wso2 esb bam server profile in governance registry - wso2

Is there any way to store BAM server profile and stream definition under governance registry, so that it can be added once in ESB master node and made available to other ESB slave nodes ? Currently, looks like it is stored under configuration registry only.
FYI - We have mounted all ESB nodes to one Governance registry. Only master node has write permission to registry.

Your approach is the correct way. By default BAM server profiles and stream configurations are designed only to be stored in config registry. It is not possible to store in governance registry. In future releases we will store all configurations in a deployable artifact which will easily deployment synchronized over other nodes.

Related

Synchronize secure vault in wso2 esb

I have clustered and deployment synchronize enabled 'wso2 esbs'(4.9).and i had enable secure vault. now all the deployments have been sync with all worker nodes.but how can i sync my secure vault credentials with worker nodes.
I tried copy "wso2carbon.jks" file,i tried copy "cypher-text.property" file,it doesn't worked.
so how can i sync my secure valet with other worker node?
Yes. If you have clustered the environment correctly it should automatically get synchronized. Steps to follow,
Add a secure vault entry to ESB manager node.
Check the secure vaults in ESB woker node. (If not running in the -Dworker mode.)
If the workers are running on -Dworker mode, you can also check the wso2carbon.log for the logs right after adding the entries to secure vault.
When you are deploying ESB cluster, you can use Puppet and Hiera to make the configurations changes.Wso2, already provided puppet modules to deploy wso2 product clusters.You can use existing Wso2 ESB puppet module to
achieve your requirement. Refer "Running WSO2 Enterprise Service Bus with Secure Vault" section of the README of the WSO2 Enterprise Service Bus Puppet Module to configure Secure Vault related configurations among the cluster.

Issue with wso2 api manager permission for roles

I have two instances of wso2 api manager running on two different servers.Both of them are referring to same UM_DB . I created a role by logging with admin credentials on one server .After that i checked for the role on other server by logging with admin credentials again.I found that there was role existing on other server but permission that i provided for that role does not exist on another server.Is that a bug with wso2 api manager or I missed something in configuration..?
You want to deploy two APIM instances in a cluster. It is better to refer the APIM clustering guide to setup it properly. There are tow things you need to understand.. when your deploying APIM in cluster
You must point both instance in to same database. There are can be three logical databases i.e UM, Registry and AM database. These three can be an one physical DB. However must pointed to same by the both instance.
You must configure the Hazelcast based clustering using axis2.xml file. This is required because, APIM uses Hazelcast based implementation to distribute the data in the caches. Sometime, In your scenario, i guess you have not configured this. Therefore permission tree has not been distributed between two nodes. Therefore lot of data that is stored in the caches for high performance. therefore please make sure to configure this properly.
I guess this would help you.

wso2 keystore management - do keystores added to one carbon node get replicated to other nodes?

I'm investigating the key management functionality in WSO2 (see wikidocs).
Question: If I use the key management functionality to add a new keystore on one node, does the keystore get replicated to other nodes in the cluster?
AFAIK in a clustered deployment replication of Keystores is not supported in WSO2 products. Only the files under repository/deployment/server are synchronized. The keystores are not in that directory. So as a work-arround you can add the keystores to that directory and point to them in the relevant config files. Also note that if the setup if a worker manager setup , only manager will be able to commit, so the modifications should be done in the managers node.

using the wso2 carbon registry to store configuration data for SOA services

I have a number of different SOA services that use different approaches for storing configuration data for the service. For example the configuration data is stored in database tables, property files, and jndi.
I would like to standardize my approach to storing configuration data. Is the carbon registry an acceptable place to store all the configuration data for my services?
Can I just store this data directly in the carbon registry, or should I be looking to just use the WSO2 Governance Registry for this data?
What does WSO2 Governance Registy give me that is not provided by directly using the carbon registry?
" Is the carbon registry an acceptable place to store all the
configuration data for my services?"
The best practice would be,
Store the Resource Metadata in Registry and run-time data in a database.
Is the carbon registry an acceptable place to store all the
configuration data for my services?"
Yes, you can store the configurations in the registry. Generally, configurations will be stored in the config space, and the resources which are having governance aspect will go to governance registry space
"What does WSO2 Governance Registry give me that is not provided by
directly using the carbon registry?
Store, manage and search any kind of enterprise asset, including services, APIs, policies, projects or applications. You can extend the predefined asset metadata or create your own
Navigate through assets using taxonomies
Access and manage assets via a REST API, supporting the integration with enterprise initiative such as DevOps
Describe relationships between assets such as dependencies, usage or associations and perform impact analysis
Attach custom life cycle to assets and engage custom actions when an asset transitions from one state to the next
Secure the access to assets via a fine-grained permission model
Leverage social tools such as ratings and comments to enable better communication between asset providers and consumers
Notify users of any asset changes via email or a notification system of your choice
Integrate with mediation engines such as WSO2 Enterprise Service Bus or others via UDDI and REST for dynamic discovery of services and APIs endpoints
There are plenty of advantages of using G-Reg, To see the full list please find this post or offcial G-Reg page.

WSO2 Changing ServerRole for Governance Registry Projects

I wanted to deploy a car file which has Governance Registry project.
As per WSO2 documentation, I need to edit carbon.xml (add role Governance registry under ).
The carbon server 4.6.0 by default has
EnterpriseServiceBus
So by default my carbon server acts as ESB.
Is it a good practice to convert my governance registry project into ESB project and deploy the car file ?
OR
Add Role Governance Registry under carbon.xml and deploy car having governance registry project?
Thanks!
First of all, you do not need to modify carbon.xml and add G-Reg Server role to ESB server to deploy a Registry Resource you created with Developer Studio.
All you have to do is, change the Server Role of the C-App registry resource artifact to match your Carbon Server which in this case, ESB.
In order to change the Server role of your Registry Resource Artifact follow the steps given below.
Open the pom.xml file of the C-App project with "Carbon Application Pom Editor" (If you haven't installed Eclipse M2E in your Eclipse, pom.xml will open by default with that editor. Otherwise use "Open With" option and select the "Carbon Application Pom Editor".
You will see the set of C-App artifacts in your workspace in this editor and you will see the Server Role field in the editor.
Expand the name of the Registry Resource Editor and click on the drop down list in Server Role and select EnterpriseServiceBus from the list.
Save the Editor and Export the C-App and generate the CAR file.
Answering to your queries:
Q. Is it a good practice to convert my governance registry project into ESB project and deploy the car file ?
Ans: You are cannot convert your Registry Resource project in to an ESB config project because you cannot create Registry Resources in your ESB Project.
Q. Add Role Governance Registry under carbon.xml and deploy car having governance registry project?
Ans: You don't have to change the Server role of the Carbon Server using carbon.xml as I explained previously, you can change the Server Role of the C-App artifact.
However changing the Server Role of the C-App artifact to your Servers' Server Role is only recommended for Registry Resources because each and every Carbon Server has a Registry where you can deploy your Registry Resources.
/Harshana
You can change it at the carbon application it self. In the Carbon Application open its pom and you can see properties define something like this.
<com.example.reg-resource-proj.resource:exception_msg:1.0.0>capp/EnterpriseServiceBus</com.example.reg-resource-proj.resource:exception_msg:1.0.0>
So change capp/GovernanceRegistry to capp/EnterpriseBus.
Or
open the same pom with Carbon Application Pom editor and change the server role of the artifact listed under dependencies. So that artifact will be deployed to the ESB since its server role is Enterprise service Bus.
You do not have to change the Server role of the server.
We are building our CARs in a Continuous Delivery mode (with CruiseControl), and we wanted to be able to deploy the same CAR into ESB container with an imbedded Registry for DEV testing, as well as into the ESB with Remote GReg for PROD environment. With that in mind, the method of changing the Server Role of the C-App registry resource artifact in CAR to match Carbon Server would not work for us. We ended up adding the Governance Registry role to the ESB in DEV environment (the one with the imbedded Registry) and it works.