2

I've installed WSO2 Api Manager on a server and i'm trying to add Analytics. The problem is when i change admin's password in WSO2 Api Manager, my instance of Analytics keep his old password. Because of this, Api Manager can't no longer access to Analytics.

How can i change password of API-M Analytics, and create other user ?

Thank you !

edit : APIM Version 2.6.0 and APIM-Analytics 2.6.0

After editing deployment.yaml

I added auth segment inside my deployment.yaml and change password inside api-manager.xml (Analytics segment, StreamprocessorPassword attribut and StreamProcessorRestApiPassword attribut) to match with my password in deployment.yaml.

I've also changed password inside log4j.properties (DAS_AGENT and LOGEVENT). API Manager keeps saying i have wrong username or password (username didn't change)

API Manager log

TID: [-1] [] [2018-11-27 15:51:41,481] ERROR {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker} - Error while trying to connect to the endpoint. Cannot borrow client for ssl://10.16.243.135:9711. {org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker} org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://10.16.243.135:9711. at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134) at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to data receiver :/10.16.243.135:9711 at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:50) at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128) ... 6 more Caused by: org.wso2.carbon.databridge.commons.exception.AuthenticationException: wrong userName or password at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryEventSender.processResponse(BinaryEventSender.java:163) at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:44) ... 7 more

API Manager Analytics Worker log

ERROR {org.wso2.carbon.databridge.core.internal.queue.QueueWorker} - Dropping wrongly formatted event sent org.wso2.carbon.databridge.core.exception.EventConversionException: Error when converting loganalyzer:1.0.0 of event bundle with events 1 at org.wso2.carbon.databridge.receiver.thrift.converter.ThriftEventConverter.createEventList(ThriftEventConverter.java:188) at org.wso2.carbon.databridge.receiver.thrift.converter.ThriftEventConverter.toEventList(ThriftEventConverter.java:90) at org.wso2.carbon.databridge.core.internal.queue.QueueWorker.run(QueueWorker.java:72) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.wso2.carbon.databridge.core.exception.EventConversionException: No StreamDefinition for streamId loganalyzer:1.0.0 present in cache at org.wso2.carbon.databridge.receiver.thrift.converter.ThriftEventConverter.createEventList(ThriftEventConverter.java:171) ... 7 more

Robyn.D
  • 339
  • 2
  • 20
  • What is your APIM version? – Bee Nov 27 '18 at 12:19
  • @Bee the last one, 2.6.0 for APIM and 2.6.0 for APIM-Analytics – Robyn.D Nov 27 '18 at 13:05
  • port 9711 is not related to analytics. it's related to traffic manager. if you have a seperate trafic manager you have to update `` section in `api-manager.xml` accordingly. By default this should be pointed to the same node. – Bee Nov 27 '18 at 16:08
  • Analytics and APIM are on the same node. This is my conf ` Binary tcp://${carbon.local.ip}:${receiver.url.port} ssl://${carbon.local.ip}:${auth.url.port} ${admin.username} samepsswdAsAnaAndApiM ` – Robyn.D Nov 27 '18 at 16:17
  • Are you having the same admin username/password in both servers? can you use `samepsswdAsAnaAndApiM` to login to carbon console of APIM? – Bee Nov 28 '18 at 09:41
  • Yes i use the same password in both servers – Robyn.D Nov 29 '18 at 08:12

2 Answers2

7

In APIM 2.6.0 Analytics, it uses WSO2 Stream Processor internally. It uses a file based IDP by default. So you can update the admin password in <SP_HOME>/conf/<PROFILE>/deployment.yaml file. 

auth.configs: 
  type: 'local'
  userManager:
    adminRole: admin
    userStore:
      users:
       -
         user:
           username: admin
           password: YWRtaW4=
           roles: 1
      roles:
       -    
         role:
           id: 1
           displayName: admin

Ref: https://docs.wso2.com/display/SP430/User+Management+via+the+IdP+Client+Interface#UserManagementviatheIdPClientInterface-LocalIdPClient

Bee
  • 12,251
  • 11
  • 46
  • 73
  • I do not have "auth.configs" segment inside my worker/deployment.yaml – Robyn.D Nov 27 '18 at 13:54
  • 1
    The SP is designed to run with minimum configurations. As mentioned in the documentation, these are the default configurations applicable. You can override it by adding the 'auth.configs' element in the deployment.yaml – Niveathika Nov 27 '18 at 14:13
  • @Niveathika just add the configuration as documented (the local will work for sure) – gusto2 Nov 27 '18 at 14:23
  • Thank all of you, i'll try. Password has to be write in plain text ? Or do i have to encrypt it ? Edit : base64, i missed it in the doc – Robyn.D Nov 27 '18 at 14:30
  • I edited my deployment.yaml and do some changes inside api-manager.xml and log4j.properties. Didn't work, i edited my first post. – Robyn.D Nov 27 '18 at 14:59
  • Added a comment to the question. – Bee Nov 27 '18 at 16:09
  • And don't use `log abalyzer` feature, which is deprecated. – Bee Nov 27 '18 at 16:09
  • I confirm. I changed password inside api-manager.xml in "" and "" in plain text. I updated the deployment.yaml of worker with password in base64. (i've tested with dashboard.sh, and the password is correct when i try to login inside /portal) and i launched worker.sh. Still doesn't work – Robyn.D Nov 27 '18 at 16:12
  • I have "log4j.appender.DAS_AGENT.streamDef=loganalyzer:1.0.0 " inside my log4j.properties. Do i have to erase it ? – Robyn.D Nov 27 '18 at 16:13
  • @RobynDanglos it is not used by the logger and since 2.6 is considered deprecated. You don't need to erase the configuration, just don't use it (don't add DAS_AGENT to the list of root appenders) – gusto2 Nov 28 '18 at 08:50
  • DAS_AGENT is disable in my log4j.properties since the beginning – Robyn.D Nov 29 '18 at 08:14
2

Problem resolved with multiple solutions :

First - Bee's answer about modification in deployment.yaml to overwrite the admin's account (in API-M Analytics).

Second - I had to modify my user-mgt.xml and change admin's password with my custom password (from API Manager).

Third - I had a problem with JMS Connection, so i had to manualy change my password in api-manager.xml <JMSConnectionDetails> Segment -> <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:MYPASSWORD@Clientid/.........</connectionfactory.TopicConnectionFactory>

Thank all of you, you helped me a lot !

Robyn.D
  • 339
  • 2
  • 20