init,1,[{file,"auth.erl"},{line,165}]},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {gen_server,init_it,2,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [{file,"gen_server.erl"},{line,851}]},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {gen_server,init_it,6,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [{file,"gen_server.erl"},{line,814}]},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {proc_lib,init_p_do_apply,3,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [{file,"proc_lib.erl"},{line,240}]}]}}},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {child,undefined,net_sup_dynamic,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {erl_distribution,start_link,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [#{clean_halt => false,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> name => rabbit_prelaunch_15@localhost,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> name_domain => shortnames,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> net_tickintensity => 4,net_ticktime => 60,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> supervisor => net_sup_dynamic}]},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> permanent,false,1000,supervisor,
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> [erl_distribution]}}}}
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> offender: [{pid,undefined},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {id,prelaunch},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {mfargs,{rabbit_prelaunch,run_prelaunch_first_phase,[]}},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {restart_type,transient},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {significant,false},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {shutdown,5000},
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0> {child_type,worker}]
2024-04-16 16:51:46.716641+00:00 [error] <0.132.0>
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> crasher:
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> initial call: application_master:init/4
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> pid: <0.130.0>
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> registered_name: []
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> exception exit: {{shutdown,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {failed_to_start_child,prelaunch,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {badmatch,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {error,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {{shutdown,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {failed_to_start_child,auth,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces",
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [{auth,init_no_setcookie,0,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [{file,"auth.erl"},{line,313}]},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {auth,init,1,[{file,"auth.erl"},{line,165}]},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {gen_server,init_it,2,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [{file,"gen_server.erl"},{line,851}]},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {gen_server,init_it,6,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [{file,"gen_server.erl"},{line,814}]},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {proc_lib,init_p_do_apply,3,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [{file,"proc_lib.erl"},{line,240}]}]}}},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {child,undefined,net_sup_dynamic,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {erl_distribution,start_link,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [#{clean_halt => false,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> name => rabbit_prelaunch_15@localhost,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> name_domain => shortnames,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> net_tickintensity => 4,net_ticktime => 60,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> supervisor => net_sup_dynamic}]},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> permanent,false,1000,supervisor,
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> [erl_distribution]}}}}}},
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> {rabbit_prelaunch_app,start,[normal,[]]}}
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> in function application_master:init/4 (application_master.erl, line 142)
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> ancestors: [<0.129.0>]
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> message_queue_len: 1
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> messages: [{'EXIT',<0.131.0>,normal}]
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> links: [<0.129.0>,<0.44.0>]
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> dictionary: []
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> trap_exit: true
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> status: running
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> heap_size: 610
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> stack_size: 28
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> reductions: 188
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0> neighbours:
2024-04-16 16:51:46.717109+00:00 [error] <0.130.0>
2024-04-16 16:51:46.718327+00:00 [notice] <0.44.0> Application rabbitmq_prelaunch exited with reason: {{shutdown,{failed_to_start_child,prelaunch,{badmatch,{error,{{shutdown,{failed_to_start_child,auth,{"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces",[{auth,init_no_setcookie,0,[{file,"auth.erl"},{line,313}]},{auth,init,1,[{file,"auth.erl"},{line,165}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,851}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}},{child,undefined,net_sup_dynamic,{erl_distribution,start_link,[#{clean_halt => false,name => rabbit_prelaunch_15@localhost,name_domain => shortnames,net_tickintensity => 4,net_ticktime => 60,supervisor => net_sup_dynamic}]},permanent,false,1000,supervisor,[erl_distribution]}}}}}},{rabbit_prelaunch_app,start,[normal,[]]}}
{"Kernel pid terminated",application_controller,"{application_start_failure,rabbitmq_prelaunch,{{shutdown,{failed_to_start_child,prelaunch,{badmatch,{error,{{shutdown,{failed_to_start_child,auth,{\"Error when reading /var/lib/rabbitmq/.erlang.cookie: eacces\",[{auth,init_no_setcookie,0,[{file,\"auth.erl\"},{line,313}]},{auth,init,1,[{file,\"auth.erl\"},{line,165}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,851}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,240}]}]}}},{child,undefined,net_sup_dynamic,{erl_distribution,start_link,[#{clean_halt => false,name => rabbit_prelaunch_15@localhost,name_domain => shortnames,net_tickintensity => 4,net_ticktime => 60,supervisor => net_sup_dynamic}]},permanent,false,1000,supervisor,[erl_distribution]}}}}}},{rabbit_prelaunch_app,start,[normal,[]]}}}"}
while adding user: rabbitmq
solves the cookie access issue, I'm thinking that the default user should have been pre-built into the container, like, for example, into that of keycloak: https://github.com/keycloak/keycloak/blob/1e3837421e9cea41aa91ef99800af1f82f91089b/quarkus/container/Dockerfile#L31-L34 -- are there any specific reasons to avoid doing that?