[jboss-jira] [JBoss JIRA] (WFLY-12830) interface "any" tag not working as expected
Yann Le Tallec (Jira)
issues at jboss.org
Wed Nov 27 08:43:00 EST 2019
[ https://issues.jboss.org/browse/WFLY-12830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yann Le Tallec updated WFLY-12830:
----------------------------------
Description:
The {{<any>}} tag in the {{interface}} configuration of {{standalone.xml}} should accept any connection that matches ANY of the provided rules. This is not the case as demonstrated by the example below.
This configuration allows to run {{jboss-cli.sh -c}} from the machine where wildfly is running as expected:
{code:xml}
<interfaces>
<interface name="management">
<any>
<inet-address value="127.0.0.1"/>
</any>
</interface>
</interfaces>
{code}
But if I add another (VALID) IP address inside the any tag, I can't connect any more:
{code:xml}
<interfaces>
<interface name="management">
<any>
<inet-address value="127.0.0.1"/>
<inet-address value="10.20.230.26"/>
</any>
</interface>
</interfaces>
{code}
With the latter configuration, {{connect}} fails with the following error:
{noformat}
>The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: Connection refused
{noformat}
Note: to easily reproduce the problem from the cli, starting from a fresh standalone install:
{code:bash}
connect
/interface=management:undefine-attribute(name=inet-address)
/interface=management:undefine-attribute(name=any)
/interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1]})
reload
/interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1,10.20.230.26]})
reload
{code}
Notes:
- 10.20.230.26 must be a reachable IP - if I use a random one I can connect normally.
- if I use {{subnet-match}} I get the same issue
was:
The {{<any>}} tag in the {{interface}} configuration of {{standalone.xml}} should accept any connection that matches ANY of the provided rules. This is not the case as demonstrated by the example below.
This configuration allows to run {{jboss-cli.sh -c}} from the machine where wildfly is running as expected:
{code:xml}
<interfaces>
<interface name="management">
<any>
<inet-address value="127.0.0.1"/>
</any>
</interface>
</interfaces>
{code}
But if I add another address inside the any tag, I can't connect any more:
{code:xml}
<interfaces>
<interface name="management">
<any>
<inet-address value="127.0.0.1"/>
<inet-address value="10.20.230.26"/>
</any>
</interface>
</interfaces>
{code}
With the latter configuration, {{connect}} fails with the following error:
{noformat}
>The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: Connection refused
{noformat}
Note: to easily reproduce the problem from the cli, starting from a fresh standalone install:
{code:bash}
connect
/interface=management:undefine-attribute(name=inet-address)
/interface=management:undefine-attribute(name=any)
/interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1]})
reload
/interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1,10.20.230.26]})
reload
{code}
Notes:
- if I use 10.20.230.1 instead of 230.26 the connection works normally.
- if I use {{subnet-match}} I get the same issue
> interface "any" tag not working as expected
> -------------------------------------------
>
> Key: WFLY-12830
> URL: https://issues.jboss.org/browse/WFLY-12830
> Project: WildFly
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 17.0.1.Final
> Environment: Ubuntu 18.02
> Reporter: Yann Le Tallec
> Assignee: Darran Lofthouse
> Priority: Major
>
> The {{<any>}} tag in the {{interface}} configuration of {{standalone.xml}} should accept any connection that matches ANY of the provided rules. This is not the case as demonstrated by the example below.
> This configuration allows to run {{jboss-cli.sh -c}} from the machine where wildfly is running as expected:
> {code:xml}
> <interfaces>
> <interface name="management">
> <any>
> <inet-address value="127.0.0.1"/>
> </any>
> </interface>
> </interfaces>
> {code}
> But if I add another (VALID) IP address inside the any tag, I can't connect any more:
> {code:xml}
> <interfaces>
> <interface name="management">
> <any>
> <inet-address value="127.0.0.1"/>
> <inet-address value="10.20.230.26"/>
> </any>
> </interface>
> </interfaces>
> {code}
> With the latter configuration, {{connect}} fails with the following error:
> {noformat}
> >The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: Connection refused
> {noformat}
> Note: to easily reproduce the problem from the cli, starting from a fresh standalone install:
> {code:bash}
> connect
> /interface=management:undefine-attribute(name=inet-address)
> /interface=management:undefine-attribute(name=any)
> /interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1]})
> reload
> /interface=management:write-attribute(name=any,value={inet-address=[127.0.0.1,10.20.230.26]})
> reload
> {code}
> Notes:
> - 10.20.230.26 must be a reachable IP - if I use a random one I can connect normally.
> - if I use {{subnet-match}} I get the same issue
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list