Easy Step: January 2013

Saturday, January 19, 2013

Legacy systems as Services

Lets look at simple example.

Following organization using different systems to achieve their day to day operations (ex- Inventory controlling , HR management , Sales monitoring ..etc). By the time this organization reach the huge market and operating as a large company.

Inventory controlling , HR management , Sales monitoring all those systems are independently operating. When the company need to use some of the data with in the two different system it will not possible with above existing system because those are tightly coupled.

Lets look at following system,

The same system once expose with defined interface to communicate with each other then the above three components act as services. Services may also be wrappers for existing Legacy systems to achieve the organization expectation.

With in the Organization system follows the global standard interface to communicate to each other then the system can expose to the out side world as well then it will improve the interoperability among organizations.

Thursday, January 17, 2013

OAuth 2.0 Authorization Protocol

Oauth 2.0 having four types of scenarios as follows

1. Authorization code – A resource owner is able to authenticate directly with an authorization server, and passes on an “authorization code” to the client app.

2. Implicit – For client apps which are implemented in a browser using a scripting language (such as JavaScript). here client is not validating

3. Resource owner credentials – Where there is a high degree of trust between the resource owner and the client app (e.g. a trusted client app on a resource owner’s mobile device). we are using this scenario in mobile applications because redirection is not possible with mobile apps.

4. Client credentials – For access to protected resources that are under the control of the client app (and not any specific/individual resource owner). This is using for public resource as well as this scenario represented 2-legged OAuth

Friday, January 11, 2013

Multiple User Stores configuration in WSO2 Identity Server

You know wso2 products are very smart and customizable products. Here I'm going to explain one of another smart features came up with wso2 products. As a example will take WSO2 Identity server as a product.

Lets look at one of simple business scenarios.

1. I need connect multiple user stores.
ex/ different domain users in different databases to one single product.
2. All users can access same wso2 product (IS).

First of all we need to do some configuration in Identity Server. Refer this post for additional information about data base configuration with wso2 products.

You have to create two databases in Mysql as FOO and BAR with database table structure. You can simply do this as follows.
Go to mysql command line and create two databases.
[sourcecode language="sql"]
mysql > create database FOO;
mysql > create database BAR;
[/sourcecode]

Go to command line and run the following commands to create the table structure.
[sourcecode language="bash"]
> mysql -u username -p FOO < $IS_HOME/dbscripts/mysql.sql
[/sourcecode]

[sourcecode language="bash"]
> mysql -u username -p BAR < $IS_HOME/dbscripts/mysql.sql
[/sourcecode]

Now we created databases properly.

1. master-datasource.xml - we have to configure three data sources for H2, FOO, BAR databases.

[sourcecode language="xml"]
<datasources>
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>

<datasource>
<name>WSO2_MySQL_FOO_DB</name>
<description>The datasource used for user manager bar.com</description>
<jndiConfig>
<name>jdbc/WSO2MySqlFooDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/FOO</url>
<username>root</username>
<password>root</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>

<datasource>
<name>WSO2_MySQL_BAR_DB</name>
<description>The datasource used for user manager bar.com</description>
<jndiConfig>
<name>jdbc/WSO2MySqlBarDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/BAR</url>
<username>root</username>
<password>root</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
[/sourcecode]

2. user-mgt.xml - Have to refer created data sources for specific domains.
The first user store configuration take as primary user store and others are secondary.
In the primary user store we are not going to specify the domain name.

[sourcecode language="xml"]
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">scimPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>

<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2MySqlFooDB</Property>
<Property name="DomainName">foo.com</Property>
</UserStoreManager>

<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2MySqlBarDB</Property>
<Property name="DomainName">bar.com</Property>
</UserStoreManager>
[/sourcecode]

Once you done above configurations you can start the Identity server.

3. Log in to the IS (username :admin, password : admin)
Configuration ->Users and Roles

Select Users->Add new Users

Now you can create the user in different domains.

[username :test password :test123] - it will store at primary user store.
as well as you can create User with specifying the domain. then it will store at specified domain user store.
[username :foo.com/dinuka password:dinuka ]
[username :bar.com/malinda password:malinda]

once you done this you have to go to Roles and give the login permission to everyone role.

Now you can log in to the IS with any user in primary or secondary user store either specifying the domain name or without domain name.

[username :foo.com/dinuka password : dinuka] or
[username :dinuka password : dinuka]
Once you try to log in to the system with specifying the domain, IS will look at the specified domain user store to authenticate the user.
other wise it will go through all the define user stores starting from primary user store.

Wednesday, January 9, 2013

3-legged OAuth flow

I'm going to explain about behavior of 3-legged OAuth in simple way.

Just look at this.

Lets think one of web applications call MyApp need to access my Facebook photos.
In this example: Resource Owner - me, Consumer - MyApp, Service Provider - Facebook.

