Subordinate WildFly Host Controller Post-Install Configuration: Difference between revisions
Line 93: | Line 93: | ||
==Configure Server Identity Secret== | ==Configure Server Identity Secret== | ||
===Manual Procedure=== | |||
===CLI Procedure=== | |||
==Symptoms of Failure to Authenticate with the Domain Controller== | ==Symptoms of Failure to Authenticate with the Domain Controller== |
Revision as of 02:04, 19 February 2016
Internal
Overview
This procedure is part of WildFly Unzip Installation. Once completed, return to WildFly Unzip Installation to continue the post-install procedure.
Prerequisites
The domain controller must be fully configured and up and running when configuring subordinated host controllers, since we need to interact with the domain controller during the subordinated host controller installation (create users, etc.)
host.xml Host Name
A subordinate host controller uses its host name as username when authenticating against the Management Realm of the domain controller, so the host name it is configured with is important. The host name can be hardcoded in host.xml or specified as a system property. For more details see:
Specify the Master Domain Controller
Modify $JBOSS_HOME/domain/configuration/host.xml as follows:
... <domain-controller> <remote host="1.2.3.4" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> </domain-controller> ...
Note that the management functionality can be exposed over 9999 or 9990.
It is possible to expose the master domain controller address externally as 'jboss.domain.master.address' system property. In this case, you'd have to add the following to domain.conf:
HOST_CONTROLLER_JAVA_OPTS="${HOST_CONTROLLER_JAVA_OPTS} -Djboss.domain.master.address=1.2.3.4"
However, this is NOT a good idea. If we go through a domain controller failover, promotion and unpromotion, the IP address will be written into the host.xml file directly, so the 'jboss.domain.master.address' will lose its usefulness and it will suddenly become confusing - we used a system property but also we have hardcode in the file.
For more details on jboss.domain.master.address see:
Connection Failure Symptoms
In $JBOSS_HOME/domain/log/host-controller.log:
22:36:16,823 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010900: Could not connect to remote domain controller at remote://10.155.78.202:9999 -- java.net.ConnectException: JBAS012174: Could not connect to remote://10.155.78.202:9999. The connection failed 22:36:16,828 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010900: Could not connect to remote domain controller at remote://10.155.78.202:9999 -- java.lang.IllegalStateException: JBAS010951: Could not connect to master in 11 attempts within 30000 ms 22:36:16,828 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS016581: No domain controller discovery options remain. 22:36:16,829 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS016519: Tried all domain controller discovery option(s) but unable to connect
The Host Controller's Management Interface
A subordinate host controller does not need to expose its management interface.
Specify the Backup Domain Controllers
Configure the Host Controller Identity
Host controller identity is explained here:
Add a Domain Controller Management Realm User
Add a Management Realm user on the domain controller. The user name should be the subordinated host controller host name as specified in <host name="..."> of the subordinated host controller's host.xml. The procedure must be executed on the domain controller, and it is described here:
Use the password value specified there for the Configure Server Identity Secret step.
Domain Controller High Availability and Security
In order to create "equivalent" domain controller, you could configure the users corresponding to the hosts on the primary, and then just copy the relevant content of mgmt-users.properties to the backup controllers. The passwords and their corresponding "secret" values will stay the same.
Configure Server Identity Secret
Manual Procedure
CLI Procedure
Symptoms of Failure to Authenticate with the Domain Controller
22:40:23,855 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010900: Could not connect to remote domain controller at remote://10.155.78.202:9999 -- java.lang.IllegalStateException: JBAS010942: Unable to connect due to authentication failure.
Return Here
TODO
- Configure the host controller's server-identity so it can authenticate against the domain controller. Process and deplete https://home.feodorov.com:9443/wiki/Wiki.jsp?page=JBoss7HostControllerServerIdentity#section-JBoss7HostControllerServerIdentity-Procedure
- Then deplete the remaining steps from host controller post-install configuration: https://home.feodorov.com:9443/wiki/Wiki.jsp?page=JBoss7ConfigureHostController