-
15. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
hilner Jul 24, 2012 10:56 AM (in response to jbertram)do you have cluster working with the server-three instance?
cna you copy your configuration file?
-
16. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
johanvermeij Aug 20, 2012 7:37 PM (in response to hilner)I am trying to use 7.1.1 clustering
I have quite a bit of experience with clustering in 7.1.0
I can bring up the master and deploy an application
When I bring up a slave I get:
06:31:13,403 ERROR [org.hornetq.core.protocol.core.impl.HornetQPacketHandler] (Old I/O server worker (parentId: 1558247749, [id: 0x5ce0f945, /192.168.2.4:5695])) Failed to create session : HornetQException[errorCode=105 message=Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER]
In domain.xml I specify:
<subsystem xmlns="urn:jboss:domain:messaging:1.1"> <hornetq-server> <persistence-enabled>true</persistence-enabled> <cluster-user>HORNETQ.CLUSTER.ADMIN.USER</cluster-user> <cluster-password>????</cluster-password> <journal-file-size>102400</journal-file-size> <journal-min-files>2</journal-min-files> Questions:
1) What is the default password or how do I generate a password for ???? in master:domain.xml
2) Where do I put the hornet user and password on the slave (the slave has no domain.xml. Do I put it in host.xml. If so where please.
I have done my Google research but there is no clear answer anywhere
Thanks
-
17. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
chubinator Aug 23, 2012 3:51 PM (in response to johanvermeij)@Johan, The slave uses the ha-full profile defined in your master's domain.xml. You, like me, probably just updated the FIRST instance of the hornetq server configuration on the master. There is a second further down the domain.xml file for the full HA profile--make sure you specify it there as well and all will work. Nothing to be done on the slave side.
-
18. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
johanvermeij Aug 23, 2012 8:24 PM (in response to chubinator)I had it in both places.
I now have security disabled, I will revisit the user id and password later
<hornetq-server> <clustered>true</clustered> <persistence-enabled>true</persistence-enabled> <security-enabled>false</security-enabled> <journal-file-size>102400</journal-file-size> <journal-min-files>2</journal-min-files> -
19. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
imantas.majauskas Oct 22, 2013 7:19 AM (in response to ned233)For thoose who gets an error: Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER]
You need to setup HornetQ security (random user and password) or disable it:
See here: https://docs.jboss.org/author/display/AS71/AS7+Cluster+Howto
Setup HornetQ
The newer version of JBoss AS7 has enforced the security checking for HornetQ. So you need to some additional configurations in domain controller. Open domain.xml of master and find:
<subsystem xmlns=
"urn:jboss:domain:messaging:1.3"
>
<hornetq-server>...</hornetq-server>
</subsystem>
This is the config for hornetq, we need to put 'cluster-user' and 'cluster-password' into it:
<subsystem xmlns=
"urn:jboss:domain:messaging:1.3"
>
<hornetq-server>
<cluster-user>jms-user</cluster-user>
<cluster-password>simple-pass</cluster-password>
</hornetq-server>
</subsystem>
There are two "<subsystem xmlns="urn:jboss:domain:messaging:1.3">" config sections in domain.xml. One is for "<profile name="full">" and another for "full-ha". If you have activated both of these two profiles, then you should put the 'cluster-user' and 'cluster-password' settings in both of them.
I just have disabled hornetq security by adding <security-enabled>false</security-enabled> in two profiles "full" and "full-ha" in JBoss domain controllers (master) domain.xml file
.....
<subsystem xmlns="urn:jboss:domain:messaging:1.3">
<hornetq-server>
<security-enabled>false</security-enabled>
<persistence-enabled>true</persistence-enabled>
......
-
20. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
guoxh16 Apr 1, 2015 12:00 AM (in response to jbertram)Justin,
Currently we are using a hornet core bridge on SSL with clustering disabled. If I don't put <cluster-password>newClusterPassword</cluster-password> in hornetq-configuration.xml file, I will run into the "Unable to validate user: HORTNETQ.CLUSTER.ADMIN.USER" error. But if I do, the error will go away but the messages are not being send over the SSL core bridge.
Since we are running hornetQ without clustering, why is HORTNETQ.CLUSTER.ADMIN.USER being checked? Is that a way to turn off the default cluster user name/password check since we are not using clustering at all? Or can we use one of the users defined in hornetq-users.xml as the cluster default user? Any security concern?
Thanks a lot,
John
-
21. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
jbertram Apr 1, 2015 9:41 AM (in response to guoxh16)If you don't need clustering then remove your <cluster-connections>, <broadcast-groups>, <discovery-groups>, <cluster-user>, and <cluster-password> as necessary.
-
22. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
guoxh16 Apr 1, 2015 1:58 PM (in response to jbertram)In our hornetq-configuration.xml files, we don't have <cluster-connections>, <broadcast-groups>, <discovery-groups> settings. If I remove <cluster-user> and <cluster-password>, the "Unable to validate user: HORTNETQ.CLUSTER.ADMIN.USER" warning will show up in our log but looks like we can ignore the warning without worrying being accessed by some intruder using the default cluster admin user/password. Please confirm.
-
23. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
jbertram Apr 1, 2015 5:33 PM (in response to guoxh16)Looks like I read your comment too quickly and assumed it was the same use-case as the parent thread. However, after re-reading your original comment as well as your most recent one it looks like the use-case is quite different. Please start your own thread and explain your use-case fully. Continuing on this thread (which has already been marked as "answered") is just going to generate confusion for users down the road.
-
24. Re: AS7.1 HornetQ clustering, Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER
guoxh16 Apr 1, 2015 5:49 PM (in response to jbertram)Okay. Will create a new thread with a different subject name.