Starting EI-640 server I see this [2018-11-27 16:56:33,612] [EI-Core] INFO - DefaultCryptoProviderComponent 'CryptoService.Secret' property has not been set. 'org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider' won't be registered as an internal crypto provider. Please set the secret if the provider needs to be registered.
What is about ? Could it be related with the issue ? Bernard Le 27 nov. 2018 à 11:57, Bernard Paris <[email protected]<mailto:[email protected]>> a écrit : Hi, I have found a data-agent-config.xml file under {EI_HOME}/conf/data-bridge/ where lines about SSL and client-trustore.jks were commented by default. I uncommented these lines and restart the server from which datas are to be sent to remote analytics but no way, that does absolutely no changes to my issue: Caused by: ThriftAuthenticationException(message:wrong userName or password) Is it necessarily to define client-trustore in this file ? (what is the one used if not) Can someone explain how the password in MessageFlowStatisticsPublisher.xml and MessageFlowConfigurationPublisher.xml are being cyphered by the agent then uncyphered on server side ? Thanks, Bernard Le 26 nov. 2018 à 09:46, Bernard Paris <[email protected]<mailto:[email protected]>> a écrit : Hello Niveathika Le 19 nov. 2018 à 14:53, Niveathika Rajendran <[email protected]<mailto:[email protected]>> a écrit : Hi Bernard, In your earlier email, you mentioned that the config changes as below on your remote machine. <property encrypted="false" name="password"/> Is the issue still continuing? yes Could you check configurations under the <Security> tag in <EI_HOME>/conf/carbon.xml? I was able to reproduce this only with a faulty configuration[1]. my keystore is named wso2carbon.jks, alias and password same as originals; I imported my own certificate in this keystore under alias wso2carbon and set the passwd to wso2carbon keytool -v -list -keystore wso2carbon.jks -alias wso2carbon Alias name: wso2carbon Creation date: Nov 15, 2018 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Owner: CN=wso2ei.sgsi.ucl.ac.be<http://wso2ei.sgsi.ucl.ac.be/>, OU=SGSI, O=Université catholique de Louvain, L=Ottignies-Louvain-la-Neuve, C=BE Issuer: CN=TERENA SSL CA 3, O=TERENA, L=Amsterdam, ST=Noord-Holland, C=NL Serial number: 516e3c8586ebb5e0aab45fdb05ae071 I'm sure the passwd has been changed correctly because: $ keytool -v -keypasswd -alias wso2carbon -keystore wso2carbon.jks Enter keystore password: New key password for <wso2carbon>: Passwords must differ New key password for <wso2carbon>: The same keystore jks file is used by all EI servers (EI servers are load balanced); and the certificate have been imported in the client-trustore.jks of analytics. What can explain that remote servers cannot login into Analytics as localhost does ? Are there any grants to set somewhere in Analytics for remote access ? Regarding the above question, In SP we do not have grants for remote access. The certificate keys and the hostname will be verified. Please note for hostname verification, it must be enabled explicitly by adding the below configuration in the <EI_HOME>/wso2/analytics/conf/worker/deployment.yaml file. wso2.carbon: hostnameVerificationEnabled: true I did this but that not resolve the problem. Regards from Belgium, Bernard [1] https://stackoverflow.com/questions/50642058/how-to-solve-thrift-authentication-exception-wrong-username-or-password-in-wso?answertab=votes#tab-top Best Regards, Niveathika Rajendran, Senior Software Engineer. Mobile : +94 077 903 7536 [http://c.content.wso2.com/signatures/wso2-signature-general.png] On Mon, Nov 19, 2018 at 4:03 PM Bernard Paris <[email protected]<mailto:[email protected]>> wrote: Hello, after 3 weeks of investigations, no way about this issue: remote EI-6.4.0 servers definitively cannot send their datas to the Analytics-worker based WSO2 SP bundled in EI640. My local EI does it without any problem. [cid:6F4F3315-B54F-4F37-97C3-1FF1119EB16A] Fot now I use analytics worker out of the box (all local DBs), with default 'admin' user config. For remote servers I get in sender logs a strange error message about :wrong userName or password althought I'm using same MessageFlowConfigurationPublisher.xml and MessageFlowStatisticsPublisher.xml with default admin/admin credentials as my local EI. [DataBridge-ConnectionService-tcp://wso2ei-mgmt.sgsi.ucl.ac.be:7612-pool-4-thread-1] ERROR {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker} - Error while trying to connect to the endpoint. Cannot borrow client for ssl://wso2ei-mgmt.sgsi.ucl.ac.be:7712. org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://wso2ei-mgmt.sgsi.ucl.ac.be:7712. at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134) at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to the data receiver. at org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:49) at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128) ... 