I’m a fixer of broken things

2 minute read

Gotchas

There are a few changes required when migrating from EAP 7.1.6 to the newest at the time (7.2.2). For a minor release, these wrecked havoc on my EAP build playbook, and it took a few days to resolve. While the differences are relatively small, it burnt a lot of time debugging, so hopefully these tips will help you out.

Note that all changes here only applies when running in Domain mode. I’m not sure what the differences are, if any, when running in Standalone.

management-interfaces

If your domain controller machine is configured as a host controller, you’ll notice an issue with the worker node not being able to connect to the domain controller. This is because the default native-interface was missing in the host.xml in the management-interfaces stanza. It’s an easy fix.

<management-interfaces>
    <!-- Add the native-interface back -->
    <native-interface security-realm="ManagementRealm">
        <socket interface="management" port="${jboss.management.native.port:9999}"/>
    </native-interface>

    <http-interface http-authentication-factory="my-ldap-http-auth">
        <http-upgrade enabled="true" sasl-authentication-factory="my-ldap-sasl-auth"/>
        <socket interface="management" port="${jboss.management.http.port:9990}"/>
    </http-interface>
</management-interfaces>

remote+http port

If you have more than one machine, your worker nodes will need to configure their domain controller discovery options.

EAP 7.1.6 defaulted to the remote protocol and port 9999.

  <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/>

EAP 7.2.2 defaults to the remote+http protocol, and connects to port 9990 (in order to support the http upgrade protocol). We just need to tweak the settings to default to remote and 9999. You’ll also need to check the security realm settings too. If your ManagementRealm is able to authenticate your servers with the provided username, then there’s nothing you need to do. I had my servers authenticate using the Properties File realm, so I needed to remove the http upgrade in the protocol settings.

<remote security-realm="ManagementRealm">
   <discovery-options>
       <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote+http}"  host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9990}"/>
   </discovery-options>
</remote>

modcluster

It also looks like some of the modcluster configuration options have moved.

The old subsystem looked like this.

<subsystem xmlns="urn:jboss:domain:modcluster:3.0">
    <mod-cluster-config advertise-socket="modcluster" connector="ajp">
        <dynamic-load-provider>
            <load-metric type="cpu"/>
        </dynamic-load-provider>
    </mod-cluster-config>
</subsystem>

But the new modcluster subsystem moved the mod-cluster-config into an element named proxy, but it takes the same (or similar) parameters.

<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
  <proxy name="default" advertise-socket="modcluster" listener="ajp">
    <dynamic-load-provider>
      <load-metric type="cpu"/>
    </dynamic-load-provider>
  </proxy>
</subsystem>

Those are just the gotchas that I ran into so far. I’m certain there are more things that need to be changed in the other subsystems that I haven’t touched yet. Let me know if you find anything that should be included.

You May Also Enjoy

OpenShift Dev Spaces

3 minute read

Configuring OAuth with OpenShift Dev Spaces and GitLab

Image Import Sync

less than 1 minute read

Background If you’re deploying images from an external registry into OpenShift, and you created ImageStreams/Tags that mirror your external registry, you’ll ...