I have deployed WSO2ISasKM with WSO2APIM and I'm struggling to get the configuration right.
I can see there are a lot of scripts in the ../dbscripts folder. However, since I only share config+governance registry and userdb I created 2 dbs in which I only ran the script wso2is-km-5.7.0\dbscripts\postgresql.sql that created UM_ and REG_ tables. I am keeping the local registry in the WSO2CARBON_DB (H2). Is this correct?
I don't really make any use of scripts about IDENTITY and CONSENT that are shipped with the wso2IS binaries. Where should those scripts be launched?
I'm asking because there are some strange behaviour and errors about content in my logs.
This is how i configured the registry.xml of both IS and APIM:
<currentDBConfig>wso2registry</currentDBConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>
<dbConfig name="sharedregistry">
<dataSource>jdbc/WSO2REG_DB</dataSource>
</dbConfig>
<remoteInstance url="https://fqdn of the IS/APIM:9443/registry">
<id>sharedreg</id>
<cacheId>reg_db_owner#jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</cacheId>
<dbConfig>sharedregistry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
<mount path="/_system/config" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/config</targetPath>
</mount>
This is how datasources got added in master-datasources.xml
<datasource>
<name>WSO2REG_DB</name>
<description>REGDB ON POSTGRES</description>
<jndiConfig>
<name>jdbc/WSO2REG_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</url>
<username>wso2</username>
<password>wso2</password>
<defaultAutoCommit>true</defaultAutoCommit>
<driverClassName>org.postgresql.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
The UM_DB entry is identical but it point to another database.
I also noticed that for REG_DB and UM_DB, with Postgresql-11, I have to set the defaultAutocommit must be set to true to avoid error in writing the registry.
Can you also explain what are the purpose of IDENTITY and CONSENT related tables?I read the docs but couldn't understand the practical use of them.
Thanks in advance.
If you're using APIM with IS as KM, you need to share AM_DB as well. The script is inside dbscripts/apimgt/. That script includes both Identity and Consent scripts. So you can ignore Identity and Consent scripts.
See more in: https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
Related
at the beginning of the project we worked with Corda Opensource, and we used the command line argument logging-level=WARN to change the log level of the nodes.
When we started using Corda Enterprise, we noticed that a details-node-.log file was created. It is a log file that grows fast and is at TRACE level.
Our question: can the log in this file affect the performance of our cordapps and can we change the level of this log or disable it?
Corda Enterprise adds that logger which is not present in Open Source Corda.
The only impact I can see for a CordApp could be probably the lack of space on the server, so if in your case this log file becomes too big too quickly, it would be a good idea to configure it to avoid possible problems.
You can override the log4j configuration file and give it as input to the jar like this:
java -jar Dlog4j.configurationFile=new-log-config.xml <en-service>.jar
It is standard log4j, so you can also configure the rollover period and the size.
For reference, you can also take a look to this log4j.xml in open source Corda to see how the loggers are configured.
So, can probably override the logger you're concerned about with the following:
<?xml version="1.0" encoding="UTF-8"?>
<Properties>
...
<Property name="detailLogLevel">TRACE</Property>
</Properties>
<Appenders>
...
<RollingRandomAccessFile name="Detailed-RollingFile-Appender"
fileName="${log-path}/details-${log-name}.log"
filePattern="${archive}/details-${log-name}.%date{yyyy-MM-dd}-%i.log.gz">
<Policies>
...your policies...
</Policies>
<DefaultRolloverStrategy>
...your strategy...
</DefaultRolloverStrategy>
</RollingRandomAccessFile>
</Appenders>
<Loggers>
...
<Logger name="DetailedInfo" additivity="false" level="${detailLogLevel}">
<AppenderRef ref="Detailed-RollingFile-Appender"/>
</Logger>
</Loggers>
Artifactory Professional 5.9.0 rev 50900900
Regarding to documentation Artifactory Pro supports "Event-based push"
I am create 2 test repos with replication from one to second and "Enable Event Replication" enabled
screenshot
But then I upload artifact I see it in second repo only after 5 min (when cron replication runs). No imediately event replication. And no replication events in log except cron events.