6 more Caused by: ThriftAuthenticationException(message:wrong userName or password) at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result$connect_resultStandardScheme.read(ThriftSecureEventTransmissionService.java:2020) at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result$connect_resultStandardScheme.read(ThriftSecureEventTransmissionService.java:1998) at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result.read(ThriftSecureEventTransmissionService.java:1940) at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78) at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.recv_connect(ThriftSecureEventTransmissionService.java:110) at org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.connect(ThriftSecureEventTransmissionService.java:96) at org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:47) ... 7 more In analytics logs I see the ssl connexion succeeds but the login fails despite default admin/admin has not been changed in analytics-worker: [2018-11-14 14:21:51,735] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected [2018-11-14 14:21:51,749] ERROR {org.wso2.carbon.databridge.core.internal.authentication.CarbonAuthenticationHandler} - Authentication failed for username 'admin'. Error : 'Invalid_Credentials'. Error Description : 'The login credential used for login are invalid, username : 'admin'.' [2018-11-14 14:21:51,750] ERROR {org.wso2.carbon.databridge.core.internal.authentication.Authenticator} - wrong userName or password Config: <eventPublisher name="MessageFlowStatisticsPublisher" statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventpublisher";> <from streamName="org.wso2.esb.analytics.stream.FlowEntry" version="1.0.0"/> <mapping customMapping="disable" type="wso2event"/> <to eventAdapterType="wso2event"> <property name="username">admin</property> <property name="protocol">thrift</property> <property name="publishingMode">non-blocking</property> <property name="publishTimeout">0</property> <property name="receiverURL">tcp://10.1.3.12:7612</property> <property encrypted="false" name="password">admin</property> </to> </eventPublisher> What can explain that remote servers cannot login into Analytics as localhost does ? Are there any grants to set somewhere in Analytics for remote access ? Thanks Bernard Le 7 nov. 2018 à 10:32, Niveathika Rajendran <[email protected]<mailto:[email protected]>> a écrit : Hi Bernard, The new EI Analytics profile is based on Carbon5, which is designed to run with minimum configurations. As mentioned in the documentation, these are the default configurations applicable. You can override it by adding the 'auth.configs' element in the deployment.yaml file found under {EI_HOME}//wso2/analytics/conf/worker/ directory. The following configs will add another user to the system namely admin2/admin auth.configs: type: 'local' userManager: adminRole: admin userStore: users: - user: username: admin password: YWRtaW4= roles: 1 - user: username: admin2 password: YWRtaW4= roles: 1 roles: - role: id: 1 displayName: admin Best Regards, Niveathika Rajendran, Senior Software Engineer. /Mobile : +94 077 903 7536 [http://c.content.wso2.com/signatures/wso2-signature-general.png] On Wed, Nov 7, 2018 at 2:46 PM Bernard Paris <[email protected]<mailto:[email protected]>> wrote: Hello Niveathika in the analytics distribution inside EI_640, I can't find any file-based user store you are talking about. Neither I can't find any auth.configs to configure in deployment.yaml as described at https://docs.ws<https://docs.ws/>o2.com/display/SP430/User+Management+via+the+IdP+Client+Interface<http://o2.com/display/SP430/User+Management+via+the+IdP+Client+Interface> To answer your questions here is my config just before deployment <property name="receiverURL">tcp://10.1.3.12:7612</property> <property encrypted="false" name="password">admin</property> Thanks for nay help, regards from Belgium, Bernard Le 6 nov. 2018 à 14:04, Niveathika Rajendran <[email protected]<mailto:[email protected]>> a écrit : Hi Bernard, Latest EI-Analytics profile is based on WSO2 Stream Processor for which the configurations are different from the previous versions. EI-Analytics 6.4.0 by default uses a file-based user store(via Local IdP Client). As you have mentioned, by default admin/admin is the user credentials used. with admin/admin credentials EI instance should have been able to publish to Analytics profile w/o any issue. Could you give follwing information to reproduce this issue? 