Not working on JBoss EAP 6.0.1 (Update) about profilecloner HOT 6 CLOSED

It's not a real issue with tool. The reason is that EAP 6.0.0 and 6.0.1 did not ship with 'jboss-cli-client.jar' and need a much longer classpath as the equivalent:

/home/tom/i/eap/601 is my EAP installation directory:

/home/tom/i/eap/601/modules/org/jboss/remoting3/remoting-jmx/main/remoting-jmx-1.0.4.Final-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/remoting3/main/jboss-remoting-3.2.14.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/xnio/main/xnio-api-3.0.7.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/xnio/nio/main/xnio-nio-3.0.7.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/sasl/main/jboss-sasl-1.0.3.Final-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/marshalling/main/jboss-marshalling-1.3.15.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/marshalling/river/main/jboss-marshalling-river-1.3.15.GA-redhat-1.jar:/home/tom/i/eap/601/modules/org/jboss/as/cli/main/jboss-as-cli-7.1.3.Final-redhat-4.jar:/home/tom/i/eap/601/modules/org/jboss/staxmapper/main/staxmapper-1.1.0.Final-redhat-2.jar:/home/tom/i/eap/601/modules/org/jboss/as/protocol/main/jboss-as-protocol-7.1.3.Final-redhat-4.jar:/home/tom/i/eap/601/modules/org/jboss/dmr/main/jboss-dmr-1.1.1.Final-redhat-2.jar:/home/tom/i/eap/601/modules/org/jboss/as/controller-client/main/jboss-as-controller-client-7.1.3.Final-redhat-4.jar:/home/tom/i/eap/601/modules/org/jboss/threads/main/jboss-threads-2.0.0.GA-redhat-2.jar:/home/tom/i/eap/601/modules/org/jboss/as/controller/main/jboss-as-controller-7.1.3.Final-redhat-4.jar

Basically take a copy of bin/jconsole.sh and replace the last line with:

java -cp $CLASSPATH:/path/to/profilecloner.jar org.jboss.tfonteyne.profilecloner.Main "$@"

the CLASSPATH will be constructed automatically by the script.

from profilecloner.

Hi, thanks for your reply - whilst socket cloning works, I am still having issues with profile cloning, please see below:

FYI - jboss home = /usr/share/jboss-as

When trying to clone the full profile:

java -cp $CLASSPATH:/usr/share/jboss-as/bin/profilecloner.jar org.jboss.tfonteyne.profilecloner.Main -c hostname -p 9999 -u dave -p **** /profile=full full-copy
WARN: can't load the config file because JBOSS_HOME environment variable is not set.
WARN: can't load the config file because JBOSS_HOME environment variable is not set.
May 28, 2015 10:52:11 AM org.xnio.Xnio
INFO: XNIO Version 3.0.7.GA-redhat-1
May 28, 2015 10:52:11 AM org.xnio.nio.NioXnio
INFO: XNIO NIO Implementation Version 3.0.7.GA-redhat-1
May 28, 2015 10:52:11 AM org.jboss.remoting3.EndpointImpl
INFO: JBoss Remoting version 3.2.14.GA-redhat-1
java.lang.IllegalArgumentException: Unknown type: PROPERTY
at org.jboss.tfonteyne.profilecloner.GenericCloner.getNode(GenericCloner.java:290)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getList(GenericCloner.java:255)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getNode(GenericCloner.java:288)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getObject(GenericCloner.java:269)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getNode(GenericCloner.java:286)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getList(GenericCloner.java:255)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getNode(GenericCloner.java:288)
at org.jboss.tfonteyne.profilecloner.GenericCloner.handleProperty(GenericCloner.java:201)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getChildResource(GenericCloner.java:112)
at org.jboss.tfonteyne.profilecloner.GenericCloner.handleProperty(GenericCloner.java:229)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getChildResource(GenericCloner.java:112)
at org.jboss.tfonteyne.profilecloner.GenericCloner.handleProperty(GenericCloner.java:229)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getChildResource(GenericCloner.java:112)
at org.jboss.tfonteyne.profilecloner.GenericCloner.handleProperty(GenericCloner.java:229)
at org.jboss.tfonteyne.profilecloner.GenericCloner.getChildResource(GenericCloner.java:159)
at org.jboss.tfonteyne.profilecloner.GenericCloner.copy(GenericCloner.java:75)
at org.jboss.tfonteyne.profilecloner.Main.(Main.java:133)
at org.jboss.tfonteyne.profilecloner.Main.main(Main.java:112)

Successful attempt at cloning full-ha-sockets:

