Running WSO2 Update Manager periodically through a script

As WSO2 update manager showcases with a feature that most of the WSO2 community was anticipating. Determining the relevant updates and preparing a deployment ready pack has become easier. Although the client has automated the process still devops will have to trigger the updates manually and prepare the pack. Checking for updates manually can be automated with a simple cron job. What required was a script which initiates wum and then executes the update.

#!/bin/bash
source /etc/environment
wum init -u <wso2useremail> -p <password>
wum update <product-name>

Running this script through a cron job will connect to the server checks for latest updates and create a pack in $HOME/.wum-wso2/products/. Also a summary of updates occurred will be sent over to the email you have subscribed to WSO2 with.

Importing AWS RDS public certificate to WSO2 client-trustore.jks for secured connections

Creating an Secured database connection usually requires 4 major steps
1. Enabling SSL on database
2. Creating SSL enabled database user
3. Importing the public certificates to the client-truststore
4. Creating the connection with required parameters

In order to create a secured connection with WSO2 servers you can refer the comprehensive post by Prabath Siriwardena @ http://blog.facilelogin.com/2010/12/connecting-wso2-carbon-server-to-mysql.html

Here in this post I will discuss only on how to import the Amazon RDS public certificates to the client-truststore.jks

Since Amazon RDS provides a public certificate (rds-combined-ca-bundle.pem) with multiple certificates there are instances where servers fail to connect due to SSL handshake exceptions when certificates are imported with java keytool. Java keytool only imports one certificate at a time, but the RDS combined CA bundle has many CA certificates. When you try to import the bundle whole bundle in single effort it only imports one certificate, which may not be the root CA that you need to trust the RDS instance.

In order to import these certificates you should split the certificates first and then import the files to your client-truststore separately.

csplit -b %02d.pem -z rds-combined-ca-bundle.pem "/-----BEGIN/" "{*}"

Then you can use below command to import each certificate to the client-trustore.jks separately.

find . -iname 'xx*' -exec keytool -import -file {} -alias {} -storepass wso2carbon -keystore /opt/wso2/apimanager/repository/resources/security/client-truststore.jks \;

Virtual Networking for a static IP based local cluster with Oracle Virtual Box

Working in a clustered environment was one of the main tasks which I had to go through recently. Before going into an actual clustered environment where I could mess things up I took up the challenge of setting one up on my own. The luxury of going into a commercial virtual server provider was not an option therefore opting to do it locally through a virtual environment was the best solution.

Since I’ve been using Oracle Virtual Box for a quite some time I went ahead and started deploying servers. Although I’ve been managing one or two servers in a virtual box, managing a cluster with 4 nodes and maintaining communication within the nodes into several ports became the problem.

Although using a NAT adapter with port forwarding can be used. Configuring several ports for each server was the problem with maintaining a cluster. Also assigning a static IP address to be used for communication apart from 10.0.2.15 which is used by Virtual Box was also out of options in this method. Then after some reading I figured host only adapter would be the solution for me. This solved the above problems I faced while using NAT adapter.

Initially you will have to add a Host-only network adapter to your virtual box instance. To do so got Preference -> Networks -> Host-only Networks  

Here in this panel by clicking the + icon on right hand corner you can add a Host-only adapter to your Virtual Box. Click on the new adapter that is created and do the configurations for IP's that you require. Basically this would use 19.168.xx.xx IP range since it is the private IP address range used.

The IP which will be given default to the Host-only adapter will be assigned to the host that the virtual box is running therefore in this scenario you can use IP addresses from 192.168.56.2 onwards for the virtual servers that you are using. After configuring click OK and start configuring a server.

Choose the server that you want to add the network to and select Settings -> Network -> adapter 2 (We will keep the adapter 1 as NAT since this wouldn’t be a blocker to go ahead and can be used for initial setting up and debugging without the new port we are adding).

Select Enable Network  Adapter and Under Attached to drop down select Host-only Adapter and assign the Name with Host-only adapter created above.  

Click Ok and we are ready to start the server. For this task I have been using ubuntu server 14.04 and the configurations in the server maybe a bit different to the OS version that you are using.

After starting the server run ifconfig command and you will only see eth0 port which is bound to 10.0.2.15 as inet address. Open /etc/network/interfaces and add below configurations to it after eth0 interface

auto eth1

iface eth1 inet static

address 192.168.56.4

netmask 255.255.255.0

network 192.168.56.0

broadcast 192.168.56.254

Save the file and run ifconfig eth0 up. It will setup the new interface with the relevant IP address. You can check it by running ifconfig and you will see below. Try pinging the IP you’ve assigned from your local host and confirm that IP is assigned properly.  

Do this for all the servers with several IPs and enjoy the luxury of a cluster which is running under a set of IPs that would be used to ssh, clustering, load balancing and etc.

Adding an output logger event adapter to WSO2 DAS event stream

Working in WSO2 Cloud Team was capable of putting me through events which I wondered what should I do now ? Specially while in Cloud Support. Once there was an issue (L1) we got reported that API Statistics are not visible on WSO2 API Manager. Oh great by this time I was not much of an expert in this area and I was like HOW ?

WSO2 API Cloud uses WSO2 APIM 1.10 and DAS 3.0.1 by that time was and I knew that DAS is working in a cluster which has two receivers, analyzers and indexers. It wasn't hard to realize that DAS analyzers aren't having required raw data stored for the time being. HOw to check whether API Gateway is publishing data to das analyzers ? Here is what was suggested to me from a DAS team member to check whether data is getting published to das receiver node. Here what I used was a adding an Output logger event adapter [1] to the Input stream that I wanted to check whether the data is getting published to DAS receiver nodes.

1. Login to DAS management console
2. Go to Main -> Event -> Publishers -> Add event publisher

3. On the Create a New Event Publisher add the Event Publisher Name and select the Event stream which needs to be logged from Event Source
4. Then from Output Event Adapter Type select logger as the value and click Add Event Publisher.

5. You will see a message Event publisher added successfully and the added Event publisher will be visible on Available Event Publishers.

6. Start publishing to the stream and you will see logs getting printed on <DAS-HOME>/repository/logs/wso2carbon.log

[1] https://docs.wso2.com/display/CEP300/Output+logger+Event+Adapter

Deleting Admin users from your organization in WSO2 Cloud

Currently in WSO2 Cloud the Organization owners can add multiple Admin users to his organization. It is a common scenario that some people leave the organizations and if he is an admin of your organization you should remove the Admin from the organization.

In current implementation of WSO2 Cloud you are not able to delete an Admin through the Members page. As you can notice on the below image the users with Admin Role doesn't have the check box in front of them. Therefore we are not able to edit or delete the specific Admin from the organization directly.

In order to delete them the Organization owner (The creator of the organization on WSO2 Cloud) should revoke the Amin role from the user. This is not provided through WSO2 Cloud UI directly. Here is how you can achieve this.

1. You can log in to WSO2 Cloud management console using the steps described in
https://docs.wso2.com/display/APICloud/FAQ#FAQ-HowcanIlogintotheCloud'sManagementConsole?

2. On the left menu of management console go to Main -> User and Roles -> List -> Users. This will list out the Users in your organization.

3. Select the preferred user with Admin role and select View Roles and remove the admin role from that user privileges from that user and update.

4. Afterwards log out of the management console and re login through cloud ui and go to members page. You will see the check box in front of the particular user will be enabled and you will be able to delete the user (Due to caching on server side it will take some time for the changes to be depicted on UI).

* Note that you must not delete the user through management console since there are records which are not getting deleted for the user which is explicitly used in for WSO2 Cloud data in the front end. Therefore you should delete the user through UI after removing the role.