Creating a WSO2 IS cluster

Do the registry mounting as described in previous blog (

http://susinda.blogspot.com/2014/09/is-moving-user-db-registry-and-local.html)

Create another IS Node, by copy pasting the Node we created at previous blog, B

Configure the shared registry database and mounting details in another node (lets say Node2), And create another database called REGISTRY_LOCAL2 and configure that as the local registry for Node2 

In Node2 Do following configs

is_home/repository/conf/registry.xml of the worker node as shown below:

Set ReadOnly true for the shared registry

    instanceid

    sharedregistry

    true

Set embedded false for EmbeddedLDAP
In embedded-ldap.xml make embedded false since this will use nodeA's ldap

  
    true

Point node 2 to the default user store of node1. 
You need to configure the connection URL in user-mgt.xml of node2 as given below (default port is 10389). By default, the connection URL given in the file is ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}.

    <------------>
    ldap://[IP_of_node1]:10389

Manager node do the Following Configurations

1.In axis2.xml

Enable clustering

Set membership sceme

wka


set domain

wso2.is.domain


set sub domain as "mgt"

   
   
   



Set localmemberHost

127.0.0.1


set localmember port

4000


Add ELB as a member in memebers section, use ELBs group_mgt_port as the port

        127.0.0.1
        4500




2. In carbon.xml do the following

Set host name
 wso2.is.com

Set management host name
 wso2.is.com

3. In catalina-server.xml set proxyports in http and https respectively
proxyPort="80"
proxyPort="443"


Configure ELB
1. Edit loadbalacer.conf as follows
services {
    identity {
    domains {
         wso2.is.domain {
            tenant_range *;
            group_mgt_port 4500;
            mgt{
                hosts wso2.is.com;
            }
        }
    }
}
}


2.In axis2.xml configure following

Enable clustering


Set membership sceme
wka

set domain
wso2.lb.domain

set localmember port
4200

Running the cluster

1. Start the ELB (you need to be the superuser of that computer to start ELB since we are running ELB on default ports) and the IS nodes.
2. Now you can access the management console using the following URL: https://wso2.is.com/carbon/

WSO2-IS Mounting User_Db and Registry in MySql

1. Create Mysql databases

Use following commands

mysql -u root -p
//Note that my username and password for mysql is root root

create database WSO2_USER_DB;
use WSO2_USER_DB;
source /dbscripts/mysql.sql;
source /dbscripts/identity/mysql.sql;
source /dbscripts/identity/application-mgt/mysql.sql;
grant all on WSO2_USER_DB.* TO root@"carbondb.mysql-wso2.com" identified by "root";

 create database REGISTRY_DB;
 use REGISTRY_DB;
source /dbscripts/mysql.sql;
 grant all on REGISTRY_DB.* TO root@"carbondb.mysql-wso2.com" identified by "root";

 create database REGISTRY_LOCAL1;
 use REGISTRY_LOCAL1;
 source /dbscripts/mysql.sql;
 grant all on REGISTRY_LOCAL1.* TO root@"carbondb.mysql-wso2.com" identified by "root";

2. Define the host name
For configuring permissions for the new database add the following line in  /etc/hosts file  
MYSQL-DB-SERVER-IP carbondb.mysql-wso2.com

3. Add MySQL JDBC driver 
Download MySQL driver  and copy the MySQL JDBC driver JAR (mysql-connector-java-x.x.xx-bin.jar) into the /repository/components/lib directory .

4. Configure master-datasources

        org.wso2.carbon.ndatasource.rdbms.RDBMSDataSourceReader 
     
     
         
            REGISTRY_LOCAL1 
            The datasource used for registry- local 
             
                jdbc/WSO2CarbonDB 
             
             
                 
                    jdbc:mysql://carbondb.mysql-wso2.com:3306/REGISTRY_LOCAL1?autoReconnect=true 
                    root 
                    root 
                    com.mysql.jdbc.Driver 
                    50 
                    60000 
                    true 
                    SELECT 1 
                    30000 
                 
             
         
         
            REGISTRY_DB 
            The datasource used for registry- config/governance 
             
                jdbc/WSO2RegistryDB 
             
             
                 
                    jdbc:mysql://carbondb.mysql-wso2.com:3306/REGISTRY_DB?autoReconnect=true 
                    root 
                    root 
                    com.mysql.jdbc.Driver 
                    50 
                    60000 
                    true 
                    SELECT 1 
                    30000 
                 
             
         
          
            WSO2_USER_DB 
            The datasource used for registry and user manager 
             
                jdbc/WSO2UMDB 
             
             
                 
                    jdbc:mysql://carbondb.mysql-wso2.com:3306/WSO2_USER_DB 
                    root 
                    root 
                    com.mysql.jdbc.Driver 
                    50 
                    60000 
                    true 
                    SELECT 1 
                    30000 
                 

5.Configuring user-mgt.xml

 
jdbc/WSO2UMDB

6. Configure registry xml
 Add following config

        
    
     jdbc/WSO2RegistryDB
    
  
 
     instanceid
     sharedregistry
     false
     true
     /
     root@jdbc:mysql://carbondb.mysql-wso2.com:3306/REGISTRY_DB?autoReconnect=true
 
  
 
     instanceid
     /_system/asNodes
 
  
 
     instanceid
     /_system/governance
 

7. Configure identity.xml 
Change dataSource name as follows

jdbc/WSO2UMDB

8.Configure application-authentication.xml 
Change dataSource name as follows

jdbc/WSO2UMDB

References
[1] - https://docs.wso2.com/display/CLUSTER420/Setting+up+the+Database

Encrypted content in registry.

Just thought to post this info, in case of someone might need this in future.

Server	Data	Registry location
Common	KeyStore info	governance/repository/security/key-stores/
Common	Logger config info	config/repository/components/org.wso2.carbon.logging/loggers/
GREG	"Report Schedule" configuration info	config/repository/components/org.wso2.carbon.registry.reporting/configurations/
BAM	JMX profiles	governance/repository/components/org.wso2.carbon.publish.jmx.agent/
ESB	BAM server profiles	config/bamServerProfiles
APIM	BAM server profiles	config/bamServerProfiles
APIM	Secure endpoints	config/repository/components/secure-vault
IS	Policies	governance/repository/identity/entitlement/
DSS	Passwords of ndatasource configuration	config/repository/components/org.wso2.carbon.ndatasource

Expose secured backend service as a insecure service

Suppose we have a Secured Backend service, and from esb we want to access that. For this we may need to create the authentication headers. This can be done by using Header mediator, script mediator or class mediator (refer [1] http://sajithblogs.blogspot.com/2013/08/wso2-esb-adding-complex-soap-headers-to.html).  This blog (soasecurity[2] http://soasecurity.org/2014/03/25/how-to-esb-invoking-username-token-secured-backend-service/) describes how to do this via a class mediator. Another way to do this by using security policy in ESB. This is defined in the sagara's blog ([3] - http://ssagara.blogspot.com/2013/07/wso2-esb-set-ws-security-ut-user-names.html)



Here i'm going to describe a test setup for [3]

Implement a Secured backend using WSO2AS

Start wso2 AS

Create a role called aliceRole
Create a user called alice and password is "alicePW"
Assign alice to aliceRole

Secure the "Version" (service which comes by default in AS) by using management console.
Select yes in EnableSecurity dropdown
Select UsernameToken from Basic Scenarios and click next
Check on aliceRole (that we have created in previous step) and click finish.


ESB Configurations

Start ESB

Create a endpoint for the secured Version service in the AS

Create a proxy service that uses this endpoint

Create PasswordCallback handler
Refer the soasecurity blog ([4] http://soasecurity.org/2010/02/07/how-to-create-a-password-callback-class/)
Svn checkout https://svn.wso2.org/repos/wso2/people/asela/ws-security/password-callback/
Modify the logic as follows (since we need to add password set functionality for alice)

// Logic to get the password to build the username token
                if ("alice".equals(id)) {
                    pwcb.setPassword("alicePW");
                }
if ("bob".equals(id)) {
                    pwcb.setPassword("bobPW");
                }

Build using mvn clean install
Copy the output jar in to ESB/repository/components/lib

Add following policy to ESB registry (to gov:/repository/policy_1.xml)

 

    
        
            
                
                    
                        
                            
                        
                    
                    
                        
                            
                        
                    
                    
                        
                            
                        
                    
                    
                
            
            
                
                    
                
            

            
                alice
                org.wso2.samples.pwcb.PWCBHandler
            
        
    

Make the asEndpoint a secured endpoint
Goto endpoint view and select asEndpoint and click on edit,
Then under Advanced Options check on WS-Security and on Policy Key specify the path as gov:/repository/policy_1.xml (the path where we save the policy in registry)
Click on 'Save & Close'

Restart the ESB server (since we have put our jar in components/lib)

Try the versionProxy using ESBs tryit tool, If everything configured properly you should get the following response in tryit tool.

 

   Application Server-5.2.1

References
[1] - http://sajithblogs.blogspot.com/2013/08/wso2-esb-adding-complex-soap-headers-to.html
[2] - http://soasecurity.org/2014/03/25/how-to-esb-invoking-username-token-secured-backend-service/
[3] - http://ssagara.blogspot.com/2013/07/wso2-esb-set-ws-security-ut-user-names.html
[4] - http://soasecurity.org/2010/02/07/how-to-create-a-password-callback-class/

Configuring WSO2 ESB with MB for Guaranteed Delivery

In this post i'm going to discuss about how to configure WSO2 ESB and MB for Guranteed deleivery. In my previous post I have discussed similar implementation using activeMQ. I recommend to read that for detailed instruction since i'm going to make this very brief.

ESB Configurations

Add required jars
Copy and paste following jars from WSO2MB/clent-lib folder to ESB/repository/components/lib folder.
andes-client-0.13.wso2v4
geronimo-jms_1.1_spec-1.1.0.wso2v1

Enable the jms transports in axis2.xml for MB
Open the /repository/conf/axis2/axis2.xml with a text editor. 

• Uncomment the xml config below the '!--Uncomment this and configure as appropriate for JMS transport support with WSO2 MB 2.x.x --'
• Uncomment the line below '!-- uncomment this and configure to use connection pools for sending messages'

Edit jndi.ptoperties
Open /repository/conf/jndi.properties with a text editor and edit it as it has following config

# register some connection factories
# connectionfactory.[jndiname] = [ConnectionURL]
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5673'
connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5673'

# register some queues in JNDI using the form
# queue.[jndiName] = [physicalName]
queue.JMSMS_MB=JMSMS_MB

# register some topics in JNDI using the form
# topic.[jndiName] = [physicalName]
topic.MyTopic = myTopic


Create a proxy service, message-store and message-processor in ESB.
You can use the following code

 
   
      

   



   
      org.wso2.andes.jndi.PropertiesFileInitialContextFactory
      repository/conf/jndi.properties
      JMSMSMB
   


   
      1000
      1000
      true
   


   
      
      
         
            
            
            
         
      
      
   

Start backend service (refer the previous blog)

Start WSO2 MB
go to WSO2MB/bin and use the command ./wso2server.sh

Start ESB and copy paste the above configuration in source view.

Test

Invoke the sampleProxy using tryit tool, observe the backend services terminal and you would see something like follows

samples.services.SimpleStockQuoteService :: Generating quote for : APPLE

Observe the web console of MB, 

Goto the management console of MB and click on the Browse button under Queue you would see something like follows

You may see the queue named JSMMSMB is created there. And you may see the message count is zero. 

Shutdown the backend service and test again, 

You will see errors in ESB terminal like follows

ERROR - BlockingMsgSender Error sending Message to url : http://localhost:9000/services/SimpleStockQuoteService

org.apache.axis2.AxisFault: Connection refused

Observe the WSO2 MBs queue.

Goto the management console of MB and click on the Browse button under Queue you may see the queue named JSMMSMB is created there. And you may see the message count is one.

Then start the backend service again

You will see on backend service's console that it rreceived the messages.

Also look at the MB's web console and refresh the page, you will see that message count is now equal to zero again. That is there are no messages that it did not deliver.

This concludes the guaranteed delivery demonstration.

Implementing Guaranteed delivery in WSO2 ESB

Start apacheMQ
~/activeMQ/apache-activemq-5.9.1/bin
./activemq start

Check the web console and make sure it is running
http://localhost:8161/admin

Copy following jars from apacheMq/lib to ESB_HOME/repository/components/lib
activemq-broker-5.9.1.jar  
activemq-client-5.9.1.jar 
geronimo-j2ee-management_1.1_spec-1.0.1.jar  
geronimo-jms_1.1_spec-1.1.1.jar

Build the SimpleStockQuoteService in ESB samples
~/ESB/wso2esb-4.8.1/samples/axis2Server/src/SimpleStockQuoteService$
ant

Start the axis2Server in ESB samples
~/products/ESB/wso2esb-4.8.1/samples/axis2Server$
./axis2server.sh

Make sure SimpleStockQuoteService is running by pointing the browser to
http://localhost:9000/services/SimpleStockQuoteService?wsdl


Start ESB
~/ESB/wso2esb-4.8.1/bin$
 ./wso2server.sh

Log into management console
https://10.100.0.115:9443/carbon/admin/index.jsp

Go to source view and paste this code

   


      org.apache.activemq.jndi.ActiveMQInitialContextFactory
      tcp://localhost:61616
      1.1




   

   




      1000
      1000
      true





 
  
     
     
     
  
 

Log in to the management console and invoke the SampleProxy via TryIt tool. You will not see a response their (due to our proxy implementation here). But if you check the terminal of axis2Service you will see something like follows.
samples.services.SimpleStockQuoteService :: Generating quote for : APPLE
That means messagestore and processor has worked successfully and your message has hit the backend (i.e SimpleStockQuoteService) Also if you looked at web console of activeMQ for queues @
http://localhost:8161/admin/queues.jsp you would see that enqueued and dequeued messages are equal to one.

Test On guaranteed Delivery

Stop the SimpleStockQuoteService  Again invoke the SampleProxy from tryit tool (this time for symbol IBM) then if you check on activeMQ web console you would see that enqueued messages are 2 but dequeued message count is 1.

Also notice the error in ESB terminal.
ERROR - ForwardingService BlockingMessageSender of message processor [Forwarder] failed to send message to the endpoint NFO - ForwardingService Pausing the service of message processor [Forwarder] INFO - HTTPSender Unable to sendViaPost to url[http://localhost:9000/services/SimpleStockQuoteService] java.net.ConnectException: Connection refused

Then again start the SimpleStockQuoteService 
View the activeMQ web console you would see that both enqueued and dequeued messages count is 2.

Also in the axis2Server terminal you would see that it has received the request for symbol IBM

samples.services.SimpleStockQuoteService :: Generating quote for : IBM

Conclusion

Once the server is restarted enqueued messages have been delivered to the backend. This concludes the guaranteed delivery.