8ad861ed22586aef8ae2c8cc0857bad9ceed5308
configuration/problems.log
| ... | ... | @@ -1,21 +0,0 @@ |
| 1 | -storemerge_abeam-training.log:SEVERE: User Masanobu from group abeam-training-server dropped. Removing from group. |
|
| 2 | - nobu@jp.northsails.com and Kousakabeer@docomo.ne.jo |
|
| 3 | -storemerge_AST.log:SEVERE: Dropping unqualified permission DATA_MINING for user elliss |
|
| 4 | -storemerge_ASVIA.log:SEVERE: User axel.schmidt.91 from group ASVIA-server dropped. Removing from group. |
|
| 5 | - axel.sebastian.schmidt@rwth-aachen.de and Axel.sebastian.schmidt@rwth-aachen.de |
|
| 6 | -storemerge_NOR.log:SEVERE: User thomas from group NOR-server dropped. Removing from group. |
|
| 7 | - thomas@no.northsails.com and mail@t-klug.de |
|
| 8 | -storemerge_NOR.log:SEVERE: User frank from group NOR-server dropped. Removing from group. |
|
| 9 | - "" and bode.f@gmx.de |
|
| 10 | -storemerge_peterwagner.log:SEVERE: User peter.wagner from group peterwagner-server dropped. Removing from group. |
|
| 11 | - ueberwagner@gmail.com and peter.wagner@segelverband.at |
|
| 12 | -storemerge_peterwagner.log:SEVERE: User tamara from group peterwagner-server dropped. Removing from group. |
|
| 13 | - tamara96fischer@gmai.com and tamara96fischer@gmail.com |
|
| 14 | -storemerge_schwielochsee.log:SEVERE: User rahxam from group schwielochsee-server dropped. Removing from group. |
|
| 15 | - mh@sc-schwielochsee.de and maximilian.hartig@sap.com |
|
| 16 | -storemerge_SEGELZENTRUM.log:SEVERE: User max from group SEGELZENTRUM-server dropped. Removing from group. |
|
| 17 | - maximilian.gross@sap.com and maxgross@t-online.de |
|
| 18 | -storemerge_TracTracTest.log:SEVERE: User jorge from group TracTracTest-server dropped. Removing from group. |
|
| 19 | - maximilian.gross@sap.com and maxgross@t-online.de |
|
| 20 | -storemerge_USSAILING.log:SEVERE: User Peter from group USSAILING-server dropped. Removing from group. |
|
| 21 | - maximilian.gross@sap.com and maxgross@t-online.de |
java/target/env.sh
| ... | ... | @@ -88,6 +88,8 @@ fi |
| 88 | 88 | # Credentials can be provided either as a combination of username and password, |
| 89 | 89 | # or alternatively as a single bearer token that was obtained, e.g., through |
| 90 | 90 | # curl -d "username=myuser&password=mysecretpassword" "https://master-server.sapsailing.com/security/api/restsecurity/access_token" | jq .access_token |
| 91 | +# or by logging in to the master server using your web browser and then navigating to |
|
| 92 | +# https://master-server.sapsailing.com/security/api/restsecurity/access_token |
|
| 91 | 93 | # |
| 92 | 94 | # REPLICATE_MASTER_USERNAME= |
| 93 | 95 | # REPLICATE_MASTER_PASSWORD= |
| ... | ... | @@ -161,6 +163,17 @@ else |
| 161 | 163 | JAVA_VERSION_SPECIFIC_ARGS=$JAVA_8_ARGS |
| 162 | 164 | fi |
| 163 | 165 | ADDITIONAL_JAVA_ARGS="$JAVA_VERSION_SPECIFIC_ARGS $ADDITIONAL_JAVA_ARGS -Dpersistentcompetitors.clear=false -Drestore.tracked.races=true -Dpolardata.source.url=https://www.sapsailing.com -Dwindestimation.source.url=https://www.sapsailing.com -XX:MaxGCPauseMillis=500" |
| 166 | + |
|
| 167 | +# To enable the use of the shared SecurityService and SharedSailingData from security-service.sapsailing.com, uncomment and fill in the following: |
|
| 168 | +#ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dsecurity.sharedAcrossSubdomainsOf=sapsailing.com -Dsecurity.baseUrlForCrossDomainStorage=https://security-service.sapsailing.com -Dgwt.acceptableCrossDomainStorageRequestOriginRegexp=https?://(.*\.)?sapsailing\.com(:[0-9]*)?$" |
|
| 169 | +#REPLICATE_ON_START=com.sap.sse.security.impl.SecurityServiceImpl,com.sap.sailing.shared.server.impl.SharedSailingDataImpl |
|
| 170 | +#REPLICATE_MASTER_SERVLET_HOST=security-service.sapsailing.com |
|
| 171 | +#REPLICATE_MASTER_SERVLET_PORT=443 |
|
| 172 | +#REPLICATE_MASTER_EXCHANGE_NAME=security_service |
|
| 173 | +# Obtain the bearer token for user security-service-replicator by logging on to https://security-service.sapsailing.com and then |
|
| 174 | +# getting https://security-service.sapsailing.com/security/api/restsecurity/access_token |
|
| 175 | +#REPLICATE_MASTER_BEARER_TOKEN="..." |
|
| 176 | + |
|
| 164 | 177 | echo ADDITIONAL_JAVA_ARGS=${ADDITIONAL_JAVA_ARGS} |
| 165 | 178 | ON_AMAZON=`command -v ec2-metadata` |
| 166 | 179 |
wiki/info/landscape/amazon-ec2.md
| ... | ... | @@ -73,7 +73,6 @@ SERVER_NAME=MYSPECIFICEVENT |
| 73 | 73 | REPLICATION_CHANNEL=myspecificevent |
| 74 | 74 | MONGODB_URI="mongodb://mongo0.internal.sapsailing.com,mongo1.internal.sapsailing.com/myspecificevent?replicaSet=live&retryWrites=true" |
