关于WildFly 10域模式和HTTPS的小问题。
我的host-master.xml参数:
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="..." relative-to="jboss.domain.config.dir" keystore-password="..." alias="..." key-password="..." generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
我的host-slave.xml参数:
<security-realms>
<security-realm name="SlaveRealm">
<server-identities>
<secret value="..." />
</server-identities>
<domain-controller>
<remote protocol="remote" host="..." port="9999" username='slave' security-realm="SlaveRealm"/>
</domain-controller>
域服务器启动时没有任何错误,HTTPS可以使用管理控制器。 但是从节点不会启动,我收到一条错误消息:
2017-02-23 17:35:05,149 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://...:9999 -- java.lang.IllegalStateException: WFLYHC0110: Unable to connect due to SSL failure.
2017-02-23 17:35:05,149 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
2017-02-23 17:35:05,150 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
2017-02-23 17:35:05,150 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0178: Aborting with exit code 99
我尝试在host-slave.xml中将"<server-identities><ssl><keystore..."部分添加到“SlaveRealm”,但收到同样的错误。
如何正确配置域和主机 - 奴隶?谢谢。
答案 0 :(得分:1)
在host.xml中,您必须指定<interfaces>。您还可以在启动wildfly时将接口值作为命令行参数传递。
掌握了host.xml
<interfaces>
<interface name="management">
<inet-address value="${wildfly.bind.address.management:@@master.host.name@@}"/>
</interface>
<interface name="public">
<inet-address value="${wildfly.bind.address:@@master.host.name@@}"/>
</interface>
<interface name="unsecure">
<!-- Used for IIOP sockets in the standard configuration.
To secure JacORB you need to setup SSL -->
<inet-address value="${wildfly.bind.address.unsecure:@@master.host.name@@}"/>
</interface>
</interfaces>
Slave host.xml
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<secret value="@@slave.encrypted.password@@" />
</server-identities>
....
....
....
<domain-controller>
<!--<local/>-->
<!-- Alternative remote domain controller configuration with a host and port -->
<remote protocol="remote" host="@@master.host.name@@" port="9999" username="@@slave.account.name@@" security-realm="ManagementRealm"/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${wildfly.bind.address.management:@@slave.host.name@@}"/>
</interface>
<interface name="public">
<inet-address value="${wildfly.bind.address:@@slave.host.name@@}"/>
</interface>
<interface name="unsecure">
<!-- Used for IIOP sockets in the standard configuration.
To secure JacORB you need to setup SSL -->
<inet-address value="${wildfly.bind.address.unsecure:@@slave.host.name@@}"/>
</interface>
</interfaces>
此配置适用于我们的开发/质量保证/生产环境。