[jboss-jira] [JBoss JIRA] (WFCORE-3949) Cannot use server-file audit logger handler in JMX audit logging

Brian Stansberry (JIRA) issues at jboss.org
Tue Jul 17 12:20:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFCORE-3949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13607060#comment-13607060 ] 

Brian Stansberry commented on WFCORE-3949:
------------------------------------------

This shouldn't work.  The file-handler=server-file resource is meant for use with the server-logger=audit-log resource. That resource has no Stage.RUNTIME logging effect on the HC; it only exists as a store of configuration that the HC uses when it creates a configuration for a server it will launch. So  _on the HC process_ it never actually tries to use a logging handler that file-handler=server-file would configure

If you tried to point /host=master/core-service=management/access=audit/logger=audit-log at the server-file I believe you would get the same problem, as that resource actually tries to log on the HC.

The check of the jboss.server.data.dir capability reference passes basically because of a hack. The file-handler resource is dual use (HC and server) so we need to allow a config that will be useful for creating the server's config. But we want to validate the relative-to, so we hack in capabilities in the HC process for the well-known server paths.  But those paths do not actually exist in the HC process. And they shouldn't; there is no single valid jboss.server.data.dir in an HC process as the HC can create multiple servers, each of which would have a different dir.

Perhaps this could be improved to fail in a better way.  But I think it will be hard to do and this seems like a corner case not worth the effort.

Really in host.xml there should be a separate server-xxx-handler resources, and only those can be referenced from the server-logger=audit-log resource.  And the logger=audit-log resource cannot reference those.  But adding that kind of restriction to the server-logger=audit-log resource would be an incompatible change.  There would also need to be a bunch of resource types added, as there are 5 different variants of handler.

> Cannot use server-file audit logger handler in JMX audit logging 
> -----------------------------------------------------------------
>
>                 Key: WFCORE-3949
>                 URL: https://issues.jboss.org/browse/WFCORE-3949
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: JMX, Logging
>            Reporter: Yeray Borges
>            Assignee: Yeray Borges
>
> When we are working in domain mode, we can register two kinds of audit logger handlers into JMX audit logging.
> Those predefined handlers are {{host-file}} handler, which has a log file relative to {{jboss.domain.data.dir}}, and {{server-file}} handler, which has a log file relative to {{jboss.server.data.dir}}.
> When we try to register {{server-file}} handler into JMX audit logging, its relative path cannot be resolved and when a log entry is written, we can see the following error log:
> {code:java}
> ERROR [org.jboss.as.controller.management-operation] (MSC service thread 1-1) WFLYCTL0037: Update of the management operation audit log failed in handler 'server-file': java.lang.IllegalArgumentException: WFLYCTL0256: Could not find a path called 'jboss.server.data.dir'
> [Host Controller] 	at org.jboss.as.controller.services.path.PathManagerService.resolveRelativePathEntry(PathManagerService.java:110)
> [Host Controller] 	at org.jboss.as.controller.audit.AbstractFileAuditLogHandler.initialize(AbstractFileAuditLogHandler.java:62)
> [Host Controller] 	at org.jboss.as.controller.audit.AuditLogHandler.writeLogItem(AuditLogHandler.java:82)
> [Host Controller] 	at org.jboss.as.controller.audit.ManagedAuditLoggerImpl.writeLogItem(ManagedAuditLoggerImpl.java:266)
> [Host Controller] 	at org.jboss.as.controller.audit.ManagedAuditLoggerImpl.storeLogItem(ManagedAuditLoggerImpl.java:248)
> [Host Controller] 	at org.jboss.as.controller.audit.ManagedAuditLoggerImpl.logJmxMethodAccess(ManagedAuditLoggerImpl.java:122)
> [Host Controller] 	at org.jboss.as.jmx.PluggableMBeanServerImpl$LogAction.doLog(PluggableMBeanServerImpl.java:1281)
> [Host Controller] 	at org.jboss.as.jmx.PluggableMBeanServerImpl.log(PluggableMBeanServerImpl.java:1184)
> [Host Controller] 	at org.jboss.as.jmx.MBeanServerAuditLogRecordFormatter.log(MBeanServerAuditLogRecordFormatter.java:331)
> [Host Controller] 	at org.jboss.as.jmx.MBeanServerAuditLogRecordFormatter.registerMBean(MBeanServerAuditLogRecordFormatter.java:147)
> [Host Controller] 	at org.jboss.as.jmx.PluggableMBeanServerImpl.registerMBean(PluggableMBeanServerImpl.java:880)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor$1.run(EnhancedQueueExecutor.java:385)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor$1.run(EnhancedQueueExecutor.java:379)
> [Host Controller] 	at java.security.AccessController.doPrivileged(Native Method)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor.<init>(EnhancedQueueExecutor.java:379)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor$Builder.build(EnhancedQueueExecutor.java:671)
> [Host Controller] 	at org.jboss.as.controller.remote.AbstractModelControllerOperationHandlerFactoryService.start(AbstractModelControllerOperationHandlerFactoryService.java:112)
> [Host Controller] 	at org.jboss.as.host.controller.mgmt.MasterDomainControllerOperationHandlerService.start(MasterDomainControllerOperationHandlerService.java:90)
> [Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
> [Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
> [Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
> [Host Controller] 	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> [Host Controller] 	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> [Host Controller] 	at java.lang.Thread.run(Thread.java:748)
> {code}
> Registering a {{host-file}} does not throw any errors and work as expected. Althought there is a capability reference to jboss.server.data.dir in HostPathManagerService, when the handler is registered for JMX, jboss.server.data.dir cannot be resolved.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list