WildFly 26 - connect remote slave to master

[Przemysław Malinowski]

Hello guys,

Hello, I am a totally new user there. I want to ask (new WF 26). I want to join new REMOTE slave into existing cluster with one local slave. I created user and after generation i got <secret value=""> but everywhere is wrote that I should put this in securityRealm ManagementRealm section. As I see there is no longer that sections, and I don't know what I should do with this stuff.

I am so sick and dizzy after reading documentation, and I couldn't find answer for that. Maybe someone has similar problem like mine.

Thanks for help, PM

[Yeray Borges Santana]

Hello Przemysław, 

On Thu, May 26, 2022 at 9:16 AM Przemysław Malinowski <bor...@gmail.com> wrote:

Hello guys,

Hello, I am a totally new user there. I want to ask (new WF 26). I want to join new REMOTE slave into existing cluster with one local slave. I created user and after generation i got <secret value=""> but everywhere is wrote that I should put this in securityRealm ManagementRealm section. As I see there is no longer that sections, and I don't know what I should do with this stuff.

These sections and configurations are related to legacy security. Legacy security was deprecated some time ago and removed on WildFly 25. In WildFly 26 you have to use Elytron to configure how a Secondary Host Controller (slave) can connect to a Domain Controller (master). Notice we are starting using new terms instead of master/slave because they are no longer appropriate and will be obsoleted on WF27.

You mentioned you want to add a new WF26 to an existing cluster on a domain mode configuration as a remote secondary host. Take into account that your Domain Controller must be running also on WF26 if you want to manage a WF26 as a remote host. In general, you should always have paired versions, domains with different versions are not recommendable on WildFly.

Having said that and assuming you have already upgraded the hosts on your domain controller and all of them are running WF26, you can use the following steps to configure a user to register a new WF26 remote host on your domain:

1. On the domain controller, creates a user as usual by using user-add.sh script. 

2. Configure your secondary host controller to connect by using that user. 

The following configuration assumes you have added a user with the name "username" and with the password "userpassword", and the hostname of your remote host is "your-remote-hostname". You have to modify them accordingly to your environment:

embed-host-controller --std-out=echo --host-config=host-slave.xml

/host=your-remote-hostname/subsystem=elytron/authentication-configuration=secondary-hc-auth:add(authentication-name=username, credential-reference={clear-text=userpassword})
/host=your-remote-hostname/subsystem=elytron/authentication-context=secondary-hc-auth-context:add(match-rules=[{authentication-configuration=secondary-hc-auth}])
/host=your-remote-hostname:write-attribute(name=domain-controller.remote.authentication-context, value=secondary-hc-auth-context)

stop-embedded-host-controller

Save the above in a file, e.g configure-remote-host.cli.

3. Execute the file on your remote host controller:

$WFLY_HOME/bin/jboss-cli.sh --file=configure-remote-host.cli

In any case, your first step is to upgrade your domain if you are lagging behind, and always try to keep your server running on the latest versions.

I am so sick and dizzy after reading documentation, and I couldn't find answer for that. Maybe someone has similar problem like mine.

Please, refer to WildFly documentation where this configuration is explained: https://docs.wildfly.org/26.1/Admin_Guide.html#Domain_Setup

Regards

Thanks for help, PM

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/a16b9824-e1aa-48da-a2e0-e8ecd763d68fn%40googlegroups.com.

[Yeray Borges Santana]

Just forward to WildFly Google Groups in case someone from the security team can provide more information about how to protect these credentials

---------- Forwarded message ---------
From: Watchuta Awkin <watchu...@gmail.com>
Date: Mon, Apr 8, 2024 at 5:22 PM
Subject: Re: WildFly 26 - connect remote slave to master
To: Yeray Borges Santana <ybor...@redhat.com>

Hi Yeray!

Thank you for this information.. I was facing the same issue. I've just one question regarding the 

/host=your-remote-hostname/subsystem=elytron/authentication-configuration=secondary-hc-auth:add(authentication-name=username, credential-reference={clear-text=userpassword})

How would one NOT use clear/plain text password?
The previous add-user.sh script used to generate the secret, but if upgrading a wildfly installation, one already has the secret in ones current, older wildfly configuration files.. 
May you please advise how to add such an encrypted secret to ones .xml file OR is that no longer an option?

To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/CAMk4nDaZqe2k3cPH72qgj%3DKUAgPpT6GYW2hanTrwoir_c7-vpw%40mail.gmail.com.