Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5097

Fabric won't be able to create child containers if fabric root container is fully secure

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • jboss-fuse-6.2.1
    • jboss-fuse-6.2.1
    • Fabric8 v1
    • None
    • % %

    Description

      I'd like to fully secure my fabric environment. I created a custom profile called "secure" and here is details:

      JBossFuse:karaf@root> profile-display secure 
Profile id: secure
Version   : 1.0
Attributes: 
	parents: default
Containers: root 

Container settings
----------------------------

Configuration details
----------------------------
PID: org.ops4j.pax.web
  org.osgi.service.http.port.secure ${port:8443,8543}
  org.osgi.service.http.secure.enabled true
  org.ops4j.pax.web.ssl.keypassword password
  org.ops4j.pax.web.ssl.keystore /apps/jboss/fuse/6.2.1/test/jboss-fuse-6.2.1.redhat-084/etc/mykeystore.jks
  org.osgi.service.http.enabled false
  org.ops4j.pax.web.ssl.password password

Other resources
----------------------------
Resource: ReadMe.md
JBossFuse:karaf@root>

      So it disabled default insecure Pax Web 8181 port but enabled only secure port (from a port range ${port:8443,8543}).

      I then added the "secure" profile to my fabric root container:

      JBossFuse:karaf@root> container-list 
[id]      [version]  [type]  [connected]  [profiles]              [provision status]
root*     1.0        karaf   yes          fabric                  success           
                                          fabric-ensemble-0000-1                    
                                          jboss-fuse-full                           
                                          secure

      Hence the root container will only be accessible through secure port 8443 right now.

      If I tried to create a child container with either command:

      JBossFuse:karaf@root> container-create-child root child1

      or following command:

      JBossFuse:karaf@root> container-create-child --profile secure root child1

      None of them would work as the child container would just hang forever and never be provisioned fully.

      So the only workaround would be to remove the "secure" profile from the fabric root container first:

      JBossFuse:karaf@root> container-remove-profile root secure

      Then create child containers. After that, you can add the "secure" profile to all of containers to make them fully secure.

      We should allow a fully secure fabric root container to create local child containers directly rather than workaround it as described above.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5099 Using "profile:" property resolver to specify a keystore file for securing fabric containers does not work

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5612 Can't add containers after root container secured

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              janstey@redhat.com Jonathan Anstey
              rhn-support-qluo Joe Luo
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: