-
Bug
-
Resolution: Done
-
Critical
-
11.0.0.Beta7
ropalka I believe this is caused by the MSC refactoring.
Steps, in the default host.xml for domain mode.
1. Define the following security realm: -
<security-realms>
<security-realm name="ldap_security_realm">
<server-identities>
<ssl>
<keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
<username-filter attribute="samaccountname"/>
</ldap>
</authentication>
</security-realm>
2. Define the following outbound connection: -
<outbound-connections>
<ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" />
</outbound-connections>
3. Update the management interfaces to: -
<management-interfaces>
<http-interface security-realm="ldap_security_realm">
<http-upgrade enabled="true"/>
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
The server fails to boot with just the following error: -
[Host Controller] 17:56:40,052 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details.
If the management interface is then updated to reference the ManagementRealm instead the error is now: -
[Host Controller] 18:01:48,595 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Host Controller] ("host" => "master"),
[Host Controller] ("core-service" => "management"),
[Host Controller] ("security-realm" => "ldap_security_realm")
[Host Controller] ]) - failure description: {
[Host Controller] "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""],
[Host Controller] "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"]
[Host Controller] }
This error is expected as the realm defined in step 1 referenced an invalid path.
I believe the error reporting should come from this method: -
org.jboss.as.controller.ServiceVerificationHelper.execute(OperationContext, ModelNode)
However something seems to have changes with the MSC migration.
This was recently encountered debugging the bug report in https://issues.redhat.com/browse/WFCORE-4820, if you see an error "Multiple CallbackHandlerServices for the same mechanism (PLAIN)" that has been covered by WFCORE-4820.
- is cloned by
-
-
- Closed
-
-
-
- Closed
-
[WFCORE-4827] Errors Missing on Invalid Configuration
pme bot
made changes -
| Link |
New:
This issue is cloned by |
pme bot
made changes -
| Link |
Original:
This issue clones |
| Link |
New:
This issue clones |
| Link |
Original:
This issue cloned to |
Brian Stansberry
made changes -
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: GIT Pull Request workflow [ 13139872 ] | New: GIT Pull Request workflow v1.0 [ 14258425 ] |
Brian Stansberry
made changes -
| Fix Version/s | New: 16.0.0.Final [ 12358650 ] |
| Link |
New:
This issue cloned to |
Brian Stansberry
made changes -
| Fix Version/s | New: 16.0.0.Beta1 [ 12354378 ] | |
| Resolution | New: Done [ 1 ] | |
| Status | Original: Pull Request Sent [ 10011 ] | New: Resolved [ 5 ] |
Bartosz Spyrko-Smietanko
made changes -
| Git Pull Request | New: https://github.com/wildfly/wildfly-core/pull/4499 | |
| Status | Original: Open [ 1 ] | New: Pull Request Sent [ 10011 ] |
Bartosz Spyrko-Smietanko
made changes -
| Assignee | Original: Richard Opalka [ ropalka ] | New: Bartosz Spyrko-Smietanko [ spyrkob ] |
Brian Stansberry
added a comment - Thanks. So AIUI the issue is that steps that add services result in adding a step the executes a ServiceVerificationHelper that monitors those particular services. And the first ServiceVerificationHelper that fails prevents any later ServiceVerificationHelper steps running, because the first one triggers rollback.
One solution to this is to change this:
Instead of immediately calling context.setRollbackOnly, instead add another Stage.VERIFY step that calls it. That step will be added to the end of the queue for Stage.VERIFY, so it will execute after all the previously registered ServiceVerificationHelper steps.
Brian Stansberry
added a comment - Thanks. So AIUI the issue is that steps that add services result in adding a step the executes a ServiceVerificationHelper that monitors those particular services. And the first ServiceVerificationHelper that fails prevents any later ServiceVerificationHelper steps running, because the first one triggers rollback.