Now try to compare this example with above explained scenarios.

1. - MyApp request temporary token form Facebook.
2. - Facebook give the temporary token to MyApp.
3. - MyApp will redirect to the Facebook login page to Autorize the Token.
4. - Me login to the Facebook and Grant access to MyApp
5. - Conform about Authorization to Me
6. - MyApp Request Access Token from Facebook.
7. - Facebook issue Access Token
8. - Request to Access the photos in my Facebook account.
9. - Issue the protected photos.

This is another simple example find out from Google

Tuesday, January 8, 2013

Database Configuration in WSO2 Carbon Products

Wso2 Carbon is an open source enterprise SOA midldeware platform. There is a facility to engage with different databases such as H2,Apache Derby,MS SQL Server,MySQL,Oracle,OpenEdge,PostgreSQL,IBM DB2 to hold the User Management data,Registry..etc.

Following diagram will help you to identify how we can configure the database in different way
Here I'm using WSO2 Identity Server as Carbon product and explaining two simple samples.

Before going to discuss about samples we have to understand which configuration files that we need use.

First You have to go to $IS_HOME/repository/conf
user-mgt.xml - all user store and user permission configurations.
registry.xml - all registry configurations.

Lets go to $IS_HOME/repository/conf/datasources
master-datasources.xml - this is the common file that we used to define data sources configurations.

Move to above sample 1 there is a single mysql database to store User permission, Registry data and embedded LDAP for User Store (ex/ username, password,..etc ).

1.master-datasources.xml - first you have to define the mysql datasource
Go to mysql and create database call WSO2_MYSQL_CARBON_DB

[sourcecode language="sql"]
create database WSO2_MYSQL_CARBON_DB
[/sourcecode]

1.Then place the database name under name tag
2.Change the Jndi Config name jdbc/WSO2MysqlCarbonDB
3.Update url as jdbc:mysql://localhost:3306/WSO2_MYSQL_CARBON_DB
4.Set username and password rootroot123 5.Driver class name com.mysql.jdbc.Driver
5.Define driver class name as com.mysql.jdbc.Driver
6.Now you have to copy the driver into $IS_HOME/repository/components/lib

[sourcecode language="xml"]
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
[/sourcecode]

2.registry.xml
Now you have to refer the created datasource in registry xml.
change datasource name as jdbc/WSO2MysqlCarbonDB

[sourcecode language="xml"]
<dataSource>jdbc/WSO2MysqlCarbonDB</dataSource>
[/sourcecode]

3.user-mgt.xml
Refer the created data source in here as well. This is for User permission data.

[sourcecode language="xml"]
<Configuration>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> 
<Property name="dataSource">jdbc/WSO2MysqlCarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
[/sourcecode]

Now if we look at User Store configuration we don't need Jdbc connection because this is going to connect with LDAP so its different protocol. to understand follow this configuration.

[sourcecode language="xml"]
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">scimPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="DomainName">domain.com</Property>
</UserStoreManager>
[/sourcecode]

Lets move to Sample 2 you can see there are two databases connect with IS, one for user management and other for registry.
1.Create two data sources in master-datasources.xml as follows

[sourcecode language="xml"]
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for user permission data</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/WSO2_MYSQL_CARBON_DB</url>
<username>root</username>
<password>root123</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>

<datasource>
<name>WSO2_REGISTRY_DB</name>
<description>The datasource used for registry</description>
<jndiConfig>
<name>jdbc/WSO2RegistryDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
[/sourcecode]

2.registry.xml - refer H2 datasource

[sourcecode language="xml"]
<dataSource>jdbc/WSO2RegistryDB</dataSource>

[/sourcecode]

3.user-mgt.xml - refer mysql datasource

[sourcecode language="xml"]
<Configuration>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> 
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
[/sourcecode]

This is the way that we can simply configure the different databases with Carbon Products.

Monday, January 7, 2013

XACML Authorization

XACML - eXtensible Access Control Markup Language

Here I'm going to explain where we can use WSO2IS as a XACML engine.

Lets look at the following example to understand Authentication and Authorization

1. This is simple billing system with three services
Create Account, View Account Details, Delete Account
Admin Role - Can access all three services
User Role - Can access View Account Details

Now user Dinuka going to login to this system, then the system is going to check whether the username and password are correct or not. This operation call Authentication

Think about this scenario: user call Malinda going to log in to the system and try to access the Delete Account service. First of all user should be Authenticated then have to check whether the logged in user has permission to access the service Delete Account. This operation call Authorization.

Actually above system is using Role Based Authorization

2. Now will try to understand how to use the XACML engine for Authorization
In this system we are using ESB(enterprise service bus), AS(application server), IS(Identity Server)

1. Request to Access Resource A - First of all ESB authenticate the user, then it will call to PEP(This is Entitlement mediator) .In this Entitlement mediator we have to define the Identity server details.

