I am using a combination of WSO2 API Manager and Identity server.
Now my server machine gets full because of logs. Though logs getting rotated , they are not being deleted.
Is there a way to manage logs in WSO2? May be automatically delete them after a time period. Or limit the size if logs file
You can configure logging in repository/conf/log4j.properties file.
Add following configurations in the log4j.appender.CARBON_LOGFILE=org.apache.log4j.RollingFileAppendersection.
log4j.appender.CARBON_LOGFILE.MaxFileSize=20MB
log4j.appender.CARBON_LOGFILE.MaxBackupIndex=1000
So this will ensure total 20MB * 1000 will be used. i. e first 1000 entries of 20MB chunks will be retained
Ref: WSO2 ESB log is too big, how to set?
Related
I'm setting WSO2 APIM HA in distributed environment and I have some challanges using this documentation.
Documentation states: Note: When configuring clustering, ignore the WSO2_CARBON_DB data source configuration.
Question is, do I really cannot use CARBON db instead od UM un REG databases in HA?
Documentation mentions to configure following:
AM DB - in the Publisher, Store, and Key Manager nodes
UM DB - in the Publisher, Store, and Key Manager nodes
REG DB - in the API Publisher and Store nodes. (single tenant)
MB DB - in the Traffic manager nodes (each TM own DB)
Question is, can I completely fill one master-datasources.xml file and overwrite it on all components so I would not have to edit it on each server? (only editing the second TM datasource to aim to the second MB DB)
Yes, that is fine if you completely fill only one master-datasource.xml file & overwrite it on all other components. (except WSO2_MB_STORE_DB which is MB DB)
But MB DB (WSO2_MB_STORE_DB ) has to be separate for each node. As this DB is used for traffic as well as internally by Throttling policies, which has very high rate of DB transactions.
It will work if you don't keep WSO2_MB_STORE_DB separate, but it will have large number of DB transactions which can slower down your single DB. So it's Highly Advisable to maintain separate DB on each node. It will also help you in easy DEBUGGING in PROD environments.
I am having an issue when trying to delete a resource group as I get the following error in Azure;
Failed to delete resource group Default-Storage-EastUS: Deletion of resource
group 'Default-Storage-EastUS' failed as resources with identifiers 'Microsoft.ClassicStorage/storageAccounts/bitnamieastusq5n61m4' could not be deleted. The provisioning state of the resource group will be rolled back. The tracking Id is '5b0424e2-bfea-4aef-a832-2230fb3bd279'. Please check audit logs for more details. (Code: ResourceGroupDeletionBlocked) Unable to delete storage account 'bitnamieastusq5n61m4': 'Storage account bitnamieastusq5n61m4 has some active image(s) and/or disk(s), e.g. bitnami-bitnami-wordpress-4.6.1-0-eastus-Q5N61m4. Ensure these image(s) and/or disk(s) are removed before deleting this storage account.'. (Code: StorageAccountOperationFailed)
This was initially a Automated WordPress install from BITNAMI and linked to our pay as you go subscription.
On the BITNAMI account the VM has been removed completely, however it is still showing on AZURE.
Bitnami/Azure resource screen shot
Under Azure Portal, I have checked the Virtual Machines list and there is nothing present.
I have also checked for any disks that may have not been removed correctly, but again there are none.
The delete process is:
Select Resource
choose the eclipse
select delete
enter the resource group name
Click Delete
Notifications show that it does start the deleting process, but then fails with the above error.
Has anyone come across this before, or have any suggestions on how to remove this resource completely?
I have also looked under the storage account on the portal and it shows bitnamieastusq5n61m4, however it will not delete either apparently due to existing disks, but where are these disks?????
The Portal does not show any images or disks....
No VM Images
Thanks for your time and assistance.
Azure says you cannot delete the storage account if it contains images/active vhd(s). In your case it is the same. So, before deleting the resource group you need to delete the image/active vhd(s).
Refer to the screenshot from - https://azure.microsoft.com/en-in/documentation/articles/storage-create-storage-account/
I would recommend you to use powershell command with force parameter for the same.
