Bug 1072915 - [QE] (6.3.0) slaves cannot reconnect to a restarted master if RBAC is enabled
Summary: [QE] (6.3.0) slaves cannot reconnect to a restarted master if RBAC is enabled
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management
Version: 6.2.1
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: DR3
: EAP 6.3.0
Assignee: Emanuel Muckenhuber
QA Contact: Ladislav Thon
Russell Dickenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1072949
TreeView+ depends on / blocked
 
Reported: 2014-03-05 11:43 UTC by Tom Fonteyne
Modified: 2019-07-11 07:53 UTC (History)
9 users (show)

(edit)
In previous versions of JBoss EAP 6, When reconnecting to the master host-controller, the configuration model was added to the wrong location.

This meant that reconnecting to the master host-controller with RBAC enabled would fail.

In this release, the model is added in the right location, ensuring the slave host connects without problems.
Clone Of:
: 1072949 (view as bug list)
(edit)
Last Closed: 2014-06-28 15:30:05 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-3069 Critical Closed slaves cannot reconnect to a restarted master if RBAC is enabled 2018-07-06 10:41 UTC
Red Hat Bugzilla 1072949 None CLOSED [QE] (6.2.2) slaves cannot reconnect to a restarted master if RBAC is enabled 2018-07-06 10:41 UTC

Description Tom Fonteyne 2014-03-05 11:43:07 UTC
Description of problem:

Enable RBAC in an EAP domain setup. "reload --host=master" and the slaves will no longer be connected to the master

Version-Release number of selected component (if applicable):

tested in 6.2 and 6.2 CP01

How reproducible: always


Steps to Reproduce:

Standard security realm, without "local":

host.xml:
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>

domain.xml:

    <management>
        <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user alias="admin" name="admin"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>

The user "admin" is added to the mgmt-users.properties

Start the domain controller and a host controller connected to it (I use two machines for this setup)

Start CLI, and verify that you can login with the admin user, and that you can get to the slave:

[domain@orac.usersys.redhat.com:9999 /] /host=slave1/   (hit TAB)
core-service     interface        jvm              path             server-config    system-property

execute:  reload --host=master

after a little while, you will see:

[Host Controller] 11:36:29,412 INFO  [org.jboss.as.domain] (slave-request-threads - 1) JBAS010918: Registered remote slave host "slave1", JBoss EAP 6.2.1.GA (AS 7.3.1.Final-redhat-3)

Now try again:

[domain@orac.usersys.redhat.com:9999 /] /host=slave1/   (hit TAB)

=> nothing

[domain@orac.usersys.redhat.com:9999 /] /host=slave1:read-resource

=> nothing

It is no longer possible to get to the slave until a manual restart of the slave is done.

Comment 1 Kabir Khan 2014-03-11 09:42:24 UTC
https://github.com/jbossas/jboss-eap/pull/1035

Comment 2 Petr Kremensky 2014-03-18 12:23:19 UTC
Verified on EAP 6.3.0.DR4.


Note You need to log in before you can comment on or make changes to this bug.