1. Is the TCP protocol used for publishing or SSL protocol? (i.e <property name="receiverURL">tcp://localhost:7612</property> ) 2. Is the password encrypted? (i.e <property encrypted="false" name="password">admin</property>) In the meantime, please refer to "User Management via IdP client Interface" for more information on setting up the user store. Best Regards, Niveathika Rajendran, Senior Software Engineer. Mobile : +94 077 903 7536 [http://c.content.wso2.com/signatures/wso2-signature-general.png] On Tue, Nov 6, 2018 at 3:59 PM Bernard Paris <[email protected]<mailto:[email protected]>> wrote: Hi Ramindu, thanks for this. Effectively I saw that everything has been changed in new analytics distribution, and I can't cope with it ;-( By default I don't see any users stuffs, like the use user-mgt.xml file. So I suppose the "admin" user is just store in the DB, nothing else. I didn't change the default password for it, but remote ESB instances are unable to send data to analytics because of ERROR {org.wso2.carbon.databridge.core.internal.authentication.CarbonAuthenticationHandler} - Authentication failed for username 'admin'. Error : 'Invalid_Credentials'. Error Description : 'The login credential used for login are invalid, username : 'admin'.' ERROR {org.wso2.carbon.databridge.core.internal.authentication.Authenticator} - wrong userName or password Local instance (I mean IE640 running on same localhost) can. I just edited this files to put admin/admin as user/passwd <EI_HOME>/repository/deployment/server/eventpublishers/MessageFlowConfigurationPublisher.xml & MessageFlowStatisticsPublisher.xml Thanks for your help, Bernard Le 1 nov. 2018 à 14:34, Ramindu De Silva <[email protected]<mailto:[email protected]>> a écrit : Hi Bernard, EI analytics 6.3.0 uses WSO2 DAS runtime. EI analytics 6.4.0 uses WSO2 SP runtime. WSO2 SP is a total rewrite of the WSO2 DAS, which has a feature enhancements as well. On Tue, Oct 23, 2018 at 1:50 PM Bernard Paris <[email protected]<mailto:[email protected]>> wrote: Hi devs, we were using these only 4 DBs to make analytics aggregating datas from our ESB until version 6.3.0 ; ANALYTICS_CARBON_DB ANALYTICS_METRICS_DB ANALYTICS_EVENT_STORE_DB ANALYTICS_PROCESSED_DATA_STORE_DB We have our from the scratch data aggregation mechanism instead of using apache spark which was in DAS. And that the the explanation for not having configurations for ANALYTICS_EVENT_STORE_DB and ANALYTICS_PROCESSED_DATA_STORE_DB's . We still have the ANALYTICS_CARBON_DB and ANALYTICS_METRICS_DB. Please look into Monitoring Stream Processor in-order to configure the metrics for WSO2 SP. These were postgres databases. Now I see there are more then 10 databases preconfigured in the default analytics 6.4.0 config (conf/dashboard/deployment.yaml and conf/worker/deployment.yaml). Well, … this is suggesting me lot of questions. First of all, is it still recommended (like it is for ESB&DSS databases) to do *not* use local H2 databases in production environment ? This question comes because the 6.4.0 analytics seems to me to be used as it is, out of the box, lot of DBs and no documentation for a any configuration as it was for previous versions. Yes. We still recommend NOT to use the embedded H2 databases. If we need to create external DBs for all the stuffs, what exactly are each DB for ? Please refer Configuring Datasources Is there any migration tool and/or documentation about migrating from analytics 6.3.0 to 6.4.0 ? (https://docs.wso2.com/display/EI640/Upgrading+from+WSO2+EI+6.3.0 does't talk about that) Any matching between former 4 DBs and the 6.4.0 new ones ? ANALYTICS_CARBON_DB - In-order to use/ migrate this database the previous analytics, please answer the following questions Seems, you are not using a usr-mgt database, Do you have add additional users? If not its not necessary to migrate the carbon db. You just can move on with a new db ANALYTICS_METRICS_DB - Metrics values stored in the DB depends on the node that we run. But IMO since this is a new version of the product, there is no use of migrating the older metrics data into the new one. ANALYTICS_EVENT_STORE_DB and ANALYTICS_PROCESSED_DATA_STORE_DB - This is replaced by aggregation tables. And aggregation will be done via Siddhi Is there a way to keep (transfer into 6.4.0) datas we collected with previous analytics version ? We are currently looking at several methods in-order to migrate the ANALYTICS_EVENT_STORE_DB and ANALYTICS_PROCESSED_DATA_STORE_DB data and we will update you on that regard. Thanks, Bernard _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev Best Regards, Ramindu. -- Ramindu De Silva Senior Software Engineer WSO2 Inc.: http://wso2.com<http://wso2.com/> lean.enterprise.middleware email: [email protected]<mailto:[email protected]> mob: +94 719678895 _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev <PastedGraphic-4.png><PastedGraphic-4.png> _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
