How to create domain controlled jboss cluster between two jboss nodes and HTTPS enabled on both nodes.
abhijeet.singh0204 Jun 5, 2014 7:04 AMHi,
I am trying to create a jboss cluster with two jboss nodes (master and slave, both on different VMs). The configuration done for the two are as below:
Master:
In host.xml, ssl is added in the managementRealm tag:
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
Also the interface is defined as below:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:<ip_of_master>}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:<ip_of_master>}"/>
</interface>
<interface name="unsecure">
<inet-address value="<ip_of_master>"/>
</interface>
</interfaces>
Also on master, created two users: admin and slave. Both are Management users and in the ManagementRealm.
Slave:
On slave side, made the following changes to the host.xml
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>
</ssl>
<secret value="base 64 secret value generated at the time of slave user creation" />
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<domain-controller>
<!--local/-->
<remote host="<ip of master>" port="9999"/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:<ip of slave>}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:<ip of slave>}"/>
</interface>
<interface name="unsecure">
<inet-address value="<ip of slave>"/>
</interface>
</interfaces>
Now first restarted master jboss. Restart happened without any error. Then restarted slave jboss. Following error was seen:
[Host Controller] 15:14:11,985 ERROR [org.jboss.remoting.remote.connection] (Remoting "hostname:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
[Host Controller] 15:14:11,990 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS010942: Unable to connect due to authentication failure.
[Host Controller] 15:14:12,010 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015950: JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) stopped in 17ms
15:14:12,333 INFO [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) JBAS012010: Process 'Host Controller' finished with an exit status of 99
15:14:12,336 INFO [org.jboss.as.process] (Thread-8) JBAS012016: Shutting down process controller
15:14:12,336 INFO [org.jboss.as.process] (Thread-8) JBAS012015: All processes finished; exiting
This is all the error displayed in console.log of slave jboss. Key exchange has been done properly because i am able to list the keys from master in the trustStore file of slave and vice-versa.
Please look into it and provide any suggestions.