[jboss-jira] [JBoss JIRA] (WFLY-6915) Mod cluster not working with non-root user

Matias Rand (JIRA) issues at jboss.org
Thu Nov 10 18:04:00 EST 2016 

    [ https://issues.jboss.org/browse/WFLY-6915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13320718#comment-13320718 ] 

Matias Rand commented on WFLY-6915:
-----------------------------------

Right, digging a bit deeper into the outbound-socket-binding there is an option to set Source Port. When creating an outbound-socket-binding in the web GUI (the pop-up) you don't see an option to set the source port. However, when hitting save and looking at the newly created settings the source port is actually set to 0. I initially thought that meant 0 as in undefined, but it seems indeed to be 0. There is a default outbound-socket-binding called "mail-smtp" that also has source port set to 0. When using jboss-cli to see the outbound-socket-binding settings the "mail-smtp" binding is showing "undefined" for the source port, but my newly created binding is indeed showing 0.
So, setting the source port in the binding to something above 1024 seems to work like a charm, running EAP as a non-root user.
Thank you for pointing me in the right direction.

> Mod cluster not working with non-root user
> ------------------------------------------
>
>                 Key: WFLY-6915
>                 URL: https://issues.jboss.org/browse/WFLY-6915
>             Project: WildFly
>          Issue Type: Bug
>          Components: mod_cluster
>    Affects Versions: 10.0.0.Final
>         Environment: OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core) 
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: *disabled with no rules
> #wildfly: 10.0.0.Final
> #httpd:
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
> #modcluster/httpd version: 1.2.6
>            Reporter: Rafael Pereira
>            Assignee: Radoslav Husar
>
> When I run wildfly with a non-root user(wildfly)  mod_cluster won't work. I got this error:
> 14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
> This happens when I use port-offset>0 and run wildfly service.
> However, if I run with root user, this error won't happen
> Steps to reproduce
> 1. Adding user
> {code:shell}
> groupadd -r wildfly
> useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
> {code}
> 2. use init.d or systemd script
> {code:shell}
> wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
> {code}
> 3. start wildfly and register proxy list and socket binding
> {code:shell}
> /socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
> /profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
> {code}
> 4. edit wildfly.conf
> {code:shell}
> JBOSS_HOME="/opt/wildfly/server"
> JBOSS_USER=wildfly
> JBOSS_MODE=domain
> JBOSS_HOST_CONFIG=host.xml
> JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
> JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
> {code}
> 5. edit httpd.conf
> {code}
> LoadModule slotmem_module modules/mod_slotmem.so
> LoadModule manager_module modules/mod_manager.so
> LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
> LoadModule advertise_module modules/mod_advertise.so
> Listen 6666
> <VirtualHost *:6666>
>     <Location />
>         Order deny,allow
>         Deny from all
>         Allow from 11.12.13
>     </Location>
>     <Location /mcm>
>         SetHandler mod_cluster-manager
>         Order deny,allow
>         Allow from all
>     </Location>
>     KeepAliveTimeout 300
>     MaxKeepAliveRequests 0
>     Timeout 5400
>     ProxyTimeout 5400
>     EnableMCPMReceive On
>     ManagerBalancerName   myCluster
>     ServerAdvertise Off 
>     ErrorLog logs/cluster-error.log
>     CustomLog logs/cluster-access.log INFO
> </VirtualHost>
> {code}
> 6. Run with service or systemctl command: *service wildfly start*
> *Environment:*
> OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core) 
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: * disabled and no rules set
> *wildfly:* 10.0.0.Final
> *httpd:*
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
>  *modcluster/httpd version:* 1.2.6



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list