upgrade: Remove RabbitMQ cookie randomization code.

This code was originally added in e705883857 in Zulip Server 5.0;
since we can only directly upgrade from 5.0 or later, this code is
guaranteed to have run already. Remove it.

scripts/lib/upgrade-zulip-stage-3

@@ -28,7 +28,6 @@ from scripts.lib.zulip_tools import (
     assert_running_as_root,
     get_config,
     get_config_file,
-    listening_publicly,
     parse_version_from,
     run_psql_as_postgres,
     start_arg_parser,
@@ -120,37 +119,6 @@ from version import ZULIP_VERSION as NEW_ZULIP_VERSION
 old_version = parse_version_from(DEPLOYMENTS_DIR + "/current")
 logging.info("Upgrading from %s to %s, in %s", old_version, NEW_ZULIP_VERSION, deploy_path)
 
-# Check if rabbitmq port 25672 is listening on anything except 127.0.0.1
-rabbitmq_dist_listen = listening_publicly(25672)
-# Check the erlang magic cookie size
-cookie_size: int | None = None
-if os.path.exists("/var/lib/rabbitmq/.erlang.cookie"):
-    with open("/var/lib/rabbitmq/.erlang.cookie") as cookie_fh:
-        cookie_size = len(cookie_fh.readline())
-else:
-    logging.info("No RabbitMQ erlang cookie found, not auditing RabbitMQ security.")
-if (args.skip_restart or args.skip_puppet) and rabbitmq_dist_listen:
-    logging.error(
-        "RabbitMQ is publicly-accessible on %s; this is a security vulnerability!",
-        ", ".join(rabbitmq_dist_listen),
-    )
-    issue = "issue"
-    if cookie_size is not None and cookie_size == 20:
-        # See the below comment -- this is used as a lightweight
-        # signal for a cookie made with Erlang's bad randomizer.
-        logging.error(
-            "RabbitMQ erlang cookie is insecure; this is a critical security vulnerability!"
-        )
-        issue = "issues"
-    logging.error(
-        "To fix the above security %s, re-run the upgrade without --skip-puppet "
-        "(which may be set in /etc/zulip/zulip.conf), in order to restart the "
-        "necessary services.  Running zulip-puppet-apply by itself is not sufficient.",
-        issue,
-    )
-    sys.exit(1)
-
-
 migrations_needed = False
 
 
@@ -395,22 +363,6 @@ else:
 
     subprocess.check_call(["./scripts/lib/run_hooks.py", "pre-deploy", *hooks_args])
 
-    if rabbitmq_dist_listen:
-        shutdown_server()
-        logging.info("Shutting down rabbitmq to adjust its ports...")
-        subprocess.check_call(["/usr/sbin/service", "rabbitmq-server", "stop"])
-
-    if cookie_size is not None and cookie_size == 20:
-        # Checking for a 20-character cookie is used as a signal that it
-        # was generated by Erlang's insecure randomizer, which only
-        # provides between 20 and 36 bits of entropy; were it 20
-        # characters long by a good randomizer, it would be 96 bits and
-        # more than sufficient.  We generate, using good randomness, a
-        # 255-character cookie, the max allowed length.
-        shutdown_server()
-        logging.info("Generating a secure erlang cookie...")
-        subprocess.check_call(["./scripts/setup/generate-rabbitmq-cookie"])
-
     if not args.skip_puppet:
         # Puppet may adjust random services; to minimize risk of issues
         # due to inconsistent state, we shut down the server first.

scripts/lib/zulip_tools.py

@@ -714,24 +714,6 @@ def start_arg_parser(action: str, add_help: bool = False) -> argparse.ArgumentPa
     return parser
 
 
-def listening_publicly(port: int) -> list[str]:
-    filter = f"sport = :{port} and not src 127.0.0.1:{port} and not src [::1]:{port}"
-    # Parse lines that look like this:
-    # tcp    LISTEN     0          128             0.0.0.0:25672        0.0.0.0:*
-    lines = (
-        subprocess.check_output(
-            ["/bin/ss", "-Hnl", filter],
-            text=True,
-            # Hosts with IPv6 disabled will get "RTNETLINK answers: Invalid
-            # argument"; eat stderr to hide that
-            stderr=subprocess.DEVNULL,
-        )
-        .strip()
-        .splitlines()
-    )
-    return [line.split()[4] for line in lines]
-
-
 def atomic_nagios_write(
     name: str,
     status: Literal["ok", "warning", "critical", "unknown"],