ActiveMQ + XA
by Thomas Segismont
Hi everyone,
Just a note in case you didn't know: you should pay attention to
transaction declarations when you combine MDB bus listeners with other
beans:
*ActiveMQ does not currently support XA Transaction suspend / resume
semantics.*
http://activemq.apache.org/should-i-use-xa.html
Regards,
Thomas
9 years
Hawkular integration questions
by Frank Ryan
At this time both PTrans and Heapster only integrate with the Hawkular
Metrics subsytem. Are there plans to integrate these modules with Hawkular
AIO to populate inventory as well?
Thanks
Frank Ryan
9 years
Hawkular Alhpa6 questions
by Van Dillon
Hi,
I have a few questions about Hawkular-aio Alpha6.
1) I can't get metric data to stay in the system for more than about 8
hours. The documentation says data retention units are in days. I've
tried using the REST APIs to set the retentions to 365 when I create a
Metrics tenant. I've also tried setting it to 365 for individual Metric
definitions. Neither approach seems to make a difference. Am I missing
something? I'm running on Windows 7 x64.
2) Will the jboss/hawkular-aio docker image be updated to this release? It
hasn't been updated since Alpha4.
Any help would be greatly appreciated.
Thanks,
Van Dillon
9 years
strange chars in test output
by John Mazzitelli
Just ran a build and it looks like we are logging the contents of a zip file - which causes all kinds of bad things in the console:
FINE: Received over WebSocket: ExportJdrResponse={"fileName":"jdr_15-10-22_10-04-43_testing-worker-linux-docker-4d45e4b4-3236-linux-3.zip","resourcePath":"/t;28026b36-8fe4-4332-84c8-524e173a68bf/e;test/f;testing-worker-linux-docker-4d45e4b4-3236-linux-3/r;testing-worker-linux-docker-4d45e4b4-3236-linux-3~Local~~","destinationSessionId":"0I6Sw6bmxVggotD_2ti9F8WuY1R8-no6YDbDRJfn","status":"OK","message":"{\"start-time\" => \"Thu Oct 22 22:04:43 UTC 2015\",\"end-time\" => \"Thu Oct 22 22:05:46 UTC 2015\",\"report-location\" => \"/home/travis/build/hawkular/hawkular-agent/hawkular-agent-itest-parent/hawkular-agent-itest/target/hawkular-agent-itest-dist/hawkular-agent-itest-dist-0.12.0.Final-SNAPSHOT/standalone/tmp/jdr_15-10-22_10-04-43_testing-worker-linux-docker-4d45e4b4-3236-linux-3.zip\"}"}PK��������VGSjdr_15-10-22_10-04-43_testing-worker-linux-docker-4d45e4b4-3236-linux-3/version.txt�r �R(-ʳ�J�/.�J��M��rR����������
It looks like we are trying to log the full JSON message that the WS receives, which is very bad because this could include a) sensitive data in the message (like passwords) and b) raw binary data
I'll look to see where this is coming from and fix it.
9 years
Inspecting inventory storage internals
by Lukas Krejci
Hi,
a couple of folks asked how we inspect what is stored inside inventory's live
DB.
The truth is that mostly it is the REST API ;) but sometimes, it is true that
one needs to really look at individual vertices and edges in the graph
storage.
To see that, Jirka spent some time on a low level inventory visualization but
I am not sure that has come to conclusion. In the meantime, this is how I do
it.
I suppose you're running hawkular dist in dev mode, C* backing the metrics and
inventory running on localhost, default ports.
0) Build Hawkular with dev profile and start it up.
1) Install Titan 0.5.4 separately [1].
2) Unzip and cd into it.
3) run "bin/gremlin.sh"
4) Run the following in the gremlin CLI:
g = TitanFactory.build().set("storage.backend",
"cassandrathrift").set("storage.cassandra.keyspace",
"hawkular_inventory").open()
That will open the inventory graph in the variable "g".
You now have the full power of Groovy and Gremlin [2] at your fingertips.
To get you started, here are a few queries you can run:
1) list all properties of all tenants
g.V().has("__type", "tenant").map
`V()` will give you all vertices in the graph,
`.has()` will filter them on a value of some property
`.map` will output the properties of each vertex as a map
2) List all outgoing edges from all environments
g.V().has("__type", "tenant").out("contains").has("__type",
"environment").outE()
`.out(...)` will hop from a vertex over all edges with given label to all
target vertices (if no label is given (call without arguments), target
vertices of all outgoing edges are listed)
`.outE(...)` will list the outgoing edges (constrained to given labels, if
any)
(if you want to see the properties of those edges, add ".map" to the end).
