[jboss-as7-dev] Independent / Orphaned Hosts

Darran Lofthouse dlofthou at redhat.com
Tue Feb 8 17:03:16 EST 2011 

One awkward requirement to cross off my list ;-) being a part of the domain once at least allows us a cached configuration.

Sent from my iPhone

On 8 Feb 2011, at 18:53, Brian Stansberry <brian.stansberry at redhat.com> wrote:

> No, I don't see that as a requirement.
> 
> There's a JIRA to add alternative mechanisms for the HC to discover the DC (besides a single IP address/port in host.xml) plus even the single address/port could be a variable controlled via the command line. I think those give sufficient flexibility without needing to support starting the HC under some default security policy and then configuring the DC discovery via the management API.
> 
> On 2/8/11 12:28 PM, Darran Lofthouse wrote:
>> Do you think running a host that has never connected to a domain
>> controller is something we would need to support?
>> 
>> Using the console to then set the domain controller location - or can
>> the first domain controller be required in the host.xml?
>> 
>> Regards,
>> Darran Lofthouse.
>> 
>> 
>> On 02/08/2011 06:25 PM, Brian Stansberry wrote:
>>> For a host to start without contacting the DC, we are going to require a
>>> flag to be passed on the command line; if that flag is passed the host
>>> can boot using the domain config it last received from the DC. So it
>>> would have domain configuration information that way.
>>> 
>>> We could say that passing that flag on the command line is insufficient
>>> to let the host be normally manageable and lock it down like you say.
>>> But I'm not sure trying to use an alternate security config that only
>>> lets someone (who?, authenticated how?) do some things (which things are
>>> hard coded in java) is worth it. Some alternatives:
>>> 
>>> 1) The command line flag described above applies to management security
>>> as well; i.e. the last known config is used.
>>> 
>>> 2) The command line flag does not apply to management security; a
>>> separate flag is used. If that second flag is provided, the last known
>>> config is used. If someone wants to manage the host and doesn't want to
>>> pass that flag, they need to edit the xml.
>>> 
>>> 
>>> On 2/8/11 11:01 AM, Darran Lofthouse wrote:
>>>> From some discussions today it has become apparent that we may need to
>>>> receive requests over the management APIs on hosts not currently
>>>> connected to a domain controller. The hosts may not be connected either
>>>> because the domain controller has gone or because they are a new host
>>>> not currently connected to a domain controller.
>>>> 
>>>> From a securing the management APIs perspective could it be reasonable
>>>> to consider this a special case and maybe approach it with a host
>>>> specific user account defined that if used to connect to the host will
>>>> only allow verification of the domain controller connection and
>>>> modification of the domain controller connection.
>>>> 
>>>> Anything beyond that would require a domain controller connection so
>>>> that the full configuration for management API security can be pulled
>>>> from the domain controller.
>>>> 
>>>> Regards,
>>>> Darran Lofthouse.
>>>> _______________________________________________
>>>> jboss-as7-dev mailing list
>>>> jboss-as7-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>> 
>>> 
>> 
> 
> 
> -- 
> Brian Stansberry
> Principal Software Engineer
> JBoss by Red Hat

More information about the jboss-as7-dev mailing list