Bug 1072915 - [QE] (6.3.0) slaves cannot reconnect to a restarted master if RBAC is enabled
Summary: [QE] (6.3.0) slaves cannot reconnect to a restarted master if RBAC is enabled
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management
Version: 6.2.1
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: DR3
: EAP 6.3.0
Assignee: Emanuel Muckenhuber
QA Contact: Ladislav Thon
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks: 1072949
TreeView+ depends on / blocked
 
Reported: 2014-03-05 11:43 UTC by Tom Fonteyne
Modified: 2019-07-11 07:53 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, When reconnecting to the master host-controller, the configuration model was added to the wrong location. This meant that reconnecting to the master host-controller with RBAC enabled would fail. In this release, the model is added in the right location, ensuring the slave host connects without problems.
Clone Of:
: 1072949 (view as bug list)
Environment:
Last Closed: 2014-06-28 15:30:05 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1072949 0 urgent CLOSED [QE] (6.2.2) slaves cannot reconnect to a restarted master if RBAC is enabled 2023-09-14 02:04:29 UTC
Red Hat Issue Tracker WFLY-3069 0 Critical Closed slaves cannot reconnect to a restarted master if RBAC is enabled 2018-07-06 10:41:02 UTC

Description Tom Fonteyne 2014-03-05 11:43:07 UTC 
Description of problem:

Enable RBAC in an EAP domain setup. "reload --host=master" and the slaves will no longer be connected to the master

Version-Release number of selected component (if applicable):

tested in 6.2 and 6.2 CP01

How reproducible: always


Steps to Reproduce:

Standard security realm, without "local":

host.xml:
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>

domain.xml:

    <management>
        <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user alias="admin" name="admin"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>

The user "admin" is added to the mgmt-users.properties

Start the domain controller and a host controller connected to it (I use two machines for this setup)

Start CLI, and verify that you can login with the admin user, and that you can get to the slave:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)
core-service     interface        jvm              path             server-config    system-property

execute:  reload --host=master

after a little while, you will see:

[Host Controller] 11:36:29,412 INFO  [org.jboss.as.domain] (slave-request-threads - 1) JBAS010918: Registered remote slave host "slave1", JBoss EAP 6.2.1.GA (AS 7.3.1.Final-redhat-3)

Now try again:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)

=> nothing

[domain.redhat.com:9999 /] /host=slave1:read-resource

=> nothing

It is no longer possible to get to the slave until a manual restart of the slave is done.
Comment 1 Kabir Khan 2014-03-11 09:42:24 UTC 
https://github.com/jbossas/jboss-eap/pull/1035
Comment 2 Petr Kremensky 2014-03-18 12:23:19 UTC 
Verified on EAP 6.3.0.DR4.
Note You need to log in before you can comment on or make changes to this bug.