[jboss-jira] [JBoss JIRA] (WFLY-6915) Mod cluster not working with non-root user
Rafael Pereira (JIRA)
issues at jboss.org
Wed Aug 3 13:55:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rafael Pereira updated WFLY-6915:
---------------------------------
Description:
When I run wildfly with a non-root user(wildfly) mod_cluster won't work. I got this error:
14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
However, if I run with root user, this error won't happen
Steps to reproduce
1. Adding user
{code:shell}
groupadd -r wildfly
useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
{code}
2. use init.d or systemd script
{code:shell}
wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
{code}
3. start wildfly and register proxy list and socket binding
{code:shell}
/socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
/profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
{code}
4. edit wildfly.conf
{code:shell}
JBOSS_HOME="/opt/wildfly/server"
JBOSS_USER=wildfly
JBOSS_MODE=domain
JBOSS_HOST_CONFIG=host.xml
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
{code}
5. edit httpd.conf
{code}
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
Listen 6666
<VirtualHost *:6666>
<Location />
Order deny,allow
Deny from all
Allow from 11.12.13
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
Timeout 5400
ProxyTimeout 5400
EnableMCPMReceive On
ManagerBalancerName myCluster
ServerAdvertise Off
ErrorLog logs/cluster-error.log
CustomLog logs/cluster-access.log INFO
</VirtualHost>
{code}
6. Run with service or systemctl command: *service wildfly start*
*Environment:*
OS's tested:
# Red Hat Enterprise Linux Server release 6.5 (Santiago)
# CentOS Linux release 7.2.1511 (Core)
*SELINUX*: Disabled
*IPTABLES/FIREWALLD: * disabled and no rules set
*wildfly:* 10.0.0.Final
*httpd:*
httpd-2.2.15-31.el6_5.x86_64
httpd-tools-2.2.15-31.el6_5.x86_64
httpd-devel-2.2.15-31.el6_5.x86_64
*modcluster/httpd version:* 1.2.6
was:
When I run wildfly with a non-root user(wildfly) mod_cluster won't work. I got this error:
14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
However, if I run with root user, this error won't happen
Steps to reproduce
1. Adding user
{code:shell}
groupadd -r wildfly
useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
{code}
2. use init.d or systemd script
{code:shell}
wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
{code}
3. start wildfly and register proxy list and socket binding
{code:shell}
/socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
/profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
{code}
4. edit wildfly.conf
{code:shell}
JBOSS_HOME="/opt/wildfly/server"
JBOSS_USER=wildfly
JBOSS_MODE=domain
JBOSS_HOST_CONFIG=host.xml
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
{code}
5. edit httpd.conf
{code}
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
Listen 6666
<VirtualHost *:6666>
<Location />
Order deny,allow
Deny from all
Allow from 11.12.13
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
Timeout 5400
ProxyTimeout 5400
EnableMCPMReceive On
ManagerBalancerName myCluster
ServerAdvertise Off
ErrorLog logs/cluster-error.log
CustomLog logs/cluster-access.log INFO
</VirtualHost>
{code}
*Environment:*
OS's tested:
# Red Hat Enterprise Linux Server release 6.5 (Santiago)
# CentOS Linux release 7.2.1511 (Core)
*SELINUX*: Disabled
*IPTABLES/FIREWALLD: * disabled and no rules set
*wildfly:* 10.0.0.Final
*httpd:*
httpd-2.2.15-31.el6_5.x86_64
httpd-tools-2.2.15-31.el6_5.x86_64
httpd-devel-2.2.15-31.el6_5.x86_64
*modcluster/httpd version:* 1.2.6
> Mod cluster not working with non-root user
> ------------------------------------------
>
> Key: WFLY-6915
> URL: https://issues.jboss.org/browse/WFLY-6915
> Project: WildFly
> Issue Type: Bug
> Components: mod_cluster
> Affects Versions: 10.0.0.Final
> Environment: OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core)
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: *disabled with no rules
> #wildfly: 10.0.0.Final
> #httpd:
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
> #modcluster/httpd version: 1.2.6
> Reporter: Rafael Pereira
> Assignee: Radoslav Husar
>
> When I run wildfly with a non-root user(wildfly) mod_cluster won't work. I got this error:
> 14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
> However, if I run with root user, this error won't happen
> Steps to reproduce
> 1. Adding user
> {code:shell}
> groupadd -r wildfly
> useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
> {code}
> 2. use init.d or systemd script
> {code:shell}
> wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
> {code}
> 3. start wildfly and register proxy list and socket binding
> {code:shell}
> /socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
> /profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
> {code}
> 4. edit wildfly.conf
> {code:shell}
> JBOSS_HOME="/opt/wildfly/server"
> JBOSS_USER=wildfly
> JBOSS_MODE=domain
> JBOSS_HOST_CONFIG=host.xml
> JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
> JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
> {code}
> 5. edit httpd.conf
> {code}
> LoadModule slotmem_module modules/mod_slotmem.so
> LoadModule manager_module modules/mod_manager.so
> LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
> LoadModule advertise_module modules/mod_advertise.so
> Listen 6666
> <VirtualHost *:6666>
> <Location />
> Order deny,allow
> Deny from all
> Allow from 11.12.13
> </Location>
> <Location /mcm>
> SetHandler mod_cluster-manager
> Order deny,allow
> Allow from all
> </Location>
> KeepAliveTimeout 300
> MaxKeepAliveRequests 0
> Timeout 5400
> ProxyTimeout 5400
> EnableMCPMReceive On
> ManagerBalancerName myCluster
> ServerAdvertise Off
> ErrorLog logs/cluster-error.log
> CustomLog logs/cluster-access.log INFO
> </VirtualHost>
> {code}
> 6. Run with service or systemctl command: *service wildfly start*
> *Environment:*
> OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core)
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: * disabled and no rules set
> *wildfly:* 10.0.0.Final
> *httpd:*
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
> *modcluster/httpd version:* 1.2.6
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list