We Keep Coding

How to Solve unknown_ca error on WSO2IS-5.7 when using MySQL RDS as backstore?

I've tried to install an instance on AWS using aws RDS as
my datasource through the mysql-connector-java-5.1.45-bin.jar
with jdbc url
jdbc:mysql://< instance>.< zone>.rds.amazonaws.com:3306/carbon_db
i've got an exception
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failurecom.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet successfully received from the server was 7 milliseconds ago. The last packet sent successfully to the server was 7 milliseconds ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
.
.
.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
I've tried to run
keytool -importcert -keystore <keystore> -storepass <pass> -noprompt -file rds-combined-ca-bundle.pem
on cacerts.jks in JVM and client-trustore.jks inside WSO2 repository with no effect

This happens since the public certificate from your DB connection, is not trusted by the WSO2 Identity Server.
Since you have tried adding the certificate, verify whether this has been added properly.
Get the public certificate from your DB instance.
Go to the <IS_HOME>/repository/resources/security folder. Import the public certificate to the client-truststore.jks file. Use the command below.
keytool -importcert -file certificate.cer -keystore client-truststore.jks -alias "Alias"
Restart the wso2 IS instance and check if the issue still persists.

According to the MySQL connector documentation in [1], following JDBC URL parameters should be included into the JDBC url to enable the SSL communication between MySQL server and the wso2 server.
useSSL=true
requireSSL=true
clientCertificateKeyStoreUrl
clientCertificateKeyStorePassword
I was able to successfully create the secure connection between MySQL server and the wso2 server with the below JDBC URL.
jdbc:mysql://<HOST_NAME>:<PORT>/apimgtdb?useSSL=true&requireSSL=true&clientCertificateKeyStoreUrl=file:<WSO2_HOME>/repository/resources/security/client-truststore.jks&clientCertificateKeyStorePassword=wso2carbon

WS02 ESB GREG: remote instance and mount configuration

this is my registry on ESB 4.9.0 pointing to my GREG 5.2.0 instance
<dbConfig name="remote_registry">
<dataSource>jdbc/WSO2CarbonDB_GREG</dataSource>
</dbConfig>
<remoteInstance url="https://y.y.y.46:9445/registry">
<id>gregid</id>
<dbConfig>remote_registry</dbConfig>
<cacheId>regadmin#jdbc:mysql://x.x.x.45:3306/governancedb</cacheId>
<readOnly>true</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governace" overwrite="true">
<instanceId>gregid</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
No error, but is simple ignored, the registry is local
If I change the mount point like that
<mount path="/_system/gov_reg" overwrite="true">
<instanceId>gregid</instanceId>
<targetPath>/_system/governance</targetPath> </mount>
everything works as expected.
It's an expected behaviour and I'm missing something here ?
TIA

Your configuration looks fine.
Since we already mount the all governance registry from config.
<mount path="/_system/governance" overwrite="true">
<instanceId>gregid</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
Configuring sub collection in governance registry again is not make sense. According to my understanding, However I don't see a real use case of mounting /_system/governace governance registry in ESB node. We can set the specific gov path for each ESB node (prod, dev, test) as,
<mount path="/_system/governance/env1" overwrite="true">
<instanceId>gregid</instanceId>
<targetPath>/_system/governance/prod</targetPath>
</mount>
For more validation please go through below posts,
G-Reg and ESB integration scenarios for Governance
Mounting a
Remote Repository (WSO2 GREG) to WSO2 ESB
Additional reading
Sharing Registry Space across Multiple Product Instances

Please make sure there's no duplicate mount config sections for /_system/governance in your registry.xml.

[SOLVED]
I do ignore the reason, but ive cheked the system/local reg
/_system/local/repository/components/org.wso2.carbon.registry/mount/-_system-governance
and noticed that in Properties target was pointing to the old value 'instanceid'
manually corrected and now all is working fine
Below the corrispondent bit in my ansible template
<remoteInstance url="https://{{ greg_ip }}:{{ greg_carbon_port }}/registry">
<id>gregid</id>
<dbConfig>remote_registry</dbConfig>
<cacheId>regadmin#jdbc:mysql://{{ mysql_db }}:3306/governancedb</cacheId>
{% if 'WKR' in group_names %}
<readOnly>true</readOnly>
{% else %}
<readOnly>false</readOnly>
{% endif %}
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>gregid</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>

