Jira (PUP-7074) rabbitmq_home parameter doesn't really affect all relevant places
Title: Message Title Moses Mendoza commented on PUP-7074 Re: rabbitmq_home parameter doesn't really affect all relevant places thanks for the additional context Ira Abramov Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7074) rabbitmq_home parameter doesn't really affect all relevant places
Title: Message Title Ira Abramov commented on PUP-7074 Re: rabbitmq_home parameter doesn't really affect all relevant places our env is serving clients that require certain security certifications (HIPAA, SOC2 and the like) and we are therefor required, among other things, that all data is stored on volumes that are encrypted at rest. we chose to have all our AWS VMs mount LUKS-encrypted volumes and make sure all our data is saved and processed on those when not in RAM. since this requires the LUKS volumes to be manually mounted after boot (to input the passphrases for each volume) we can't have the essentials on such volumes (/var/lib and similar), so mysql, rabbit and all other important bits are moved out to /data/$SERVICE/ The mysql/mariaDB module as well as other sensitive sata management have all been quite flexible, but maybe since Rabbit is based on Erlang, I see the homedir is passed over the commandline rather than in the config file, after it already runs. I'd assume this is a requirement of the Erlang VM for security? I don't know enough about it, but I can make an educated guess about chroot tricks and such. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7074) rabbitmq_home parameter doesn't really affect all relevant places
Title: Message Title Moses Mendoza commented on PUP-7074 Re: rabbitmq_home parameter doesn't really affect all relevant places hi Ira Abramov - thanks for filing this. Could you go a little deeper into what you're trying to accomplish and your environment? Are you working with a custom module you've built for rabbitmq? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7074) rabbitmq_home parameter doesn't really affect all relevant places
Title: Message Title Ira Abramov created an issue Puppet / PUP-7074 rabbitmq_home parameter doesn't really affect all relevant places Issue Type: Bug Assignee: Unassigned Components: Modules Created: 2017/01/08 5:42 AM Priority: Normal Reporter: Ira Abramov I have set 'rabbitmq_home' to a path I keep on a LUKS disk, /data/rabbitmq, and I expected the mnesia directory and all else to be directed to it, however I see there's no code that really deals with the WorkingDirectory setting under /usr/lib/systemd/system/rabbitmq-server.service etc. - i.e. it still starts in /var/lib/rabbitmq. I have solved it at the moment with puppet code creating a directory and a symlink before the RPM is installed but I'm not 100% happy with that. Add Comment