Remove-AzureRmResourceGroup -Name "abc" -force
I have an old database - a users membership/role that was setup automatically by an ASP.Net 2 application years ago:
The Sql Server version currently running is: Sql Server 10.5.1617
The users database log file is huge (the ldf file is approx 400 times the size of the mdf file).
The recovery model is currently set to "Full". I understand what that is - and I don't need point in time restoration.
If I simply changed the recovery model to "Simple" from within Sql Server Management Studio:
...and clicked ok to save the changes - would I be risking my current database in any way? Or is Sql Server fine with making changes like this to live databases? And would the log file automatically shrink itself?
Thanks for your advice,
Mark
You should be fine, the transactions have been commited. The log file is waiting to be backed up and therefor released. Changing to Simple Recovery means that you cannot do rolling backups, but data will be commited to the db in the same way as before, logs are simply deleted after sql has completed writing the transaction.
To answer both of your questions:
Changing the recovery model on a live database is safe. You shouldn't incur any downtime, blocking, etc.
The log file won't shrink itself. You may find that once you've set the recovery model to simple that it may not be shrinkable right away. If you find that you're unable to shrink it, take a look at dbcc loginfo, specifically the 'status' column. Each row in the output of that command represents one virtual log file (vlf). The shrink command will only be able to clear a contiguous block of inactive (i.e. status = 0) vlfs at the end of the file. TL;DR - If you've got rows with status = 2 at the bottom, wait until you don't and then shrink.
In the Sitecore (6.6 v130404) log file there are so many "Sitecore has no necessary permissions for reading/creating counters." records being created. I have disabled the performance counters in the server.
<!-- ENABLE COUNTERS
Indicates if performance counters are enabled.
Default value: true
-->
<setting name="Counters.Enabled" value="false"/>
Log extract: (For every 6seconds this keeps updating the log)
Heartbeat 19:07:33 WARN Sitecore has no necessary permissions for reading/creating counters.
Heartbeat 19:07:39 WARN Sitecore has no necessary permissions for reading/creating counters.
Heartbeat 19:07:45 WARN Sitecore has no necessary permissions for reading/creating counters.
Heartbeat 19:07:51 WARN Sitecore has no necessary permissions for reading/creating counters.
I have modified the following webconfig setting and set the value as 1hour, as the above log mentions that it's related to a heartbeat setting.
This solved the problem. I have Googled for any effects with this change in this setting, found no results on this. Is this ok to set this setting to 1hour? What is the purpose of this setting?
A Sitecore application pool user (most probably Network Service user) has to be a member of the system “Performance Monitor Users” group to have access to the mentioned registry key. Adding the user to this group and restarting IIS should solve the problem.
As explained in approved answer you need to add app pool user to performance monitor users and performance log users group.
To add your app pool user add iis apppool\{site name}.
You need to restart your machine again or alternatively restart your iis and log off and log in to make sure your changes got picked up by user group membership
Here are a few screenshots.
Powershell solution (works on Windows 10 Home, where you don't have lusrmgr.msc console).
Run PS console as administrator then:
PS C:\WINDOWS\system32>Add-LocalGroupMember -Group "Performance Monitor Users" -Member "{UserName}"
PS C:\WINDOWS\system32>iisreset
Where the {UserName} is your application pool identity user or Network Service.
Mind that group name may be different (it may be in your local language for non-english Windows version). Then call:
PS C:\WINDOWS\system32>Get-LocalGroup
This will list all groups and you will find correct name there.
I am getting this error while connecting to IBM MQ. I know that this is because of privileges, but is there any way just to check the connection with IBM MQ?
Please suggest.
The 2035 suggests that your connection is getting to the QMgr. If you had the wrong channel name, host or port you would get back a 2059. The 2035 means that the connection made it to the listener, found a channel of the name that was requested and attempted a connection.
If you want to test past this point it will be necessary to either authorize the ID that you are using to connect or to put an authorized ID in the MCAUSER attribute of the channel.
For a detailed explanation of how the WMQ security works on client channels, see the WMQ Base Hardening presentation at http://t-rob.net/links.
If you enable authorization messages then the 2035 will show up in the event queue. Then you can look at the message and see what ID was used to connect and what options were used too. The 2035 might be because you asked for set authority on the queue manager or something else you aren't supposed to have. The authorization messages wil show you that.
