[JBoss JIRA] (WFLY-6781) Wildfly cluster's failover functionality doesn't work as expected
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-6781?page=com.atlassian.jira.plugin.... ]
Kabir Khan closed WFLY-6781.
----------------------------
Resolution: Out of Date
> Wildfly cluster's failover functionality doesn't work as expected
> -----------------------------------------------------------------
>
> Key: WFLY-6781
> URL: https://issues.jboss.org/browse/WFLY-6781
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 8.2.0.Final
> Reporter: Preeta Kuruvilla
> Assignee: Jeff Mesnil
> Attachments: domain.Node1.xml, host.Node1.xml, host.Node2.xml, server.RC.Node1.AfterFailover.log, server.RC.Node1.BeforeFailover.log, server.RC.Node2.AfterFailover.log, server.RC.Node2.BeforeFailover.log, server.SL.Node1.AfterFailover.log, server.SL.Node1.BeforeFailover.log
>
>
> Following are the testing scenarios we did and the outcome:-
> 1. Network disabling on a VM for testing failover – Not working for both Linux and Windows environment.
> 2. Power off of a VM using VMware client for testing failover – Is working on Linux environment but not working on windows environment.
> 3. Ctrl + C method to stop services on a node for testing failover – works on both linux and windows environment
> 4. Stopping server running on Node /VM using Admin Console for testing failover - works on both linux and windows environment.
> Jgroups subsystem configuration in domain.xml we have is below:-
> <subsystem xmlns="urn:jboss:domain:jgroups:2.0" default-stack="udp">
> <stack name="udp">
> <transport type="UDP" socket-binding="jgroups-udp"/>
> <protocol type="PING"/>
> <protocol type="MERGE3"/>
> <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
> <protocol type="FD_ALL"/>
> <protocol type="VERIFY_SUSPECT"/>
> <protocol type="pbcast.NAKACK2"/>
> <protocol type="UNICAST3"/>
> <protocol type="pbcast.STABLE"/>
> <protocol type="pbcast.GMS"/>
> <protocol type="UFC"/>
> <protocol type="MFC"/>
> <protocol type="FRAG2"/>
> <protocol type="RSVP"/>
> </stack>
> <stack name="tcp">
> <transport type="TCP" socket-binding="jgroups-tcp"/>
> <protocol type="MPING" socket-binding="jgroups-mping"/>
> <protocol type="MERGE2"/>
> <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
> <protocol type="FD"/>
> <protocol type="VERIFY_SUSPECT"/>
> <protocol type="pbcast.NAKACK2"/>
> <protocol type="UNICAST3"/>
> <protocol type="pbcast.STABLE"/>
> <protocol type="pbcast.GMS"/>
> <protocol type="MFC"/>
> <protocol type="FRAG2"/>
> <protocol type="RSVP"/>
> </stack>
> </subsystem>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (ELY-1519) Make restore of SecurityIdentity on replicated session configurable
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1519?page=com.atlassian.jira.plugin.s... ]
Martin Choma updated ELY-1519:
------------------------------
Steps to Reproduce:
clones of testNodeRestart, testFailover, testChangeNode from SPNEGOSessionManualHaTest using new flag
{code}
git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/tests-ldap-kerberos.git
./build-eap71.sh -Deap -Dversion.jboss.bom=7.2.0.EL12.Beta1 -Dversion.wildfly.core=4.0.0.Beta1-redhat-1 -Dmaven.repo.local=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2.0.EL12.Beta1-maven-repository/maven-repository -Djboss.dist=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2 -Dtest=SPNEGOSessionManualHaTest
{code}
was:
clones of testNodeRestart, testFailover, testChangeNode from SPNEGOSessionManualHaTest using new flag
/code git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git
./build-eap71.sh -Deap -Dversion.jboss.bom=7.2.0.EL12.Beta1 -Dversion.wildfly.core=4.0.0.Beta1-redhat-1 -Dmaven.repo.local=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2.0.EL12.Beta1-maven-repository/maven-repository -Djboss.dist=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2 -Dtest=SPNEGOSessionManualHaTest
> Make restore of SecurityIdentity on replicated session configurable
> -------------------------------------------------------------------
>
> Key: ELY-1519
> URL: https://issues.jboss.org/browse/ELY-1519
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Final
> Reporter: Martin Choma
>
> Currently in clustered environment Security Identity is restored during
> * failover
> * load balancer change node (not sticky behaviour)
> * session passivation/activation
> This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.
> So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.
> This is follow up on ELY-1503
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (ELY-1519) Make restore of SecurityIdentity on replicated session configurable
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1519?page=com.atlassian.jira.plugin.s... ]
Martin Choma updated ELY-1519:
------------------------------
Description:
Currently in clustered environment Security Identity is restored during
* failover
* load balancer change node (not sticky behaviour)
* session passivation/activation
This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.
So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.
was:
Currently in clustered environment Security Identity is restored during
* failover
* load balancer change node (not sticky behaviour)
* session passivation/activation
This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.
So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.
This is follow up on ELY-1503
> Make restore of SecurityIdentity on replicated session configurable
> -------------------------------------------------------------------
>
> Key: ELY-1519
> URL: https://issues.jboss.org/browse/ELY-1519
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Final
> Reporter: Martin Choma
>
> Currently in clustered environment Security Identity is restored during
> * failover
> * load balancer change node (not sticky behaviour)
> * session passivation/activation
> This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.
> So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (ELY-1519) Make restore of SecurityIdentity on replicated session configurable
by Martin Choma (JIRA)
Martin Choma created ELY-1519:
---------------------------------
Summary: Make restore of SecurityIdentity on replicated session configurable
Key: ELY-1519
URL: https://issues.jboss.org/browse/ELY-1519
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Mechanisms
Affects Versions: 1.2.0.Final
Reporter: Martin Choma
Currently in clustered environment Security Identity is restored during
* failover
* load balancer change node (not sticky behaviour)
* session passivation/activation
This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.
So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.
This is follow up on ELY-1503
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months