JBossDeveloper

do you have cluster working with the server-three instance?

cna you copy your configuration file?

I am trying to use 7.1.1 clustering

I have quite a bit of experience with clustering in 7.1.0

I can bring up the master and deploy an application

When I bring up a slave I get:

06:31:13,403 ERROR [org.hornetq.core.protocol.core.impl.HornetQPacketHandler] (Old I/O server worker (parentId: 1558247749, [id: 0x5ce0f945, /192.168.2.4:5695])) Failed to create session : HornetQException[errorCode=105 message=Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER]

In domain.xml I specify:

Questions:

1) What is the default password or how do I generate a password for ???? in master:domain.xml

2) Where do I put the hornet user and password on the slave (the slave has no domain.xml. Do I put it in host.xml. If so where please.

I have done my Google research but there is no clear answer anywhere

Thanks

@Johan, The slave uses the ha-full profile defined in your master's domain.xml.  You, like me, probably just updated the FIRST instance of the hornetq server configuration on the master.  There is a second further down the domain.xml file for the full HA profile--make sure you specify it there as well and all will work.  Nothing to be done on the slave side.

I had it in both places.

I now have security disabled, I will revisit the user id and password later

For thoose who gets an error: Unable to validate user: HORNETQ.CLUSTER.ADMIN.USER]

You need to setup HornetQ security (random user and password) or disable it:

See here: https://docs.jboss.org/author/display/AS71/AS7+Cluster+Howto

Setup HornetQ

The newer version of JBoss AS7 has enforced the security checking for HornetQ. So you need to some additional configurations in domain controller. Open domain.xml of master and find:

This is the config for hornetq, we need to put 'cluster-user' and 'cluster-password' into it:

There are two "<subsystem xmlns="urn:jboss:domain:messaging:1.3">" config sections in domain.xml. One is for "<profile name="full">" and another for "full-ha". If you have activated both of these two profiles, then you should put the 'cluster-user' and 'cluster-password' settings in both of them.

The 'cluster-user' and 'cluster-password' settings are just user-defined values that you could choose whatever you want.The authentication scheme used by HornetQ here is simple: When a host is connected to domain controller, the HornetQ instance run on domain controller will tell the host it's 'cluster-user' and 'cluster-password' settings. And then the connected host's HornetQ instance will use this setting to do communication and form a cluster with other HornetQ instances run in the domain. This is a simple but effective way to prevent some outsiders to participate into this domain's HornetQ cluster. If you feel not like to use this security scheme, you just also disable it in "<subsystem xmlns="urn:jboss:domain:messaging:1.3">": <subsystem xmlns="urn:jboss:domain:messaging:1.3">       <hornetq-server>            <security-enabled>false</security-enabled>     </hornetq-server> </subsystem>

I just have disabled hornetq security by adding <security-enabled>false</security-enabled> in two profiles "full" and "full-ha" in JBoss domain controllers (master) domain.xml file

.....

<subsystem xmlns="urn:jboss:domain:messaging:1.3">

                <hornetq-server>

  <security-enabled>false</security-enabled>

                    <persistence-enabled>true</persistence-enabled>

......

Justin,

Currently we are using a hornet core bridge on SSL with clustering disabled. If I don't put <cluster-password>newClusterPassword</cluster-password> in hornetq-configuration.xml file, I will run into the "Unable to validate user: HORTNETQ.CLUSTER.ADMIN.USER" error. But if I do, the error will go away but  the messages are not being send over the SSL core bridge.

Since we are running hornetQ without clustering, why is HORTNETQ.CLUSTER.ADMIN.USER being checked? Is that a way to turn off the default cluster user name/password check since we are not using clustering at all? Or can we use one of the users defined in hornetq-users.xml as the cluster default user? Any security concern?

Thanks a lot,

John

If you don't need clustering then remove your <cluster-connections>, <broadcast-groups>, <discovery-groups>, <cluster-user>, and <cluster-password> as necessary.

In our hornetq-configuration.xml files, we don't have <cluster-connections>, <broadcast-groups>, <discovery-groups> settings. If I remove <cluster-user> and <cluster-password>, the "Unable to validate user: HORTNETQ.CLUSTER.ADMIN.USER" warning will show up in our log  but looks like we can ignore the warning without worrying being accessed by some intruder using the default cluster admin user/password. Please confirm.

Looks like I read your comment too quickly and assumed it was the same use-case as the parent thread.  However, after re-reading your original comment as well as your most recent one it looks like the use-case is quite different.  Please start your own thread and explain your use-case fully.  Continuing on this thread (which has already been marked as "answered") is just going to generate confusion for users down the road.

Okay. Will create a new thread with a different subject name.