[rabbitmq-discuss] Question about erlang cookie
Michael Klishin
mklishin at gopivotal.com
Tue Jul 2 14:19:39 BST 2013
Priyanki Vashi:
> 1) Even if I did not created any user named 'rabbitmq', there are files, which are owned by this user. Does the installation or startup of rabbitmq-server does this ? Also is it OK to use root user to do server administration operation or will it be considered not so good practice ?
>
> 2) I use root user to start and stop rabbitmq server and when I start the server, I see that a file .erlang.cookie gets generated in root home dir. That is correct as per my understanding but I also see that there is another file with the same .erlang.cookie gets generated in /var/lib/rabbitmq
I'd not run RabbitMQ (or any other service that does not need port numbers < 1024) as root.
Erlang runtime looks for the cookie at ~/.erlang.cookie by default.
>
> 3) Also these two erlang cookies are different from each other. Why there are two erlang cookie files gets generated ? What is the importance ?
> My theoretical understanding is there should be only one erlang cookie should get generated and that one should be in home dir of user, which starts the rabbitmq-server.
> Is this correct understanding or ?
Erlang cookies are a (basic) access control mechanism. They are supposed to be unique
in general (but the same across all cluster nodes). Anybody who knows your Erlang
cookie can connect to your cluster (given firewall rules let them) and do Bad Things.
> 4) Also do I need to configure different values of epmd ports when I want to run cluster with two physical nodes or it's OK to keep it as default ?
> I thought NO need to change but then since I am running into these problems thought of asking.
If epmds run on separate hosts, they can use the same port number. If all cluster nodes
are on the same machine, a single instance of epmd should be sufficient.
--
MK
More information about the rabbitmq-discuss
mailing list