API Manager Gateway 1.8 Incoming Connections Timing out - amazon-web-services

I am running API Manager Gateway version 1.8. Server is running CentOS 8 with Java(TM) SE Runtime Environment (build 1.7.0_67-b01). I am testing on a test and production server. To rule out differences between the servers the production server was cloned from the test server and updated to point to a separate DB, Key Manager & LDAP server. In addition it was synched with Gateway Management node.
I start up both of the Gateway servers. There are several dozen APIs deployed on each server. For testing I deployed an identical API on test and prod that point to the same backend service. The API does not require authentication so there is no token call. I execute a wget for the API directly to the Gateway worker in prod and test.
The call executes successfully in test returning a response in about 1 second.
However call to production hangs for a minute, then wget retries. Eventually after several retries the call succeeds.
I have made hundreds of calls to the service directly from command prompt on the production Gateway node and they are successful every time.
I am skipping the load balancer so all traffic in my test is via http to the Gateway server and to my backend service.
In production I see the following in the logs. The request for /csmjk followed by a 1 minute delay before the http-incoming-1 times out.
TID: [0] [AM] [2017-04-16 07:38:31,472] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-1: GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:38:31,479] DEBUG {org.apache.synapse.transport.nhttp.access} - - 10.40.1.161 - - [16/Apr/2017:07:38:31 -0500] "GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0" - - "-" "Wget/1.12 (linux-gnu)" {org.apache.synapse.transport.nhttp.access}
TID: [0] [AM] [2017-04-16 07:38:31,481] DEBUG {org.apache.synapse.transport.passthru.ServerWorker} - Starting a new Server Worker instance {org.apache.synapse.transport.passthru.ServerWorker}
TID: [0] [AM] [2017-04-16 07:39:31,547] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-1: Timeout {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:39:31,547] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-1 {org.apache.synapse.transport.passthru.SourceHandler}
In test I see the request followed immediately by a call to our backend service:
TID: [0] [AM] [2017-04-16 07:42:08,281] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-10: GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:42:08,286] DEBUG {org.apache.synapse.transport.nhttp.access} - - 10.40.1.161 - - [16/Apr/2017:07:42:08 -0500] "GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0" - - "-" "Wget/1.12 (linux-gnu)" {org.apache.synapse.transport.nhttp.access}
TID: [0] [AM] [2017-04-16 07:42:08,304] DEBUG {org.apache.synapse.transport.passthru.ServerWorker} - Starting a new Server Worker instance {org.apache.synapse.transport.passthru.ServerWorker}
TID: [0] [AM] [2017-04-16 07:42:08,394] INFO {org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher} - Flushing the events from the queue 1 {org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher}
TID: [0] [AM] [2017-04-16 07:42:08,426] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - Headers : {Accept=*/*, Connection=Keep-Alive, Host=TEST:8281, User-Agent=Wget/1.12 (linux-gnu), X-JWT-Assertion=null} {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,426] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - Message context:[MessageContext: logID=57478a056938f45377e3a24e79fae0781cbfcc13f4af60aa] {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,585] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - End user: null, API user: null {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,601] INFO {org.apache.synapse.core.axis2.TimeoutHandler} - This engine will expire all callbacks after : 120 seconds, irrespective of the timeout action, after the specified or optional timeout {org.apache.synapse.core.axis2.TimeoutHandler}
TID: [0] [AM] [2017-04-16 07:42:08,617] DEBUG {org.apache.synapse.transport.passthru.connections.TargetConnections} - Trying to get a connection {}->http://SERVICE:1111 {org.apache.synapse.transport.passthru.connections.TargetConnections}
This has been working fine in production for many months and suddenly stopped working reliably two days ago.
Any help would be greatly appreciated.
Thanks

I have been working on this for 3 days straight now. After enabling additional debugging I determined that the last thing done prior to the timeout was a call to Google Analytics. I disabled Google Analytics Tracking and everything is back to normal now. This is also configured in my test instance. More debugging to come but at least I am back to responding to requests.
Thanks

