Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5097

Fabric won't be able to create child containers if fabric root container is fully secure

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • jboss-fuse-6.2.1
    • jboss-fuse-6.2.1
    • Fabric8 v1
    • None
    • % %

      I'd like to fully secure my fabric environment. I created a custom profile called "secure" and here is details:

      JBossFuse:karaf@root> profile-display secure 
Profile id: secure
Version   : 1.0
Attributes: 
	parents: default
Containers: root 

Container settings
----------------------------

Configuration details
----------------------------
PID: org.ops4j.pax.web
  org.osgi.service.http.port.secure ${port:8443,8543}
  org.osgi.service.http.secure.enabled true
  org.ops4j.pax.web.ssl.keypassword password
  org.ops4j.pax.web.ssl.keystore /apps/jboss/fuse/6.2.1/test/jboss-fuse-6.2.1.redhat-084/etc/mykeystore.jks
  org.osgi.service.http.enabled false
  org.ops4j.pax.web.ssl.password password

Other resources
----------------------------
Resource: ReadMe.md
JBossFuse:karaf@root>

      So it disabled default insecure Pax Web 8181 port but enabled only secure port (from a port range ${port:8443,8543}).

      I then added the "secure" profile to my fabric root container:

      JBossFuse:karaf@root> container-list 
[id]      [version]  [type]  [connected]  [profiles]              [provision status]
root*     1.0        karaf   yes          fabric                  success           
                                          fabric-ensemble-0000-1                    
                                          jboss-fuse-full                           
                                          secure

      Hence the root container will only be accessible through secure port 8443 right now.

      If I tried to create a child container with either command:

      JBossFuse:karaf@root> container-create-child root child1

      or following command:

      JBossFuse:karaf@root> container-create-child --profile secure root child1

      None of them would work as the child container would just hang forever and never be provisioned fully.

      So the only workaround would be to remove the "secure" profile from the fabric root container first:

      JBossFuse:karaf@root> container-remove-profile root secure

      Then create child containers. After that, you can add the "secure" profile to all of containers to make them fully secure.

      We should allow a fully secure fabric root container to create local child containers directly rather than workaround it as described above.

              janstey@redhat.com Jonathan Anstey
              rhn-support-qluo Joe Luo
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: