Hi,
I have found a data-agent-config.xml file under {EI_HOME}/conf/data-bridge/
where lines about SSL and client-trustore.jks were commented by default.
I uncommented these lines and restart the server from which datas are to be
sent to remote analytics but no way, that does absolutely no changes to my
issue:
Caused by: ThriftAuthenticationException(message:wrong userName or password)
Is it necessarily to define client-trustore in this file ? (what is the one
used if not)
Can someone explain how the password in MessageFlowStatisticsPublisher.xml and
MessageFlowConfigurationPublisher.xml are being cyphered by the agent then
uncyphered on server side ?
Thanks,
Bernard
Le 26 nov. 2018 à 09:46, Bernard Paris
<[email protected]<mailto:[email protected]>> a écrit :
Hello Niveathika
Le 19 nov. 2018 à 14:53, Niveathika Rajendran
<[email protected]<mailto:[email protected]>> a écrit :
Hi Bernard,
In your earlier email, you mentioned that the config changes as below on your
remote machine.
<property encrypted="false" name="password"/>
Is the issue still continuing?
yes
Could you check configurations under the <Security> tag in
<EI_HOME>/conf/carbon.xml? I was able to reproduce this only with a faulty
configuration[1].
my keystore is named wso2carbon.jks, alias and password same as originals;
I imported my own certificate in this keystore under alias wso2carbon and set
the passwd to wso2carbon
keytool -v -list -keystore wso2carbon.jks -alias wso2carbon
Alias name: wso2carbon
Creation date: Nov 15, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=wso2ei.sgsi.ucl.ac.be<http://wso2ei.sgsi.ucl.ac.be/>, OU=SGSI,
O=Université catholique de Louvain, L=Ottignies-Louvain-la-Neuve, C=BE
Issuer: CN=TERENA SSL CA 3, O=TERENA, L=Amsterdam, ST=Noord-Holland, C=NL
Serial number: 516e3c8586ebb5e0aab45fdb05ae071
I'm sure the passwd has been changed correctly because:
$ keytool -v -keypasswd -alias wso2carbon -keystore wso2carbon.jks
Enter keystore password:
New key password for <wso2carbon>:
Passwords must differ
New key password for <wso2carbon>:
The same keystore jks file is used by all EI servers (EI servers are load
balanced); and the certificate have been imported in the client-trustore.jks of
analytics.
What can explain that remote servers cannot login into Analytics as localhost
does ? Are there any grants to set somewhere in Analytics for remote access ?
Regarding the above question, In SP we do not have grants for remote access.
The certificate keys and the hostname will be verified. Please note for
hostname verification, it must be enabled explicitly by adding the below
configuration in the <EI_HOME>/wso2/analytics/conf/worker/deployment.yaml file.
wso2.carbon:
hostnameVerificationEnabled: true
I did this but that not resolve the problem.
Regards from Belgium,
Bernard
[1]
https://stackoverflow.com/questions/50642058/how-to-solve-thrift-authentication-exception-wrong-username-or-password-in-wso?answertab=votes#tab-top
Best Regards,
Niveathika Rajendran,
Senior Software Engineer.
Mobile : +94 077 903 7536
[http://c.content.wso2.com/signatures/wso2-signature-general.png]
On Mon, Nov 19, 2018 at 4:03 PM Bernard Paris
<[email protected]<mailto:[email protected]>> wrote:
Hello,
after 3 weeks of investigations, no way about this issue: remote EI-6.4.0
servers definitively cannot send their datas to the Analytics-worker based
WSO2 SP bundled in EI640.
My local EI does it without any problem.
[cid:6F4F3315-B54F-4F37-97C3-1FF1119EB16A]
Fot now I use analytics worker out of the box (all local DBs), with default
'admin' user config.
For remote servers I get in sender logs a strange error message about :wrong
userName or password althought I'm using same
MessageFlowConfigurationPublisher.xml and MessageFlowStatisticsPublisher.xml
with default admin/admin credentials as my local EI.
[DataBridge-ConnectionService-tcp://wso2ei-mgmt.sgsi.ucl.ac.be:7612-pool-4-thread-1]
ERROR {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker}
- Error while trying to connect to the endpoint. Cannot borrow client for
ssl://wso2ei-mgmt.sgsi.ucl.ac.be:7712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot
borrow client for ssl://wso2ei-mgmt.sgsi.ucl.ac.be:7712.
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134)
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by:
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error
while trying to login to the data receiver.
at
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:49)
at
org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128)
... 6 more
Caused by: ThriftAuthenticationException(message:wrong userName or password)
at
org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result$connect_resultStandardScheme.read(ThriftSecureEventTransmissionService.java:2020)
at
org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result$connect_resultStandardScheme.read(ThriftSecureEventTransmissionService.java:1998)
at
org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$connect_result.read(ThriftSecureEventTransmissionService.java:1940)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at
org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.recv_connect(ThriftSecureEventTransmissionService.java:110)
at
org.wso2.carbon.databridge.commons.thrift.service.secure.ThriftSecureEventTransmissionService$Client.connect(ThriftSecureEventTransmissionService.java:96)
at
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.login(ThriftDataEndpoint.java:47)
... 7 more
In analytics logs I see the ssl connexion succeeds but the login fails despite
default admin/admin has not been changed in analytics-worker:
[2018-11-14 14:21:51,735] INFO {org.wso2.carbon.databridge.core.DataBridge} -
user admin connected
[2018-11-14 14:21:51,749] ERROR
{org.wso2.carbon.databridge.core.internal.authentication.CarbonAuthenticationHandler}
- Authentication failed for username 'admin'. Error : 'Invalid_Credentials'.
Error Description : 'The login credential used for login are invalid, username
: 'admin'.'
[2018-11-14 14:21:51,750] ERROR
{org.wso2.carbon.databridge.core.internal.authentication.Authenticator} - wrong
userName or password
Config:
<eventPublisher name="MessageFlowStatisticsPublisher"
statistics="disable" trace="disable"
xmlns="http://wso2.org/carbon/eventpublisher";>
<from streamName="org.wso2.esb.analytics.stream.FlowEntry" version="1.0.0"/>
<mapping customMapping="disable" type="wso2event"/>
<to eventAdapterType="wso2event">
<property name="username">admin</property>
<property name="protocol">thrift</property>
<property name="publishingMode">non-blocking</property>
<property name="publishTimeout">0</property>
<property name="receiverURL">tcp://10.1.3.12:7612</property>
<property encrypted="false" name="password">admin</property>
</to>
</eventPublisher>
What can explain that remote servers cannot login into Analytics as localhost
does ? Are there any grants to set somewhere in Analytics for remote access ?
Thanks
Bernard
Le 7 nov. 2018 à 10:32, Niveathika Rajendran
<[email protected]<mailto:[email protected]>> a écrit :
Hi Bernard,
The new EI Analytics profile is based on Carbon5, which is designed to run with
minimum configurations. As mentioned in the documentation, these are the
default configurations applicable.
You can override it by adding the 'auth.configs' element in the deployment.yaml
file found under {EI_HOME}//wso2/analytics/conf/worker/ directory. The
following configs will add another user to the system namely admin2/admin
auth.configs:
type: 'local'
userManager:
adminRole: admin
userStore:
users:
-
user:
username: admin
password: YWRtaW4=
roles: 1
-
user:
username: admin2
password: YWRtaW4=
roles: 1
roles:
-
role:
id: 1
displayName: admin
Best Regards,
Niveathika Rajendran,
Senior Software Engineer.
/Mobile : +94 077 903 7536
[http://c.content.wso2.com/signatures/wso2-signature-general.png]
On Wed, Nov 7, 2018 at 2:46 PM Bernard Paris
<[email protected]<mailto:[email protected]>> wrote:
Hello Niveathika
in the analytics distribution inside EI_640, I can't find any file-based user
store you are talking about.
Neither I can't find any auth.configs to configure in deployment.yaml as
described at
https://docs.ws<https://docs.ws/>o2.com/display/SP430/User+Management+via+the+IdP+Client+Interface<http://o2.com/display/SP430/User+Management+via+the+IdP+Client+Interface>
To answer your questions here is my config just before deployment
<property name="receiverURL">tcp://10.1.3.12:7612</property>
<property encrypted="false" name="password">admin</property>
Thanks for nay help, regards from Belgium,
Bernard
Le 6 nov. 2018 à 14:04, Niveathika Rajendran
<[email protected]<mailto:[email protected]>> a écrit :
Hi Bernard,
Latest EI-Analytics profile is based on WSO2 Stream Processor for which the
configurations are different from the previous versions.
EI-Analytics 6.4.0 by default uses a file-based user store(via Local IdP
Client). As you have mentioned, by default admin/admin is the user credentials
used. with admin/admin credentials EI instance should have been able to publish
to Analytics profile w/o any issue.
Could you give follwing information to reproduce this issue?
1. Is the TCP protocol used for publishing or SSL protocol? (i.e <property
name="receiverURL">tcp://localhost:7612</property> )
2. Is the password encrypted? (i.e <property encrypted="false"
name="password">admin</property>)
In the meantime, please refer to "User Management via IdP client Interface" for
more information on setting up the user store.
Best Regards,
Niveathika Rajendran,
Senior Software Engineer.
Mobile : +94 077 903 7536
[http://c.content.wso2.com/signatures/wso2-signature-general.png]
On Tue, Nov 6, 2018 at 3:59 PM Bernard Paris
<[email protected]<mailto:[email protected]>> wrote:
Hi Ramindu,
thanks for this.
