yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #8905 from zmstone/0906-warn-default-erlang-cookie 

refactor(cookie): Warning message when boot with default Erlang cookie
This commit is contained in:
Zaiming (Stone) Shi 2022-09-07 08:06:55 +02:00 committed by GitHub
parent 0e5f7c896c 85cb552e53
commit c9b6dfd7f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 29 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGES-5.0.md
View File

@ -9,6 +9,7 @@
## Enhancements ## Enhancements
* Print a warning message when boot with the default (insecure) Erlang cookie. [#8905](https://github.com/emqx/emqx/pull/8905)
* Change the `/gateway` API path to plural form. [#8823](https://github.com/emqx/emqx/pull/8823) * Change the `/gateway` API path to plural form. [#8823](https://github.com/emqx/emqx/pull/8823)
* Remove `node.etc_dir` from emqx.conf, because it is never used. * Remove `node.etc_dir` from emqx.conf, because it is never used.
Also allow user to customize the logging directory [#8892](https://github.com/emqx/emqx/pull/8892) Also allow user to customize the logging directory [#8892](https://github.com/emqx/emqx/pull/8892)

2
apps/emqx_conf/etc/emqx_conf.conf
View File

@ -10,7 +10,7 @@
node { node {
name = "emqx@127.0.0.1" name = "emqx@127.0.0.1"
cookie = emqxsecretcookie cookie = "{{ emqx_default_erlang_cookie }}"
data_dir = "{{ platform_data_dir }}" data_dir = "{{ platform_data_dir }}"
} }

2
apps/emqx_conf/src/emqx_conf_schema.erl
View File

@ -400,7 +400,7 @@ fields("node") ->
string(), string(),
#{ #{
mapping => "vm_args.-setcookie", mapping => "vm_args.-setcookie",
default => "emqxsecretcookie", required => true,
'readOnly' => true, 'readOnly' => true,
sensitive => true, sensitive => true,
desc => ?DESC(node_cookie) desc => ?DESC(node_cookie)

15
bin/emqx
View File

@ -600,7 +600,7 @@ is_down() {
if ps -p "$PID" | grep -q 'defunct'; then if ps -p "$PID" | grep -q 'defunct'; then
# zombie state, print parent pid # zombie state, print parent pid
parent="$(ps -o ppid= -p "$PID" | tr -d ' ')" parent="$(ps -o ppid= -p "$PID" | tr -d ' ')"
echo "WARN: $PID is marked <defunct>, parent:" echo "WARNING: $PID is marked <defunct>, parent:"
ps -p "$parent" ps -p "$parent"
return 0 return 0
fi fi
@ -748,8 +748,9 @@ export ESCRIPT_NAME="$SHORT_NAME"
PIPE_DIR="${PIPE_DIR:-/$DATA_DIR/${WHOAMI}_erl_pipes/$NAME/}" PIPE_DIR="${PIPE_DIR:-/$DATA_DIR/${WHOAMI}_erl_pipes/$NAME/}"
## make EMQX_NODE_COOKIE right ## Resolve Erlang cookie.
if [ -n "${EMQX_NODE_COOKIE:-}" ]; then if [ -n "${EMQX_NODE_COOKIE:-}" ]; then
## To be backward compatible, read EMQX_NODE_COOKIE
export EMQX_NODE__COOKIE="${EMQX_NODE_COOKIE}" export EMQX_NODE__COOKIE="${EMQX_NODE_COOKIE}"
unset EMQX_NODE_COOKIE unset EMQX_NODE_COOKIE
fi fi
@ -762,9 +763,13 @@ if [ -z "$COOKIE" ]; then
COOKIE="$(grep -E '^-setcookie' "${vm_args_file}" | awk '{print $2}')" COOKIE="$(grep -E '^-setcookie' "${vm_args_file}" | awk '{print $2}')"
fi fi
fi fi
[ -z "$COOKIE" ] && COOKIE="$EMQX_DEFAULT_ERLANG_COOKIE"
if [ -z "$COOKIE" ]; then if [ $IS_BOOT_COMMAND = 'yes' ] && [ "$COOKIE" = "$EMQX_DEFAULT_ERLANG_COOKIE" ]; then
die "Please set node.cookie in $EMQX_ETC_DIR/emqx.conf or override from environment variable EMQX_NODE__COOKIE" echoerr "!!!!!!"
echoerr "WARNING: Default (insecure) Erlang cookie is in use."
echoerr "WARNING: Configure node.cookie in $EMQX_ETC_DIR/emqx.conf or override from environment variable EMQX_NODE__COOKIE"
echoerr "NOTE: Use the same config value for all nodes in the cluster."
echoerr "!!!!!!"
fi fi
## check if OTP version has mnesia_hook feature; if not, fallback to ## check if OTP version has mnesia_hook feature; if not, fallback to

1
build
View File

@ -157,6 +157,7 @@ make_relup() {
local name_pattern local name_pattern
name_pattern="${PROFILE}-$(./pkg-vsn.sh "$PROFILE" --vsn_matcher --long)" name_pattern="${PROFILE}-$(./pkg-vsn.sh "$PROFILE" --vsn_matcher --long)"
local releases=() local releases=()
mkdir -p _upgrade_base
while read -r tgzfile ; do while read -r tgzfile ; do
local base_vsn local base_vsn
base_vsn="$(echo "$tgzfile" | grep -oE "[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta|rc)\.[0-9])?(-[0-9a-f]{8})?" | head -1)" base_vsn="$(echo "$tgzfile" | grep -oE "[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta|rc)\.[0-9])?(-[0-9a-f]{8})?" | head -1)"

