Installing WSO2 greg and API manager on different VM with shared MySQL - mysql

I'm installing greg and APi manager using this configuration:
1 VM for MySQL
1 VM for API
1 VM for BAM
1 VM for greg
All latest currrent releases
I'm wandering which is the best configuration.
My idea was having all the tool to place data in MySQL, but I'm wandering on how to ling all the DB in the various config files
APi should point to registry runniong on his VM and to the BAM instance, but looking on the registru moaster-datasource.xml I found also this:
<datasource>
<name>WSO2AM_DB</name>
<description>The datasource used for API Manager database</description>
<jndiConfig>
<name>jdbc/WSO2AM_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:h2:repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
That imply that registry has access to API manager DB ... what for?
I'll have to add also ESB and BPS so this deployment architecture becomes complex.
Any hints
Thanks
Luca

WSO2 servers are using H2 database which is shipped by default. So if you start up a fresh pack which will run on its own database instance.
In order to share the registry data between servers, you will have to configure registry mounting. This will be helpful to create JDBC mounting. But if you have one instance of a server, then you can omit clustering part from the article. You can follow the same configuration for other servers as well (BAM, API manager and BPS) to configure JDBC mounting. So that all your data will be stored in MySql and shared across servers.
If you need to store users information also in JDBC and share it across servers, then you will have to add another data source into master-datasource.xml and use it in CARBON-HOME/repository/conf/user-mgt.xml instead of the default data source.
API manager is having few different data sources for its own purposes. That doesn't mean to have any relationship with registry. By default "WSO2CarbonDB" is only used for registry and user manager purposes as stated in the description of each data sources.

You can use mounted database to resolve your issue . please refer [1] for how to mount guide.
[1]. http://ajithvblogs.blogspot.com/2012/09/create-jdbc-mount-to-wso2-governance.html
Thank You,
Dharshana

Related

Tomcat 8.0.9 manager app reporting "401 Unauthorized" despite my trying everything

I have an instance of Tomcat 8.0.9, running on GNU/Linux 2.6.32-642.6.2.e16.x86_64, that responds with "401 Unauthorized" when I try to access the manager UI, no matter what I try.
I know Tomcat is running, because I get that page.
I know it is that specific instance of Tomcat, because if I shut it down and revisit the URL (https: //host.name:port/manager/html), I get a connection refused.
The browser doesn't even prompt me for username and password; it just goes straight to the "401 Unauthorized" page.
The server's catalina.out log even reports that it has deployed the manager webapp (paraphrased):
*.a few seconds ago* INFO [localhost-startStop-1] o.a.c.s.H.deployDirectory Deploying web application directory /path/to/webapps/manager
*milliseconds later* INFO [localhost-startStop-1] o.a.c.s.H.deployDirectory Deployment of web application directory /path/to/webapps/manager has finished in 22 ms
I started with the Apache docs (https: //host.name:port/docs/manager-howto.html), and then with several versions of this question on SO for troubleshooting, including one that seems to have the most answers.
Since I've never used the manager before, my go-to theory is that 'obvious' was exactly what I was missing; however, I tried all of the obvious stuff below:
I restarted Tomcat, multiple times in this process, verifying that a reload of the URL was indeed firing a connection refused with the server stopped, and then back to the 401 error with the server started.
I added admin-gui to the user's roles:
<role rolename="admin-gui" />
<role rolename="manager-gui" />
<user username="tomcat" password="s3cret" roles="admin-gui,manager-gui" />
The XML above is not inside a comment block - if I edit it in Gvim with syntax highlighting turned on, this is very obvious.
tomcat-users.xml is owned by tomcat, and is readable (it's mode 775, in fact). I know it's being read, because if I add nonsense elements to it, catalina.out reports this on startup.
I also added the other role to tomcat-users.xml, just in case (manager-jmx, admin-script, etc.). (I'm still not sure what's supposed to happen if you left those out, misspelled them, etc. I imagine the manager webapp wouldn't recognize rolenames outside its specific set, but naturally I can't confirm this yet.)
The following element exists in server.xml, inside an Engine element:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
</Realm>
In case it's relevant, there's also this, earlier in server.xml:
<GlobalNamingResources>
<Resource auth="Container" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" />
</GlobalNamingResources>
In the Tomcat startup script, CATALINA_HOME points to the exact install path of Tomcat. There is no TOMCAT_HOME or JAVA_HOME, but JRE_HOME points to a symbolic link that points to an actual Java install (I followed that link and confirmed).
In the manager webapp, META-INF/context.xml, the Valve element is commented out.
Is there even a report of why I'm unauthorized, that gives me more information? I've tried scouring the manager webapp directory in the hopes there was yet another log there. (There isn't.)

