Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6915

Mod cluster not working with non-root user

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Alpha1
    • 10.0.0.Final
    • mod_cluster
    • None

    Description

      When I run wildfly with a non-root user(wildfly) mod_cluster won't work. I got this error:

      14:09:06,327 ERROR [org.jboss.modcluster] (UndertowEventHandlerAdapter - 1) MODCLUSTER000043: Failed to send INFO command to relatorios.sistemafieg.org.br/11.12.13.14:6666: Permission denied

      This happens when I use port-offset>0 and run wildfly service.

      However, if I run with root user, this error won't happen
      Steps to reproduce
      1. Adding user

      Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      groupadd -r wildfly
useradd -r -g wildfly -d /opt/wildfly -s /sbin/nologin wildfly

      2. use init.d or systemd script

      Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      wildfly-10.0.0.Final/docs/contrib/scripts/init.d/wildfly-init-redhat.sh

      3. start wildfly and register proxy list and socket binding

      Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      /socket-binding-group=ha-sockets/remote-destination-outbound-socket-binding=mod_cluster:add(port=6666,host=11.12.13.14)
/profile=ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=proxies,value=[mod_cluster])

      4. edit wildfly.conf

      Unable to find source-code formatter for language: shell. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      JBOSS_HOME="/opt/wildfly/server"
JBOSS_USER=wildfly
JBOSS_MODE=domain
JBOSS_HOST_CONFIG=host.xml
JBOSS_CONSOLE_LOG="/var/log/wildfly/console.log"
JBOSS_OPTS="-Djboss.domain.base.dir=/opt/wildfly/config/domain -Djboss.bind.address.management=11.12.13.10 -Djboss.bind.address=11.12.13.10"

      5. edit httpd.conf

      LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so

Listen 6666
<VirtualHost *:6666>
    <Location />
        Order deny,allow
        Deny from all
        Allow from 11.12.13
    </Location>
    <Location /mcm>
        SetHandler mod_cluster-manager
        Order deny,allow
        Allow from all
    </Location>
    KeepAliveTimeout 300
    MaxKeepAliveRequests 0
    Timeout 5400
    ProxyTimeout 5400
    EnableMCPMReceive On
    ManagerBalancerName   myCluster
    ServerAdvertise Off 
    ErrorLog logs/cluster-error.log
    CustomLog logs/cluster-access.log INFO
</VirtualHost>

      6. Run with service or systemctl command: service wildfly start

      Environment:

      OS's tested:

      1. Red Hat Enterprise Linux Server release 6.5 (Santiago)
      2. CentOS Linux release 7.2.1511 (Core)

      SELINUX: Disabled
      *IPTABLES/FIREWALLD: * disabled and no rules set

      wildfly: 10.0.0.Final

      httpd:
      httpd-2.2.15-31.el6_5.x86_64
      httpd-tools-2.2.15-31.el6_5.x86_64
      httpd-devel-2.2.15-31.el6_5.x86_64

      modcluster/httpd version: 1.2.6

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2026 source-port is wrongly offsetted when configured to 0, i.e. ephemeral port; results in "Permission denied (Bind failed)"

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-7433 Mod cluster not working with non-root user

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-engineering-rhusar Radoslav Husar
              ouier Rafael Pereira (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: