July 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2968) Servers in a domain won't boot if local auth is disabled on the host controller

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2968?page=com.atlassian.jira.plugi... ] Brian Stansberry reopened WFCORE-2968: -------------------------------------- Although this should work now I'm reopening as there's still some ongoing stuff related to this. > Servers in a domain won't boot if local auth is disabled on the host controller > ------------------------------------------------------------------------------- > > Key: WFCORE-2968 > URL: https://issues.jboss.org/browse/WFCORE-2968 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: James Perkins > Assignee: Ken Wills > Priority: Blocker > Fix For: 3.0.0.Beta29 > > > If local authentication has been disabled on the host controller servers cannot communicate with the host controller and fail to start. > {code} > [Server:server-one] 15:10:51,241 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 2) MSC000001: Failed to start service jboss.server-boot-operations: org.jboss.msc.service.StartException in service jboss.server-boot-operations: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > [Server:server-one] at org.jboss.as.server.mgmt.domain.ServerBootOperationsService$1.run(ServerBootOperationsService.java:72) > [Server:server-one] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [Server:server-one] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [Server:server-one] at java.lang.Thread.run(Thread.java:748) > [Server:server-one] at org.jboss.threads.JBossThread.run(JBossThread.java:320) > [Server:server-one] Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:126) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70) > [Server:server-one] at org.jboss.as.server.mgmt.domain.HostControllerConnection.openConnection(HostControllerConnection.java:128) > [Server:server-one] at org.jboss.as.server.mgmt.domain.HostControllerClient.resolveBootUpdates(HostControllerClient.java:110) > [Server:server-one] at org.jboss.as.server.mgmt.domain.ServerBootOperationsService$1.run(ServerBootOperationsService.java:68) > [Server:server-one] ... 4 more > [Server:server-one] Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (DIGEST-MD5) are supported > [Server:server-one] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438) > [Server:server-one] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246) > [Server:server-one] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > [Server:server-one] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > [Server:server-one] at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > [Server:server-one] at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > [Server:server-one] at ...asynchronous invocation...(Unknown Source) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:509) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:497) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:194) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:118) > [Server:server-one] ... 9 more > [Server:server-one] > [Server:server-one] 15:10:51,241 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: java.util.concurrent.ExecutionException: Operation failed > [Server:server-one] at org.jboss.as.server.ServerStartTask$2$1.load(ServerStartTask.java:188) > [Server:server-one] at org.jboss.as.server.ServerService.boot(ServerService.java:387) > [Server:server-one] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:370) > [Server:server-one] at java.lang.Thread.run(Thread.java:748) > [Server:server-one] Caused by: java.util.concurrent.ExecutionException: Operation failed > [Server:server-one] at org.jboss.threads.AsyncFutureTask.operationFailed(AsyncFutureTask.java:74) > [Server:server-one] at org.jboss.threads.AsyncFutureTask.get(AsyncFutureTask.java:268) > [Server:server-one] at org.jboss.as.server.mgmt.domain.ServerBootOperationsService$2.get(ServerBootOperationsService.java:113) > [Server:server-one] at org.jboss.as.server.mgmt.domain.ServerBootOperationsService$2.get(ServerBootOperationsService.java:95) > [Server:server-one] at org.jboss.as.server.ServerStartTask$2$1.load(ServerStartTask.java:185) > [Server:server-one] ... 3 more > [Server:server-one] Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:126) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70) > [Server:server-one] at org.jboss.as.server.mgmt.domain.HostControllerConnection.openConnection(HostControllerConnection.java:128) > [Server:server-one] at org.jboss.as.server.mgmt.domain.HostControllerClient.resolveBootUpdates(HostControllerClient.java:110) > [Server:server-one] at org.jboss.as.server.mgmt.domain.ServerBootOperationsService$1.run(ServerBootOperationsService.java:68) > [Server:server-one] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [Server:server-one] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [Server:server-one] at java.lang.Thread.run(Thread.java:748) > [Server:server-one] at org.jboss.threads.JBossThread.run(JBossThread.java:320) > [Server:server-one] Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (DIGEST-MD5) are supported > [Server:server-one] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:438) > [Server:server-one] at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:246) > [Server:server-one] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > [Server:server-one] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > [Server:server-one] at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > [Server:server-one] at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > [Server:server-one] at ...asynchronous invocation...(Unknown Source) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:545) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:509) > [Server:server-one] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:497) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:194) > [Server:server-one] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:118) > [Server:server-one] ... 9 more > [Server:server-one] > [Server:server-one] 15:10:51,243 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. > [Server:server-one] 15:10:51,254 INFO [org.jboss.as] (MSC service thread 1-8) WFLYSRV0050: WildFly Core 3.0.0.Beta27-SNAPSHOT "Kenny" stopped in 6ms > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3085) Update license related information

