Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5097

Fabric won't be able to create child containers if fabric root container is fully secure

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: jboss-fuse-6.2.1
    • Fix Version/s: jboss-fuse-6.2.1
    • Component/s: Fabric8 v1
    • Labels:
      None

      Description

      I'd like to fully secure my fabric environment. I created a custom profile called "secure" and here is details:

      JBossFuse:karaf@root> profile-display secure 
      Profile id: secure
      Version   : 1.0
      Attributes: 
      	parents: default
      Containers: root 
      
      Container settings
      ----------------------------
      
      Configuration details
      ----------------------------
      PID: org.ops4j.pax.web
        org.osgi.service.http.port.secure ${port:8443,8543}
        org.osgi.service.http.secure.enabled true
        org.ops4j.pax.web.ssl.keypassword password
        org.ops4j.pax.web.ssl.keystore /apps/jboss/fuse/6.2.1/test/jboss-fuse-6.2.1.redhat-084/etc/mykeystore.jks
        org.osgi.service.http.enabled false
        org.ops4j.pax.web.ssl.password password
      
      Other resources
      ----------------------------
      Resource: ReadMe.md
      JBossFuse:karaf@root> 
      

      So it disabled default insecure Pax Web 8181 port but enabled only secure port (from a port range ${port:8443,8543}).

      I then added the "secure" profile to my fabric root container:

      JBossFuse:karaf@root> container-list 
      [id]      [version]  [type]  [connected]  [profiles]              [provision status]
      root*     1.0        karaf   yes          fabric                  success           
                                                fabric-ensemble-0000-1                    
                                                jboss-fuse-full                           
                                                secure                         
      

      Hence the root container will only be accessible through secure port 8443 right now.

      If I tried to create a child container with either command:

      JBossFuse:karaf@root> container-create-child root child1
      

      or following command:

      JBossFuse:karaf@root> container-create-child --profile secure root child1
      

      None of them would work as the child container would just hang forever and never be provisioned fully.

      So the only workaround would be to remove the "secure" profile from the fabric root container first:

      JBossFuse:karaf@root> container-remove-profile root secure
      

      Then create child containers. After that, you can add the "secure" profile to all of containers to make them fully secure.

      We should allow a fully secure fabric root container to create local child containers directly rather than workaround it as described above.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  janstey Jonathan Anstey
                  Reporter:
                  joe.luo Joe Luo
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: