Wednesday, July 26, 2017

Running WSO2 Update Manager periodically through a script

As WSO2 update manager showcases with a feature that most of the WSO2 community was anticipating. Determining the relevant updates and preparing a deployment ready pack has become easier. Although the client has automated the process still devops will have to trigger the updates manually and prepare the pack. Checking for updates manually can be automated with a simple cron job. What required was a script which initiates wum and then executes the update. 


#!/bin/bash
source /etc/environment
wum init -u <wso2useremail> -p <password>
wum update <product-name>

Running this script through a cron job will connect to the server checks for latest updates and create a pack in $HOME/.wum-wso2/products/. Also a summary of updates occurred will be sent over to the email you have subscribed to WSO2 with.
Posted by at No comments:

Importing AWS RDS public certificate to WSO2 client-trustore.jks for secured connections

Creating an Secured database connection usually requires 4 major steps
1. Enabling SSL on database
2. Creating SSL enabled database user
3. Importing the public certificates to the client-truststore
4. Creating the connection with required parameters

In order to create a secured connection with WSO2 servers you can refer the comprehensive post by Prabath Siriwardena @ http://blog.facilelogin.com/2010/12/connecting-wso2-carbon-server-to-mysql.html

Here in this post I will discuss only on how to import the Amazon RDS public certificates to the client-truststore.jks

Since Amazon RDS provides a public certificate (rds-combined-ca-bundle.pem) with multiple certificates there are instances where servers fail to connect due to SSL handshake exceptions when certificates are imported with java keytool. Java keytool only imports one certificate at a time, but the RDS combined CA bundle has many CA certificates. When you try to import the bundle whole bundle in single effort it only imports one certificate, which may not be the root CA that you need to trust the RDS instance.

In order to import these certificates you should split the certificates first and then import the files to your client-truststore separately.
csplit -b %02d.pem -z rds-combined-ca-bundle.pem "/-----BEGIN/" "{*}"

Then you can use below command to import each certificate to the client-trustore.jks separately.
find . -iname 'xx*' -exec keytool -import -file {} -alias {} -storepass wso2carbon -keystore /opt/wso2/apimanager/repository/resources/security/client-truststore.jks \;
Posted by at No comments:
Subscribe to: Posts (Atom)