Original issue reported in Bug 892047 identified that JBoss EAP 6 servers could not be discovered when JBoss EAP was installed from RPM. This is because some files -- such as the configuration files and role files -- are considered sensitive and can therefore only be read by the JBoss installation's owner or group. The default user group used is "jboss". In the JBoss ON agent's RPM -- and perhaps in other places such as init scripts -- we assumed a group name of jbosson. This prevents the JBoss ON agent, with out-of-the-box configuration, from working with other JBoss products using out-of-the-box configuration. To fix this deficiency, the JBoss ON agent RPM should use a default user group of jboss. +++ This bug was initially created as a clone of Bug #892047 +++ Description of problem: After installing and starting EAP 6 from RPM, agent with AS7 plug-in is unable to discover it and throws the following error: ERROR [ResourceDiscoveryComponent.invoker.daemon-1] (rhq.modules.plugins.jbossas7.HostControllerDiscovery)- Discovery of a JBossAS7 Host Controller Resource failed for process: pid=[2836], name=[/etc/alternatives/jre/bin/java], ppid=[2810] - cause: java.lang.Exception: Server configuration file not found at the expected location (/usr/share/jbossas/domain/configuration/host-slave.xml). Version-Release number of selected component (if applicable): 4.4.0.JON311GA How reproducible: Always Steps to Reproduce: 1. On RHEL 6 system, install EAP 6 from RPM: # JBoss EAP RPMs _rhnUser=admin _rhnPassword=redhat _jbappplatform=$(rhn-channel -L -u {_rhnUser} -p ${_rhnPassword} | grep jbappplatform) rhn-channel --add -c ${_jbappplatform} -u {_rhnUser} -p ${_rhnPassword} # RPM version is very important. # Problem occurs starting with EAP RPM 7.1.3-4 yum -y install yum install jbossas-domain-7.1.3-4.Final_redhat_4.ep6.el6.noarch 2. Start EAP 6 domain service sudo service jbossas-domain start 3. Start JBoss ON agent using a different user/group then what is being used by EAP You can not use root or any account that is a member of the jboss group. Such as what happens when running JON agent from RPM install and starting it as a service. Actual results: EAP6 host controller does not get discovered and the following error is logged in agent.log: ERROR [ResourceDiscoveryComponent.invoker.daemon-1] (rhq.modules.plugins.jbossas7.HostControllerDiscovery)- Discovery of a JBossAS7 Host Controller Resource failed for process: pid=[2836], name=[/etc/alternatives/jre/bin/java], ppid=[2810] - cause: java.lang.Exception: Server configuration file not found at the expected location (/usr/share/jbossas/domain/configuration/host.xml). Expected results: EAP6 host controller should be discovered and appear in the discovery queue. Additional info: This issue is a direct result of directory permissions used by EAP's RPM. By default, starting in 7.1.3-4, /var/lib/jbossas/domain (and other directories) are not world-readable. This means, unless the RHQ agent is started by root or a user who is a member of the jboss group, the AS7 plug-in will not be able to read the configuration files from the file system. Prior to 7.1.3-4, directories were world-readable meaning that we would not see this unless testing with the latest RPM version released in late November 2012. --- Additional comment from Larry O'Leary on 2013-01-08 12:32:43 EST --- This might be as simple as JBoss ON documenting that if using the EAP 6 RPM, the user who starts the agent must be added to the OS group 'jboss'. Additionally, we might want to do this automatically with the JBoss ON agent RPM.
JBoss ON documentation for non-RPM install has already been updated to reflect this. This BZ represents the need for the Agent RPM provided with the JBoss ON distribution to be updated to: - create the jboss group if not present upon installation or upgrade - assign the jbosson-agent user to the jboss group
Please note that jbosson may still be a valid group and should probably remain. This group should probably also remain as the default user group for the JBoss ON agent user -- jbosson-agent. The suggestion from this BZ is to add the user jbosson-agent from the agent RPM to the group jboss and to create the group jboss if it doesn't already exist. The end goal is: - Install JBoss EAP RPM - Install JBoss ON agent RPM - Import JBoss EAP resource without error - Install JBoss ON agent RPM - Install JBoss EAP RPM - Import JBoss EAP resource without error - Install JBoss ON agent RPM - Install JBoss EAP from ZIP <-- perhaps JBoss EAP install guide already recommends an OS user/group? - Manually add JBoss ON agent user to group used for extracting JBoss EAP ZIP - Import JBoss EAP resource without error
Moving into CR01 target milestone as missed ER01 cutoff.
Moving to ON_QA as available to test with latest CP build: http://download.devel.redhat.com/brewroot/packages/org.jboss.on-jboss-on-parent/3.3.0.GA/16/maven/org/jboss/on/jon-server-patch/3.3.0.GA/jon-server-patch-3.3.0.GA.zip *Note: jon-server-patch-3.3.0.GA.zip maps to CR01 build of jon-server-3.3.0.GA-update-01.zip.
Created attachment 992658 [details] jbosson-agent-groups