Unable to connect Cassandra Cluster in AWS from EC2 instance

I setup Cassandra Cluster Using DataStax AMI in AWS and run the cassandra service. I am trying to connect this cassandra service from another EC2 instance where titan is installed. Titan server version is 0.4.4. I also tried with 0.5.3 but still the same error.
Cassandra is backend storage for the titan .
Error is
20366 [main] WARN com.tinkerpop.rexster.config.GraphConfigurationContainer - Could not load graph graph. Please check the XML configuration.
20367 [main] WARN com.tinkerpop.rexster.config.GraphConfigurationContainer - GraphConfiguration could not be found or otherwise instantiated: [com.thinkaurelius.titan.tinkerpop.rexster.TitanGraphConfiguration]. Ensure that it is in Rexster's path.
com.tinkerpop.rexster.config.GraphConfigurationException: GraphConfiguration could not be found or otherwise instantiated: [com.thinkaurelius.titan.tinkerpop.rexster.TitanGraphConfiguration]. Ensure that it is in Rexster's path.at com.tinkerpop.rexster.config.GraphConfigurationContainer.getGraphFromConfiguration(GraphConfigurationContainer.java:137)
at com.tinkerpop.rexster.config.GraphConfigurationContainer.<init>(GraphConfigurationContainer.java:54)
at com.tinkerpop.rexster.server.XmlRexsterApplication.reconfigure(XmlRexsterApplication.java:99)
at com.tinkerpop.rexster.server.XmlRexsterApplication.<init>(XmlRexsterApplication.java:47)
at com.tinkerpop.rexster.Application.<init>(Application.java:96)
at com.tinkerpop.rexster.Application.main(Application.java:188)
Caused by: java.lang.IllegalArgumentException: Could not instantiate implementation: com.thinkaurelius.titan.diskstorage.cassandra.astyanax.AstyanaxStoreManager
at com.thinkaurelius.titan.diskstorage.Backend.instantiate(Backend.java:355)
at com.thinkaurelius.titan.diskstorage.Backend.getImplementationClass(Backend.java:367)
at com.thinkaurelius.titan.diskstorage.Backend.getStorageManager(Backend.java:311)
at com.thinkaurelius.titan.diskstorage.Backend.<init>(Backend.java:121)
at com.thinkaurelius.titan.graphdb.configuration.GraphDatabaseConfiguration.getBackend(GraphDatabaseConfiguration.java:1173)
at com.thinkaurelius.titan.graphdb.database.StandardTitanGraph.<init>(StandardTitanGraph.java:75)
at com.thinkaurelius.titan.core.TitanFactory.open(TitanFactory.java:40)
at com.thinkaurelius.titan.tinkerpop.rexster.TitanGraphConfiguration.configureGraphInstance(TitanGraphConfiguration.java:25)
at com.tinkerpop.rexster.config.GraphConfigurationContainer.getGraphFromConfiguration(GraphConfigurationContainer.java:119)
Configuration file -
<rexster>
<http>
<server-port>7182</server-port>
<server-host>0.0.0.0</server-host>
<base-uri>http://localhost</base-uri>
<web-root>public</web-root>
<character-set>UTF-8</character-set>
<enable-jmx>false</enable-jmx>
<enable-doghouse>true</enable-doghouse>
<max-post-size>2097152</max-post-size>
<max-header-size>8192</max-header-size>
<upload-timeout-millis>30000</upload-timeout-millis>
<thread-pool>
<worker>
<core-size>8</core-size>
<max-size>8</max-size>
</worker>
<kernal>
<core-size>4</core-size>
<max-size>4</max-size>
</kernal>
</thread-pool>
<io-strategy>leader-follower</io-strategy>
</http>
<rexpro>
<server-port>7180</server-port>
<server-host>0.0.0.0</server-host>
<session-max-idle>1790000</session-max-idle>
<session-check-interval>3000000</session-check-interval>
<connection-max-idle>180000</connection-max-idle>
<connection-check-interval>3000000</connection-check-interval>
<enable-jmx>false</enable-jmx>
<thread-pool>
<worker>
<core-size>8</core-size>
<max-size>8</max-size>
</worker>
<kernal>
<core-size>4</core-size>
<max-size>4</max-size>
</kernal>
</thread-pool>
<io-strategy>leader-follower</io-strategy>
</rexpro>
<shutdown-port>7183</shutdown-port>
<shutdown-host>127.0.0.1</shutdown-host>
<graphs>
<graph>
<graph-name>graph</graph-name>
<graph-type>com.thinkaurelius.titan.tinkerpop.rexster.TitanGraphConfiguration</graph-type>
<graph-location>/tmp/titan</graph-location>
<graph-read-only>false</graph-read-only>
<properties>
<storage.hostname>ec2-52-22-199-210.amazonaws.com</storage.hostname>
<storage.backend>cassandra</storage.backend>
</properties>
<extensions>
<allows>
<allow>tp:gremlin</allow>
</allows>
</extensions>
</graph>
</graphs>
</rexster>

