Re: [wildfly-dev] [infinispan-dev] WFLYTX0013 in the Infinispan Openshift Template
by Sebastian Laskawiec
Adding +WildFly Dev <wildfly-dev(a)lists.jboss.org> to the loop
Thanks for the explanation Rado.
TL;DR: A while ago Sanne pointed out that we do not set `node-identifier`
in transaction subsystem by default. The default value for the
`node-identifier` attribute it `1`. Not setting this attribute might cause
problems in transaction recovery. Perhaps we could follow Rado's idea and
set it to node name by default?
Some more comments inlined.
Thanks,
Sebastian
On Fri, Apr 13, 2018 at 7:07 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Hi Sebastian,
>
> On Wed, Apr 11, 2018 at 2:31 PM, Sebastian Laskawiec
> <slaskawi(a)redhat.com> wrote:
> > Hey Rado, Paul,
> >
> > I started looking into this issue and it turned out that WF subsystem
> > template doesn't provide `node-identifier` attribute [1].
>
> I assume you mean that the default WildFly server profiles do not
> explicitly define the attribute. Right – thus the value defaults in
> the model to "1"
>
> https://github.com/wildfly/wildfly/blob/master/transactions/src/main/java...
> which sole intention seems to be to log a warning on boot if the value
> is unchanged.
> Why they decided on a constant that will be inherently not unique as
> opposed to defaulting to the node name (which we already require to be
> unique) as clustering node name or undertow instance-id does, is
> unclear to me.
> Some context is on https://issues.jboss.org/browse/WFLY-1119.
>
In OpenShift environment we could set it to `hostname`. This is guaranteed
to be unique in whole OpenShift cluster.
>
> > I'm not sure if you guys are the right people to ask, but is it safe to
> > leave it set to default? Or shall I override our Infinispan templates and
> > add this parameter (as I mentioned before, in OpenShift this I wanted to
> set
> > it as Pod name trimmed to the last 23 chars since this is the limit).
>
> It is not safe to leave it set to "1" as that results in inconsistent
> processing of transaction recovery.
> IIUC we already set it to the node name for both EAP and JDG
>
> https://github.com/jboss-openshift/cct_module/blob/master/os-eap70-opensh...
>
> https://github.com/jboss-openshift/cct_module/blob/master/os-jdg7-conffil...
> which in turn defaults to the pod name – so which profiles are we
> talking about here?
>
Granted, we set it by default in CCT Modules. However in Infinispan we just
grab provided transaction subsystem when rendering full configuration from
featurepacks:
https://github.com/infinispan/infinispan/blob/master/server/integration/f...
The default configuration XML doesn't contain the `node-identifier`
attribute. I can add it manually in the cloud.xml but I believe the right
approach is to modify the transaction subsystem.
> Rado
>
> > Thanks,
> > Seb
> >
> > [1] usually set to node-identifier="${jboss.node.name}"
> >
> >
> > On Mon, Apr 9, 2018 at 10:39 AM Sanne Grinovero <sanne(a)infinispan.org>
> > wrote:
> >>
> >> On 9 April 2018 at 09:26, Sebastian Laskawiec <slaskawi(a)redhat.com>
> wrote:
> >> > Thanks for looking into it Sanne. Of course, we should add it (it can
> be
> >> > set
> >> > to the same name as hostname since those are unique in Kubernetes).
> >> >
> >> > Created https://issues.jboss.org/browse/ISPN-9051 for it.
> >> >
> >> > Thanks again!
> >> > Seb
> >>
> >> Thanks Sebastian!
> >>
> >> >
> >> > On Fri, Apr 6, 2018 at 8:53 PM Sanne Grinovero <sanne(a)infinispan.org>
> >> > wrote:
> >> >>
> >> >> Hi all,
> >> >>
> >> >> I've started to use the Infinispan Openshift Template and was
> browsing
> >> >> through the errors and warnings this produces.
> >> >>
> >> >> In particular I noticed "WFLYTX0013: Node identifier property is set
> >> >> to the default value. Please make sure it is unique." being produced
> >> >> by the transaction system.
> >> >>
> >> >> The node id is usually not needed for developer's convenience and
> >> >> assuming there's a single node in "dev mode", yet clearly the
> >> >> Infinispan template is meant to work with multiple nodes running so
> >> >> this warning seems concerning.
