Bug 969120
| Summary: | AS7 plugin discovery attempts connection with incorrect credentials if resource productType != JBossProductType.AS | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Marc Shirley <mshirley> |
| Component: | Plugin -- JBoss EAP 6 | Assignee: | Thomas Segismont <tsegismo> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | JON 3.1.2 | CC: | fbrychta, loleary, tsegismo |
| Target Milestone: | ER01 | ||
| Target Release: | JON 3.2.0 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-02 20:34:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marc Shirley
2013-05-30 17:16:32 UTC
This actually occurs in two different scenarios:
As mentioned, during discovery BaseProcessDiscovery.buildResourceDetails is calling getFromRemote() to determine the product info for the newly discovered resource. This seems like a very bad idea considering that on a new resource, this would always fail. The result is that we attempt to authenticate with EAP using the user "admin" with a password of "null". This seems to be a result of the default configuration provided by the plug-in configuration itself. I actually can't think of a time this method would ever succeed. Essentially what is failing in my test case:
POST /management HTTP/1.1
Content-Type: application/json
Accept: application/json
User-Agent: Java/1.6.0_20
Host: 127.0.0.1:9990
Connection: keep-alive
Content-Length: 65
Authorization: Digest username="admin", realm="ManagementRealm", nonce="dc8c7d68c5529a0e05cfedfcd016b53a", uri="/management", response="eae9dd3b48ae69e0768390427551b8a1", algorithm="MD5", cnonce="HCDIBNAKOBLKKEBBFDPPFMINEBILANGKOEJNLKOL"
{"operation":"read-attribute","address":[],"name":"product-name"}
This seems to be invoked 20 times. I am not certain why but perhaps there is some re-try logic somewhere or we are attempting to build resource details multiple times for the same discovered resource.
The other issue is availability an availability check on a newly discovered resource that has not yet been imported into inventory. I am guessing this happens one when the resource is created as I see the following same failure occur right after the agent has started up:
POST /management HTTP/1.1
Content-Type: application/json
Accept: application/json
User-Agent: Java/1.6.0_20
Host: 127.0.0.1:9990
Connection: keep-alive
Content-Length: 64
Authorization: Digest username="admin", realm="ManagementRealm", nonce="f728fca3619f0ce5e8794753858b75d3", uri="/management", response="11a036ced3c9a91d80943a51644e35f6", algorithm="MD5", cnonce="EEPHMLDJOKHGLNJGBMNNLCOABOKKHMDLGPIBJFIH"
{"operation":"read-attribute","address":[],"name":"launch-type"}
Which appears to be invoked from BaseServerComponent.getAvailability().
Steps to reproduce:
1. Start EAP 6 standalone server.
2. Enable debug logging for the 'com.sun.net.httpserver' category.
"${JBOSS_HOME}/bin/jboss-cli.sh" --connect '/subsystem=logging/logger=com.sun.net.httpserver:add(level=DEBUG)'
3. Start JBoss ON system.
The EAP server's server.log will contain the following messages every 15 minutes:
FINE [com.sun.net.httpserver] (HttpManagementService-threads - 102) POST /management HTTP/1.1 [401 Unauthorized] ()
Fixed in master (see BZ913764) The version was determined with a call to the http management interface. Now it's all based on file inspection. Verified on Version : 3.2.0.ER5 Build Number : 2cb2bc9:225c796 |