[midPoint] Adding Members to Role through Members page
Pavol Mederly
mederly at evolveum.com
Thu Jun 30 23:31:22 CEST 2016
Florin,
just a few comments/questions:
1) We use a custom hibernate dialect for MySQL:
*com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which is
derived from MySQL5InnoDBDialect). The one you use is marked as
deprecated in hibernate sources. I'd suggest using midPoint-supplied one.
2) I see that you use a separate database for Quartz. Although this is
required for H2, it is not required for other databases. You may
consider using a common one. (Although it shouldn't be a cause of your
problems. But ... who knows.)
3) You said that the problem is visible even if there is only one node
in the cluster. If previous suggestions wouldn't help, could you please
try to comment out <taskManager> configuration in the config file to
switch to in-memory Quartz scheduling, just to see if it changes the
situation?
Best regards,
Pavol
On 30.06.2016 23:17, Florin. Stingaciu wrote:
> Hey Pavol,
>
> I looked through the logs on my sql server and couldn't find anything
> alarming. Also, I've been trying to delete the task for the last half
> an hour through the very slow GUI with no success. Here's my config.xml:
>
> <configuration>
> <midpoint>
> <webApplication>
> <importFolder>${midpoint.home}/import</importFolder>
> </webApplication>
> <repository>
> <embedded>false</embedded>
> <driverClassName>com.mysql.jdbc.Driver</driverClassName>
> <hibernateHbm2ddl>validate</hibernateHbm2ddl>
> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
> <database>mysql</database>
> <jdbcUsername>midpoint</jdbcUsername>
> <jdbcPassword>password</jdbcPassword>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
> </repository>
> <taskManager>
> <clustered>true</clustered>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
> <jmxUsername>midpoint</jmxUsername>
> <jmxPassword>password</jmxPassword>
> </taskManager>
> <audit>
> <auditService>
> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
> </auditService>
> <auditService>
> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
> </auditService>
> </audit>
> <icf>
> <scanClasspath>true</scanClasspath>
> <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
> </icf>
> <keystore>
> <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
> <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
> <encryptionKeyAlias>default</encryptionKeyAlias>
> <!--
> You can use smaller cipher key size for encryption. For:
> AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
> AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
> AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>
> in element <xmlCipher></xmlCipher>
> By default AES_128 is used. If you change key size, than
> you must also create secret key in key store with proper
> key size and change encryptionKeyAlias.
>
> To generate keystore with keytool use command:
> keytool -genseckey -alias default -keystore keystore.jceks
> -storetype jceks -keyalg AES -keysize 128
>
> secret key password is by default 'midpoint'
> -->
> </keystore>
> </midpoint>
> </configuration>
>
>
> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Florin,
>
> this is really strange. Looks like some low-level DB problem.
>
> I read your log in this way:
>
> Wicket has problems displaying a page, because thread
> *http-bio-8443-exec-2* is blocking (line #2). And why and where is
> it blocked?
>
> It is reading a task (line #51), therefore it asks hibernate for
> data (line #36), so hibernate calls MySQL driver (line #19). And
> the call didn't complete, as it waits for something to come
> through the network socket (line #5).
>
> (What troubles me a lot is that one-node configuration does not
> work as well.)
>
> So I'd recommend to have a look at your database configuration or
> setup.
>
> I'm not an expert on databases (nor on MySQL in particular), so I
> have no idea e.g. what troubleshooting tools to use at this
> moment. Maybe you could open MySQL admin console to see if there's
> something suspicious. Or look at MySQL server logs. Or you could
> share your midPoint config.xml here, particularly the <repository>
> section of it.
>
> Best regards,
> Pavol
>
>
> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>> Hello,
>>
>> Whenever I try to add a member through the "Members" tab in
>> Midpoint, nothing happens. I tried to add myself to the Role
>> "Approver" through the "Members" tab and the task never completes.
>>
>> In fact midPoint starts hanging and the issue doesn't resolve and
>> I get all these errors: http://pastebin.com/GEgdtXnh
>>
>> I'm running two instances of midPoint with the following task
>> manager configuration:
>>
>> <taskManager>
>> <clustered>true</clustered>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>> <jmxUsername>midpoint</jmxUsername>
>> <jmxPassword>password</jmxPassword>
>> </taskManager>
>>
>> I've tried this action with both instances alive as well as with
>> only one.
>>
>> Also here's my tomcat config pertaining to jmx:
>>
>> -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>> -Dcom.sun.management.jmxremote.ssl=false
>>
>> Even after I restart the tomcat server, midPoint doesn't respond
>> anymore and the logs don't show anything.
>>
>> I'm willing to forgo the active active configuration and use an
>> active passive configuration. Also I believe this is the cause of
>> the earlier issues with the upgrade process (besides the mismatch
>> in the connector)
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>>
>> -F
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/fc076583/attachment.htm>
More information about the midPoint
mailing list