6
mix.exs
View File

@ -547,6 +547,7 @@ defmodule EMQXUmbrella.MixProject do
defp template_vars(release, release_type, :bin = _package_type, edition_type) do defp template_vars(release, release_type, :bin = _package_type, edition_type) do
[ [
emqx_default_erlang_cookie: default_cookie(),
platform_data_dir: "data", platform_data_dir: "data",
platform_etc_dir: "etc", platform_etc_dir: "etc",
platform_log_dir: "log", platform_log_dir: "log",
@ -569,6 +570,7 @@ defmodule EMQXUmbrella.MixProject do
defp template_vars(release, release_type, :pkg = _package_type, edition_type) do defp template_vars(release, release_type, :pkg = _package_type, edition_type) do
[ [
emqx_default_erlang_cookie: default_cookie(),
platform_data_dir: "/var/lib/emqx", platform_data_dir: "/var/lib/emqx",
platform_etc_dir: "/etc/emqx", platform_etc_dir: "/etc/emqx",
platform_log_dir: "/var/log/emqx", platform_log_dir: "/var/log/emqx",
@ -589,6 +591,10 @@ defmodule EMQXUmbrella.MixProject do
] ++ build_info() ] ++ build_info()
end end
defp default_cookie() do
"emqx50elixir"
end
defp emqx_description(release_type, edition_type) do defp emqx_description(release_type, edition_type) do
case {release_type, edition_type} do case {release_type, edition_type} do
{:cloud, :enterprise} -> {:cloud, :enterprise} ->

9
rebar.config.erl
View File

@ -298,14 +298,13 @@ relform() ->
emqx_description(cloud, ee) -> "EMQX Enterprise"; emqx_description(cloud, ee) -> "EMQX Enterprise";
emqx_description(cloud, ce) -> "EMQX". emqx_description(cloud, ce) -> "EMQX".
overlay_vars(RelType, PkgType, Edition) -> overlay_vars(cloud, PkgType, Edition) ->
overlay_vars_rel(RelType) ++ [
{emqx_default_erlang_cookie, "emqxsecretcookie"}
] ++
overlay_vars_pkg(PkgType) ++ overlay_vars_pkg(PkgType) ++
overlay_vars_edition(Edition). overlay_vars_edition(Edition).
overlay_vars_rel(cloud) ->
[{vm_args_file, "vm.args"}].
overlay_vars_edition(ce) -> overlay_vars_edition(ce) ->
[ [
{emqx_schema_mod, emqx_conf_schema}, {emqx_schema_mod, emqx_conf_schema},

10
rel/emqx_vars
View File

@ -9,19 +9,17 @@ ERL_OPTS="{{ erl_opts }}"
RUNNER_BIN_DIR="{{ runner_bin_dir }}" RUNNER_BIN_DIR="{{ runner_bin_dir }}"
RUNNER_LIB_DIR="{{ runner_lib_dir }}" RUNNER_LIB_DIR="{{ runner_lib_dir }}"
IS_ELIXIR="${IS_ELIXIR:-{{ is_elixir }}}" IS_ELIXIR="${IS_ELIXIR:-{{ is_elixir }}}"
## Allow users to pre-set `RUNNER_LOG_DIR` because it only affects boot commands like `start` and `console`, ## Allow users to pre-set `RUNNER_LOG_DIR` because it only affects boot commands like `start` and `console`,
## but not other commands such as `ping` and `ctl`. ## but not other commands such as `ping` and `ctl`.
RUNNER_LOG_DIR="${RUNNER_LOG_DIR:-{{ runner_log_dir }}}" RUNNER_LOG_DIR="${RUNNER_LOG_DIR:-{{ runner_log_dir }}}"
EMQX_ETC_DIR="{{ emqx_etc_dir }}" EMQX_ETC_DIR="{{ emqx_etc_dir }}"
RUNNER_USER="{{ runner_user }}" RUNNER_USER="{{ runner_user }}"
SCHEMA_MOD="{{ emqx_schema_mod }}" SCHEMA_MOD="{{ emqx_schema_mod }}"
IS_ENTERPRISE="{{ is_enterprise }}" IS_ENTERPRISE="{{ is_enterprise }}"
## Do not change EMQX_DEFAULT_ERLANG_COOKIE.
## Configure EMQX_NODE_COOKIE instead
EMQX_DEFAULT_ERLANG_COOKIE='{{ emqx_default_erlang_cookie }}'
REL_NAME="emqx"
export EMQX_DESCRIPTION='{{ emqx_description }}' export EMQX_DESCRIPTION='{{ emqx_description }}'
## computed vars
REL_NAME="emqx"
## updated vars here ## updated vars here

2
scripts/get-dashboard.sh
View File

@ -42,7 +42,7 @@ curl -L --silent --show-error \
--output "${RELEASE_ASSET_FILE}" \ --output "${RELEASE_ASSET_FILE}" \
"$DIRECT_DOWNLOAD_URL" "$DIRECT_DOWNLOAD_URL"
unzip -q "$RELEASE_ASSET_FILE" -d "$DASHBOARD_PATH" unzip -o -q "$RELEASE_ASSET_FILE" -d "$DASHBOARD_PATH"
rm -rf "$DASHBOARD_PATH/www" rm -rf "$DASHBOARD_PATH/www"
mv "$DASHBOARD_PATH/dist" "$DASHBOARD_PATH/www" mv "$DASHBOARD_PATH/dist" "$DASHBOARD_PATH/www"
rm -f "$RELEASE_ASSET_FILE" rm -f "$RELEASE_ASSET_FILE"