3) List all Wildfly servers under a feed:
g.V().has("__cp",
"/t;<tenantId>/e;test/f;<feedId>").outE("contains").has("__targetType",
"resource").inV().as("resource").inE("defines").has("__sourceType",
"resourceType").outV().has("__eid", "WildFly Server").back("resource")
4) To see the root map of the resource config of the those resources, add the
following to the above query:
.out("contains").has("__type", "dataEntity").has("__eid",
"configuration").out("hasData")
5) To see the values inside that map, additionally add the following:
.out.map
Hope this helps,
Lukas
[1] http://s3.thinkaurelius.com/downloads/titan/titan-0.5.4-hadoop2.zip
[2] http://s3.thinkaurelius.com/docs/titan/0.5.4/gremlin.html
9 years
Discussion, Planning, and status on Testing Openshift & Hawk-Metrics Integration for Openshift 3.1
by Michael Foley
The following meeting has been modified:
Subject: Discussion, Planning, and status on Testing Openshift & Hawk-Metrics Integration for Openshift 3.1 [MODIFIED]
Organizer: "Michael Foley" <mfoley(a)redhat.com>
Location: Bluejeans http://www.bluejeans.com/mfoley51
Time: 3:00:00 PM - 3:30:00 PM GMT -05:00 US/Canada Eastern [MODIFIED]
Recurrence : Every 1 week(s) on No end date Effective Sep 9, 2015
Required: pruan(a)redhat.com; mmahoney(a)redhat.com; vnguyen(a)redhat.com; snegrea(a)redhat.com; jsanda(a)redhat.com; mwringe(a)redhat.com
Optional: jon-qa-list(a)redhat.com; jboss-on-team(a)redhat.com; hawkular-dev(a)lists.jboss.org
*~*~*~*~*~*~*~*~*~*
Hi,
Let's have a discussion and planning session on testing Openshift & Hawkular Integration!
Let's use this etherpad to coordinate the discussion -->> http://pad.engineering.redhat.com/Management-nextAndOpenshiftTestPlanning
5 Point Plan for Openshift 3.1 GA
* Unit tests .... owned by Hawk-Metrics developers
* Integration tests ... owned by Hawk-Metrics developers and Hawk-Metrics QE
* Performance CI on Hawk-Metrics (this one is actually new and was not discussed on Wednesday , but I now see it makes sense)
* Functional Integration tests on Hawk-Metrics latest + Openshift Origin latest
*
Funtional/UI .... Cucumber/Ruby tests ...owned by Openshift QE * Functional/Rest ... Cucumber/Ruby tests ... owned by Openshift QE
* Performance & Scalability .... owned by Openshift QE
Regards,
Michael Foley
QE Supervisor, Middleware BU
9 years
cmdgw forwarding messages from bus to UI
by Jiri Kremser
Hello,
when creating the topology graph, the nice feature would be to see the newly added resources in inventory in a real-time. Currently, the approach on many places in UI is polling with long intervals. Each 20 seconds the url list, app server list or topology is updated with the fresh data.
We have the server-side bus in place into which inventory events when anyone is 'CRUDing' the entities, I believe alerts are being sent there, etc. Also we have the cmdgw module for dealing with the bus-agent-ui communication, it uses the WebSockets for full-duplex comm. From what I've seen it works like this:
1) ui initializes the WS connection
2) server stores the session, correlation id is the session id
3) later on ui invokes a command with some id
4) once the command is done the ui is notified by the server side (no polling, real server push)
+ some magic with bus (bus works here as a glue with the other components)
What would be imho really useful would be not only using the web socket layer for sending the responses on previously requested operations but also having the ability to send the notification to whoever cares on the ui (without any former explicit action in the ui). I mean events like "something bad happened". After talking with Peter, the better correlation id here is the tenant id, because we don't want to leak the information among the tenants. So if the server keeps the info which session id was created for which tenant we are almost there.
pros:
* alerts can be displayed immediately (no need to wait 20 seconds for the refresh)
* no polling = no wasting with resources
* cool demos
cons:
* switching the persona needs to be handled, but it's doable
What do you think?
jk
9 years
Hawkular Alerts 0.5.0.Final Released!
by Jay Shaughnessy
Hawkular Alerts 0.5.0.Final has been Released!
Notable Features:
* Action History
o The history of executed actions is now persisted and queryable
in a flexible way.
* Alerts now support Notes
o Any number of Notes can now be added to an Alert, to track it's
progress and/or resolution.
o This more flexible mechanism replaces the ackNotes and
resolvedNotes.