Related

Callback requests at random ports in WSO2 EI 6.0

I have a proxy to an external web services being called by a schedule task in WSO2 EI 6.0. I can see the request being sent out of the ESB as an instance gets logged in ESB Analytics but it's not clear to me what is happening with the response payload.
These log messages show up in wso2carbon.log file:
TID: [-1] [] [2017-05-08 18:22:27,875] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-85 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:35380 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [-1] [] [2017-05-08 18:17:27,896] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-84 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:57507 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [-1] [] [2017-05-08 18:12:28,364] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-83 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:50387 {org.apache.synapse.transport.passthru.SourceHandler}
XX.XX.XX.XX is the remote address where the webserices are hosted. I can understand from this the the response is getting lost because these ports are not open in the firewall hosting this WSO2 instance, but for security reasons I cannot open all ports so these random ports would always work.
I need to understand why WSO2 is expecting the response at these ports and not on the same port where the request connection was made (443 in my case), and even why a separate connection need to be established since this is a synchronous web service.
Please let me know any resource available containing more details on how the transport pass trough is affecting this.
If this is some functionality from WSO2 or Synapse is there a way to disable it?
If I end up having to open all ports in the firewall to support this, is there a way to limit the random port numbers to an specific range?
Thanks in advance.

The service cannot be found for the endpoint reference while User Store Configuration Deployer initialization

from time to time our api throws 500 Http codes. I tried to track down the problem and found this kind of errors in the wso2carbon.log:
TID: [0] [AM] [2017-03-05 20:06:11,687] INFO {org.wso2.carbon.core.multitenancy.TenantAxisConfigurator} - Creating tenant AxisConfiguration for tenant: aTenant[2] {org.wso2.carbon.core.multitenancy.TenantAxisConfigurator}
TID: [0] [AM] [2017-03-05 20:06:11,726] INFO {org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer} - User Store Configuration Deployer initiated. {org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer}
TID: [0] [AM] [2017-03-05 20:06:11,730] ERROR {org.apache.axis2.engine.AxisEngine} - The service cannot be found for the endpoint reference (EPR) local://axis2services/some/api/path {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) local://axis2services/some/api/path
at org.apache.axis2.engine.DispatchPhase.checkPostConditions(DispatchPhase.java:78)
at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRESTRequest(MultitenantMessageReceiver.java:594)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doNhttpREST(MultitenantMessageReceiver.java:534)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doREST(MultitenantMessageReceiver.java:353)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:212)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:79)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:344)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2017-03-05 20:06:11,803] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Deploying Axis2 service: wso2carbon-sts {aTenant[2]} {org.wso2.carbon.core.deployment.DeploymentInterceptor}
TID: [0] [AM] [2017-03-05 20:06:11,856] INFO {org.apache.axis2.deployment.DeploymentEngine} - Deploying Web service: org.wso2.carbon.sts - {org.apache.axis2.deployment.DeploymentEngine}
TID: [0] [AM] [2017-03-05 20:06:11,860] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Deploying Axis2 service: wso2carbon-sts {aTenant[2]} {org.wso2.carbon.core.deployment.DeploymentInterceptor}
TID: [0] [AM] [2017-03-05 20:06:11,926] INFO {org.wso2.carbon.mediation.initializer.multitenancy.TenantServiceBusInitializer} - Intializing the ESB Configuration for the tenant domain : aTenant {org.wso2.carbon.mediation.initializer.multitenancy.TenantServiceBusInitializer}
After Deploying Axis2 service:... everything runs fine.
So it seems that api calls can not be processed while the UserStoreConfigurationDeployer is running. But this happens between 10 and 20 times a day, causing several errors.
The javadoc says:
/**
* This is to deploy a new User Store Management Configuration file dropped or created at repository/deployment/server/userstores
* or repository/tenant/<>tenantId</>/userstores. Whenever a new file with .xml extension is added/deleted or a modification is done to
* an existing file, deployer will automatically update the existing realm configuration org.wso2.carbon.identity.user.store.configuration
* according to the new file.
*/
But these files are never touched.
I'm not an expert for wso2, so can someone point me where to search? Can the UserStoreConfigurationDeployer be configured to run only at start or only once a day (at 2:00 am or something)?
We are currently using wso2am-1.8.0, the upgrade to 2.something is planned.

