From 67be695e33993a1f103b3561baef67efc3582a70 Mon Sep 17 00:00:00 2001 From: Adrian Edwards Date: Thu, 2 Jul 2026 10:48:22 -0400 Subject: [PATCH 1/5] non-guest users (like we are using) have no loopback restriction by default Assisted-by: Sonnet 4.6 Medium via Cursor Agent Window Signed-off-by: Adrian Edwards --- docker/rabbitmq/advanced.config | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/rabbitmq/advanced.config b/docker/rabbitmq/advanced.config index b6f680f42..7d6a60e72 100644 --- a/docker/rabbitmq/advanced.config +++ b/docker/rabbitmq/advanced.config @@ -1,6 +1,5 @@ [ {rabbit, [ - {loopback_users, []}, {consumer_timeout, undefined} ]}, {rabbitmq_management, [ From c138238d18fb8610885cbf665a18f9b815939102 Mon Sep 17 00:00:00 2001 From: Adrian Edwards Date: Thu, 2 Jul 2026 10:49:19 -0400 Subject: [PATCH 2/5] upstream image handles permissions and users and vhosts natively via env vars Assisted-by: Sonnet 4.6 Medium via Cursor Agent Window Signed-off-by: Adrian Edwards --- docker/rabbitmq/advanced.config | 3 --- docker/rabbitmq/collectoss.conf | 7 ------- docker/rabbitmq/definitions.json | 30 ------------------------------ 3 files changed, 40 deletions(-) delete mode 100644 docker/rabbitmq/collectoss.conf delete mode 100644 docker/rabbitmq/definitions.json diff --git a/docker/rabbitmq/advanced.config b/docker/rabbitmq/advanced.config index 7d6a60e72..12b69e886 100644 --- a/docker/rabbitmq/advanced.config +++ b/docker/rabbitmq/advanced.config @@ -1,8 +1,5 @@ [ {rabbit, [ {consumer_timeout, undefined} - ]}, - {rabbitmq_management, [ - {load_definitions, "/etc/rabbitmq/definitions.json"} ]} ]. \ No newline at end of file diff --git a/docker/rabbitmq/collectoss.conf b/docker/rabbitmq/collectoss.conf deleted file mode 100644 index ee8ed92c2..000000000 --- a/docker/rabbitmq/collectoss.conf +++ /dev/null @@ -1,7 +0,0 @@ -default_vhost = collectoss_vhost - -default_permissions.configure = .* -default_permissions.read = .* -default_permissions.write = .* - -default_user_tags.administrator = true diff --git a/docker/rabbitmq/definitions.json b/docker/rabbitmq/definitions.json deleted file mode 100644 index d5fd9faef..000000000 --- a/docker/rabbitmq/definitions.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "rabbit_version": "4.1", - "users": [ - { - "name": "", - "password_hash": "", - "hashing_algorithm": "rabbit_password_hashing_sha256", - "tags": "administrator" - } - ], - "vhosts": [ - { - "name": "" - } - ], - "permissions": [ - { - "user": "", - "vhost": "", - "configure": ".*", - "write": ".*", - "read": ".*" - } - ], - "parameters": [], - "policies": [], - "queues": [], - "exchanges": [], - "bindings": [] -} \ No newline at end of file From 1e6e9e088ac5b9ef027de28f8212324bec3af14e Mon Sep 17 00:00:00 2001 From: Adrian Edwards Date: Thu, 2 Jul 2026 10:51:28 -0400 Subject: [PATCH 3/5] update docker compose to use upstream rabbit image Signed-off-by: Adrian Edwards --- docker-compose.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1b455a352..e86e28427 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,14 +40,13 @@ services: user: 3456:3456 # Run as an arbitrary non-root user rabbitmq: - image: collectoss-rabbitmq - build: - context: . - dockerfile: ./docker/rabbitmq/Dockerfile - args: - - RABBIT_MQ_DEFAULT_USER=${COLLECTOSS_RABBITMQ_USERNAME:-augur} - - RABBIT_MQ_DEFAULT_PASSWORD=${COLLECTOSS_RABBITMQ_PASSWORD:-password123} - - RABBIT_MQ_DEFAULT_VHOST=${COLLECTOSS_RABBITMQ_VHOST:-collectoss_vhost} + image: rabbitmq:4.1-management-alpine + environment: + - RABBITMQ_DEFAULT_USER=${COLLECTOSS_RABBITMQ_USERNAME:-augur} + - RABBITMQ_DEFAULT_PASS=${COLLECTOSS_RABBITMQ_PASSWORD:-password123} + - RABBITMQ_DEFAULT_VHOST=${COLLECTOSS_RABBITMQ_VHOST:-collectoss_vhost} + volumes: + - ./docker/rabbitmq/advanced.config:/etc/rabbitmq/advanced.config:ro core: image: collectoss:latest From b63eeda0092cc300dda2f83c7e65f76367d17bcb Mon Sep 17 00:00:00 2001 From: Adrian Edwards Date: Thu, 2 Jul 2026 10:52:01 -0400 Subject: [PATCH 4/5] remove custom rabbit dockerfile and config editing infra Signed-off-by: Adrian Edwards --- docker/rabbitmq/Dockerfile | 29 ---------------------- docker/rabbitmq/update_config.py | 41 -------------------------------- 2 files changed, 70 deletions(-) delete mode 100644 docker/rabbitmq/Dockerfile delete mode 100644 docker/rabbitmq/update_config.py diff --git a/docker/rabbitmq/Dockerfile b/docker/rabbitmq/Dockerfile deleted file mode 100644 index aea2806ac..000000000 --- a/docker/rabbitmq/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM rabbitmq:4.1-management-alpine - -LABEL org.opencontainers.image.authors="CHAOSS https://chaoss.community" -LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.source="https://github.com/chaoss/collectoss" -LABEL