Effectively I saw that everything has been changed in new analytics
distribution, and I can't cope with it ;-(
By default I don't see any users stuffs, like the use user-mgt.xml file. So I
suppose the "admin" user is just store in the DB, nothing else.
I didn't change the default password for it, but remote ESB instances are
unable to send data to analytics because of
ERROR
{org.wso2.carbon.databridge.core.internal.authentication.CarbonAuthenticationHandler}
- Authentication failed for username 'admin'. Error : 'Invalid_Credentials'.
Error Description : 'The login credential used for login are invalid, username
: 'admin'.'
ERROR {org.wso2.carbon.databridge.core.internal.authentication.Authenticator} -
wrong userName or password
Local instance (I mean IE640 running on same localhost) can.
I just edited this files to put admin/admin as user/passwd
<EI_HOME>/repository/deployment/server/eventpublishers/MessageFlowConfigurationPublisher.xml
& MessageFlowStatisticsPublisher.xml
Thanks for your help,
Bernard
Le 1 nov. 2018 à 14:34, Ramindu De Silva
<[email protected]<mailto:[email protected]>> a écrit :
Hi Bernard,
EI analytics 6.3.0 uses WSO2 DAS runtime. EI analytics 6.4.0 uses WSO2 SP
runtime. WSO2 SP is a total rewrite of the WSO2 DAS, which has a feature
enhancements as well.
On Tue, Oct 23, 2018 at 1:50 PM Bernard Paris
<[email protected]<mailto:[email protected]>> wrote:
Hi devs,
we were using these only 4 DBs to make analytics aggregating datas from our ESB
until version 6.3.0 ;
ANALYTICS_CARBON_DB
ANALYTICS_METRICS_DB
ANALYTICS_EVENT_STORE_DB
ANALYTICS_PROCESSED_DATA_STORE_DB
We have our from the scratch data aggregation mechanism instead of using apache
spark which was in DAS. And that the the explanation for not having
configurations for ANALYTICS_EVENT_STORE_DB and
ANALYTICS_PROCESSED_DATA_STORE_DB's .
We still have the ANALYTICS_CARBON_DB and ANALYTICS_METRICS_DB.
Please look into Monitoring Stream Processor in-order to configure the metrics
for WSO2 SP.
These were postgres databases.
Now I see there are more then 10 databases preconfigured in the default
analytics 6.4.0 config (conf/dashboard/deployment.yaml and
conf/worker/deployment.yaml).
Well, … this is suggesting me lot of questions.
First of all, is it still recommended (like it is for ESB&DSS databases) to do
*not* use local H2 databases in production environment ?
This question comes because the 6.4.0 analytics seems to me to be used as it
is, out of the box, lot of DBs and no documentation for a any configuration as
it was for previous versions.
Yes. We still recommend NOT to use the embedded H2 databases.
If we need to create external DBs for all the stuffs, what exactly are each DB
for ?
Please refer Configuring Datasources
Is there any migration tool and/or documentation about migrating from analytics
6.3.0 to 6.4.0 ?
(https://docs.wso2.com/display/EI640/Upgrading+from+WSO2+EI+6.3.0 does't talk
about that)
Any matching between former 4 DBs and the 6.4.0 new ones ?
ANALYTICS_CARBON_DB - In-order to use/ migrate this database the previous
analytics, please answer the following questions
Seems, you are not using a usr-mgt database, Do you have add additional users?
If not its not necessary to migrate the carbon db. You just can move on with a
new db
ANALYTICS_METRICS_DB - Metrics values stored in the DB depends on the node that
we run. But IMO since this is a new version of the product, there is no use of
migrating the older metrics data into the new one.
ANALYTICS_EVENT_STORE_DB and ANALYTICS_PROCESSED_DATA_STORE_DB - This is
replaced by aggregation tables. And aggregation will be done via Siddhi
Is there a way to keep (transfer into 6.4.0) datas we collected with previous
analytics version ?
We are currently looking at several methods in-order to migrate the
ANALYTICS_EVENT_STORE_DB and ANALYTICS_PROCESSED_DATA_STORE_DB data and we will
update you on that regard.
Thanks,
Bernard
_______________________________________________
Dev mailing list
[email protected]<mailto:[email protected]>
http://wso2.org/cgi-bin/mailman/listinfo/dev
Best Regards,
Ramindu.
--
Ramindu De Silva
Senior Software Engineer
WSO2 Inc.: http://wso2.com<http://wso2.com/>
lean.enterprise.middleware
email: [email protected]<mailto:[email protected]>
mob: +94 719678895
_______________________________________________
Dev mailing list
[email protected]<mailto:[email protected]>
http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]<mailto:[email protected]>
http://wso2.org/cgi-bin/mailman/listinfo/dev
<PastedGraphic-4.png><PastedGraphic-4.png>
_______________________________________________
Dev mailing list
[email protected]<mailto:[email protected]>
http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