WSO2 APIM 2.0 Clustering manage/monitor in carbon UI

I deployed the cluster in one server, here is the node start log:
TID: [-1234] [] [2016-09-02 03:55:41,596] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Cluster domain: wso2.pubstore.domain {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
TID: [-1234] [] [2016-09-02 03:55:41,596] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Loading hazelcast configuration from axis2 clustering configuration {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
TID: [-1234] [] [2016-09-02 03:55:41,620] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Using wka based membership management scheme {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
TID: [-1234] [] [2016-09-02 03:55:41,628] INFO {org.wso2.carbon.core.clustering.hazelcast.util.MemberUtils} - Added member: Host:10.222.47.201, Remote Host:null, Port: 4006, HTTP:-1, HTTPS:-1, Domain: null, Sub-domain:null, Active:true {org.wso2.carbon.core.clustering.hazelcast.util.MemberUtils}
TID: [-1234] [] [2016-09-02 03:55:41,628] INFO {org.wso2.carbon.core.clustering.hazelcast.util.MemberUtils} - Added member: Host:10.222.47.201, Remote Host:null, Port: 4007, HTTP:-1, HTTPS:-1, Domain: null, Sub-domain:null, Active:true {org.wso2.carbon.core.clustering.hazelcast.util.MemberUtils}
TID: [-1] [] [2016-09-02 03:55:47,768] INFO {org.wso2.carbon.event.processor.manager.core.internal.CarbonEventManagementService} - Starting polling event receivers {org.wso2.carbon.event.processor.manager.core.internal.CarbonEventManagementService}
TID: [-1234] [] [2016-09-02 03:55:50,176] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Hazelcast initialized in 8544ms {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
TID: [-1234] [] [2016-09-02 03:55:50,274] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Local member: [faedd3de-2842-4447-a84e-0db43c86595d] - Host:10.222.47.201, Remote Host:null, Port: 4006, HTTP:8285, HTTPS:8248, Domain: wso2.pubstore.domain, Sub-domain:worker, Active:true {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
TID: [-1234] [] [2016-09-02 03:55:50,664] INFO {org.wso2.andes.server.cluster.coordination.hazelcast.HazelcastAgent} - Initializing Hazelcast Agent {org.wso2.andes.server.cluster.coordination.hazelcast.HazelcastAgent}
TID: [-1234] [] [2016-09-02 03:55:50,676] INFO {org.wso2.andes.server.cluster.coordination.hazelcast.HazelcastAgent} - Successfully initialized Hazelcast Agent {org.wso2.andes.server.cluster.coordination.hazelcast.HazelcastAgent}
TID: [-1234] [] [2016-09-02 03:55:50,686] WARN {org.wso2.carbon.event.processor.manager.core.internal.CarbonEventManagementService} - CEP started with clustering enabled, but SingleNode configuration given. {org.wso2.carbon.event.processor.manager.core.internal.CarbonEventManagementService}
TID: [-1234] [] [2016-09-02 03:55:50,697] INFO {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent} - Cluster initialization completed {org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent}
From carbon UI,
It seems carbon UI can't display cluster information.
So, my question is that can carbon UI display cluster information?
No, As far as I know you can't view cluster related information from UI. However, you can see whether the nodes are correctly joined or not by logs. Check for member joined log messages in all consoles.
Example:
INFO - WKABasedMembershipScheme Member joined [057c1105-97b2-4c99-8b1d-4164127b5684]: /192.168.1.100:4200
Note: To provide a complete answer kindly provide the post or article your following.
Hope this helps.

