Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-19051

[GSS](7.3.z) HAL-1677 - Broken 'domain.xml' after migration of <host-scoped-roles> leading to 'Boostrap error' in HAL

XMLWordPrintable

    • +
    • Workaround Exists
    • Hide

      Add the missing nested <host> element manually in the domain.xml of the target.

      Show
      Add the missing nested <host> element manually in the domain.xml of the target.
    • Hide
      • Install a vanilla JBoss EAP 7.1.6 and a vanilla JBoss EAP 7.2.3
      • On JBoss EAP 7.1.6 change the domain.xml/management configuration to this: 
            <management>
        <access-control provider="simple">
            <host-scoped-roles>
                <role name="custom-role-name" base-role="Administrator">
                </role>
            </host-scoped-roles>
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>
      • Run the migration $JBOSS_72_HOME/bin/jboss-server-migration.sh -s $JBOSS_71_HOME -t $JBOSS_72_HOME
      • Add an arbitrary management user to JBoss EAP 7.2.3
      • Start JBoss EAP 7.2.3 server in domain mode and access the HAL http://localhost:9990
      Show
      Install a vanilla JBoss EAP 7.1.6 and a vanilla JBoss EAP 7.2.3 On JBoss EAP 7.1.6 change the domain.xml / management configuration to this: <management> <access-control provider= "simple" > <host-scoped-roles> <role name= "custom-role-name" base-role= "Administrator" > </role> </host-scoped-roles> <role-mapping> <role name= "SuperUser" > <include> <user name= "$local" /> </include> </role> </role-mapping> </access-control> </management> Run the migration $JBOSS_72_HOME/bin/jboss-server-migration.sh -s $JBOSS_71_HOME -t $JBOSS_72_HOME Add an arbitrary management user to JBoss EAP 7.2.3 Start JBoss EAP 7.2.3 server in domain mode and access the HAL http://localhost:9990

      When migrating a domain configuration from JBoss EAP 7.1.6 having a broken <host-scoped-roles> configuration, the resulting domain.xml on EAP 7.2 is broken as well.

      JBoss EAP 7.1 is relaxed during accessing the HAL and simply ignores the broken configuration, whereas JBoss EAP 7.2 will not allow access to the HAL and report a Bootstrap error.

      The jboss-server-migration.[sh|bat] should identify this broken configuration and deny the migration of it.

              chaowan@redhat.com Chao Wang
              chaowan@redhat.com Chao Wang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: