Re: Syncope Newbie and Installation Issues

[Francesco Chicchiriccò <il...@apache.org>]

Hi,
please find my replies embedded below.

Regards.

On 30/05/2018 15:11, tjholmes66 wrote:
> I am an Apache Syncope newbie, and I am having one helluva time trying to get
> Apache Syncope to work.
>
> The overall thing is that I have a web-app that has it's own MySQL database,
> and I have my own user and roles tables.
> I don't want to code my own user management, so I was going to have Syncope
> running as an iDM, so I could authenticate and manage my users through this
> tool. I would delete my user and roles tables in place of Syncope tables.

Not sure this is a valid use case at all: Syncope is a provisioning 
engine, and performs its best with provisioning towards / from multiple 
identity repositories.
Moreover, for non-trivial scenarios, it can be integrated with an Access 
Management system (as Apereo CAS, for example) which will handle 
authentication and authorization.

You have just one application, which will access Syncope's tables..

> Initially, I would use the "syncope" database to get it up and running, then
> I would change the database name to something I want, update the
> configuration, and then add the rest of my own tables for the rest of my
> web-app.   That way, I have one database for my user/roles and whatever else
> syncope does, and then I'd add my other tables.  Anyway, that was the
> plan.....
>
> So First, I started off with doing a maven build which is the "preferred"
> way to setup Syncope for maximum flexibility and production use. I was able
> to use maven to create the project, build it, and create all the WAR files.
> The second step says to then check the "Reference" documentation which IMHO
> does NOT tell you what you need to do in order to configure Syncope fully
> ... if at all.

In the reference guide, after a general introduction [1] about how the 
sources are organized and how the build works, it is explained what 
deployment directories are [2], and then the full build command:

$ mvn clean verify \
    -Dconf.directory=/opt/syncope/conf \
    -Dbundles.directory=/opt/syncope/bundles \
    -Dlog.directory=/opt/syncope/log
$ cp core/target/classes/*properties /opt/syncope/conf
$ cp console/target/classes/*properties /opt/syncope/conf
$ cp enduser/target/classes/*properties /opt/syncope/conf
$ cp enduser/target/classes/customForm.json /opt/syncope/conf

to generate WAR files for production.

If you need to tune the default settings (DBMS [3] - as you need MySQL 
instead of the default PostgreSQL, Java EE container [4], 
High-Availability [5], ..) you will find further instructions.

[1] https://syncope.apache.org/docs/reference-guide.html#customization
[2] 
https://syncope.apache.org/docs/reference-guide.html#deployment-directories
[3] https://syncope.apache.org/docs/reference-guide.html#dbms
[4] https://syncope.apache.org/docs/reference-guide.html#javaee-container
[5] https://syncope.apache.org/docs/reference-guide.html#high-availability

> I did create a syncope database in MySQL, I created a syncope_user and a
> syncope_pass, and made sure it had all the correct permissions and could
> login locally.
>
> With this process, here is what I added to the Tomcat 8.5 conf.xml file:
>
> <Resource name="jdbc/syncopeDataSource"
>            auth="Container"
>            type="javax.sql.DataSource"
>            factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>            testWhileIdle="true"
>            testOnBorrow="true"
>            testOnReturn="true"
>            validationQuery="SELECT 1"
>            validationInterval="30000"
>            maxActive="50"
>            minIdle="2"
>            maxWait="10000"
>            initialSize="2"
>            removeAbandonedTimeout="20000"
>            removeAbandoned="true"
>           logAbandoned="true"
>            suspectTimeout="20000"
>            timeBetweenEvictionRunsMillis="5000"
>            minEvictableIdleTimeMillis="5000"
>     
> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
> org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer"
>           username="syncope_user"
>           password="syncope_pass"
>            driverClassName="com.mysql.jdbc.Driver"
>           url="jdbc:mysql://localhost:3306/syncope?serverTimezone=UTC" />
>
> Funny thing is ... the standalone Syncope/Tomcat doesn't have this
> configuration, nor does the GUI Installer version.

Standalone is using an in-memory H2 instance, not meant for production. 
Hence, the database connection pool is not managed at container level.

GUI installer requires you to properly configure upfront the Java EE 
container, including the database connection pool.

> One final issue about the maven build is that the tomcat lib is using this
> driver: mysql-connector-java-6.0.6.jar do we need a 5.x.x driver?

As far as I can tell, the latest JDBC driver versions available from 
MySQL are currently [6] 5.1.46 and 8.0.11: I would use the latter with 
MySQL 8 and the former with earlier MySQL versions, but I am definitely 
not an expert with MySQL.

[6] 
https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22mysql%22%20AND%20a%3A%22mysql-connector-java%22

> Second, the next process was to use the GUI installer, which seemed to go
> well. I did make sure I updated my tomcat-users.xml file and added the role
> and user that was needed. I did specify MySQL as the database, I did specify
> the location for the log, the bundles, etc ... again, where was this
> documentation when we do the maven build because it was NOT obvious in the
> "Reference" documentation.

The location of the source files generated by the GUI installer is 
indicated as part of the wizard [7].
Moreover, the log files generated by the installer and reported by the 
wizard [8] contains such information, including the whole build output.

[7] http://syncope.apache.org/docs/images/installer-4.png
[8] http://syncope.apache.org/docs/images/installer-12.png

> The process of the using the GUI Installer also did not work as expected. I
> got a lot of database errors. There seems to be an issue with the EDT time
> zone, and I am wondering where that is coming from? If you look at the
> existing Tomcat context.xml file, it does say that the serverTimeZone
> parameter is specifically UTC.
>
> If I followed the directions closely, then Apache Syncope Console should be
> working correctly, but it's NOT coming up.

If you have seen "a lot of database errors", then it means your upfront 
setup is not correct, or at least not correctly supported by the 
installer process.
If you could provide the actual error messages, we might have the chance 
to evaluate the situation.

> Thirdly and Finally, I am going to try to use the StandAlone Syncope with
> Tomcat to just try and get it to work, and this will be fine to test, but I
> understand it is not ideal for Production.
>
> I would really like to get the Maven build configured correctly so I can use
> it for testing AND Production. Please help me get Syncope working correctly
> so I can use it with my Syncope MySQL database.

The GUI installer is essentially a wrapper for the Maven project: once 
you manage to configure the latter for MySQL (which is actually far from 
difficult), you could easily get into the same troubles you have with 
GUI installer, especially if there are problems with your database setup.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/