Bug 1072949

Summary: [QE] (6.2.2) slaves cannot reconnect to a restarted master if RBAC is enabled
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Petr Kremensky <pkremens>
Component: Domain ManagementAssignee: Dominik Pospisil <dpospisi>
Status: CLOSED CURRENTRELEASE QA Contact: Ladislav Thon <lthon>
Severity: urgent Docs Contact: Nidhi <nchaudha>
Priority: urgent    
Version: 6.2.2CC: abhumbe, cdewolf, dpospisi, emuckenh, jkudrnac, krathod, myarboro, nchaudha, pbajenez, pkremens, smumford, tfonteyn
Target Milestone: CR2   
Target Release: EAP 6.2.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, a bug prevented slave hosts from reconnecting with a reloaded master if RBAC was enabled. This bug has been resolved in this release.
 Story Points: ---
Clone Of: 1072915 Environment:
Last Closed: 2014-06-09 12:46:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1072915    
Bug Blocks: 1067532    

Description Petr Kremensky 2014-03-05 13:13:26 UTC 
+++ This bug was initially created as a clone of Bug #1072915 +++

Description of problem:

Enable RBAC in an EAP domain setup. "reload --host=master" and the slaves will no longer be connected to the master

Version-Release number of selected component (if applicable):

tested in 6.2 and 6.2 CP01

How reproducible: always


Steps to Reproduce:

Standard security realm, without "local":

host.xml:
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>

domain.xml:

    <management>
        <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user alias="admin" name="admin"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>

The user "admin" is added to the mgmt-users.properties

Start the domain controller and a host controller connected to it (I use two machines for this setup)

Start CLI, and verify that you can login with the admin user, and that you can get to the slave:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)
core-service     interface        jvm              path             server-config    system-property

execute:  reload --host=master

after a little while, you will see:

[Host Controller] 11:36:29,412 INFO  [org.jboss.as.domain] (slave-request-threads - 1) JBAS010918: Registered remote slave host "slave1", JBoss EAP 6.2.1.GA (AS 7.3.1.Final-redhat-3)

Now try again:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)

=> nothing

[domain.redhat.com:9999 /] /host=slave1:read-resource

=> nothing

It is no longer possible to get to the slave until a manual restart of the slave is done.
Comment 1 Dominik Pospisil 2014-03-25 10:46:04 UTC 
PR sent: https://github.com/jbossas/jboss-eap/pull/1122
Comment 2 Petr Kremensky 2014-05-09 07:25:14 UTC 
Verified on EAP 6.2.3.CR2.
Comment 3 Nichola Moore 2014-05-16 04:46:08 UTC 
Please could you add some doc text for this bug. The pull request is invalid so I can't get any information from there.

Thanks.
Comment 5 Peppe 2014-05-20 11:02:23 UTC 
also we face this problem,

after a restart of the domain controller,
with RBAC enabled,
the slaves can't reconnect

without RBAC they can
Comment 6 Red Hat Bugzilla 2023-09-14 02:04:30 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days