[midPoint] Adding Members to Role through Members page

Pavol Mederly mederly at evolveum.com
Thu Jun 30 23:42:07 CEST 2016 

> Can I still run in active active configuration with the in-memory 
> Quartz scheduling?
Unfortunately, no.

Active-active configuration requires common scheduling database, so that 
tasks execution can be distributed and duplicate execution of a single 
task can be avoided.

So maybe you could switch the taskManager configuration back, restart 
midPoint in single-node mode, and try the test.

If it would work, you could perhaps add the second node.

If not, maybe you could try #2.

Best regards,

Pavol


On 30.06.2016 23:38, Florin. Stingaciu wrote:
> Hey,
>
> I just performed 1 and 3 and adding users to a role through a task 
> works just fine. Can I still run in active active configuration with 
> the in-memory Quartz scheduling?
>
> Also is there anything else you think I should try?
>
> Thanks,
> -F
>
> On Thu, Jun 30, 2016 at 2:31 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Florin,
>
>     just a few comments/questions:
>
>     1) We use a custom hibernate dialect for MySQL:
>     *com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which
>     is derived from MySQL5InnoDBDialect). The one you use is marked as
>     deprecated in hibernate sources. I'd suggest using
>     midPoint-supplied one.
>
>     2) I see that you use a separate database for Quartz. Although
>     this is required for H2, it is not required for other databases.
>     You may consider using a common one. (Although it shouldn't be a
>     cause of your problems. But ... who knows.)
>
>     3) You said that the problem is visible even if there is only one
>     node in the cluster. If previous suggestions wouldn't help, could
>     you please try to comment out <taskManager> configuration in the
>     config file to switch to in-memory Quartz scheduling, just to see
>     if it changes the situation?
>
>     Best regards,
>     Pavol
>
>
>     On 30.06.2016 23:17, Florin. Stingaciu wrote:
>>     Hey Pavol,
>>
>>     I looked through the logs on my sql server and couldn't find
>>     anything alarming. Also, I've been trying to delete the task for
>>     the last half an hour through the very slow GUI with no success.
>>     Here's my config.xml:
>>
>>     <configuration>
>>         <midpoint>
>>             <webApplication>
>>     <importFolder>${midpoint.home}/import</importFolder>
>>             </webApplication>
>>             <repository>
>>     <embedded>false</embedded>
>>     <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>>     <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>>     <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>>     <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>>     <database>mysql</database>
>>     <jdbcUsername>midpoint</jdbcUsername>
>>     <jdbcPassword>password</jdbcPassword>
>>     <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>>             </repository>
>>             <taskManager>
>>     <clustered>true</clustered>
>>     <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>     <jmxUsername>midpoint</jmxUsername>
>>     <jmxPassword>password</jmxPassword>
>>             </taskManager>
>>             <audit>
>>                 <auditService>
>>     <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>>                 </auditService>
>>                 <auditService>
>>     <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>>                 </auditService>
>>             </audit>
>>             <icf>
>>     <scanClasspath>true</scanClasspath>
>>     <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>>             </icf>
>>             <keystore>
>>     <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>>     <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>>     <encryptionKeyAlias>default</encryptionKeyAlias>
>>                 <!--
>>                 You can use smaller cipher key size for encryption. For:
>>                 AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>>                 AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>>                 AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>>
>>                 in element <xmlCipher></xmlCipher>
>>                 By default AES_128 is used. If you change key size, than
>>                 you must also create secret key in key store with
>>     proper key size and change encryptionKeyAlias.
>>
>>                 To generate keystore with keytool use command:
>>                 keytool -genseckey -alias default -keystore
>>     keystore.jceks -storetype jceks -keyalg AES -keysize 128
>>
>>                 secret key password is by default 'midpoint'
>>                 -->
>>             </keystore>
>>         </midpoint>
>>     </configuration>
>>
>>
>>     On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         Hello Florin,
>>
>>         this is really strange. Looks like some low-level DB problem.
>>
>>         I read your log in this way:
>>
>>         Wicket has problems displaying a page, because thread
>>         *http-bio-8443-exec-2* is blocking (line #2). And why and
>>         where is it blocked?
>>
>>         It is reading a task (line #51), therefore it asks hibernate
>>         for data (line #36), so hibernate calls MySQL driver (line
>>         #19). And the call didn't complete, as it waits for something
>>         to come through the network socket (line #5).
>>
>>         (What troubles me a lot is that one-node configuration does
>>         not work as well.)
>>
>>         So I'd recommend to have a look at your database
>>         configuration or setup.
>>
>>         I'm not an expert on databases (nor on MySQL in particular),
>>         so I have no idea e.g. what troubleshooting tools to use at
>>         this moment. Maybe you could open MySQL admin console to see
>>         if there's something suspicious. Or look at MySQL server
>>         logs. Or you could share your midPoint config.xml here,
>>         particularly the <repository> section of it.
>>
>>         Best regards,
>>         Pavol
>>
>>
>>         On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>>         Hello,
>>>
>>>         Whenever I try to add a member through the "Members" tab in
>>>         Midpoint, nothing happens. I tried to add myself to the Role
>>>         "Approver" through the "Members" tab and the task never
>>>         completes.
>>>
>>>         In fact midPoint starts hanging and the issue doesn't
>>>         resolve and I get all these errors: http://pastebin.com/GEgdtXnh
>>>
>>>         I'm running two instances of midPoint with the following
>>>         task manager configuration:
>>>
>>>                 <taskManager>
>>>         <clustered>true</clustered>
>>>         <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>>         <jmxUsername>midpoint</jmxUsername>
>>>         <jmxPassword>password</jmxPassword>
>>>                 </taskManager>
>>>
>>>         I've tried this action with both instances alive as well as
>>>         with only one.
>>>
>>>         Also here's my tomcat config pertaining to jmx:
>>>
>>>          -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>>>         -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>>>         -Dmidpoint.nodeId=001
>>>         -Dcom.sun.management.jmxremote.port=20001
>>>         -Dcom.sun.management.jmxremote.ssl=false
>>>
>>>         Even after I restart the tomcat server, midPoint doesn't
>>>         respond anymore and the logs don't show anything.
>>>
>>>         I'm willing to forgo the active active configuration and use
>>>         an active passive configuration. Also I believe this is the
>>>         cause of the earlier issues with the upgrade process
>>>         (besides the mismatch in the connector)
>>>
>>>         Any help would be greatly appreciated.
>>>
>>>         Thanks,
>>>
>>>         -F
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/52d4b19d/attachment.htm>

More information about the midPoint mailing list