| 75 | 75 | SERVER_STARTUP_NOTIFY=you@email.com |
| 76 | -ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dcom.sap.sailing.domain.tracking.MailInvitationType=SailInsight2" |
|
| 77 | 76 | </pre> |
| 78 | 77 | |
| 79 | 78 | - After your master server is ready, note the internal IP and configure your replica instances. Set up a user account there that has the following permission: ``SERVER:REPLICATE:{SERVERNAME}``. You will need this user's credentials to authenticate your replicas for replication. |
| ... | ... | @@ -97,7 +96,6 @@ SERVER_NAME=MYSPECIFICEVENT |
| 97 | 96 | MONGODB_URI="mongodb://mongo0.internal.sapsailing.com,mongo1.internal.sapsailing.com/myspecificevent-replica?replicaSet=live&retryWrites=true" |
| 98 | 97 | EVENT_ID=<some-uuid-of-an-event-you-want-to-feature> |
| 99 | 98 | SERVER_STARTUP_NOTIFY=you@email.com |
| 100 | -ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dcom.sap.sailing.domain.tracking.MailInvitationType=SailInsight2" |
|
| 101 | 99 | </pre> |
| 102 | 100 | |
| 103 | 101 | #### Setting up a Multi Instance |
| ... | ... | @@ -199,8 +197,6 @@ To set up a multi instance for a server with name "SSV", subdomain "ssv.sapsaili |
| 199 | 197 | 13. Your multi instance is now configured and started. It can be reached over ec2-34-250-136-229.eu-west-1.compute.amazonaws.com:8888. |
| 200 | 198 | |
| 201 | 199 | |
| 202 | - |
|
| 203 | - |
|
| 204 | 200 | ##### Reachability |
| 205 | 201 | |
| 206 | 202 | To reach your multi instance via "ssv.sapsailing.com", perform the following steps within the AWS Web Console inside region Ireland. |
wiki/projects/consolidating-user-stores.md
| ... | ... | @@ -372,4 +372,26 @@ So the total sequence of commands for running the entire import/merge process is |
| 372 | 372 | ./copyarchivestore.sh |
| 373 | 373 | ./mergedbs.sh |
| 374 | 374 | ``` |
| 375 | -This produces all ``storemerge_....log`` files and a merge result in the ``mongodb://localhost:10203/security_service?replicaSet=live&retryWrites=true`` database. Again, search for WARNING and Exception in the logs, understand dropped objects and do some spot checks. Also validate by launching the ``security-service.sapsailing.com`` server and inspect security-related objects in the AdminConsole. |
|
| ... | ... | \ No newline at end of file |
| 0 | +This produces all ``storemerge_....log`` files and a merge result in the ``mongodb://localhost:10203/security_service?replicaSet=live&retryWrites=true`` database. Again, search for WARNING and Exception in the logs, understand dropped objects and do some spot checks. Also validate by launching the ``security-service.sapsailing.com`` server and inspect security-related objects in the AdminConsole. |
|
| 1 | + |
|
| 2 | +### Updating the server instances |
|
| 3 | + |
|
| 4 | +The first step is to restart the security-service.sapsailing.com instance based on the new DB. It uses the following configuration options in its env.sh to expose the shared services: |
|
| 5 | + |
|
| 6 | +``` |
|
| 7 | +ADDITIONAL_JAVA_ARGS=... -Dsecurity.sharedAcrossSubdomainsOf=sapsailing.com -Dsecurity.baseUrlForCrossDomainStorage=https://security-service.sapsailing.com -Dgwt.acceptableCrossDomainStorageRequestOriginRegexp=https?://(.*\.)?sapsailing\.com(:[0-9]*)?$ |
|
| 8 | +REPLICATION_CHANNEL=security_service |
|
| 9 | +``` |
|
| 10 | + |
|
| 11 | +A new user ``security-service-replicator`` has been added that has replication permissions for the ``security-service`` server. Other servers need to obtain an access token for that user and add it in their startup options as follows: |
|
| 12 | + |
|
| 13 | +``` |
|
| 14 | +ADDITIONAL_JAVA_ARGS="$ADDITIONAL_JAVA_ARGS -Dsecurity.sharedAcrossSubdomainsOf=sapsailing.com -Dsecurity.baseUrlForCrossDomainStorage=https://security-service.sapsailing.com -Dgwt.acceptableCrossDomainStorageRequestOriginRegexp=https?://(.*\.)?sapsailing\.com(:[0-9]*)?$" |
|
| 15 | +REPLICATE_ON_START=com.sap.sse.security.impl.SecurityServiceImpl,com.sap.sailing.shared.server.impl.SharedSailingDataImpl |
|
| 16 | +REPLICATE_MASTER_SERVLET_HOST=security-service.sapsailing.com |
|
| 17 | +REPLICATE_MASTER_SERVLET_PORT=443 |
|
| 18 | +REPLICATE_MASTER_EXCHANGE_NAME=security_service |
|
| 19 | +REPLICATE_MASTER_BEARER_TOKEN="Gecx+W/dwFKRAxFbIvC/IMafEnJ8kTQF+MlYNVhEwD4=" |
|
| 20 | +``` |
|
| 21 | + |
|
| 22 | +These properties have now been appended to the env.sh files of the existing servers on the multi-instance set-up (including swisstimingtest, sailtracks, and tractractest). |
|
| ... | ... | \ No newline at end of file |