I wanted to deploy a car file which has Governance Registry project.
As per WSO2 documentation, I need to edit carbon.xml (add role Governance registry under ).
The carbon server 4.6.0 by default has
EnterpriseServiceBus
So by default my carbon server acts as ESB.
Is it a good practice to convert my governance registry project into ESB project and deploy the car file ?
OR
Add Role Governance Registry under carbon.xml and deploy car having governance registry project?
Thanks!
First of all, you do not need to modify carbon.xml and add G-Reg Server role to ESB server to deploy a Registry Resource you created with Developer Studio.
All you have to do is, change the Server Role of the C-App registry resource artifact to match your Carbon Server which in this case, ESB.
In order to change the Server role of your Registry Resource Artifact follow the steps given below.
Open the pom.xml file of the C-App project with "Carbon Application Pom Editor" (If you haven't installed Eclipse M2E in your Eclipse, pom.xml will open by default with that editor. Otherwise use "Open With" option and select the "Carbon Application Pom Editor".
You will see the set of C-App artifacts in your workspace in this editor and you will see the Server Role field in the editor.
Expand the name of the Registry Resource Editor and click on the drop down list in Server Role and select EnterpriseServiceBus from the list.
Save the Editor and Export the C-App and generate the CAR file.
Answering to your queries:
Q. Is it a good practice to convert my governance registry project into ESB project and deploy the car file ?
Ans: You are cannot convert your Registry Resource project in to an ESB config project because you cannot create Registry Resources in your ESB Project.
Q. Add Role Governance Registry under carbon.xml and deploy car having governance registry project?
Ans: You don't have to change the Server role of the Carbon Server using carbon.xml as I explained previously, you can change the Server Role of the C-App artifact.
However changing the Server Role of the C-App artifact to your Servers' Server Role is only recommended for Registry Resources because each and every Carbon Server has a Registry where you can deploy your Registry Resources.
/Harshana
You can change it at the carbon application it self. In the Carbon Application open its pom and you can see properties define something like this.
<com.example.reg-resource-proj.resource:exception_msg:1.0.0>capp/EnterpriseServiceBus</com.example.reg-resource-proj.resource:exception_msg:1.0.0>
So change capp/GovernanceRegistry to capp/EnterpriseBus.
Or
open the same pom with Carbon Application Pom editor and change the server role of the artifact listed under dependencies. So that artifact will be deployed to the ESB since its server role is Enterprise service Bus.
You do not have to change the Server role of the server.
We are building our CARs in a Continuous Delivery mode (with CruiseControl), and we wanted to be able to deploy the same CAR into ESB container with an imbedded Registry for DEV testing, as well as into the ESB with Remote GReg for PROD environment. With that in mind, the method of changing the Server Role of the C-App registry resource artifact in CAR to match Carbon Server would not work for us. We ended up adding the Governance Registry role to the ESB in DEV environment (the one with the imbedded Registry) and it works.
Related
I receive an error message while attempting to deploy anything from the marketplace into a specific GCP project.
You must have a valid default service account in order to create a
deployment, but this account could not be detected. Contact support
for help restoring the account.
Things I've Tried:
Every VM from the marketplace shows the same error message
I can deploy regular VM instance
I can see there is an enabled service account for the project with the name "Compute Engine default service account".
I am able to deploy VM's from the marketplace into other projects under the same organization
I've contacted GCP Billing support and they cannot find anything wrong from a billing perspective
Researching online shows that others that have had this issue have just rebuilt the project. It appears that service account is created by default when the project is spun up.
I'm hoping there is another way around it as this project is a host for a shared VPC deployment. There are already other projects with deployed VM's that are utilizing the host projects networks.
Thank you!
Looks like you deleted a default service account.
As mentioned in one comment some can be recreated by disable/enable the corresponding API
Below are the default service accounts I have in my project, hope it helps you to find the root cause. (these service accounts let me deploy a wordpress solution depending on what you are trying to deploy you might need more service accounts)
PROJECT-NUMBER-compute#developer.gserviceaccount.com Compute Engine
default service account
PROJECT-NUMBER#cloudservices.gserviceaccount.com Google APIs Service
Agent
PROJECT-ID#appspot.gserviceaccount.com App Engine default service
account
service-ORG-ID3#gcp-sa-cloudasset.iam.gserviceaccount.com Cloud Asset
Service Agent
service-PROJECT-NUMBER#cloud-ml.google.com.iam.gserviceaccount.com Google
Cloud ML Engine Service Agent
service-PROJECT-NUMBER#compute-system.iam.gserviceaccount.com Compute
Engine Service Agent
service-PROJECT-NUMBER#container-engine-robot.iam.gserviceaccount.com Kubernetes
Engine Service Agent
service-PROJECT-NUMBER#containerregistry.iam.gserviceaccount.com Google
Container Registry Service Agent
service-PROJECT-NUMBER#dataflow-service-producer-prod.iam.gserviceaccount.com Cloud
Dataflow Service Account
service-PROJECT-NUMBER#service-networking.iam.gserviceaccount.com Service
Networking Service Agent
The service account was intact and had the same permissions as other service accounts for working projects.
