[midPoint] Adding Members to Role through Members page

Florin. Stingaciu fstingaciu at mirantis.com
Thu Jun 30 23:45:20 CEST 2016 

Thanks. I think for now I'll just stick with an active passive
configuration. I'll be setting up a dev environment with two midpoint
instances and test out various configs. I will update this thread with what
I find.

Thanks for all your help Pavol!

On Thu, Jun 30, 2016 at 2:42 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Can I still run in active active configuration with the in-memory Quartz
> scheduling?
>
> Unfortunately, no.
>
> Active-active configuration requires common scheduling database, so that
> tasks execution can be distributed and duplicate execution of a single task
> can be avoided.
>
> So maybe you could switch the taskManager configuration back, restart
> midPoint in single-node mode, and try the test.
>
> If it would work, you could perhaps add the second node.
>
> If not, maybe you could try #2.
>
> Best regards,
>
> Pavol
>
> On 30.06.2016 23:38, Florin. Stingaciu wrote:
>
> Hey,
>
> I just performed 1 and 3 and adding users to a role through a task works
> just fine. Can I still run in active active configuration with the
> in-memory Quartz scheduling?
>
> Also is there anything else you think I should try?
>
> Thanks,
> -F
>
> On Thu, Jun 30, 2016 at 2:31 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Florin,
>>
>> just a few comments/questions:
>>
>> 1) We use a custom hibernate dialect for MySQL:
>> *com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which is
>> derived from MySQL5InnoDBDialect). The one you use is marked as deprecated
>> in hibernate sources. I'd suggest using midPoint-supplied one.
>>
>> 2) I see that you use a separate database for Quartz. Although this is
>> required for H2, it is not required for other databases. You may consider
>> using a common one. (Although it shouldn't be a cause of your problems. But
>> ... who knows.)
>> 3) You said that the problem is visible even if there is only one node in
>> the cluster. If previous suggestions wouldn't help, could you please try to
>> comment out <taskManager> configuration in the config file to switch to
>> in-memory Quartz scheduling, just to see if it changes the situation?
>>
>> Best regards,
>> Pavol
>>
>>
>> On 30.06.2016 23:17, Florin. Stingaciu wrote:
>>
>> Hey Pavol,
>>
>> I looked through the logs on my sql server and couldn't find anything
>> alarming. Also, I've been trying to delete the task for the last half an
>> hour through the very slow GUI with no success. Here's my config.xml:
>>
>> <configuration>
>>     <midpoint>
>>         <webApplication>
>>             <importFolder>${midpoint.home}/import</importFolder>
>>         </webApplication>
>>         <repository>
>>                 <embedded>false</embedded>
>>                 <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>>                 <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>>
>> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>>
>> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>>                 <database>mysql</database>
>>                 <jdbcUsername>midpoint</jdbcUsername>
>>                 <jdbcPassword>password</jdbcPassword>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>>         </repository>
>>         <taskManager>
>>                 <clustered>true</clustered>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>                 <jmxUsername>midpoint</jmxUsername>
>>                 <jmxPassword>password</jmxPassword>
>>         </taskManager>
>>         <audit>
>>             <auditService>
>>
>> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>>             </auditService>
>>             <auditService>
>>
>> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>>             </auditService>
>>         </audit>
>>         <icf>
>>             <scanClasspath>true</scanClasspath>
>>             <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>>         </icf>
>>         <keystore>
>>             <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>>             <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>>             <encryptionKeyAlias>default</encryptionKeyAlias>
>>             <!--
>>             You can use smaller cipher key size for encryption. For:
>>             AES_128 " <http://www.w3.org/2001/04/xmlenc#aes128-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>>             AES_256 " <http://www.w3.org/2001/04/xmlenc#aes256-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>>             AES_192 " <http://www.w3.org/2001/04/xmlenc#aes192-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>>
>>             in element <xmlCipher></xmlCipher>
>>             By default AES_128 is used. If you change key size, than
>>             you must also create secret key in key store with proper key
>> size and change encryptionKeyAlias.
>>
>>             To generate keystore with keytool use command:
>>             keytool -genseckey -alias default -keystore keystore.jceks
>> -storetype jceks -keyalg AES -keysize 128
>>
>>             secret key password is by default 'midpoint'
>>             -->
>>         </keystore>
>>     </midpoint>
>> </configuration>
>>
>>
>> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Florin,
>>>
>>> this is really strange. Looks like some low-level DB problem.
>>>
>>> I read your log in this way:
>>>
>>> Wicket has problems displaying a page, because thread
>>> *http-bio-8443-exec-2* is blocking (line #2). And why and where is it
>>> blocked?
>>>
>>> It is reading a task (line #51), therefore it asks hibernate for data
>>> (line #36), so hibernate calls MySQL driver (line #19). And the call didn't
>>> complete, as it waits for something to come through the network socket
>>> (line #5).
>>>
>>> (What troubles me a lot is that one-node configuration does not work as
>>> well.)
>>>
>>> So I'd recommend to have a look at your database configuration or setup.
>>>
>>> I'm not an expert on databases (nor on MySQL in particular), so I have
>>> no idea e.g. what troubleshooting tools to use at this moment. Maybe you
>>> could open MySQL admin console to see if there's something suspicious. Or
>>> look at MySQL server logs. Or you could share your midPoint config.xml
>>> here, particularly the <repository> section of it.
>>>
>>> Best regards,
>>> Pavol
>>>
>>> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>>
>>> Hello,
>>>
>>> Whenever I try to add a member through the "Members" tab in Midpoint,
>>> nothing happens. I tried to add myself to the Role "Approver" through the
>>> "Members" tab and the task never completes.
>>>
>>> In fact midPoint starts hanging and the issue doesn't resolve and I get
>>> all these errors:  <http://pastebin.com/GEgdtXnh>
>>> http://pastebin.com/GEgdtXnh
>>>
>>> I'm running two instances of midPoint with the following task manager
>>> configuration:
>>>
>>>         <taskManager>
>>>                 <clustered>true</clustered>
>>>
>>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>>                 <jmxUsername>midpoint</jmxUsername>
>>>                 <jmxPassword>password</jmxPassword>
>>>         </taskManager>
>>>
>>> I've tried this action with both instances alive as well as with only
>>> one.
>>>
>>> Also here's my tomcat config pertaining to jmx:
>>>
>>>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>>> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>>> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>>> -Dcom.sun.management.jmxremote.ssl=false
>>>
>>> Even after I restart the tomcat server, midPoint doesn't respond anymore
>>> and the logs don't show anything.
>>>
>>> I'm willing to forgo the active active configuration and use an active
>>> passive configuration. Also I believe this is the cause of the earlier
>>> issues with the upgrade process (besides the mismatch in the connector)
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Thanks,
>>>
>>> -F
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/f6e4e44e/attachment.htm>

More information about the midPoint mailing list