Support for 'rabbitmq-env.conf' on Windows

[Jared Kauppila]

With 'rabbitmq-env.config' only available on Unix-based systems, Windows users are missing out on the huge benefits granted by its availability.

I think I may have found a solution.

Modify the existing *.bat scripts to execute RabbitMQ-env.bat prior to checking the environment variable values.

if exist "%RABBITMQ_BASE%\RabbitMQ-env.bat" (
 call "%RABBITMQ_BASE%\RabbitMQ-env.bat"
)

Within RabbitMQ-env.bat, you define what environment variables you want to define/override

REM User-defined environment variable overrides
set ERLANG_HOME="D:\Erlang"
set RABBITMQ_NODE_PORT="5672"

And that's it. When starting the server/ctl it will pull those defined values.

Thoughts? 

[Jean-Sébastien Pédron]

On 11.05.2015 00:22, Jared Kauppila wrote:
> Modify the existing *.bat scripts to execute /RabbitMQ-env.bat /prior to

> checking the environment variable values.

Hi!

If it works then yes, it would be welcome!

Would you mind opening an issue on GitHub [1] so this doesn't get lost,
or better, send us a pull request?

Thank you!

[1] https://github.com/rabbitmq/rabbitmq-server/issues

--
Jean-Sébastien Pédron
Pivotal / RabbitMQ

[Jared Kauppila]

I'll work on getting a pull request in for this.

Outside of having these definable overrides available one of my motives is to be able to define the cookie value outside of the defaults.

On Windows, the locations are C:\Users\Current User\.erlang.cookie (%HOMEDRIVE% + %HOMEPATH%\.erlang.cookie) or C:\Documents and Settings\Current User\.erlang.cookie, and C:\Windows\.erlang.cookie for RabbitMQ Windows service. If Windows service is used, the cookie should be placed in both places. 

https://www.rabbitmq.com/clustering.html

With this RabbitMQ-env.bat in place, I can manually override %HOMEDRIVE% and %HOMEPATH% to the location I want so the initial cookie is created there, which Simon had previously suggested:

> I have tested out the following which would allow the cookie location to 
> be defined via environment variable otherwise to continue to use the 
> defaults as it currently does: 

 

If we were talking about Unix I would definitely view this as wrong, 
since it allows non-privileged users on the same system to see the 
Erlang cookie by inspecting the output of "ps" and thus gain the ability 
to run rabbitmqctl. 

 

I think the same problem exists for Windows, although I think culturally 
people might be inclined to see it as less of a problem. 
I would rather see a solution which changes the HOMEDRIVE or HOMEPATH 
just before starting the server / ctl. 

 

We don't have an equivalent of rabbitmq-env.conf on Windows. I wonder if 
it's possible to construct one? 

https://groups.google.com/forum/#!searchin/rabbitmq-users/jared/rabbitmq-users/dWQFoUrVEic/joF3mzbwkjIJ

This works great for rabbitmqctl.bat since we can execute RabbitMQ-env.bat with every execution, but we don't have that luxury when installing RabbitMQ as a service.

I see a few options here:

1. Override HOME in the ERL init flags, if possible
• init:get_argument(home)
  
• It looks like -env Variable Value could be used to get the desired effect, but it doesn't work for home, homedrive, or homepath in my testing.
• http://erlang.org/doc/man/erl.html
  
2. Define the cookie value via arguments so the same value is used when rabbitmqctl.bat and rabbitmq-service.bat are executed. Set the following within RabbitMQ-env.bat:
1. REM Pull the .erlang.cookie value from file
   set /p cookie= <!RABBITMQ_BASE!\.erlang.cookie
   set RABBITMQ_SERVER_ERL_ARGS=-setcookie %cookie%
   set RABBITMQ_CTL_ERL_ARGS=-setcookie %cookie%
   

Thoughts?

[Jean-Sébastien Pédron]

On 12.05.2015 03:36, Jared Kauppila wrote:
> I'll work on getting a pull request in for this.

Thanks!