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3085?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3085: ------------------------------------- Fix Version/s: 3.0.0.Beta29 > Update license related information > ---------------------------------- > > Key: WFCORE-3085 > URL: https://issues.jboss.org/browse/WFCORE-3085 > Project: WildFly Core > Issue Type: Task > Affects Versions: 3.0.0.Beta28 > Reporter: Petr Sakař > Assignee: Brian Stansberry > Fix For: 3.0.0.Beta29 > > > Please change name of license in root pom file licenses tag to comply with the name from the first column of the license list https://spdx.org/licenses/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3085) Update license related information

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3085?page=com.atlassian.jira.plugi... ] Brian Stansberry reassigned WFCORE-3085: ---------------------------------------- Assignee: Brian Stansberry > Update license related information > ---------------------------------- > > Key: WFCORE-3085 > URL: https://issues.jboss.org/browse/WFCORE-3085 > Project: WildFly Core > Issue Type: Task > Affects Versions: 3.0.0.Beta28 > Reporter: Petr Sakař > Assignee: Brian Stansberry > > Please change name of license in root pom file licenses tag to comply with the name from the first column of the license list https://spdx.org/licenses/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1649) RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1649?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1649: ------------------------------------- Fix Version/s: 4.0.0.Alpha1 (was: 3.0.0.Beta29) I've changed my mind and am rescheduling this back to core 4. We have transformers in place for the new elytron sensitivity classifications, and the WFCORE-3107 subtask is not critical. > RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave > ------------------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-1649 > URL: https://issues.jboss.org/browse/WFCORE-1649 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Priority: Critical > Labels: domain-mode > Fix For: 4.0.0.Alpha1 > > > The management model for RBAC constraints is maintained using synthetic resources, with resources only existing for those items (SensitivityClassification and ApplicationClassification) that are registered in the current process. Operations that touch classifications unknown to that process will fail due to missing resource problems. > This is a big problem in the following scenarios: > 1) Mixed domain, where legacy slaves do not know about newly introduced classifications. > 2) Slimming scenarios where slaves are ignoring unrelated parts of the domain wide config and also don't have some extension installed, resulting in classifications registered by those extensions not being present. > A partial workaround to 1) is for the kernel to register transformers for newly introduced classifications (e.g. SERVER_SSL added in EAP 6.4.7 and EAP 7). But: > -- that doesn't help with problem 2) > -- only the kernel can register kernel transformers, so if extensions add new classifications there is no way for them to register the transformer. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2402) Required attributes of elytron key-store creation add operation

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2402?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-2402: ------------------------------------------ [~dlofthouse] Should this be closed like the downstream JBEAP-6034 is? > Required attributes of elytron key-store creation add operation > --------------------------------------------------------------- > > Key: WFCORE-2402 > URL: https://issues.jboss.org/browse/WFCORE-2402 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: ehsavoie Hugonnet > Priority: Critical > Labels: user_experience > Fix For: 4.0.0.Alpha1 > > > Minimal CLI command to create key store is > {code} > /subsystem=elytron/key-store=server:add(type="JKS") > {code} > But it has these problems: > * Password attribute has to be required. I can't think of case when that could be ommited. > * Attribute {{type}} could be optional. If not set default value can be Keystore.getDefaultType(). As model cant't express this, it can be documented in description. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3075) KeyStore password as default KeyManager password

