Unable to connect to jboss-cli on OpenShift

[jmesnil]

I'm unable to connect locally to the jboss-cli when the image is deployed on OpenShift.

sh-5.1$ whoami 
1006870000
sh-5.1$ $JBOSS_HOME/bin/jboss-cli.sh -c

Authenticating against security realm: ManagementRealm
Username: 
Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by javax.security.sasl.SaslException: No username supplied.]

As I am connecting locally from a terminal, I should be identified as the special $local user and I don't need to have created an admin user.

This does not work on OpenShift (tested on 4.16.4).

However, doing the same thing from docker or Kubernetes works as expected.

The issue might related to some specific user permission as OpenShift does not identify the user as jboss but as 1006870000

With docker

$ docker run -p 8080:8080 quay.io/wildfly/wildfly
$  docker exec -it cranky_chaum /bin/bash
bash-5.1$ whoami
jboss
bash-5.1$ $JBOSS_HOME/bin/jboss-cli.sh -c
[standalone@localhost:9990 /]

With Kubernetes

$ kubectl create deployment wildlfy-app --image=quay.io/wildfly/wildfly
$ kubectl exec wildlfy-app-845cdb557f-ddjgr --stdin --tty -- /bin/bash
bash-5.1$ whoami
jboss
bash-5.1$ $JBOSS_HOME/bin/jboss-cli.sh -c
[standalone@localhost:9990 /]

[jmesnil]

The jboss user is created in the Docker image with

RUN groupadd -r jboss -g 1000 && useradd -u 1000 -r -g jboss -m -d /opt/jboss -s /sbin/nologin -c "JBoss user" jboss && \
    chmod 755 /opt/jboss

As a comparison, the quay.io/wildfly/wildlfy-runtime is using the 185 UID to create its jboss user (at https://github.com/wildfly/wildfly-cekit-modules/blob/59426a5dff4a116dc901c3b187c41fb44bd85fcb/jboss/container/user/configure.sh#L8)