You can also resolve this By setting mcauser('mqm') .. i was able to overcome 2035 error.
Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser(‘mqm’)
Esp thanx to my SENIOR Bilal Ahmad (PSE)
You have to check the privileges with an MQ administrator.
You can use dspmqaut to check the grant.
Below is the sample to give user poc access to Queue Manager QM1 and Queue LQ1
# check the access right of user POC to QM1
dspmqaut -m QM1 -n LQ1 -t q -p poc
# if you want to give access, you should use
setmqaut -m QM1 -n LQ1 -t q -p poc <access Types>
# eg (put everything - in the real live scenario, choose only what you want to grant) :
setmqaut -m QM1 -n LQ1 -t q -p poc +put +get +browse +inq +set +crt +dlt +chg +dsp +passid +setid +setall +clr
Then dont forget to restart QM1 with
endmqm -i QM1
strmqm QM1
Finally, you should be able to proceed without error 2035.
I have been struggling with this for ages too. Eventually I found this solution. (If you can call turning off authentication a solution.)
I am using version
- IBM Websphere 9.1.0.201807091223
From IBM's website they advise turning connection authentication off!!!
Resolving the problem Disable channel authentication
You will need to disable connection authentication, at least
temporarily. There are known issues in FTM for Check with regard to
using MQ connection authorization. These problems are actively being
addressed and fixes will appear in a future fix pack. The target is
fixpack 3.0.0.8.
Steps to disable connection authentication: Open MQ command console
and type runmqsc ALTER
AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
CHCKCLNT(NONE) CHCKLOCL(NONE) Restart the queue manager for this
change to take effect.
Source http://www-01.ibm.com/support/docview.wss?uid=swg21962081
On this topic if you are using MQSeries 9.1 in a test or development environment you can disable channel authentication with the following approach :
. Launch MQ command line utility with the following :
runmqsc (for example runmqsc QM1)
. Disable authentication for all channels with the following command
ALTER QMGR CHLAUTH (DISABLED)
For a Q/Q-manager running on Windows, you may have to create the user on the Q/Q-manager machine [i.e. create a user on the Q-machine to match the user on the Q-client machine], and then add that user to the 'mqm' group on that machine.
Steps:
Ensure that the domain user that is being used to create the Q CLIENT [i.e. the user that the Q-client app is running under] also exists on the box with the Q/Q-manager. You may be able to just create a local user on the Q/Q-manager box [, or you may have to do some more complicated creation of an Active Directory user - I can't help you there].
On the Q/Q-manager box, add the user you have just created [or the existing one, if it already exists] to the mqm group. [On a Windows server box you will need to use the Microsoft Management Console (1. 'mmc' from the command line, 2. File > Add/Remove SnapOn > Local Users & Groups, 3. add user to group)]. The 'mqm' group should already exist on the Q/Q-manager machine.
Error MQRC 2035 basically means that your application has been able to connect to the queue manager, however due to certain absence of permissions/authorizations, it was unable to put/get/publish/subscribe messages.
To resolve this, at first, try these steps in order to disable the authorizations from queue manager and channel. Use this only if it isn't a production queue manager.
Always check the queue manager logs. It tells you exactly where you need to look into, and resolve the issue.
In this case, generally, you can issue the following commands after doing a runmqsc on the queue manager :
ALTER QMGR CHLAUTH(DISABLED)
Then set the chckclnt object(under authinfo) to optional
DISPLAY QMGR CONNAUTH
DISPLAY AUTHINFO(name-from-above) ALL //name from the first commands
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
SET CHLAUTH('*') TYPE(BLOCKUSER) ACTION(REMOVEALL)
This helps remove any blocks that the channel is creating against any user.
SET CHLAUTH(your channel name) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL)
This should resolve your issue, since we have disabled every authorization that an application has to pass in order to do anything on a queue manager.
Now, in case you are using a production queue manager, NEVER remove authorizations.
Go, and right click on any QM that you have configured in your MQ explorer. Go to the QM authority, and authority records. Click on create new user, and give the same name as the username your application is using. Select all the checkboxes, then copy from the space below all the commands that are given. Namely, setmqaut. Edit with your queue manager name, and issue them!
----Never give up, the answer is where you have not looked yet--------