Wso2 ESB Integration with SFDC

I am integrating WSO2 ESB 4.8.1 with SFDC.
Using SFDC connector 1.0
In WSO2 i have written the code <salesforce.logout/>, according to WSO2 Documentation they say that it closes the current connection.
<salesforce.logout/> produces below soap message which i identified in WSO2 ESB log
TID: [0] [ESB] [2016-08-30 07:55:39,442] DEBUG {org.apache.synapse.transport.http.wire} -  << "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:partner.soap.sforce.com"><soapenv:Header><urn:SessionHeader><urn:sessionId>00D17000000BPGr!AQcAQDIggW.ikXtsb0Ckm8c8pKKDlF_8QN42jL31WUa6hDLOdEeNIjrYsevKW0FeZLDzlrjcDLwMni_7gYaZgNfdN4zv9Cgj</urn:sessionId></urn:SessionHeader></soapenv:Header><soapenv:Body><urn:logout></urn:logout></soapenv:Body></soapenv:Envelope>[\r][\n]" {org.apache.synapse.transport.http.wire}
But few times i am getting below error (INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash:) when <salesforce.logout/> is executed
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sf="urn:fault.partner.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_SESSION_ID</faultcode><faultstring>INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: je59etMAEPM+m9VdYJb0AW==[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "This is expected, it can happen if the session has expired and swept away, or if the user logs out, or if its just someone trying to hack in. </faultstring><detail><sf:UnexpectedErrorFault xsi:type="sf:UnexpectedErrorFault"><sf:exceptionCode>INVALID_SESSION_ID</sf:exceptionCode><sf:exceptionMessage>Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: je59etMAEPM+m9VdYJb0AW==[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "This is expected, it can happen if the session has expired and swept away, or if the user logs out, or if its just someone trying to hack in. </sf:exceptionMessage></sf:UnexpectedErrorFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>[\r][\n]" {org.apache.synapse.transport.http.wire}
Is it SFDC issue/WSO2 SFDC connector issue/WSO2 ESB configuration issue.?
For upsert operation we are using configkey attribute in entire project, below is the code
<salesforce.upsert configKey="sfdc_connection_dtls">
          <allOrNone>0</allOrNone>
          <allowFieldTruncate>0</allowFieldTruncate>
          <sobjects xmlns:sfdc="sfdc">{//sfdc:sObjects}</sobjects>
        </salesforce.upsert>
So when i use <salesforce.logout/> in the respective sequence, does it closes only the current connection which is available in sequence.? or it closes all connection which are existing.?
Where ever i am using salesforce.upsert(below is the skeleton code) can i use <salesforce.logout/> after salesforce.upsert call.?
<salesforce.upsert configKey="sfdc_connection_dtls">
<!-- sobject goes here -->
</salesforce.upsert>
Looking forward for your help
Thanks,
Tejas
In WSO2 SFDC connector, there's a single SF connection created per flow per init configuration. Therefore, if you issue a logout, your subsequent requests will fail. It is not necessary to issue logout since the connection is anyway terminated at the end of the flow.

wso2 api manager wso2 BAM

Tables are created but the data is not populated . followed the below steps https://docs.wso2.com/display/AM170/Publishing+API+Runtime+Statistics this link is used to configure
below is the error i see in the wso2carbon.log on wso2 api manager
TID: [0] [AM] [2014-10-16 20:15:50,544] ERROR {JAGGERY.modules.statistics.usage:jag} - java.lang.NullPointerException: null {JAGGERY.modules.statistics.usage:jag}
TID: [0] [AM] [2014-10-16 20:15:59,210] ERROR {JAGGERY.modules.statistics.usage:jag} - java.lang.NullPointerException: null {JAGGERY.modules.statistics.usage:jag}
TID: [0] [AM] [2014-10-16 20:16:01,473] ERROR {JAGGERY.modules.statistics.usage:jag} - java.lang.NullPointerException: null {JAGGERY.modules.statistics.usage:jag}
No stats will be published if there is no activity on the API. Please:
1. create API activity
2. wait 10 minutes for the bam analysis scripts to run
3. try to access the stats through API Manager again