> >> >>
> >> >> I'm not sure what the impact is on the transaction manager so I asked
> >> >> on the Narayana forums; Tom pointed me to some thourough design
> >> >> documents and also suggested the EAP image does set the node
> >> >> identifier:
> >> >> - https://developer.jboss.org/message/981702#981702
> >> >>
> >> >> WDYT? we probably want the Infinispan template to set this as well,
> or
> >> >> silence the warning?
> >> >>
> >> >> Thanks,
> >> >> Sanne
> >> >> _______________________________________________
> >> >> infinispan-dev mailing list
> >> >> infinispan-dev(a)lists.jboss.org
> >> >> https://lists.jboss.org/mailman/listinfo/infinispan-dev
> >> >
> >> >
> >> > _______________________________________________
> >> > infinispan-dev mailing list
> >> > infinispan-dev(a)lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/infinispan-dev
> >> _______________________________________________
> >> infinispan-dev mailing list
> >> infinispan-dev(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
6 years, 4 months
Is there any change in module concepts between jboss and wildfly
by wildflyuser
1) Is there any change in module concepts between jboss and wildfly ?
2) In jobss we have folder as <JBossHome>/modules in wildfly
<wildfly_home_9.0.2>modules/system/layers/base. Is there any difference ?
3) As part of upgrade if we reuse/copy folder from <JBossHome>/modules to
<wildfly_home_9.0.2>modules/
so that my deployed application should consider only modules from
<wildfly_home_9.0.2>modules/ and it should not consider
<wildfly_home_9.0.2>modules/system/layers/base
Which will make the upgrade easier to proceed step by step.
--
Sent from: http://wildfly-development.1055759.n5.nabble.com/
6 years, 5 months
How to set an authorized identity to EltyronSecurity Context
by Alessio Soldano
As suggested by Darran, I'm forwarding the message below to the list on
behalf of Jim.
The classes Jim is referring to are at
https://github.com/wildfly/wildfly/tree/master/webservices/server-integra...
---------- Forwarded message ----------
From: Jim Ma <ema(a)redhat.com>
Date: Wed, May 30, 2018 at 9:03 AM
Subject: Set an authorized identity to EltyronSecurity Context
To: Darran Lofthouse <darran.lofthouse(a)redhat.com>
Cc: Alessio Soldano <asoldano(a)redhat.com>
Hi Darran,
We are helping look at a customer issue which requires propagate the
authenticated subject from webservice subsystem to
ejb subystem. With old security domain , we can do this with creating a
subject :
@Override
public void pushSubjectContext(final Subject subject, final Principal
principal, final Object credential) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
SecurityContext securityContext =
SecurityContextAssociation.getSecurityContext();
if (securityContext == null) {
securityContext = createSecurityContext(getSecur
ityDomain());
setSecurityContextOnAssociation(securityContext);
}
securityContext.getUtil().createSubjectInfo(principal, credential, subject);
return null;
}
});
}
After Elytron, what is the equivalent thing to do this then ejb can
retrieve this security without check this twice ?
Thanks,
Jim
--
Alessio Soldano
Associate Manager
Red Hat
<https://www.redhat.com>
<https://red.ht/sig>
6 years, 5 months
Action Required: Security Manager issues
by David Lloyd
Now that WildFly 13 is released, I would like to ask that everyone
please take some time to prioritize and solve the security manager
related issues in their area. These can be found using the query
below [1]. If the underlying issue is in an upstream project, please
add a "caused by" link to the project in question.
If you are not the right person to address a certain issue, then
please /cc the right person before you unwatch it to ensure that no
issues fall through the cracks.
It is my goal to have the security manager CI build [2] running
cleanly and integrated into PR processing before the WildFly 14
release.
Note that some SM problems don't appear as test failures. I plan to
introduce a mechanism whereby all access check failures are logged and
we can review this log (perhaps automatically) on each test run. This
however is going to be a future enhancement.