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3075?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-3075: ------------------------------------------ Shouldn't this be an Enhancement? > KeyStore password as default KeyManager password > ------------------------------------------------ > > Key: WFCORE-3075 > URL: https://issues.jboss.org/browse/WFCORE-3075 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Kalina > Priority: Critical > Labels: keymanager, keystore, trustmanager > > In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required. > However in theory there could be cases, where no password can be intended > - key-store resource for truststore purposes (reading truststore) (but in legacy is password required) > - PKCS12 can be created without key password (but keystore password in legacy is required) > - you can create JKS programatically without keystore password > - *in legacy key password is optional (which mean keystore password is used)* > From discussion: We can make the password optional on the KeyManager so if no password is specified on the KeyManager we assume it is the one from the KeyStore. > Created analysis document for this: https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefault... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3109) WFCORE-3078 fix causes that only one AuditLogItem is written

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3109?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3109: ------------------------------------- Git Pull Request: https://github.com/wildfly/wildfly-core/pull/2660 (was: https://github.com/wildfly/wildfly-core/pull/2656) > WFCORE-3078 fix causes that only one AuditLogItem is written > ------------------------------------------------------------ > > Key: WFCORE-3109 > URL: https://issues.jboss.org/browse/WFCORE-3109 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Reporter: Rostislav Svoboda > Assignee: ehsavoie Hugonnet > Priority: Blocker > Fix For: 3.0.0.Beta29 > > > WFCORE-3078 fix causes that only one AuditLogItem is written > https://github.com/wildfly/wildfly-core/pull/2627#discussion_r129549452 > queuedItems.clear() is inside for (AuditLogItem record : queuedItems) > so only one AuditLogItem is written ? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3115) ProductConfig does not close stream to manifest

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3115?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3115: ------------------------------------- Description: This stream is not closed: {code} InputStream stream = module.getClassLoader().getResourceAsStream("META-INF/MANIFEST.MF"); Manifest manifest = null; if (stream != null) { manifest = new Manifest(stream); } {code} Perhaps this is the cause of JBEAP-12366 was: This stream is not closed: {code} InputStream stream = module.getClassLoader().getResourceAsStream("META-INF/MANIFEST.MF"); Manifest manifest = null; if (stream != null) { manifest = new Manifest(stream); } {code} Perhaps this is the cause of JBEAP-12366 > ProductConfig does not close stream to manifest > ----------------------------------------------- > > Key: WFCORE-3115 > URL: https://issues.jboss.org/browse/WFCORE-3115 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Fix For: 3.0.0.Beta29 > > > This stream is not closed: > {code} > InputStream stream = module.getClassLoader().getResourceAsStream("META-INF/MANIFEST.MF"); > Manifest manifest = null; > if (stream != null) { > manifest = new Manifest(stream); > } > {code} > Perhaps this is the cause of JBEAP-12366 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3115) ProductConfig does not close stream to manifest

by Brian Stansberry (JIRA)

Brian Stansberry created WFCORE-3115: ---------------------------------------- Summary: ProductConfig does not close stream to manifest Key: WFCORE-3115 URL: https://issues.jboss.org/browse/WFCORE-3115 Project: WildFly Core Issue Type: Bug Components: Domain Management Reporter: Brian Stansberry Assignee: Brian Stansberry Fix For: 3.0.0.Beta29 This stream is not closed: {code} InputStream stream = module.getClassLoader().getResourceAsStream("META-INF/MANIFEST.MF"); Manifest manifest = null; if (stream != null) { manifest = new Manifest(stream); } {code} Perhaps this is the cause of JBEAP-12366 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2609) CLIRolloutPlanTestCase hang

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2609?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-2609: ------------------------------------------ Thanks, [~ctomc]. I haven't noticed this since I filed it so I'll probably resolve it soon as part of a post 3 JIRA cleanup. > CLIRolloutPlanTestCase hang > --------------------------- > > Key: WFCORE-2609 > URL: https://issues.jboss.org/browse/WFCORE-2609 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > Priority: Critical > Attachments: WFCORE-2609_threads.txt > > > Hang: > https://ci.wildfly.org/viewLog.html?buildId=53176&buildTypeId=WF_MasterWi... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 3 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2017