> I see a few options here:
>

> 1. Override HOME in the ERL init flags, if possible
> * init:get_argument(home)
> o It looks like *-env Variable Value* could be used to get the
> desired effect, but it doesn't work for /home, homedrive,
> /or /homepath /in my testing.
> o http://erlang.org/doc/man/erl.html

I don't understand this option. Could you please expand a bit?

> 2. Define the cookie value via arguments so the same value is used when
> /rabbitmqctl.bat /and /rabbitmq-service.bat /are executed. Set the
> following within /RabbitMQ-env.bat/:
> 1.
> |
> REM Pullthe .erlang.cookie value fromfile
> set/p cookie=<!RABBITMQ_BASE!\.erlang.cookie
> setRABBITMQ_SERVER_ERL_ARGS=-setcookie %cookie%
> setRABBITMQ_CTL_ERL_ARGS=-setcookie %cookie%
> |

As Simon pointed out, there is a security concern as the cookie appears
in the command line. However, if .erlang.cookie is already readable by
anyone, then this issue is irrelevant.

To be honest, I don't know the best practices on Windows and can't
really give advice on this topic.

[Jared Kauppila]

> I see a few options here:
>
>  1. Override HOME in the ERL init flags, if possible
>       * init:get_argument(home)
>           o It looks like *-env Variable Value* could be used to get the
>             desired effect, but it doesn't work for /home, homedrive,
>             /or /homepath /in my testing.
>           o http://erlang.org/doc/man/erl.html

I don't understand this option. Could you please expand a bit?

When executing the erl runtime, it sets the home directory to %HOMEDRIVE%+%HOMEPATH%, which is the default location it looks for the .erlang.cookie.

When installing RabbitMQ as a Windows Service using rabbitmq-service.bat install, we're taking the defaults, system-defined, and user-defined environment variables, evaluating them, and then placing the results in the Registry to be called when starting the service.

For example:

-pa "D:\\RabbitMQ\\rabbitmq_server-3.4.3\\sbin\\..\\ebin"
-boot start_sasl
-s rabbit boot
-config "D:\\RabbitMQ\\rabbitmq" +W w +A30 +P 1048576
-kernel inet_default_connect_options "[{nodelay,true}]"
-setcookie WBODDWUVKLKNOVHBCOBY
-sasl errlog_type error
-sasl sasl_error_logger false -rabbit error_logger {file,\""D:/RabbitMQ/log/rab...@SERVERA.log"\"}
-rabbit sasl_error_logger {file,\""D:/RabbitMQ/log/rab...@SERVERA-sasl.log"\"}
-rabbit enabled_plugins_file \""D:/RabbitMQ/enabled_plugins"\"
-rabbit plugins_dir \""D:/RabbitMQ/rabbitmq_server-3.4.3/sbin/../plugins"\"
-rabbit plugins_expand_dir \""D:/RabbitMQ/db/rabbit@SERVERA-plugins-expand"\"
-rabbit windows_service_config \""D:/RabbitMQ/rabbitmq"\"
-os_mon start_cpu_sup false
-os_mon start_disksup false
-os_mon start_memsup false
-mnesia dir \""D:/RabbitMQ/db/rabbit@SERVERA-mnesia"\"

The problem now is that when we start this service in the context of the Local System, we have no way of overriding the %HOMEDRIVE% and %HOMEPATH% environment variables right before execution, since we don't want to change it at the machine level.

If we had a way to define/override the home directory within these erl.exe arguments above, then there would be no need to manually set the -setcookie value since it would look in the home directory for the file.

As Simon pointed out, there is a security concern as the cookie appears
in the command line. However, if .erlang.cookie is already readable by
anyone, then this issue is irrelevant.

To be honest, I don't know the best practices on Windows and can't
really give advice on this topic.

I agree, as far as Windows is concerned, you are no more protected keeping .erlang.cookie in the default location (C:\Windows\.erlang.cookie) vs storing the value itself in the registry by defining the -setcookie parameter, since both are equally accessible to users on the machine. The most secure option would be to re-define the home directory of the Erlang runtime when starting the RabbitMQ service.