Red Hat Bugzilla – Bug 1072915
[QE] (6.3.0) slaves cannot reconnect to a restarted master if RBAC is enabled
Last modified: 2015-02-01 18:05:59 EST
Description of problem: Enable RBAC in an EAP domain setup. "reload --host=master" and the slaves will no longer be connected to the master Version-Release number of selected component (if applicable): tested in 6.2 and 6.2 CP01 How reproducible: always Steps to Reproduce: Standard security realm, without "local": host.xml: <security-realm name="ManagementRealm"> <authentication> <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/> </authorization> </security-realm> domain.xml: <management> <access-control provider="rbac"> <role-mapping> <role name="SuperUser"> <include> <user alias="admin" name="admin"/> </include> </role> </role-mapping> </access-control> </management> The user "admin" is added to the mgmt-users.properties Start the domain controller and a host controller connected to it (I use two machines for this setup) Start CLI, and verify that you can login with the admin user, and that you can get to the slave: [domain@orac.usersys.redhat.com:9999 /] /host=slave1/ (hit TAB) core-service interface jvm path server-config system-property execute: reload --host=master after a little while, you will see: [Host Controller] 11:36:29,412 INFO [org.jboss.as.domain] (slave-request-threads - 1) JBAS010918: Registered remote slave host "slave1", JBoss EAP 6.2.1.GA (AS 7.3.1.Final-redhat-3) Now try again: [domain@orac.usersys.redhat.com:9999 /] /host=slave1/ (hit TAB) => nothing [domain@orac.usersys.redhat.com:9999 /] /host=slave1:read-resource => nothing It is no longer possible to get to the slave until a manual restart of the slave is done.
https://github.com/jbossas/jboss-eap/pull/1035
Verified on EAP 6.3.0.DR4.