0 Replies Latest reply on Jun 5, 2014 7:04 AM by abhijeet.singh0204

    How to create domain controlled jboss cluster between two jboss nodes and HTTPS enabled on both nodes.

    abhijeet.singh0204

      Hi,

       

      I am trying to create a jboss cluster with two jboss nodes (master and slave, both on different VMs). The configuration done for the two are as below:

       

      Master:

       

      In host.xml, ssl is added in the managementRealm tag:

       

              <security-realms>

                  <security-realm name="ManagementRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>

                          </ssl>

                      </server-identities>

                      <authentication>

                          <local default-user="$local"/>

                          <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>

                      </authentication>

                      <authorization map-groups-to-roles="false">

                          <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>

                      </authorization>

                  </security-realm>

       

      Also the interface is defined as below:

          <interfaces>

              <interface name="management">

                  <inet-address value="${jboss.bind.address.management:<ip_of_master>}"/>

              </interface>

              <interface name="public">

                  <inet-address value="${jboss.bind.address:<ip_of_master>}"/>

              </interface>

              <interface name="unsecure">

                  <inet-address value="<ip_of_master>"/>

              </interface>

          </interfaces>

       

      Also on master, created two users: admin and slave. Both are Management users and in the ManagementRealm.

       

      Slave:

      On slave side, made the following changes to the host.xml

       

                  <security-realm name="ManagementRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>

                          </ssl>

             <secret value="base 64 secret value generated at the time of slave user creation" />

                      </server-identities>

                      <authentication>

                          <local default-user="$local"/>

                          <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>

                      </authentication>

                      <authorization map-groups-to-roles="false">

                          <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>

                      </authorization>

                  </security-realm>

       

         <domain-controller>

              <!--local/-->

             <remote host="<ip of master>" port="9999"/>

          </domain-controller>

       

          <interfaces>

              <interface name="management">

                  <inet-address value="${jboss.bind.address.management:<ip of slave>}"/>

              </interface>

              <interface name="public">

                  <inet-address value="${jboss.bind.address:<ip of slave>}"/>

              </interface>

              <interface name="unsecure">

                  <inet-address value="<ip of slave>"/>

              </interface>

          </interfaces>

       

      Now first restarted master jboss. Restart happened without any error. Then restarted slave jboss. Following error was seen:

       

      [Host Controller] 15:14:11,985 ERROR [org.jboss.remoting.remote.connection] (Remoting "hostname:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      [Host Controller] 15:14:11,990 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS010942: Unable to connect due to authentication failure.

      [Host Controller] 15:14:12,010 INFO  [org.jboss.as] (MSC service thread 1-4) JBAS015950: JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) stopped in 17ms

      15:14:12,333 INFO  [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) JBAS012010: Process 'Host Controller' finished with an exit status of 99

      15:14:12,336 INFO  [org.jboss.as.process] (Thread-8) JBAS012016: Shutting down process controller

      15:14:12,336 INFO  [org.jboss.as.process] (Thread-8) JBAS012015: All processes finished; exiting

       

       

      This is all the error displayed in console.log of slave jboss. Key exchange has been done properly because i am able to list the keys from master in the trustStore file of slave and vice-versa.

       

      Please look into it and provide any suggestions.