Http requests to CEP

I installed the CEP ( Proton ) through the official documentation, https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/CEP_GE_-_IBM_Proactive_Technology_Online_Installation_and_Administration_Guide
After that, I watched this recommended video to learn more about CEP. https://edu.fiware.org/pluginfile.php/653/mod_resource/content/1/CEP-Tutorial.mp4
But I can't check engine instance state, because appears this error in response:Could not read instance state, message: Error activating jmx proxy:
It seems that JMX is not properly configured.
As described in the installation guide, in the Apache Tomcat users configuration file you need to add manager-jmx role, and add it to the manager user name:
<tomcat-users>
...
<role rolename="manager-jmx" />
<user username="manager" password="manager" roles="manager-gui,manager-status,manager-script,manager-jmx" />
...
</tomcat-users>
You need to enable JMX access on Apache Tomcat, by adding it to CATALINA_OPTS, as described in the installation guide.
You also need to specify the JMX service port in the ProtonAdmin.properties file, as described in the same installation guide.

Apache Drill with Kerberos

Does anyone know how to enable kerberos with Apache Drill? Is it possible. I can't seem to find any documentation on it, or any questions/answers floating around with the information on it. I am currently running a CDH cluster.
I am getting this error when trying to use HDFS with Drill:
Error: PERMISSION ERROR: SIMPLE authentication is not enabled. 
Available:[TOKEN, KERBEROS]
HDFS + Kerberos integration isn't currently supported / tested / documented. Vote on this ticket to track when it becomes available:
https://issues.apache.org/jira/browse/DRILL-3584
There isn't any documentation that the Drill team provides about how to enable kerberos and they haven't tested kerberos with Drill. Drill Eng. does believe that it should work.
In order to gain access onto the cluster once Kerberized, you must configure certain files in order to gain access.
Make an HDFS Superuser account as indicated in this Cloudera doc. On the Main Node, run
•sudo kadmin.local
In addition, add an 'hdfs' principal with this command
•addprinc hdfs#LOCALDOMAIN -- Where localdomain is the principal name
In order to enable authentication with Kerberos, we also need to copy the file hadoop-yarn-api.jar into Drill's class path. Example given below
•cp /opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hadoop/client/hadoop-yarn-api.jar ~/apache-drill/jars/
The above step and the three following must be performed on each node of the cluster that an Apache Drill is installed.
Next, Drill's conf/core-site.xml file should be edited to contain the following snippet of xml. You might have to copy this file from /etc/hadoop/conf.cloudera.yarn/core-site.xml, etc or a similar path.
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
After this step, you will also need to add the following xml snippet below to the drill core-site.xml file. In this instance, hdfs/_HOST#LOCALDOMAIN is my principal property. The property can be found on the hdfs-site.xml file
<property>
<name>dfs.namenode.kerberos.principal</name>
<value>hdfs/_HOST#LOCALDOMAIN</value>
</property>
All that is left to do is create an 'hdfs' Kerberos ticket for the user that we're logged into
•kinit hdfs -- hdfs is the super user
Then start up each of the drillbits
•/opt/apachedrillfolder/bin/Drillbit.sh start
So now, Drill has both the configuration and the authority to use our kerberized HDFS store. Give it a shot by opening up a Drill prompt (drill-conf) and trying a query