* Actions are now executed asynchronously in Standalone deployments
o Previously a hung action could hang a standalone engine.
* Triggers now support criteria fetch and paging.
There have been some changes to the REST endpoints as we refine the model.
Jira Summary for features above, as well as minor enhancements and fixes:
* https://issues.jboss.org/projects/HWKALERTS/versions/12328199
The next scheduled version is 0.6.0, targeted for November 10, 2015. It
is scheduled to include a major new feature, Event support!
Hawkular Alerts Team
Jay Shaughnessy (jshaughn(a)redhat.com)
Lucas Ponce (lponce(a)redhat.com)
9 years
Problems installing Alpha 5 on Windows
by Luba Roitman
Hi,
I am having problems installing Hawkular Alpha 5 on Windows, but before I delve into describing them, I am wondering as to whether Docker install option is going to be available soon? That would indeed be helpful.
As for the Windows install problem, after I downloaded Alpha 5 and run standalone.bat I have the following exceptions in the server.log (excerpts here, more stacktrace in the end of the email)
jboss.serverManagement.controller.management.http: WFLYSRV0083: Failed to start the http-interface service
Caused by: java.lang.RuntimeException: java.net.BindException: Address already in use: bind
And then2015-10-18 13:01:53,226 WARN [org.hawkular.inventory.cdi] (ServerService Thread Pool -- 68) HAWKINV003501: Inventory backend failed to initialize in an attempt 5 of 5.2015-10-18 13:01:54,236 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 68) MSC000001: Failed to start service jboss.deployment.unit."hawkular-inventory-dist.war".component.InventoryJNDIPublisher.START: org.jboss.msc.service.StartException in service jboss.deployment.unit."hawkular-inventory-dist.war".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instanceCaused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory.Caused by: java.lang.IllegalStateException: Could not initialize inventory.
Do you think these two could be connected? I can't think of any source for binding address conflict, I start Hawkular the first thing after the laptop restart, so don't run any local http servers. It is also not clear what is the reason for inventory initialization problem, the log doesn't indicate any wrong before throwing error.
I am running Windows 8.1 64bit
Would appreciate any input!
Respectfully, Luba Roitman.
-------------2015-10-18 13:01:33,144 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.serverManagement.controller.management.http: org.jboss.msc.service.StartException in service jboss.serverManagement.controller.management.http: WFLYSRV0083: Failed to start the http-interface service at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:269) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)Caused by: java.lang.RuntimeException: java.net.BindException: Address already in use: bind at org.jboss.as.domain.http.server.ManagementHttpServer.start(ManagementHttpServer.java:160) at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:235) ... 5 moreCaused by: java.net.BindException: Address already in use: bind at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:433)------------------
2015-10-18 13:01:53,226 WARN [org.hawkular.inventory.cdi] (ServerService Thread Pool -- 68) HAWKINV003501: Inventory backend failed to initialize in an attempt 5 of 5.2015-10-18 13:01:54,236 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 68) MSC000001: Failed to start service jboss.deployment.unit."hawkular-inventory-dist.war".component.InventoryJNDIPublisher.START: org.jboss.msc.service.StartException in service jboss.deployment.unit."hawkular-inventory-dist.war".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance at org.jboss.as.ee.component.ComponentStartService$1.run(ComponentStartService.java:57) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) at org.jboss.threads.JBossThread.run(JBossThread.java:320)Caused by: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:163) at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:134) at org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:88) at org.jboss.as.ejb3.component.singleton.SingletonComponent.getComponentInstance(SingletonComponent.java:122) at org.jboss.as.ejb3.component.singleton.SingletonComponent.start(SingletonComponent.java:136) at org.jboss.as.ee.component.ComponentStartService$1.run(ComponentStartService.java:54) ... 6 moreCaused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory. at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:187) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:277) at org.jboss.as.ejb3.tx.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:349) at org.jboss.as.ejb3.tx.LifecycleCMTTxInterceptor.processInvocation(LifecycleCMTTxInterceptor.java:66) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.weld.injection.WeldInjectionContextInterceptor.processInvocation(WeldInjectionContextInterceptor.java:43) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:161) ... 11 moreCaused by: java.lang.IllegalStateException: Could not initialize inventory. at org.hawkular.inventory.cdi.OfficialInventoryProducer.initInventory(OfficialInventoryProducer.java:115) at org.hawkular.inventory.cdi.OfficialInventoryProducer.getInventory(OfficialInventoryProducer.java:64) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:88) at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:78) at org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:95) at org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:167) at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:183) at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96) at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101) at org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141) at org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50) at org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:761) at org.jboss.weld.manager.