In order to assist you with the issue you are experiencing, please share the repository replication configuration (mask the URL and the user/pass).
In addition to that add the below to your '$artifactory_home/etc/logback.xml' at the end of the file, just above '':
<appender name="repli" class="ch.qos.logback.core.rolling.RollingFileAppender">
<File>${artifactory.home}/logs/replication.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<FileNamePattern>${artifactory.home}/logs/replication.%i.log</FileNamePattern>
<MinIndex>1</MinIndex>
<MaxIndex>9</MaxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>25MB</MaxFileSize>
</triggeringPolicy>
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.jfrog.common.logging.logback.layout.BackTracePatternLayout">
<pattern>%date [%thread] [%-5p] \(%-20c{3}:%L\) - %m%n</pattern>
</layout>
</encoder>
</appender>
<logger name="org.artifactory.addon.replication" additivity="false" >
<level value="trace" />
<appender-ref ref="repli" />
This will create a new log file ($artifactory_home/logs/replication.log) that will hold the replication operations.
Once doing so, try to deploy a file to the repository with the event replication.
After you have the log written, please share the data from the log file
Event-based push replication is not enabled immediately after you enter license key. After a week it start to work. May be reboot needed after license key was input.
Is there a way to rebuild the applicationHost.config file in IIS 7 with a Windows command? Or if you can help me fix the issue by modifying this file, that's fine too. When comparing this file to other servers, I'm noticing very important sections that are missing or different after deleting a site and a few application pools.
I am by no means an expert in IIS 7, but I've been using it for 7 years now. I am confident have performed all of the proper steps for a new site configuration and it still gives me this error, "401.1 "You are not authorized to view this page. You do not have permission to view this directory or page using the credentials that you supplied."
C:\Windows\System32\inetsrv\config\applicationHost.config
This happened on a machine where IIS APPPOOL{app pool user} doesn't exist, so we've never used this user, like I normally do when configuring permissions. We did however add proper permissions to IIS_IUSRS (with IUSR in this group) last week, and the site worked fine. We're using Windows Authentication, and all other authentication methods are turned off. No virtual directories. We are using .NET 4.0, Classic, and 32 bit app (under advanced settings).
We had to manually update the host name by doing the following command in "C:\Windows\System32\inetsrv" on the binding because IIS would grey out the host name when the VeriSign SSL certificate was added to the binding.
appcmd set site /site.name:"himc" /+bindings.[protocol='https',bindingInformation='*:443:subdomain.domain.com']
Missing sections on "bad" web server:
1 - exists on "good" box, missing on "bad" box
<customMetadata>
<key path="LM/W3SVC/INFO">
<property id="4012" dataType="String" userType="1" attributes="Inherit" value="NCSA Common Log File Format,Microsoft IIS Log File Format,W3C Extended Log File Format,ODBC Logging" />
<property id="2120" dataType="MultiSZ" userType="1" attributes="None" value="400,0,,,0
" />
</key>
</customMetadata>
2 - exists on "good" box, missing on "bad" box
<asp>
<cache diskTemplateCacheDirectory="%SystemDrive%\inetpub\temp\ASP Compiled Templates" />
</asp>
3 - this section exists on the "good" box, but only 2.0 (first 2 lines) exist on the "bad" box.
<isapiFilters>
<filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness32,runtimeVersionv2.0" />
<filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness64,runtimeVersionv2.0" />
<filter name="ASP.Net_2.0_for_V1.1" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv1.1" />
<filter name="ASP.Net_4.0_64bit" path="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness64" />
<filter name="ASP.Net_4.0_32bit" path="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness32" />
</isapiFilters>
4 - this section exists on "bad" box, but is missing on the "good" box
<applicationDependencies>
<application name="Active Server Pages" groupId="ASP" />
</applicationDependencies>
5 - ssiExecDisable property is missing on "good" box
<serverSideInclude ssiExecDisable="false" />
6 - section missing on "bad" box
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true" />
</authentication>
Apparently, Microsoft keeps a history of these files in:
C:\inetpub\history\
Do a backup of all config files first!
