[jboss-as7-dev] Remoting issues

Kabir Khan kabir.khan at jboss.com
Thu Sep 22 15:19:50 EDT 2011 

I'm trying to understand the issues in remoting subsystem vs the management usage a bit better before I dig into this. We have 3 ways remoting is set up:

1) Standalone server
a) Endpoint is set up when installing the subsystem
b) Management is set up and creates a new stream server and channel open listener for ("management") with the endpoint from a) injected

2) Host controller
a) Endpoint is set up by the bootstrap
b) Bootstrap sets up the management stream server and channel open listeners  for (using endpoint from a) injected
-"management" - i.e. traffic on the management address
-"server" - i.e. traffic from a server
-"domain" - if it is the master, to listen to traffic from slaves
c) If it is a slave it connects to the master on the "domain" channel

3) Domain mode server
a) Endpoint is set up when installing the subsystem
b) No management stream server is created
c) A channel is opened to the HC using the endpoint from a) on the "server" channel.

So, I think the issue is that the core depends on stuff set up by a subsystem? A problem in 3 is that if there is no remoting subsystem no endpoint is created, so communication with HC will not start and we will not get the subsystem config from the HC. 

Something doesn't feel quite right but I'm not sure what, so I'm throwing out some ideas.

The remoting subsystem is quite basic at the moment and the code to set up new connectors is commented out. 

So maybe we should stick with what we have for HC:
    <management>
	    <security-realms>
SNIP
	    </security-realms>
       <management-interfaces>
          <native-interface interface="management" port="9999" />
          <http-interface interface="management" port="9990"/>
       </management-interfaces>
    </management>

But for the standalone server case do something like

    <management>
       <management-interfaces>
          <native-channel name="server" />
          <http-interface interface="management" port="9990">
       </management-interfaces>
    </management>

        <subsystem xmlns="urn:jboss:domain:remoting:1.0"/>
             <connector socket-binding="remote-management">
                <security-stuff><security-stuff/>
                <channel name="server" type="management"/>
            </connector>
             <connector socket-binding="user">
                <security-stuff><security-stuff/>
                <channel name="jndi" type="jndi"/>
                <channel name="jndi" type="ejb"/>
            </connector>
        </subsystem>

Or maybe everything all goes over one socket so
        <subsystem xmlns="urn:jboss:domain:remoting:1.0"/>
             <connector socket-binding="remote-management">
                <security-stuff><security-stuff/>
                <channel name="server" type="management"/>
                <channel name="jndi" type="jndi"/>
                <channel name="jndi" type="ejb"/>
            </connector>
        </subsystem>

I'm not clear on the security side of this but we now have the http side of it securing itself in one way and the native channel in another, so maybe this is better

    <management>
       <management-interfaces>
          <native-channel name="server" />
          <http-interface interface="management" port="9990">
	    <security-realms>
SNIP
	    </security-realms>
          </http-interface>
       </management-interfaces>
    </management>


Or the alternative for the domain mode server is to use two endpoints, one for management installed by the core, and one for other stuff installed by the remoting subsystem.

More information about the jboss-as7-dev mailing list