[jboss-jira] [JBoss JIRA] (WFLY-6915) Mod cluster not working with non-root user

Matias Rand (JIRA) issues at jboss.org
Fri Nov 11 11:19:00 EST 2016 

    [ https://issues.jboss.org/browse/WFLY-6915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13321269#comment-13321269 ] 

Matias Rand commented on WFLY-6915:
-----------------------------------

A short update. Actually, setting the source port to something above 1024 caused another issue. Modcluster will of course re-use that source port on every connection, and if the previous connection is still open (port in use) you will get an error message. So it's better to set the source port to undefined using jboss-cli:
/socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=<binding-name>:undefine-attribute(name=source-port)

Then random source ports will be used (and above 1024) for each connection modcluster creates.

> Mod cluster not working with non-root user
> ------------------------------------------
>
>                 Key: WFLY-6915
>                 URL: https://issues.jboss.org/browse/WFLY-6915
>             Project: WildFly
>          Issue Type: Bug
>          Components: mod_cluster
>    Affects Versions: 10.0.0.Final
>         Environment: OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core) 
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: *disabled with no rules
> #wildfly: 10.0.0.Final
> #httpd:
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
> #modcluster/httpd version: 1.2.6
>            Reporter: Rafael Pereira
>            Assignee: Radoslav Husar
>
> When I run wildfly with a non-root user(wildfly)  mod_cluster won't work. I got this error:
> 14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
> This happens when I use port-offset>0 and run wildfly service.
> However, if I run with root user, this error won't happen
> Steps to reproduce
> 1. Adding user
> {code:shell}
> groupadd -r wildfly
> useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
> {code}
> 2. use init.d or systemd script
> {code:shell}
> wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
> {code}
> 3. start wildfly and register proxy list and socket binding
> {code:shell}
> /socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
> /profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
> {code}
> 4. edit wildfly.conf
> {code:shell}
> JBOSS_HOME="/opt/wildfly/server"
> JBOSS_USER=wildfly
> JBOSS_MODE=domain
> JBOSS_HOST_CONFIG=host.xml
> JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
> JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
> {code}
> 5. edit httpd.conf
> {code}
> LoadModule slotmem_module modules/mod_slotmem.so
> LoadModule manager_module modules/mod_manager.so
> LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
> LoadModule advertise_module modules/mod_advertise.so
> Listen 6666
> <VirtualHost *:6666>
>     <Location />
>         Order deny,allow
>         Deny from all
>         Allow from 11.12.13
>     </Location>
>     <Location /mcm>
>         SetHandler mod_cluster-manager
>         Order deny,allow
>         Allow from all
>     </Location>
>     KeepAliveTimeout 300
>     MaxKeepAliveRequests 0
>     Timeout 5400
>     ProxyTimeout 5400
>     EnableMCPMReceive On
>     ManagerBalancerName   myCluster
>     ServerAdvertise Off 
>     ErrorLog logs/cluster-error.log
>     CustomLog logs/cluster-access.log INFO
> </VirtualHost>
> {code}
> 6. Run with service or systemctl command: *service wildfly start*
> *Environment:*
> OS's tested:
> # Red Hat Enterprise Linux Server release 6.5 (Santiago)
> # CentOS Linux release 7.2.1511 (Core) 
> *SELINUX*: Disabled
> *IPTABLES/FIREWALLD: * disabled and no rules set
> *wildfly:* 10.0.0.Final
> *httpd:*
> httpd-2.2.15-31.el6_5.x86_64
> httpd-tools-2.2.15-31.el6_5.x86_64
> httpd-devel-2.2.15-31.el6_5.x86_64
>  *modcluster/httpd version:* 1.2.6



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list