java -cp $CLASSPATH:/usr/share/jboss-as/bin/profilecloner.jar org.jboss.tfonteyne.profilecloner.Main -c hostname -p 9999 -u dave -p **** /socket-binding-group=full-ha-sockets full-ha-sockets-copy
WARN: can't load the config file because JBOSS_HOME environment variable is not set.
WARN: can't load the config file because JBOSS_HOME environment variable is not set.
May 28, 2015 10:50:46 AM org.xnio.Xnio
INFO: XNIO Version 3.0.7.GA-redhat-1
May 28, 2015 10:50:46 AM org.xnio.nio.NioXnio
INFO: XNIO NIO Implementation Version 3.0.7.GA-redhat-1
May 28, 2015 10:50:46 AM org.jboss.remoting3.EndpointImpl
INFO: JBoss Remoting version 3.2.14.GA-redhat-1
batch
/socket-binding-group="full-ha-sockets-copy":add(default-interface="public",name="full-ha-sockets")
/socket-binding-group="full-ha-sockets-copy"/remote-destination-outbound-socket-binding="mail-smtp":add(fixed-source-port="false",host="localhost",port="25")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="ajp":add(fixed-port="false",name="ajp",port="8009")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="http":add(fixed-port="false",name="http",port="8080")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="https":add(fixed-port="false",name="https",port="8443")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jacorb":add(fixed-port="false",interface="unsecure",name="jacorb",port="3528")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jacorb-ssl":add(fixed-port="false",interface="unsecure",name="jacorb-ssl",port="3529")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jgroups-mping":add(fixed-port="false",multicast-address="${jboss.default.multicast.address:230.0.0.4}",multicast-port="45700",name="jgroups-mping",port="0")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jgroups-tcp":add(fixed-port="false",name="jgroups-tcp",port="7600")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jgroups-tcp-fd":add(fixed-port="false",name="jgroups-tcp-fd",port="57600")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jgroups-udp":add(fixed-port="false",multicast-address="${jboss.default.multicast.address:230.0.0.4}",multicast-port="45688",name="jgroups-udp",port="55200")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="jgroups-udp-fd":add(fixed-port="false",name="jgroups-udp-fd",port="54200")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="messaging":add(fixed-port="false",name="messaging",port="5445")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="messaging-group":add(fixed-port="false",multicast-address="${jboss.messaging.group.address:231.7.7.7}",multicast-port="${jboss.messaging.group.port:9876}",name="messaging-group",port="0")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="messaging-throughput":add(fixed-port="false",name="messaging-throughput",port="5455")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="modcluster":add(fixed-port="false",multicast-address="224.0.1.105",multicast-port="23364",name="modcluster",port="0")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="osgi-http":add(fixed-port="false",interface="management",name="osgi-http",port="8090")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="remoting":add(fixed-port="false",name="remoting",port="4447")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="txn-recovery-environment":add(fixed-port="false",name="txn-recovery-environment",port="4712")
/socket-binding-group="full-ha-sockets-copy"/socket-binding="txn-status-manager":add(fixed-port="false",name="txn-status-manager",port="4713")
run-batch

from profilecloner.

ah... you hit an incompatibility between 6.0/x and 6.1 and higher which I more or less forgot about.

In 6.0.x the "module-options" of a login-module (security subsystem) were rather inflexible. Login modules was a LIST, and the options all together a single OBJECT. Starting in 6.1 this was redone and login-modules was made a proper child resource with the options underneath.
Considering how old 6.0.1 is I have no plan to modify the cloner to support this very old version.
Keep in mind that 6.0.1 still has many known issues (also security issues!!) so upgrading should be a high priority.

workaround is easy: manually removed all "module-option" attributes, run the cloner, then add the options again.

from profilecloner.

Hi again,

Unfortunately our application vendor mandates on JBoss EAP 6.0.1 and all major development has been against this version. It won't be for another 1-2 years that we are likely to be able to upgrade to a newer version :(.

I take your response as though there is a workaround for 6.0.1, however are you able to give an example of a module-option that you remove to ensure I interpret your statement correctly?

For instance, via jboss-cli in domain mode, going to /profile=full/subsystem=security I see the following:

pwd
/profile=full/subsystem=security
[domain@hostname:9999 subsystem=security] ls
security-domain vault deep-copy-subject-mode=false

Looking in the domain.xml file I can see an examples of lines that have module-option. here is such an entry in the jboss-cli:

pwd
/profile=full/subsystem=security/security-domain=other/authentication=classic
[domain@hostname:9999 authentication=classic] :read-resource
{
"outcome" => "success",
"result" => {"login-modules" => [
{
"code" => "Remoting",
"flag" => "optional",
"module-options" => [("password-stacking" => "useFirstPass")]
},
{
"code" => "RealmDirect",
"flag" => "required",
"module-options" => [("password-stacking" => "useFirstPass")]
}
]}
}

So in the example above, would it just be a case of removing the 2 module-options lines for Remoting and RealmDirect? Or alternatively, did you remove both login-modules completely and re-add them.
I'd be interested in seeing your cli examples.

Thanks again!

from profilecloner.

yes, for example from the "full" profile you have:

                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="RealmDirect" flag="required">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>

Change that manually into:

                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                        </login-module>
                        <login-module code="RealmDirect" flag="required">
                        </login-module>
                    </authentication>
                </security-domain>

and repeat for any other domains you may have added.
Then run the cloner with /profile=full full-copy
and add those options manually back in. Adding them back is best done be editing the xml.

One of the reasons for the 6.1+ change was that your only choice in 6.0 was to add/modify the whole "login-modules" in one go which becomes a horrible CLI command when there are a number of options. If you really need it all in CLI, then start with manually bringing the original config down to:

                <security-domain name="other" cache-type="default">
                </security-domain>

and add the below to the resulting CLI code immediately after the :add() for the security-domain

/profile=full/subsystem=security/security-domain=other/authentication=classic:write-attribute(name=login-modules, value=[{"code" => "Remoting","flag" => "optional","module-options" => [("password-stacking" => "useFirstPass")] }, {"code" => "RealmDirect","flag" => "required","module-options" => [("password-stacking" => "useFirstPass")]} ] )

You can imagine that for more complicated authentication setups this becomes a bit of a mess to write/read.

Btw, your original statement used -p for port and password. You can only use "-p" for the password. The port option must be the full "--port=9999"

from profilecloner.

Fantastic!

Pleased to confirm this now works! I've become very accustomed to some of the nuances with the 6.0.1. cli, especially around adding JVM options and as you say, having to add things in one go.

I'll work on a cli to remove the bits in the xml and then use your examples to help me add the options back in.

Appreciate your time and help on this. Certainly looking forward to upgrading to a newer JBoss version at some point in the future.

Fingers crossed the generated batch statements work as well!

Regards,
David.

from profilecloner.