We purchased and opened a case with GCP technical support. After a little more than a week of them troubleshooting the issues, they determined there was no way to correct the problem. Their root cause was that something happened during the initial project deployment that caused some backend configuration issues. For what its worth, the project was deployed using Terraform, but its uncertain if that was a factor.
After recreating the host project, we were able to deploy from the marketplace again successfully.
If you run into this problem, save yourself the hassle and time and just recreate the project.
I have hundreds of different identity server configurations (policies, claims, service provider, etc)
And i need to repeat the same configuration on several environments: dev, test, prod
To do it by hands through export import in web console - it's a nightmare.
What is the best practice to do an automatic configuration deployment to wso2is?
I'm thinking about the following options:
create a script that will call admin services to import identity server configs
create custom deployer (like a synapse & dataservice deployers, etc) and call admin services or do in-memory api calls
find where and how it's stored in database and do sql script to fill database
Maybe there is something exists for config deployment and I can't find it?
You can create your own scripts or custom methods to manage the deployments. But you have to maintain those scripts by your self.
In that case, you can use deployment automation tools such as Puppet, Chef and etc..
You can use WSO2 Puppet modules to deploy your configuration in different environments.
just in case if somebody need the file-based deployer
created a groovy script deployer that could be used for different purposes.
service-provider deployer
policy deployer
I have clustered and deployment synchronize enabled 'wso2 esbs'(4.9).and i had enable secure vault. now all the deployments have been sync with all worker nodes.but how can i sync my secure vault credentials with worker nodes.
I tried copy "wso2carbon.jks" file,i tried copy "cypher-text.property" file,it doesn't worked.
so how can i sync my secure valet with other worker node?
Yes. If you have clustered the environment correctly it should automatically get synchronized. Steps to follow,
Add a secure vault entry to ESB manager node.
Check the secure vaults in ESB woker node. (If not running in the -Dworker mode.)
If the workers are running on -Dworker mode, you can also check the wso2carbon.log for the logs right after adding the entries to secure vault.
When you are deploying ESB cluster, you can use Puppet and Hiera to make the configurations changes.Wso2, already provided puppet modules to deploy wso2 product clusters.You can use existing Wso2 ESB puppet module to
achieve your requirement. Refer "Running WSO2 Enterprise Service Bus with Secure Vault" section of the README of the WSO2 Enterprise Service Bus Puppet Module to configure Secure Vault related configurations among the cluster.
I am totally new to Azure, I have stumbled across it as a I wish to farm out a Web Service for updating our database without hosting it internally and potentially involving any security risks.
Therefore I have got myself a free Azure Web Trial to see if its worth it. I have an .ASMX based Web Service (Because this is all I know to build) and I wish to deploy it to Windows Azure.
Is this at all possible?
Cheers,
James
Yes I've done just that myself. Add an AzureCloudService project to your solution (requires the Azure sdk); create as an empty project, do not select any web or worker roles as part of the project creation.
Under the Cloud service select Roles -> Add -> Web Role project in solution...
and select your existing web service project
From the context menu on the Cloud Service project you will be able to package or publish to Azure.
You could do that inside Visual Studio, right click on the name of the project and then click publish, and of course after that you will be asked to log into your azure account and with a click you'll have your web service deployed and ready to be consumed.
Is there any way to store BAM server profile and stream definition under governance registry, so that it can be added once in ESB master node and made available to other ESB slave nodes ? Currently, looks like it is stored under configuration registry only.
FYI - We have mounted all ESB nodes to one Governance registry. Only master node has write permission to registry.
Your approach is the correct way. By default BAM server profiles and stream configurations are designed only to be stored in config registry. It is not possible to store in governance registry. In future releases we will store all configurations in a deployable artifact which will easily deployment synchronized over other nodes.