unable to connect the CLI over an https-enabled management port
andrew.pomponio May 22, 2015 3:01 PMHello Wildfly developers,
I was recently working on an issue for a customer in which they wanted to have their CLI encrypted with SSL along with the management console. I’ve managed to get their management console running on https no problem, but with Wildfly 8.x, I am unable to connect the CLI to the https-enabled management port.
Using a clean version of 7.1.3, and the following configurations, I was able to connect the CLI on 9443;
keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -alias chapter8 -validity 3650 -dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"
./standalone.sh -c standalone-full.xml
./jboss-cli.sh -c --controller=localhost:9999
In the CLI I was able to configure the <server-identies> for ManagementRealm by specifying the SSL information.
/core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-password="rmi+ssl", keystore-path="chap8.keystore", keystore-relative-to="jboss.server.config.dir", alias="chapter8",protocol="TLSv1")
/core-service=management/management-interface=native-interface/:write-attribute(name=socket-binding,value=management-https)
I then stopped the server and started it again with the following;
./standalone.sh -c standalone-full.xml -Djavax.net.debug=all
./jboss-cli.sh -c --controller=localhost:9443
However, with the same configurations on a Wildfly 8.2.0 instance, I get the following when attempting to configure the native-interface under ManagementRealm in the CLI the first time;
[standalone@localhost:9990 /] /core-service=management/management-interface=native-interface/:write-attribute(name=socket-binding,value=management-https)
{
"outcome" => "failed",
"failure-description" => "JBAS014807: Management resource '[
(\"core-service\" => \"management\"),
(\"management-interface\" => \"native-interface\")
]' not found",
"rolled-back" => true,
"response-headers" => {"process-state" => "reload-required"}
}
So I attempted to manually configure the expected output into my standalone-full.xml fille;
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl protocol="TLSv1">
<keystore path="chap8.keystore" relative-to="jboss.server.config.dir" keystore-password="rmi+ssl" alias="chapter8"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket-binding native="management-https"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
When I go to start the server back up, I get the following;
MacbookPro:bin apomponio$ ./standalone.sh -c standalone-full.xml -Djavax.net.debug=all
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /Users/andrew.pomponio/wildfly-8.2.0.Final
JAVA: /Library/Java/JavaVirtualMachines/jdk1.8.0_11.jdk/Contents/Home//bin/java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
=========================================================================
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
10:53:12,066 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final
10:53:12,349 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.2.Final
10:53:12,396 INFO [org.jboss.as] (MSC service thread 1-6) JBAS015899: WildFly 8.2.0.Final "Tweek" starting
10:53:12,765 ERROR [org.jboss.as.server] (Controller Boot Thread) JBAS015956: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:112) [wildfly-controller-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.server.ServerService.boot(ServerService.java:331) [wildfly-server-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:259) [wildfly-controller-8.2.0.Final.jar:8.2.0.Final]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_11]
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[64,4]
Message: JBAS014789: Unexpected element '{urn:jboss:domain:2.2}management-interfaces' encountered
at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:85) [wildfly-controller-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.domain.management.parsing.ManagementXml.parseSecurityRealms(ManagementXml.java:777) [wildfly-domain-management-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.domain.management.parsing.ManagementXml.access$000(ManagementXml.java:164) [wildfly-domain-management-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.domain.management.parsing.ManagementXml$Delegate.parseSecurityRealms(ManagementXml.java:179) [wildfly-domain-management-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.domain.management.parsing.ManagementXml.parseManagement_1_5(ManagementXml.java:356) [wildfly-domain-management-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.domain.management.parsing.ManagementXml.parseManagement(ManagementXml.java:292) [wildfly-domain-management-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.server.parsing.StandaloneXml.readServerElement_1_4(StandaloneXml.java:453) [wildfly-server-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:145) [wildfly-server-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:107) [wildfly-server-8.2.0.Final.jar:8.2.0.Final]
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:104) [wildfly-controller-8.2.0.Final.jar:8.2.0.Final]
... 3 more
10:53:12,767 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
10:53:12,813 INFO [org.jboss.as] (MSC service thread 1-1) JBAS015950: WildFly 8.2.0.Final "Tweek" stopped in 43ms
MacbookPro:bin apomponio$
I would like to verify that this functionality is even available in Wildlfly due to the changes with UnderTow and the JMX interface.
My customer is getting the following errors when trying to configure her native-interface for JMX. After adding native-interface, neither jboss-cli.sh nor browser work any more.
websrvr@n9tvap1010:~/wildfly-8.2.0.Final/bin> jboss-cli.sh --connect --controller=10.200.40.23:9997
org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:278)
at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:253)
at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.jboss.modules.Module.run(Module.java:312)
at org.jboss.modules.Main.main(Main.java:460)
Caused by: org.jboss.as.cli.CommandLineException: The controller is not available at 10.200.40.23:9997
at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1028)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:840)
at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:819)
at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:276)
... 8 more
Caused by: java.io.IOException: java.net.ConnectException: JBAS012174: Could not connect to http-remoting://10.200.40.23:9997. The connection failed
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:129)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:71)
at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1005)
... 11 more
Caused by: java.net.ConnectException: JBAS012174: Could not connect to http-remoting://10.200.40.23:9997. The connection failed
at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:117)
at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:256)
at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
at org.jboss.as.protocol.mgmt.FutureManagementChannel$Establishing.getChannel(FutureManagementChannel.java:204)
at org.jboss.as.cli.impl.CLIModelControllerClient.getOrCreateChannel(CLIModelControllerClient.java:169)
at org.jboss.as.cli.impl.CLIModelControllerClient$2.getChannel(CLIModelControllerClient.java:129)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:117)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:92)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:236)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:141)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:127)
... 13 more
Caused by: java.io.EOFException: XNIO000812: Connection closed unexpectedly
at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:416)
at org.xnio.http.HttpUpgrade$HttpUpgradeState.flushUpgradeChannel(HttpUpgrade.java:369)
at org.xnio.http.HttpUpgrade$HttpUpgradeState.access$900(HttpUpgrade.java:165)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$ConnectionOpenListener.handleEvent(HttpUpgrade.java:340)
at org.xnio.http.HttpUpgrade$HttpUpgradeState$ConnectionOpenListener.handleEvent(HttpUpgrade.java:320)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.nio.WorkerThread$ConnectHandle.handleReady(WorkerThread.java:324)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:272)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:253)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:351)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:339)
at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:78)
at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:109)
... 23 more