One solution to this is to change this:
https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/ServiceVerificationHelper.java#L123
Instead of immediately calling context.setRollbackOnly, instead add another Stage.VERIFY step that calls it. That step will be added to the end of the queue for Stage.VERIFY, so it will execute after all the previously registered ServiceVerificationHelper steps. Bartosz Spyrko-Smietanko
added a comment - Thank you bstansbe@redhat.com, Below is the output of standalone boot. In this case the boot operation is rolled back via https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/management/ManagementInterfaceAddStepHandler.java#L106-L116
08:05:17,630 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("management-interface" => "http-interface")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
08:05:17,683 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("security-realm" => "ldap_security_realm")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir22\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir22\"]"]
}
08:05:17,684 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("security-realm" => "ldap_security_realm")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir22\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir22\"]"]
}
08:05:17,684 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0459: Triggering roll back due to missing management services.
08:05:17,685 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("management-interface" => "http-interface")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
Another option could be having the ServiceVerificationHelper report indirect missing services if there are no direct dependencies missing rather then silently failing. That might add some extra logging in some cases though.
Bartosz Spyrko-Smietanko
added a comment - Thank you bstansbe@redhat.com , Below is the output of standalone boot. In this case the boot operation is rolled back via https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/management/ManagementInterfaceAddStepHandler.java#L106-L116
08:05:17,630 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("management-interface" => "http-interface")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
08:05:17,683 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("security-realm" => "ldap_security_realm")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir22\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir22\"]"]
}
08:05:17,684 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("security-realm" => "ldap_security_realm")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir22\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir22\"]"]
}
08:05:17,684 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0459: Triggering roll back due to missing management services.
08:05:17,685 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"),
("management-interface" => "http-interface")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
Another option could be having the ServiceVerificationHelper report indirect missing services if there are no direct dependencies missing rather then silently failing. That might add some extra logging in some cases though. Brian Stansberry
added a comment - spyrkob It's not ok for a Host Controller to not fail if there is any error during boot. A broken HC can mess up the entire domain. So, no that can't be changed. (FWIW I'd like to see the default behavior or a standalone server changed as well, as allowing a process to continue on in the presence of boot errors is not a good default IMO. That's an RFE though.)
What's the failure in a standalone server?
Brian Stansberry
added a comment - spyrkob It's not ok for a Host Controller to not fail if there is any error during boot. A broken HC can mess up the entire domain. So, no that can't be changed. (FWIW I'd like to see the default behavior or a standalone server changed as well, as allowing a process to continue on in the presence of boot errors is not a good default IMO. That's an RFE though.)
What's the failure in a standalone server? Brian Stansberry
made changes -
| Labels | New: domain-mode |
Bartosz Spyrko-Smietanko
added a comment - The same case in standalone mode works correctly. It seems the difference is that domain mode uses ROLLBACK_ON_FAIL header during boot [1] [2]. That means that the boot fails on first operation (adding the management interface) and doesn't process following steps that would display the errors.
jmesnil1@redhat.com do you know if there is a reason why the domain module sets ROLLBACK_ON_FAIL flag? Can we set it to work like standalone mode?
Bartosz Spyrko-Smietanko
added a comment - The same case in standalone mode works correctly. It seems the difference is that domain mode uses ROLLBACK_ON_FAIL header during boot [1] [2] . That means that the boot fails on first operation (adding the management interface) and doesn't process following steps that would display the errors.
jmesnil1@redhat.com do you know if there is a reason why the domain module sets ROLLBACK_ON_FAIL flag? Can we set it to work like standalone mode?
[1] https://github.com/wildfly/wildfly-core/blob/master/host-controller/src/main/java/org/jboss/as/host/controller/DomainModelControllerService.java#L679
[2] https://github.com/wildfly/wildfly-core/blob/master/server/src/main/java/org/jboss/as/server/ServerService.java#L392-L404 
James Perkins
made changes -
| Link |
New:
This issue is cloned by |
Darran Lofthouse
created issue -
I found there's one more problem - as soon as the FAILURE_DESCRIPTION is set in the first failing ServiceVerificationHelper, the rollback flag will be set in https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/AbstractOperationContext.java#L1020 which will prevent any further ServiceVerificationHelpers from running.
Maybe in this case SVH could attach something like DEFERED_ROLLBACK flag to the context and if it's present, canContinueProcessing() would allow the VERIFY stage to finish?