我正在尝试创建一个带有两个jboss节点的jboss集群(主节点和从节点,两者都在不同的VM上)。完成两者的配置如下:
站长: 在host.xml中,ssl添加在managementRealm标记中:
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
界面定义如下:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:<ip_of_master>}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:<ip_of_master>}"/>
</interface>
<interface name="unsecure">
<inet-address value="<ip_of_master>"/>
</interface>
</interfaces>
同样在master上,创建了两个用户:admin和slave。两者都是管理用户和ManagementRealm。
从站: 在slave端,对host.xml进行了以下更改
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="<jboss-cert-folder>/jboss.jks" keystore-password="${VAULT::sslKeyStore::password::1}"/>
</ssl>
<secret value="base 64 secret value generated at the time of slave user creation" />
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<domain-controller>
<!--local/-->
<remote host="<ip of master>" port="9999"/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:<ip of slave>}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:<ip of slave>}"/>
</interface>
<interface name="unsecure">
<inet-address value="<ip of slave>"/>
</interface>
</interfaces>
现在首先重启master jboss。重启发生没有任何错误。然后重启了奴隶jboss。发现以下错误:
[Host Controller] 15:14:11,985 ERROR [org.jboss.remoting.remote.connection] (Remoting "hostname:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
[Host Controller] 15:14:11,990 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS010942: Unable to connect due to authentication failure.
[Host Controller] 15:14:12,010 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015950: JBoss EAP 6.2.2.GA (AS 7.3.2.Final-redhat-2) stopped in 17ms
15:14:12,333 INFO [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) JBAS012010: Process 'Host Controller' finished with an exit status of 99
15:14:12,336 INFO [org.jboss.as.process] (Thread-8) JBAS012016: Shutting down process controller
15:14:12,336 INFO [org.jboss.as.process] (Thread-8) JBAS012015: All processes finished; exiting
这是slave jboss的console.log中显示的所有错误。密钥交换已正确完成,因为我能够在slave的trustStore文件中列出master中的密钥,反之亦然。
请仔细研究并提供任何建议。