Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
7.4.0.GA
-
None
-
5
Description
This is a clone of JBEAP-4881.
Book: Configuration Guide
Revision: e3c64494860c26587044bad32169892a6b9a41a8
Configuration of mod_cluster and Undertow subsystem must precede the configuration of security-key attribute.
Original issue text follows.
21.4.1. Configure Undertow as a Load Balancer Using mod_cluster
Configure the mod_cluster Front-end Load Balancer
Set the mod_cluster advertise security key.
No, this is a wrong step at this point and you couldn't have possibly started the EAP server with this configuration at this point. The Front-End load balancing server doesn't even have the modcluster subsystem loaded.
On the balancer side, advertise security key could be set in Undertow subsystem, in its mod_cluster filter. The worker node counterpart is configured in mod_cluster subsystem. On its own, it is by no means a security measure of any description. It does not replace proper https configuration for the MCMP. The only thing it does is that workers pair only with those balancers with the same shared secret.
This configuration is not pertinent to a basic first walkthrough.
Once you have the advertise security key and socket binding set up, you need to add the mod_cluster filter to Undertow for the load balancer instance of JBoss EAP.
Again, it holds only if you want to use that feature on all workers and your balancers. It is IMHO superfluous in an article on the first encounter with the balancer setup though.
Attachments
Issue Links
- clones
-
-
- Closed
-