So apparently, IIS keeps a history of the config files in C:\inetpub\history. So what you need to do is remember the last known date IIS worked fine and then copy the contents of the config file from c:\inetpub\history and replace config files in c:\windows\system32\inetsrv\config.
Good luck!
If you just want to modify currently active applicationHost.config take a look at this article:
Editing Applicationhost.config on 64 bit Win2008
As the article says, for some reason applicationHost.config is visible only using Explorer (which explains why I wasn't seeing file from my custom file manager) and you can edit it without problems using Notepad (again, any other editor and you'll run into problems).
The inetpub history folder saved my butt. I simply restored the two files in the root folder and wallah problem solved.
To install a backup of an older configuration, you can use the command:
c:\windows\system32\inetsrv\appcmd restore backup CFXHISTORY_xxxxxxxx
where CFXHISTORY_xxxxxxxx is a sub folder of C:\inetpub\history\.
Not sure what the command does besides copying files from that folder to the current configuration, but you should probably use it in case it does do something special.
Or you can just copy the file from the backup as explained in https://stackoverflow.com/a/14859645/2279059
im trying to use the iis7 web task in the extension pack. I cant successful use the task(with my god level admin access), but my issue is that i cant use it with the user that must run it (service user).
<Target Name="CheckForSite">
<Message Text="Site: $(Site)" />
<Message Text="Application: $(Application)" />
<Message Text="Server: $(Server)" />
<Message Text="PhysicalPath: $(PhysicalPath)"/>
<!-- Check if the site exists -->
<MSBuild.ExtensionPack.Web.Iis7Website TaskAction="CheckExists"
Name="$(Site)"
MachineName="$(Server)"
>
<Output TaskParameter="Exists" PropertyName="SiteExists"/>
</MSBuild.ExtensionPack.Web.Iis7Website>
<Message Text="Site Exists: $(SiteExists)" Condition="$(SiteExists)"/>
<Message Text="Site does not exist: $(SiteExists)" Condition="(!$(SiteExists))"/>
I get the error:
error : UnauthorizedAccessException: Retrieving the COM class factory for remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} from machine failed due to the following error: 80070005
It is access denied exception. Try to add Username="username" UserPassword="password" properties into the MSBuild.ExtensionPack.Web.Iis7Website task. User should be admin on the target machine.
In my case I had a problem with domain communication. My server is in the different domain as my user's domain. It was fixed by our infrastructure team. I found this issue in the event log. Check event logs first for any related issues.
I want to enable "Directory Browsing" for the for the following virtual web directory using WIX.
<iis:WebVirtualDir Id="LogsVirDir" Alias="Logs" Directory="ESGLOGFILES" />
How do I accomplish this using WIX?
Wouldn't a simpler solution be to use the web.config system.webserver property like :
<directoryBrowse enabled="true"/>
Based on my research Wix currently does not have any capability to enable Directory Browsing using the standard set of actions. The one way I have found to do this is using a combination of Wix Custom Actions and IIS's Appcmd.exe. Note this command will create a web.config file if one does not exist.
<CustomAction Id="EnableDirectoryBrowsing"
Execute="deferred"
ExeCommand='[WindowsFolder]system32\inetsrv\APPCMD.EXE set config "ESG Website/logs" /section:directoryBrowse /enabled:true'
Directory="TARGETDIR"
Return="check"
Impersonate="no"/>
<InstallExecuteSequence>
<Custom Action="EnableDirectoryBrowsing" Before="InstallFinalize">Not Installed</Custom>
</InstallExecuteSequence>
Im using wix v3.8
try adding ConfigurableDirectory in your Feature
ex: <Feature Id='TestName' Title='Test Web' ConfigurableDirectory='INSTALLDIR' Level='1'>
Use the following code
<Control Id="Browse" Type="PushButton" X="304" Y="210" Width="56" Height="17" Text="!(loc.CustomizeDlgBrowse)">
<Publish Event="SelectionBrowse" Value="BrowseDlg">1</Publish>
</Control>
Take the value of this in the variable you want and use it.