Broker J 7.1.2 So I am experimenting with adding vhost ACL into the virtual host itself, so that the ACL is replicated across all nodes in the cluster. Originally the ACL was added at the broker level, so I had to import it to each of the 3 nodes.
I created a new entry in Virtual Hosts Access Control providers, but by mistake set default action as DENY. The console didn't give me a chance to actually upload the ACL, as the global DENY immediately went in effect. A few questions: 1. Should activation of ACL (at least in DENY default mode) be delayed at least until one ACL rule is added? 2. Is there a way for me to un-brick the virtual host (as its pretty much read-only now)? I can recreate the nodes, but it would be good to know how to handle this in production setting, if it were to happen accidentally. 3. Is it even a good idea to have ACL inside replicated vhost? I wonder what the best practices are. Incidentally, for the first time ever I got 417 Unable to load service/sasl status: 417 when accessing HTTP web console on one of the 3 nodes. The broker log doesn't show anything, and obviously I can recycle it from command line, but this hasn't happened in several months of testing (starting with older version of Broker-J), so I wonder what condition could have caused this error? The HTTPS version of the console is not responding either, just sits there spinning its wheels. Is there anything I can look at before I recycle the broker? Thanks!
