-
Bug
-
Resolution: Done
-
Major
-
7.0.0.GA
-
None
When I run wildfly with a non-root user(wildfly) mod_cluster won't work. I got this error:
14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied
This happens when I use port-offset>0 and run wildfly service.
However, if I run with root user, this error won't happen
Steps to reproduce
1. Adding user
groupadd -r wildfly useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly
2. use init.d or systemd script
wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh
3. start wildfly and register proxy list and socket binding
/socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14) /profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])
4. edit wildfly.conf
JBOSS_HOME="/opt/wildfly/server" JBOSS_USER=wildfly JBOSS_MODE=domain JBOSS_HOST_CONFIG=host.xml JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log" JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"
5. edit httpd.conf
LoadModule slotmem_module modules/mod_slotmem.so LoadModule manager_module modules/mod_manager.so LoadModule proxy_cluster_module modules/mod_proxy_cluster.so LoadModule advertise_module modules/mod_advertise.so Listen 6666 <VirtualHost *:6666> <Location /> Order deny,allow Deny from all Allow from 11.12.13 </Location> <Location /mcm> SetHandler mod_cluster-manager Order deny,allow Allow from all </Location> KeepAliveTimeout 300 MaxKeepAliveRequests 0 Timeout 5400 ProxyTimeout 5400 EnableMCPMReceive On ManagerBalancerName myCluster ServerAdvertise Off ErrorLog logs/cluster-error.log CustomLog logs/cluster-access.log INFO </VirtualHost>
6. Run with service or systemctl command: service wildfly start
Environment:
OS's tested:
- Red Hat Enterprise Linux Server release 6.5 (Santiago)
- CentOS Linux release 7.2.1511 (Core)
SELINUX: Disabled
*IPTABLES/FIREWALLD: * disabled and no rules set
wildfly: 10.0.0.Final
httpd:
httpd-2.2.15-31.el6_5.x86_64
httpd-tools-2.2.15-31.el6_5.x86_64
httpd-devel-2.2.15-31.el6_5.x86_64
modcluster/httpd version: 1.2.6
- clones
-
WFLY-6915 Mod cluster not working with non-root user
- Closed
- is blocked by
-
WFCORE-2026 source-port is wrongly offsetted when configured to 0, i.e. ephemeral port; results in "Permission denied (Bind failed)"
- Resolved
- is cloned by
-
JBEAP-12241 [GSS](7.0.z) Mod cluster not working with non-root user
- Closed