[1] https://issues.jboss.org/issues?jql=(assignee%20%3D%20currentUser()%20or%..."security-manager"
[2] https://ci.wildfly.org/viewType.html?buildTypeId=WF_MasterSecurityManager
--
- DML
6 years, 5 months
wildfly-9.0.2.Final: Failed to start service jboss.deployment.unit."app.ear".WeldStartService:
by wildflyuser
Not sure what we are missing, getting below error. Upraded from
jboss-as-7.1.1.Final to wildfly-9.0.2.Final
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001:
Failed to start service jboss.deployment.unit."app.ear".WeldStartService:
org.jboss.msc.service.StartException in service
jboss.deployment.unit."app.ear".WeldStartService: Failed to start service
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.jboss.weld.exceptions.DeploymentException: WELD-001408:
Unsatisfied dependencies for type ServiceLocator with qualifiers @Default
at injection point [UnbackedAnnotatedField] @Inject private
org.glassfish.jersey.server.mvc.internal.ViewableMessageBodyWriter.serviceLocator
at
org.glassfish.jersey.server.mvc.internal.ViewableMessageBodyWriter.serviceLocator(ViewableMessageBodyWriter.java:0)
at
org.jboss.weld.bootstrap.Validator.validateInjectionPointForDeploymentProblems(Validator.java:359)
at
org.jboss.weld.bootstrap.Validator.validateInjectionPoint(Validator.java:281)
at
org.jboss.weld.bootstrap.Validator.validateGeneralBean(Validator.java:134)
at org.jboss.weld.bootstrap.Validator.validateRIBean(Validator.java:155)
at org.jboss.weld.bootstrap.Validator.validateBean(Validator.java:518)
at
org.jboss.weld.bootstrap.ConcurrentValidator$1.doWork(ConcurrentValidator.java:68)
at
org.jboss.weld.bootstrap.ConcurrentValidator$1.doWork(ConcurrentValidator.java:66)
at
org.jboss.weld.executor.IterativeWorkerTaskFactory$1.call(IterativeWorkerTaskFactory.java:60)
at
org.jboss.weld.executor.IterativeWorkerTaskFactory$1.call(IterativeWorkerTaskFactory.java:53)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
--
Sent from: http://wildfly-development.1055759.n5.nabble.com/
6 years, 5 months
JDK 11 Early Access build 15 is available for download.
by Rory O'Donnell
Hi Jason/Tomaz,
**JDK 11 EA build 15 , *****under both the GPL and Oracle EA licenses,
is now available at **http://jdk.java.net/11**. **
*
* Newly approved Schedule, status & features
o http://openjdk.java.net/projects/jdk/11/
* Release Notes:
o http://jdk.java.net/11/release-notes
* Summary of changes
o http://jdk.java.net/11/changes
*Notable changes in JDK 11 EA builds since last email:*
* b15 - JDK-8201627 <http://bugs.openjdk.java.net/browse/JDK-8201627>
- Kerberos sequence number issues
* b13 - JDK-8200146 <http://bugs.openjdk.java.net/browse/JDK-8200146>
- Removal of appletviewer launcher
o deprecated in JDK 9 and has been removed in this release
* b13 - JDK-8201793 <http://bugs.openjdk.java.net/browse/JDK-8201793>
- java.lang.ref.Reference does not support cloning
**
**
JEPs proposed to target JDK 11 (review ends 2018/05/31 23:00 UTC)
330: Launch Single-File Source-Code Programs
<http://openjdk.java.net/jeps/330>
JEPs targeted to JDK 11, so far
309: Dynamic Class-File Constants <http://openjdk.java.net/jeps/309>
318: Epsilon: A No-Op Garbage Collector
<http://openjdk.java.net/jeps/318>
320: Remove the Java EE and CORBA Modules
<http://openjdk.java.net/jeps/320>
321: HTTP Client (Standard) <http://openjdk.java.net/jeps/321>
323: Local-Variable Syntax for Lambda Parameters
<http://openjdk.java.net/jeps/323>
324: Key Agreement with Curve25519 and Curve448
<http://openjdk.java.net/jeps/324>
327: Unicode 10 <http://openjdk.java.net/jeps/327>
328: Flight Recorder <http://openjdk.java.net/jeps/328>
329: ChaCha20 and Poly1305 Cryptographic Algorithms
<http://openjdk.java.net/jeps/329>
Finally, Initial TLSv1.3 implementation Released to the Open Sandbox.
