Bug 1072949 - [QE] (6.2.2) slaves cannot reconnect to a restarted master if RBAC is enabled
Summary: [QE] (6.2.2) slaves cannot reconnect to a restarted master if RBAC is enabled
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management
Version: 6.2.2
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: CR2
: EAP 6.2.3
Assignee: Dominik Pospisil
QA Contact: Ladislav Thon
Nidhi
URL:
Whiteboard:
Depends On: 1072915
Blocks: eap62-cp03-blockers
TreeView+ depends on / blocked
 
Reported: 2014-03-05 13:13 UTC by Petr Kremensky
Modified: 2023-09-14 02:04 UTC (History)
12 users (show)

Fixed In Version:
Clone Of: 1072915
Environment:
Last Closed: 2014-06-09 12:46:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker WFLY-3069 0 Critical Closed slaves cannot reconnect to a restarted master if RBAC is enabled 2018-09-26 03:30:48 UTC

Internal Links: 1072915

Description Petr Kremensky 2014-03-05 13:13:26 UTC 
+++ This bug was initially created as a clone of Bug #1072915 +++

Description of problem:

Enable RBAC in an EAP domain setup. "reload --host=master" and the slaves will no longer be connected to the master

Version-Release number of selected component (if applicable):

tested in 6.2 and 6.2 CP01

How reproducible: always


Steps to Reproduce:

Standard security realm, without "local":

host.xml:
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>

domain.xml:

    <management>
        <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user alias="admin" name="admin"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>

The user "admin" is added to the mgmt-users.properties

Start the domain controller and a host controller connected to it (I use two machines for this setup)

Start CLI, and verify that you can login with the admin user, and that you can get to the slave:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)
core-service     interface        jvm              path             server-config    system-property

execute:  reload --host=master

after a little while, you will see:

[Host Controller] 11:36:29,412 INFO  [org.jboss.as.domain] (slave-request-threads - 1) JBAS010918: Registered remote slave host "slave1", JBoss EAP 6.2.1.GA (AS 7.3.1.Final-redhat-3)

Now try again:

[domain.redhat.com:9999 /] /host=slave1/   (hit TAB)

=> nothing

[domain.redhat.com:9999 /] /host=slave1:read-resource

=> nothing

It is no longer possible to get to the slave until a manual restart of the slave is done.
Comment 1 Dominik Pospisil 2014-03-25 10:46:04 UTC 
PR sent: https://github.com/jbossas/jboss-eap/pull/1122
Comment 2 Petr Kremensky 2014-05-09 07:25:14 UTC 
Verified on EAP 6.2.3.CR2.
Comment 3 Nichola Moore 2014-05-16 04:46:08 UTC 
Please could you add some doc text for this bug. The pull request is invalid so I can't get any information from there.

Thanks.
Comment 5 Peppe 2014-05-20 11:02:23 UTC 
also we face this problem,

after a restart of the domain controller,
with RBAC enabled,
the slaves can't reconnect

without RBAC they can
Comment 6 Red Hat Bugzilla 2023-09-14 02:04:30 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.