UserRegistry 试图验证无效用户 [英] UserRegistry Attempted to authenticate invalid user
问题描述
我关注了 https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+2.0.0
和
在上述文档中引用.我使用的是 Postgress 而不是 MySQL,但我知道 JDBC 连接器在此配置中和在单实例模式下运行 wso2am 服务器都有效.
referenced in the above document. I am using Postgress and not MySQL, but I know the JDBC connector works, both in this config and running the wso2am server in a single instance mode.
我收到了主题中提到的错误.我启动密钥管理器,然后使用 ./wso2server.sh -Dprofile=traffic-manager 启动流量管理器,然后得到异常,说流量管理器上的索引编制失败以及密钥管理器上的无效用户错误.这对我说,流量管理器确实连接到密钥管理器注册表(或尝试连接),因此端口是打开的等等.我还通过使用浏览器连接到端点并使用 telnet 连接到端口来检查这一点.
I get the error mentioned in the subject. I start the keymanager, then traffic manager with ./wso2server.sh -Dprofile=traffic-manager then get exception saying indexing fails on the traffic manager and the invalid user error on the keymanager. This says to me the traffic manager does connect to the keymanager registry (or tries to) so ports are open etc. I have also checked this by connecting to the endpoint with my browser and using telnet to the port.
我在任何文档或注册表、carbon 或轴配置文件中都找不到对用于连接到注册表的用户的任何引用.还是我遗漏了什么?
I cannot find any reference to the user used to connect to a registry in any documentation or in the registry, carbon or axis config files. Or am I missing something?
问候安德烈
我对 registry.xml 的更改
My changes to registry.xml
<currentDBConfig>wso2registry</currentDBConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>
<remoteInstance url="https://api-keymanager-1:9443/registry">
<id>InstanceId</id>
<cacheId>jdbc:postgresql://api-db-1:5432/WSO2_CARBON_DB</cacheId>
<dbConfig>wso2registry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
<username>wso2am</username>
<password>wso2am</password>
<driverClassName>org.postgresql.Driver</driverClassName>
</remoteInstance>
<mount path="/_system/config" overwrite="true">
<instanceId>InstanceId</instanceId>
<targetPath>/_system/config</targetPath>
</mount>
<mount path="/_system/governance" overwrite="true">
<instanceId>InstanceId</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
我使用 WSO2_CARBON_DB 作为注册表 DB,我打算使用 CustomUserDB.如果我注释掉安装部分,我就没有问题.如果我把它放进去,我有如上所述的无效用户错误.
I use WSO2_CARBON_DB as registry DB and I intend to use a CustomUserDB. If I comment out the mount portion I have no issues. If I put it in, I have invalid user error as described above.
我可以补充一点,我正在运行 api-keymanager-1 主机作为密钥管理器,并且此配置位于 api-trafficmanager-1 主机上,我从 ./wso2server.sh -Dprofile=traffic-manager 开始
I can add that I am running api-keymanager-1 host as keymanager and this config is on api-trafficmanager-1 host on which I start with ./wso2server.sh -Dprofile=traffic-manager
我有一个关于所有这些 InstanceId 都没有在任何配置中的 api-keymanager-1 上定义的问题,这在文档中的任何地方都没有提到,除非我遗漏了什么?这是否相关?
I have one question on all of this InstanceId is not defined anywhere on api-keymanager-1 in any config, this is not mentioned anywhere in documentation, unless I missed something? Is this relevant?
推荐答案
您似乎有两个问题.首先,通过停止服务、备份和删除/APIM/solr 目录并重新启动服务来重新索引 Solr 索引.这应该可以解决索引问题.
You appear to have two issues. First, re-index your Solr indexing by stopping your service, backing up and deleting the /APIM/solr directory, and restarting your service. This should resolve the indexing issue.
接下来,您的注册表配置不太正确.在 APIM 1.10.0 中配置远程注册表挂载时,我们遇到了类似的问题.您的 registry.xml 定义中需要两个 dbconfig 节点,并且您的远程实例应指向远程治理注册表 dbconfig:
Next, your registry configuration is not quite right. We had a similar issue when configuring remote registry mounting in APIM 1.10.0. You need two dbconfig nodes in your registry.xml definition, and your remote instance should point to the remote governance registry dbconfig:
<currentDBConfig>wso2registry</currentDBConfig>
...
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource> <!-- this is the local h2 db -->
</dbConfig>
<dbConfig name="govregistry">
<dataSource>your-remote-dbsource</dataSource> <!-- this is the remote db -->
</dbConfig>
<remoteInstance url="remote-endpoint-here">
<id>InstanceId</id>
<dbConfig>govregistry</dbConfig>
...
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>InstanceId</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
WSO2 没有向我正确解释为什么需要本地 Carbon db 来实现远程注册表设置,但这就是我们配置注册表的方式,它可以在 1.10.0 和 2.0 的分布式部署中工作.
WSO2 has not properly explained to me why a local Carbon db is required to achieve a remote registry setup, but this is how we've configured our registry and it works in a distributed deployment of both 1.10.0 and 2.0.
这篇关于UserRegistry 试图验证无效用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