Please note well: this branch is under
very active development and is not final by any means. Also note: by
releasing this code, we are not committing
a specific release or timeframe. We will continue development and fixing
bugs until the code is ready for inclusion
in the JDK. We welcome your feedback, more info [1]
Regards,
Rory
[1]
http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
--
Rgds,Rory O'Donnell
Quality Engineering Manager
Oracle EMEA, Dublin,Ireland
6 years, 5 months
Upgrade jboss.7.1.1 to wildfly.9.0.2: WFLYCTL0180: Services with missing/unavailable dependencies
by wildflyuser
Upgrade jboss.7.1.1 to wildfly.9.0.2: WFLYCTL0180: Services with
missing/unavailable dependencies
2018-05-29 12:05:54,264 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address:
([("deployment" => "adapters.ear")]) - failure description: {"WFLYCTL0288:
One or more services were unable to start due to one or more indirect
dependencies not being available." => {
"Services that were unable to start:" => [
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".component.\"com.sun.faces.config.ConfigureListener\".START",
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".component.\"javax.faces.webapp.FacetTag\".START",
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".component.\"javax.servlet.jsp.jstl.tlv.PermittedTaglibsTLV\".START",
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".component.\"javax.servlet.jsp.jstl.tlv.ScriptFreeTLV\".START",
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".deploymentCompleteService",
"jboss.deployment.subunit.\"adapters.ear\".\"modules.war\".ejb3.client-context.registration-service",
"jboss.deployment.unit.\"adapters.ear\".deploymentCompleteService",
"jboss.deployment.unit.\"adapters.ear\".ejb3.client-context.registration-service",
"jboss.naming.context.java.module.adaptersapp.modules.ORB",
"jboss.undertow.deployment.default-server.default-host./modules",
"jboss.undertow.deployment.default-server.default-host./modules.UndertowDeploymentInfoService"
],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}}
2018-05-29 12:05:54,277 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address:
([("subsystem" => "iiop-openjdk")]) - failure description: {
"WFLYCTL0180: Services with missing/unavailable dependencies" =>
["jboss.iiop-openjdk.orb-service is missing [jboss.binding.iiop,
jboss.binding.iiop-ssl]"],
"WFLYCTL0288: One or more services were unable to start due to one or
more indirect dependencies not being available." => {
"Services that were unable to start:" => [
"jboss.iiop-openjdk.naming-service",
"jboss.iiop-openjdk.poa-service.irpoa",
"jboss.iiop-openjdk.poa-service.namingpoa",
"jboss.iiop-openjdk.poa-service.rootpoa"
],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}
}
2018-05-29 12:05:54,285 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address:
([("subsystem" => "jsr77")]) - failure description: {"WFLYCTL0288: One or
more services were unable to start due to one or more indirect dependencies
not being available." => {
"Services that were unable to start:" => ["jboss.jsr77.ejb"],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}}
2018-05-29 12:05:54,292 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address:
([("subsystem" => "ejb3")]) - failure description: {"WFLYCTL0288: One or
more services were unable to start due to one or more indirect dependencies
not being available." => {
"Services that were unable to start:" => [
"jboss.ejb.default-local-ejb-receiver-service",
"jboss.ejb3.ejbClientContext.default",
"jboss.ejb3.localEjbReceiver.value"
],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}}
2018-05-29 12:05:54,298 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "ejb3"),
("service" => "remote")
]) - failure description: {
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.ejb3.connector is missing
[jboss.remoting.remotingConnectorInfoService.http-remoting-connector]",
"jboss.clustering.registry.ejb.default.entry is missing
[jboss.remoting.remotingConnectorInfoService.http-remoting-connector]"
],
"WFLYCTL0288: One or more services were unable to start due to one or
more indirect dependencies not being available." => {
"Services that were unable to start:" =>
["jboss.ejb.remoting.connector.client-mappings.installer"],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}
}
2018-05-29 12:05:54,305 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "infinispan"),
("cache-container" => "ejb")
]) - failure description: {"WFLYCTL0288: One or more services were unable to
start due to one or more indirect dependencies not being available." => {
"Services that were unable to start:" =>
["jboss.clustering.registry.ejb.default"],
"Services that may be the cause:" => [
"jboss.binding.iiop",
"jboss.binding.iiop-ssl",
"jboss.remoting.remotingConnectorInfoService.http-remoting-connector"
]
}}
2018-05-29 12:05:55,041 ERROR [org.jboss.as] (Controller Boot Thread)
WFLYSRV0026: WildFly Full 9.0.2.Final (WildFly Core 1.0.2.Final) started
(with errors) in 26497ms - Started 5269 of 7641 services (2109 services
failed or missing dependencies, 413 services are lazy, passive or on-demand)
--
Sent from: http://wildfly-development.1055759.n5.nabble.com/
6 years, 5 months
