From f4a14ecf66cf1f9c2389d37ed6aa964d308f91ed Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 15:08:36 +0800 Subject: [PATCH 1/2] refactor(cookie): Warning message when boot with default Erlang cookie --- bin/emqx | 8 ++++++-- data/emqx_vars | 4 ++++ rebar.config.erl | 19 ++++++++++++------- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/bin/emqx b/bin/emqx index 89fc564b1..cdbb7c9de 100755 --- a/bin/emqx +++ b/bin/emqx @@ -537,9 +537,13 @@ if [ -z "$COOKIE" ]; then fi fi -if [ -z "$COOKIE" ]; then +[ -z "$COOKIE" ] && COOKIE="$EMQX_DEFAULT_ERLANG_COOKIE" +if [ $IS_BOOT_COMMAND = 'yes' ] && [ "$COOKIE" = "$EMQX_DEFAULT_ERLANG_COOKIE" ]; then + echoerr "!!!!!!" + echoerr "WARNING: Default (insecure) Erlang cookie is in use." echoerr "Please set node.cookie in $RUNNER_ETC_DIR/emqx.conf or override from environment variable EMQX_NODE_COOKIE" - exit 1 + echoerr "NOTE: Use the same config value for all nodes in the cluster." + echoerr "!!!!!!" fi cd "$ROOTDIR" diff --git a/data/emqx_vars b/data/emqx_vars index 8ca6bf22d..1559e890c 100644 --- a/data/emqx_vars +++ b/data/emqx_vars @@ -14,6 +14,10 @@ RUNNER_DATA_DIR="{{ runner_data_dir }}" RUNNER_USER="{{ runner_user }}" EMQX_DESCRIPTION='{{ emqx_description }}' +## Do not change EMQX_DEFAULT_ERLANG_COOKIE. +## Configure EMQX_NODE_COOKIE instead +EMQX_DEFAULT_ERLANG_COOKIE='{{ emqx_default_erlang_cookie }}' + ## Warning: DO NOT create new variables using the above vars in this file, ## as the vars above can be overwritten by the relup scripts later, like: ## REL_VSN="new_version" diff --git a/rebar.config.erl b/rebar.config.erl index 1f7731462..1267da0bb 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -203,18 +203,23 @@ overlay_vars(RelType, PkgType, false) -> overlay_vars_rel(RelType) ++ overlay_vars_pkg(PkgType). %% vars per release type, cloud or edge -overlay_vars_rel(RelType) -> - VmArgs = case RelType of - cloud -> "vm.args"; - edge -> "vm.args.edge" - end, - [ {enable_plugin_emqx_rule_engine, RelType =:= cloud} +overlay_vars_rel(cloud) -> + [ {vm_args_file, "vm.args"} + | overlay_vars_rel_common(cloud) + ]; +overlay_vars_rel(edge) -> + [ {vm_args_file, "vm.args.edge"} + | overlay_vars_rel_common(edge) + ]. + +overlay_vars_rel_common(RelType) -> + [ {emqx_default_erlang_cookie, "emqxsecretcookie"} + , {enable_plugin_emqx_rule_engine, RelType =:= cloud} , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge} , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce , {enable_plugin_emqx_recon, true} , {enable_plugin_emqx_retainer, true} , {enable_plugin_emqx_telemetry, true} - , {vm_args_file, VmArgs} ]. %% vars per packaging type, bin(zip/tar.gz/docker) or pkg(rpm/deb) From ed3dc0b614274ddb2a6878af38b2cc590d8a61b6 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 15:25:19 +0800 Subject: [PATCH 2/2] chore: update changes --- changes/v4.3.23-en.md | 2 ++ changes/v4.3.23-zh.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/changes/v4.3.23-en.md b/changes/v4.3.23-en.md index d36322211..b8c0230c6 100644 --- a/changes/v4.3.23-en.md +++ b/changes/v4.3.23-en.md @@ -4,4 +4,6 @@ - Added topic validation for `emqx_mod_rewrite`. The dest topics contains wildcards are not allowed to publish [#9359](https://github.com/emqx/emqx/issues/9359). +- Print a warning message when boot with the default (insecure) Erlang cookie [#9340](https://github.com/emqx/emqx/pull/9340). + ## Bug fixes diff --git a/changes/v4.3.23-zh.md b/changes/v4.3.23-zh.md index e290b9ad3..b14dd96bb 100644 --- a/changes/v4.3.23-zh.md +++ b/changes/v4.3.23-zh.md @@ -4,4 +4,6 @@ - 为主题重写模块增加主题合法性检查,带有通配符的目标主题不允许被发布 [#9359](https://github.com/emqx/emqx/issues/9359)。 +- 使用默认的(不安全的) Erlang cookie 进行启动时,将会打印一条警告信息 [#9340](https://github.com/emqx/emqx/pull/9340)。 + ## 修复