[wildfly-dev] Subsystems changing their own configuration model

Brian Stansberry brian.stansberry at redhat.com
Tue Sep 13 16:40:58 EDT 2016


> On Sep 13, 2016, at 5:46 AM, Tristan Tarrant <ttarrant at redhat.com> wrote:
> 
> We would like to allow a subsystem to modify its configuration model by 
> itself at runtime. The use case for this is that we would like to let a 
> remote Hot Rod client create a cache on an Infinispan server and making 
> that configuration persistent across restarts. I understand this is 
> creating management ops which are orthogonal to the server’s.
> 

There is nothing fundamental that says you can’t do this so long as you’re not trying to execute these ops as part of the start/stop of an MSC service. It doesn’t sound like that’s the case.

It does sound though like you want to expose management over the non-management interface. That’s a significant security hole.


> I guess that in standalone mode this wouldn't be too much of an issue, 
> with two caveats:
> - all nodes in a cluster should apply the changes to their own 
> configuration, leveraging the model rollback mechanism to handle 
> failures on other nodes

There is no multi-process model rollback mechanism with standalone servers.

> - new nodes joining the cluster (and therefore with a possibly outdated 
> configuration) would receive the configuration of caches already running 
> in the cluster and applying them locally
> 

How does this happen?

> The real tricky bit is obviously domain mode. The server receiving the 
> cache creation request would need to delegate it to the DC who would 
> then apply it across the profile. However this clashes with the fact 
> that, as far as I know, there is no way for a server to communicate with 
> its DC. Is this type of functionality planned ?
> 

Not actively. We looked into it a bit in the context of DOMAIN_PING but for that use case it became apparent that invoking a bunch of management ops against the DC was a non-scalable solution. This sounds different; a server would need to figure out what profile stores the infinispan subsystem config (it may not be the final one associated with the server group since profile x can include profile y) and then make a change to that profile. That’s scalable.

If we set up this kind of connection we’d need to ensure the caller’s security context propagates. Having an external request come in to a server and then get treated by the DC as if it were from a trusted caller like a slave HC or server would be bad.

> I have created a document which describes what we'd like to do at [1]
> 
> Tristan
> 
> 
> [1] https://github.com/infinispan/infinispan/wiki/Create-Cache-over-HotRod
> 
> -- 
> Tristan Tarrant
> Infinispan Lead
> JBoss, a division of Red Hat
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev

-- 
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat






More information about the wildfly-dev mailing list