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:861) at org.jboss.weld.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:92) at org.jboss.weld.util.Beans.injectBoundFields(Beans.java:375) at org.jboss.weld.util.Beans.injectFieldsAndInitializers(Beans.java:386) at org.jboss.weld.injection.producer.DefaultInjector$1.proceed(DefaultInjector.java:71) at org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:48) at org.jboss.weld.injection.producer.DefaultInjector.inject(DefaultInjector.java:73) at org.jboss.weld.injection.producer.ejb.SessionBeanInjectionTarget.inject(SessionBeanInjectionTarget.java:140) at org.jboss.as.weld.injection.WeldInjectionContext.inject(WeldInjectionContext.java:39) at org.jboss.as.weld.injection.WeldInjectionInterceptor.processInvocation(WeldInjectionInterceptor.java:51) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.component.AroundConstructInterceptorFactory$1.processInvocation(AroundConstructInterceptorFactory.java:28) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.weld.injection.WeldInterceptorInjectionInterceptor.processInvocation(WeldInterceptorInjectionInterceptor.java:56) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.weld.ejb.Jsr299BindingsCreateInterceptor.processInvocation(Jsr299BindingsCreateInterceptor.java:100) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) ... 27 more
2015-10-18 13:01:54,251 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("management-interface" => "http-interface")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.serverManagement.controller.management.http" => "org.jboss.msc.service.StartException in service jboss.serverManagement.controller.management.http: WFLYSRV0083: Failed to start the http-interface service Caused by: java.lang.RuntimeException: java.net.BindException: Address already in use: bind Caused by: java.net.BindException: Address already in use: bind"}}2015-10-18 13:01:54,251 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "hawkular-inventory-dist.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory. Caused by: java.lang.IllegalStateException: Could not initialize inventory."}}2015-10-18 13:01:54,251 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "hawkular-metrics-api-jaxrs.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory. Caused by: java.lang.IllegalStateException: Could not initialize inventory."}}2015-10-18 13:01:54,251 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "hawkular-pinger.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory. Caused by: java.lang.IllegalStateException: Could not initialize inventory."}}2015-10-18 13:01:54,267 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "hawkular-redhat-access-integration-backend.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"hawkular-inventory-dist.war\".component.InventoryJNDIPublisher.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance Caused by: javax.ejb.EJBException: java.lang.IllegalStateException: Could not initialize inventory. Caused by: java.lang.IllegalStateException: Could not initialize inventory."}}
9 years
Resourcetype again
by Heiko W.Rupp
Hey,
we have said that we do no longer want the very strict resource types
that
we had in RHQ. We also identified that we need resource types to define
capabilities like metric types with their units etc. The newest addition
now
are operations and resource config.
I believe that for a certain kind of resource - e.g. "WildFly 8.2", that
"we" manage
we should not have the agent/feed supply the types, but Hawkular should
do so.
A user may still decide to extend that to supply its own data, but we
need to be
careful when dealing with it.
For security relevant things we can not let the client/feed just provide
resource
type data, as otherwise it is too easy to work around checks.
For WildFly there are a bunch of RBAC roles [1,2] that need to map to
what
we (will) have in Hawkular, which we may define as just what WildFly
has.
In fact that will be beneficial, as users will already know how WildFly
RBAC works
and can apply it to Hawkular. Plus if the user already has its org
members in
a central KeyCloak with role mappings, we can hook up to that instance
and get the mappings "for free".
Now for operations on WildFly (not only the classic RHQ-operations, but
also modifying
resource config), RBAC in WildFly is "hiding" whole sub-trees, but also
(iiuc) individual attributes
if you do not have the right role:
role=SuperUser:
[standalone@localhost:9990 /] cd /core-service=management/access
[standalone@localhost:9990 access] ls
audit authorization
role=Monitor:
[standalone@localhost:9990 /] cd /core-service=management/access
[standalone@localhost:9990 access] ls
audit
With enough privileges it is possible to see the access definitions
under /core-service=management/access=authorization/constraint=*
While it is possible for WildFly to obtain the security levels
(automatically)
from the WildFly Metadata, we still need to find a good way to add this
information
into our resource types, as the UI may need to react to them and not
show a
restart button for user that only has the Monitoring role. In theory we
could
just issue the operation with the user perms and see it fail on WildFly
side, but that
is certainly not user-friendly and thus not desired.
For other kinds of resource like Tomcat we probably need to encode the
roles
to the best of our knowledge.
Heiko
[1] http://blog.arungupta.me/role-based-access-control-wildfly-8/
[2] http://www.dzone.com/articles/configuring-rbac-jboss-eap-and
9 years
