But in BPS, <BPS_HOME>/repository/conf/datasources/master-datasources.xml is bit different from other products. This includes only WSO2_CARBON_DB related data-source configurations(may be other data-source definitions according to your deployment).
We have a separate <BPS_HOME>/repository/conf/datasources.properties file with the bps related data-source configs.
At the moment there is no direct way to enable secure vault for this config. But we can move config data within datasources.properties in to the
master-datasources.xml and follow the default guidelines.
1. Update existing master-datasources.xml with following data-source configuration.
<datasource>make sure to update url, username, password, driverClassName according to your environment.
<name>BPS_DS</name>
<description></description>
<jndiConfig>
<name>bpsds</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/bps?autoReconnect=true</url>
<username>bps_user</username>
<password>bps_password</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>150</maxActive>
<maxWait>360000</maxWait>
<minIdle>5</minIdle>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
<jdbcInterceptors>QueryTimeoutInterceptor(queryTimeout=30)</jdbcInterceptors>
<timeBetweenEvictionRunsMillis>60000</timeBetweenEvictionRunsMillis>
<numTestsPerEvictionRun>15</numTestsPerEvictionRun>
<testWhileIdle>true</testWhileIdle>
</configuration>
</definition>
</datasource>
2. Remove existing datasources.properties file.
3. Comment following lines in attachment-management.xml which locates at <BPS_HOME>/repository/conf/ directory.
<JNDIInitialContextFactory>com.sun.jndi.rmi.registry.RegistryContextFactory</JNDIInitialContextFactory><JNDIProviderUrl>rmi://localhost:2199</JNDIProviderUrl>4. Comment following line in bps.xml which locates at <BPS_HOME>/repository/conf/ directory.
<tns:JNDI contextFactory="com.sun.jndi.rmi.registry.RegistryContextFactory" providerURL="rmi://localhost:2199"/>5. Comment following lines in humantask.xml file which locates at <BPS_HOME>/repository/conf/ directory.
<JNDIInitialContextFactory>com.sun.jndi.rmi.registry.RegistryContextFactory</JNDIInitialContextFactory><JNDIProviderUrl>rmi://localhost:2199</JNDIProviderUrl>We are done with the data-source configuration.
There is b4p-coordination-config.xml configuration file with plain text password, which we need to secure. You can follow "Securing username/password with secure vault section" here[2].
There is a separate configuration to "Retired BPEL Package Cleanup" where we have plain text password. Since this is for a specific task which has no direct relationship to the BPS runtime we can remove plain-text password here. So you have put it back when you need to run process-cleanup command line tool(processcleanuptool.sh|processcleanuptool.bat for Windows).
Note:- All above configuration changes work well in a BPS-3.2.0 deployment.
[1] https://docs.wso2.com/display/Carbon420/WSO2+Carbon+Secure+Vault
[2] https://docs.wso2.com/display/BPS320/Advanced+Configurations+for+Human+Task+Coordination
No comments:
Post a Comment