Message Driven bean external configuration for JBoss with IBM MQ

I am working on a Notification Service using IBM MQ messaging provider with JBoss eap 6.1 environment. I am successfully able to send messages via MQ JCA provider rar i.e. wmq.jmsra.rar file. However on consumer part my current configuration looks like this
#MessageDriven(
activationConfig = {
#ActivationConfigProperty(propertyName="destinationType", propertyValue="javax.jms.Queue"),
#ActivationConfigProperty(propertyName="destination", propertyValue="F2.QUEUE"),
#ActivationConfigProperty(propertyName="providerAdapterJNDI", propertyValue="java:jboss/jms/TopicFactory"),
#ActivationConfigProperty(propertyName="queueManager", propertyValue="TOPIC.MANAGER"),
#ActivationConfigProperty(propertyName="hostName", propertyValue="10.239.217.242"),
#ActivationConfigProperty(propertyName="userName", propertyValue="root"),
#ActivationConfigProperty(propertyName = "channel", propertyValue = "TOPIC.CHANNEL"),
#ActivationConfigProperty(propertyName = "port", propertyValue = "1422")
})
My problem is that consumer of this service does not want to add any port numbers, hostName, queueManager properties in these beans. Also they do not want to use ejb-jar.xml to externalize these configs. I have researched and found that we can add a domain IBM Message Driven Bean but with no success. Any suggestions on what I can do here to externalize all these configurations ?
EDIT: Adding --> The JCA resource adapter is deployed at consumer end if it makes it any easier.
Thanks
You can actually externalize an MDBs activation spec properties to the server configuration file.
Create the ejb-jar.xml file, but do not put the actual value in the file, use a property placeholder:
<activation-config-property>
<activation-config-property-name>hostName</activation-config-property-name>
<activation-config-property-value>${wmq.host}</activation-config-property-value>
</activation-config-property>
Do this for all of the desired properties.
Ensure that property replacement for Java EE spec files (ejb-jar.xml, in this case) is enabled in the server configuration file:
<subsystem xmlns="urn:jboss:domain:ee:1.2">
<spec-descriptor-property-replacement>true</spec-descriptor-property-replacement>
Then, in the server configuration file, provide values for your properties:
<system-properties>
<property name="wmq.host" value="10.0.0.150"/>
Once your MDBs are packaged, you will not need to change any of the files in the MDB jar - just provide the properties in the server configuration.
you can avoid to add host name, port number and so on in MDB, you just want to define destinationType in MDB, and rest of the thing u can configure in your application server, like Activation Specification, Queues and Queue Connection Factories.
I have done the same thing but i used IBM Websphere Application Server.

How do you configure jetty to allow access from an external server?

I've seen this asked before, with no good answers, how do you configure jetty to allow access from an external server? I've just started messing around with solr and jetty and am using the example jetty instance that comes with solr.
solr is running fine on localhost, and I can query it from sites on the same server. However, I can't access the solr instance from another server. I've googled and read quite a bit in the last few days, but have not been able to discover what's keeping jetty from allowing non localhost access to solr.
Based on what I've read, I have tried added the following line to example/etc/jetty.xml
<Set name="Host">0.0.0.0</Set>
and still got no external response
then tried
<Set name="Host">x.x.x.x</Set>
where x.x.x.x is my server's IP address
and
<Set name="Host">host.domain.com</Set>
where host.domain.com is my server's FQDN
These both resulted in the error
java.net.BindException: Cannot assign requested address
when I started.
The start command I'm using is
sudo java -jar start.jar etc/jetty.xml
You can point me to where I can read on this or spoon feed me, I don't care. I'd just like to get past this hurdle so I can keep learning about setting up and using solr.
you should add a file called clientaccesspolicy.xml for cross domain access to your static web files directory:
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*" http-request-headers="*">
<domain uri="http://*"/>
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
you should set you static directory to jetty using this code:
ResourceHandler staticHandler = new ResourceHandler();
staticHandler.setResourceBase("static/dir");
handlers.addHandler(staticHandler);