Icecast dont see mount point

I have a problem with mount points in icecast 2
the following is my config
<icecast>
<limits>
<clients>100</clients>
<sources>20</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>10</burst-on-connect>
<burst-size>65535</burst-size>
</limits>
<authentication>
<source-password>admin</source-password>
<relay-password>admin</relay-password>
<admin-user>admin</admin-user>
<admin-password>admin</admin-password>
</authentication>
<hostname>localhost</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>
<mount>
<mount-name>/example-complex.ogg</mount-name>
<max-listeners>100000</max-listeners>
<dump-file>/tmp/dump-example1.ogg</dump-file>
<fallback-mount>example2.ogg</fallback-mount>
</mount>
<paths>
<basedir>/opt/local/share/icecast</basedir>
<logdir>/opt/local/var/log/icecast</logdir>
<webroot>/opt/local/share/icecast/web</webroot>
<adminroot>/opt/local/share/icecast/admin</adminroot>
<alias source="/" dest="/status.xsl"/>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<loglevel>3</loglevel>
<logsize>10000</logsize>
</logging>
<security>
<chroot>0</chroot>
<changeowner>
<user>djpasica</user>
<group>admin</group>
</changeowner>
</security>
</icecast>
and result is an empty mount point in icecast admin:
its after starting nicecast, I have a 1 mount point, but its an empty "/"
what i use:
icecast 2.3.2
nicecast 1.10.4
os: mac os x 10.7
nicecast config:Server Type: Icecast 2
Adress: localhost
Port: 8000
Mount Point: /example-complex.ogg

Hey it looks like you made an error configuring Nicecast. You might want to read the following guide.
Please note that Nicecast has an built-in Icecast server, make sure you are not using this one. As well not that Nicecast for some reason will kill any running Icecast server on the same machine where Nicecast is started. So you have to first start Nicecast and only afterwards start your Icecast Server. (This should not happen anymore after you have disable the built-in server though)
Another issue I experience with some versions of Nicecast is that the Settings or at least some (like the Mountpoint Name) only take effect after restarting Nicecast.
Additionally make sure your Mountpoint name is not /, as this is an impossible mountpoint name (it conflicts with the web interface).

under mount and above path use
<mount>
<mount-name>/myradio</mount-name>
<password>mypassword</password>
<public>1</public>
</mount>
Then in your encoder use /myradio as mountpoint and mypassword as password

Sonar - Fail to request server version

I am Setting the sonar system for C++ Binaries and i am trying with https Setup.
See the Connector element in Server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="false"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/sonar_framework/apache-tomcat-7.0.35/conf/.keystore" keystorePass="changeit"
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>
And sonar.host.url=https://b1.co:8443/sonar/ in Sonar-runner.properties
i gave the localhost also for the next try,
But it shows the error
Exception in thread "main" java.lang.IllegalStateException: Fail to request server version
at org.sonar.runner.Bootstrapper.getServerVersion(Bootstrapper.java:73)
at org.sonar.runner.Runner.checkSonarVersion(Runner.java:220)
at org.sonar.runner.Runner.execute(Runner.java:150)
at org.sonar.runner.Main.execute(Main.java:84)
at org.sonar.runner.Main.main(Main.java:56)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <machine Name> found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1299)
at java.net.URLConnection.getContent(URLConnection.java:748)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:434)
at org.sonar.runner.Bootstrapper.remoteContent(Bootstrapper.java:125)
at org.sonar.runner.Bootstrapper.getServerVersion(Bootstrapper.java:71)
... 4 more
Caused by: java.security.cert.CertificateException: No name matching blrkmis1977pc.in002.siemens.net found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 18 more
help me to resolve this.

You need to tell Java to accept the self signed cert. See this SO post (option 1 in the accepted answer).

I suppose you should check your sonar server, in your log, you server is using port 8443, so you should use the following command to check is this port still listening??
netstat -anl | grep 8443
or
you just restart the sonar server.