Bug 969120 - AS7 plugin discovery attempts connection with incorrect credentials if resource productType != JBossProductType.AS
AS7 plugin discovery attempts connection with incorrect credentials if resour...
Status: CLOSED CURRENTRELEASE
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 6 (Show other bugs)
JON 3.1.2
All All
unspecified Severity high
: ER01
: JON 3.2.0
Assigned To: Thomas Segismont
Mike Foley
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-30 13:16 EDT by Marc Shirley
Modified: 2014-02-05 14:01 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-02 15:34:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 385473 None None None Never

  None (edit)
Description Marc Shirley 2013-05-30 13:16:32 EDT
Description of problem:
During the discovery process, if the installation directory of the EAP6 server is not of the expected form "jboss-eap-6.0", the plugin is unable to determine the version and attempts a connection to the server using either a default set of credentials or a user pulled from the management realm with a null password.  As this occurs during the discovery of the process and before it is compared to the inventory, this can result in repeated failed authentication attempts to the EAP server every discovery cycle (by default, every 15 minutes).

Version-Release number of selected component (if applicable):
JBoss ON 3.1.2


Actual results:
Agent attempts to connect to the EAP6 instance to gather the version information without correct credentials.

Expected results:
BaseProcessDiscovery.buildResourceDetails() should query $JBOSS_HOME/version.txt if it exists to obtain version information, or default to a constant such as '6.x' or 'UNKNOWN 6.x' value to identify that the version was not able to be identified during discovery.
Comment 1 Larry O'Leary 2013-05-30 17:56:44 EDT
This actually occurs in two different scenarios:

As mentioned, during discovery BaseProcessDiscovery.buildResourceDetails is calling getFromRemote() to determine the product info for the newly discovered resource. This seems like a very bad idea considering that on a new resource, this would always fail. The result is that we attempt to authenticate with EAP using the user "admin" with a password of "null". This seems to be a result of the default configuration provided by the plug-in configuration itself. I actually can't think of a time this method would ever succeed. Essentially what is failing in my test case:

POST /management HTTP/1.1
Content-Type: application/json
Accept: application/json
User-Agent: Java/1.6.0_20
Host: 127.0.0.1:9990
Connection: keep-alive
Content-Length: 65
Authorization: Digest username="admin", realm="ManagementRealm", nonce="dc8c7d68c5529a0e05cfedfcd016b53a", uri="/management", response="eae9dd3b48ae69e0768390427551b8a1", algorithm="MD5", cnonce="HCDIBNAKOBLKKEBBFDPPFMINEBILANGKOEJNLKOL"

{"operation":"read-attribute","address":[],"name":"product-name"}


This seems to be invoked 20 times. I am not certain why but perhaps there is some re-try logic somewhere or we are attempting to build resource details multiple times for the same discovered resource.



The other issue is availability an availability check on a newly discovered resource that has not yet been imported into inventory. I am guessing this happens one when the resource is created as I see the following same failure occur right after the agent has started up:

POST /management HTTP/1.1
Content-Type: application/json
Accept: application/json
User-Agent: Java/1.6.0_20
Host: 127.0.0.1:9990
Connection: keep-alive
Content-Length: 64
Authorization: Digest username="admin", realm="ManagementRealm", nonce="f728fca3619f0ce5e8794753858b75d3", uri="/management", response="11a036ced3c9a91d80943a51644e35f6", algorithm="MD5", cnonce="EEPHMLDJOKHGLNJGBMNNLCOABOKKHMDLGPIBJFIH"

{"operation":"read-attribute","address":[],"name":"launch-type"}

Which appears to be invoked from BaseServerComponent.getAvailability().



Steps to reproduce:
1.  Start EAP 6 standalone server.
2.  Enable debug logging for the 'com.sun.net.httpserver' category.

        "${JBOSS_HOME}/bin/jboss-cli.sh" --connect '/subsystem=logging/logger=com.sun.net.httpserver:add(level=DEBUG)'

3.  Start JBoss ON system.

The EAP server's server.log will contain the following messages every 15 minutes:

    FINE  [com.sun.net.httpserver] (HttpManagementService-threads - 102) POST /management HTTP/1.1 [401  Unauthorized] ()
Comment 3 Thomas Segismont 2013-08-05 09:14:55 EDT
Fixed in master (see BZ913764)

The version was determined with a call to the http management interface. Now it's all based on file inspection.
Comment 4 Filip Brychta 2013-11-14 12:02:46 EST
Verified on
Version :	
3.2.0.ER5
Build Number :	
2cb2bc9:225c796

Note You need to log in before you can comment on or make changes to this bug.