org.opencontainers.image.documentation="https://docs.collectoss.org" - -ARG VERSION -LABEL org.opencontainers.image.version=${VERSION} - -ARG RABBIT_MQ_DEFAULT_USER=augur -ARG RABBIT_MQ_DEFAULT_PASSWORD=password123 -ARG RABBIT_MQ_DEFAULT_VHOST=collectoss_vhost - -COPY --chown=rabbitmq:rabbitmq ./docker/rabbitmq/collectoss.conf /etc/rabbitmq/conf.d/ - -ADD docker/rabbitmq/definitions.json /etc/rabbitmq/ - -ADD docker/rabbitmq/advanced.config /etc/rabbitmq/ -RUN chown rabbitmq:rabbitmq /etc/rabbitmq/advanced.config - -RUN chmod 777 /etc/rabbitmq/conf.d/collectoss.conf - -RUN apk add --no-cache python3 -COPY docker/rabbitmq/update_config.py / - -RUN exec python3 update_config.py - -RUN chown rabbitmq:rabbitmq /etc/rabbitmq/definitions.json diff --git a/docker/rabbitmq/update_config.py b/docker/rabbitmq/update_config.py deleted file mode 100644 index 0cb69f105..000000000 --- a/docker/rabbitmq/update_config.py +++ /dev/null @@ -1,41 +0,0 @@ -from os import environ as env -import json, subprocess -from pathlib import Path - -rabbit_user = env.get("RABBIT_MQ_DEFAULT_USER") -rabbit_pass = env.get("RABBIT_MQ_DEFAULT_PASSWORD") -rabbit_vhost = env.get("RABBIT_MQ_DEFAULT_VHOST") - -if not rabbit_user: - raise ValueError("No default user set") - -if not rabbit_pass: - raise ValueError("No default password set") - -if not rabbit_vhost: - raise ValueError("No default vhost set") - -config_file = Path("/etc/rabbitmq/definitions.json") - -with config_file.open() as file: - config = json.load(file) - -hash_processor = subprocess.run(f"rabbitmqctl hash_password {rabbit_pass}".split(), - text=True, - stdout=subprocess.PIPE) - -if hash_processor.returncode != 0: - raise Exception("Could not calculate password hash") - -pass_hash = hash_processor.stdout.splitlines()[-1] - -config["users"][0]["name"] = rabbit_user -config["users"][0]["password_hash"] = pass_hash - -config["vhosts"][0]["name"] = rabbit_vhost - -config["permissions"][0]["user"] = rabbit_user -config["permissions"][0]["vhost"] = rabbit_vhost - -with config_file.open("w") as file: - json.dump(config, file) \ No newline at end of file From a81614504de620d26c74fe823ea90e277611ebd7 Mon Sep 17 00:00:00 2001 From: Adrian Edwards Date: Thu, 2 Jul 2026 10:53:03 -0400 Subject: [PATCH 5/5] remove custom rabbitmq container build parts from the docker build CI job Signed-off-by: Adrian Edwards --- .github/workflows/build_docker.yml | 33 ------------------------------ 1 file changed, 33 deletions(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index ce1c5a19b..33a2e02c6 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -101,19 +101,6 @@ jobs: cache-to: type=gha,scope=container-keyman,mode=min load: true - - name: Build rabbitmq container - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/rabbitmq/Dockerfile - build-args: | - VERSION=${{ steps.version.outputs.version }} - REVISION=${{ github.sha }} - platforms: linux/amd64 - tags: ghcr.io/${{ github.repository_owner }}/collectoss-rabbitmq:test - cache-from: type=gha,scope=container-rabbitmq - cache-to: type=gha,scope=container-rabbitmq,mode=min - load: true - name: Build backend container uses: docker/build-push-action@v6 @@ -143,10 +130,6 @@ jobs: yq eval -i '.services.keyman.pull_policy = "never"' docker-compose.yml yq eval -i '.services.keyman.restart = "no"' docker-compose.yml - yq eval -i '.services.rabbitmq.image = "ghcr.io/${{ github.repository_owner }}/collectoss-rabbitmq:test"' docker-compose.yml - yq eval -i '.services.rabbitmq.pull_policy = "never"' docker-compose.yml - yq eval -i '.services.rabbitmq.restart = "no"' docker-compose.yml - - name: Setup Docker Compose uses: docker/setup-compose-action@v1 with: @@ -227,16 +210,6 @@ jobs: tags: ghcr.io/${{ github.repository_owner }}/collectoss-keyman:test layers: true - - name: Build rabbitmq container - uses: redhat-actions/buildah-build@v2 - with: - context: . - containerfiles: | - ./docker/rabbitmq/Dockerfile - platforms: linux/amd64 - tags: ghcr.io/${{ github.repository_owner }}/collectoss-rabbitmq:test - layers: true - - name: Build backend container uses: redhat-actions/buildah-build@v2 with: @@ -261,10 +234,6 @@ jobs: yq eval -i '.services.keyman.pull_policy = "never"' docker-compose.yml yq eval -i '.services.keyman.restart = "no"' docker-compose.yml - yq eval -i '.services.rabbitmq.image = "ghcr.io/${{ github.repository_owner }}/collectoss-rabbitmq:test"' docker-compose.yml - yq eval -i '.services.rabbitmq.pull_policy = "never"' docker-compose.yml - yq eval -i '.services.rabbitmq.restart = "no"' docker-compose.yml - - name: Setup Podman Compose uses: webgtx/setup-podman-compose@v1 @@ -326,8 +295,6 @@ jobs: folder: database - name: collectoss-keyman folder: keyman - - name: collectoss-rabbitmq - folder: rabbitmq runs-on: ubuntu-latest steps: - name: Checkout repository