2. Is Authorized ? - PEP call to PDP(Policy Decision point) and ask whether this user Authorized to access the Resource A

3. Yes/No - PEP evaluate the policies in the Policy store and take the decision according to the defined policies.

If the Decision is Yes - we are allowing to user to access the resource.

The benefit of the above system is easily we can change the permission of the users without changing any other component such as ESB or AS. The only thing we have to do is change the policies in the policy store.

Let me explain the PAP (Policy Administration Point) - This is handling the administration part of the XACML engine (ex/ Upload polices, Edit policies ..etc.)

BulkEndpoit in Action with WSO2 Charon (SCIM Implementation)

Charon is one of Open source SCIM implementation offered under Apache 2.0 license.
For more details refer this presentation done by Hasini Gunasinghe

Bulkendpoint is essential requirement for the provisioning because we can process large amount of data at a time rather than doing one by one.
Ex/ we can provision 100 users at a time (In single request).

Design for bulk endpoint according to the following specification http://www.simplecloud.info/specs/draft-scim-api-01.html

1. Sequence Diagram

2. Class Diagram

Friday, January 4, 2013

How to use CLI tool to subscribe to the available cartridges in Stratos2 Demo

Before follow this post you must setup the Stratos2 Demo in your machine. Please refer the following post
http://malalanayake.wordpress.com/2013/01/04/stratos2-demo-setup-alpha-with-open-stack/

"subscribe" function is one of major features included in the CLI tool. This is use for subscribe to available cartridges in the system.

1. Login to the VM by using username "wso2" password "g"

[sourcecode language="bash"]
ssh wso2@172.14.0.1
password : g
[/sourcecode]

Then go to the folder "/demo_setup/software" and extract "CLI.tar.gz"

2. Type "sudo bash" to move as a "root" and export following parameters
[sourcecode language="bash"]
export STRATOS_ADC_HOST=172.14.0.1
export STRATOS_ADC_PORT=9445
[/sourcecode]

3. Go to extracted CLI folder and run the stratos.sh with username and password
[sourcecode language="bash"]
./stratos.sh dinuka@stratos.com dinuka123
Then you will move to "stratos>"
[/sourcecode]

In Stratos2 demo environment we have cartridge call "php", now I'm going to subscribe to that cartridge from my tenant dinuka@stratos.com

4. Now go to above stratos> and follow the command to subscribe to php

[sourcecode language="bash"]stratos> gtsubscribe php sampleapp[/sourcecode]

Once we done this we can see the created and running php instance in the OpenStack from http://172.14.0.1/syspanel/instances/

At this moment separated php instance is available for my tenant dinuka@stratos.com as a sampleapp

5. Lets look how to deploy the sample php file call test.php in to the allocated php server.

once we subscribe to the php cartridge it will create a specific GIT repository.
In above subscription you can see the git repo link as http://git.stratos.com/stratos.com/sampleapp
So what we have to do is we need to take the "git clone" from this location

Before that we have to put the following entries to the /etc/hosts file this should be done in your machine not in the VM
go to your console and follow this command sudo vim /etc/hosts
and put the following entries into the hosts file

172.14.0.1 git.stratos.com
172.14.0.1 sampleapp.php.stratos.com

Now we can make the git clone form http://git.stratos.com/stratos.com/sampleapp
> git clone http://git.stratos.com/stratos.com/sampleapp
username as dinuka@stratos.com dinuka123

Now go to clone repo folder and you can see there are three folders as follows
simplesamlphp sql www

Now you can place the test.php file in to www directory and do the following commands to commit
[sourcecode language="bash"]
> git add *
> git commit -a -m "sampleapp commit"
> git push
[/sourcecode]
username dinuka@stratos.com password dinuka123

Go to http://sampleapp.php.stratos.com:8280/ and you can see the committed test.php file and you can access it from the http://sampleapp.php.stratos.com:8280/test.php/

Stratos2 Demo Setup Alpha - with Open Stack

This blog post is going to explain how to setup the Stratos2 Demo Setup in VirtualBox

first you have to download our image from here (This will take some time because of the size 17.3GB)
Now double click on it to install.
Once you done with the installation you have to go to configure the "virtual host only interface" with following details
1. go to file->preferences in VirtualBox
2. Select Network tab and add new "Host only network"

IPV4 address: 172.14.0.254
IPV4 network mask :255.255.0.0

3. Now start this image and login to the Instance
[sourcecode language="bash"]
username: wso2
password: g
[/sourcecode]

4. Go to /demo_setup/conf/ and view setup.conf

If you have any changes in configuration according to your environment you can do it in setup.conf

5. Move to demo_setup folder and type "sudo bash" to move to root and run the setup-demo.sh
Press enter when the following questions are coming

================================================================================
[sourcecode language="bash"]
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
Enter new UNIX password:
Retype new UNIX password:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] N

Changing the user information for git
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
do ssh-keygen without password for git user. press enter to continue...

Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa):
Created directory '/home/git/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/git/.ssh/id_rsa.
Your public key has been saved in /home/git/.ssh/id_rsa.pub.
The key fingerprint is:
83:55:ac:2b:ae:6d:4a:58:98:b9:11:46:2a:7d:cf:f5 git@s2demo
The key's randomart image is:
+--[ RSA 2048]----+
| . .. |
| + .. |
|o + . o. |
|.. * o +.. |
| = . + S.E |
| = . .. |
| o .. . |
| . .o |
| o+. |
+-----------------+
Reading package lists... Done
Building dependency tree
Reading state information... Done
git is already the newest version.
gitolite is already the newest version.
gitweb is already the newest version.
apache2 is already the newest version.
bind9 is already the newest version.
apache2-suexec is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 56 not upgraded.
Adding entries to gitolite... Please do :wq after gitolite.rc file open. Press enter to continue...

The default settings in the rc file (/home/git/.gitolite.rc) are fine for most
people but if you wish to make any changes, you can do so now.

hit enter...
[/sourcecode]
================================================================================

Once you reached here, it will open the file with details then you have to save the file by doing the ":wq" command

Again you can see the following commands in console - just press enter to proceed
================================================================================
[sourcecode language="bash"]
creating gitolite-admin...
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
creating testing...
Initialized empty Git repository in /home/git/repositories/testing.git/
[master (root-commit) 390bc9e] start
2 files changed, 6 insertions(+)
create mode 100644 conf/gitolite.conf
create mode 100644 keydir/git.pub
Cloning into 'gitolite-admin'...
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
Receiving objects: 100% (6/6), 709 bytes, done.
remote: Total 6 (delta 0), reused 0 (delta 0)
do ssh-keygen without password for wso2 user. press enter to continue...
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wso2/.ssh/id_rsa):
/home/wso2/.ssh/id_rsa already exists.
Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wso2/.ssh/id_rsa.
Your public key has been saved in /home/wso2/.ssh/id_rsa.pub.
The key fingerprint is:
03:80:76:55:c0:ea:9f:04:3c:e9:38:d8:bd:9e:09:11 wso2@s2demo
The key's randomart image is:
+--[ RSA 2048]----+
| ..ooo. |
| o ... |
| .Eo o. |
| .* . |
| o.= o S |
|. +.+ . . |
| .. + . |
| ..oo |
| .+ |
+-----------------+
[master a6087aa] Check in by git
3 files changed, 10 insertions(+), 4 deletions(-)
create mode 100644 conf/repos/testing.conf
create mode 100644 keydir/wso2.pub
Already up-to-date.
Counting objects: 12, done.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (8/8), 927 bytes, done.
Total 8 (delta 0), reused 0 (delta 0)
remote: creating testingt...
remote: Initialized empty Git repository in /home/git/repositories/testingt.git/
To git@localhost:gitolite-admin
390bc9e..a6087aa master -> master
Cloning into 'gitolite-admin'...
remote: Counting objects: 14, done.
remote: Compressing objects: 100% (11/11), done.
Receiving objects: 100% (14/14), 1.57 KiB, done.
remote: Total 14 (delta 0), reused 0 (delta 0)
ln: failed to create symbolic link `/etc/apache2/mods-enabled/appfactory.load': File exists
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
ln: failed to create symbolic link `/etc/apache2/mods-enabled/suexec.load': File exists
ln: failed to create symbolic link `/etc/apache2/sites-enabled/git': File exists
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
httpd (no pid file) not running
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
/opt/ADC ~/demo_setup
~/demo_setup
/opt/cloud_controller ~/demo_setup
In repository/conf/carbon.xml
rm: cannot remove `./repository/conf/service-topology.conf': No such file or directory
rm: cannot remove `./repository/conf/service-topology.conf.back': No such file or directory
~/demo_setup
/opt/wso2mb-2.0.1 ~/demo_setup
~/demo_setup
/opt/elb ~/demo_setup
~/demo_setup
/opt/agent ~/demo_setup
~/demo_setup
/opt/wso2is-4.0.0 ~/demo_setup
~/demo_setup

Import the wso2.pub into openstack (With the same name mentioned in /opt/cloud_controller/repository/deployment/server/cartridges/)
cat /home/wso2/wso2.pub.
Cut and paste the output into the box that you get when execute import keys of the openstack dashboard
When you are ready press any key to continue starting servers
[/sourcecode]
================================================================================
once you come here in the command line you have to take another console and login to the VM as follows
[sourcecode language="bash"]
ssh wso2@172.14.0.1
password : g
[/sourcecode]

then follow this command to view the public key
cat /home/wso2/wso2.pub and copy the public key

Then open the OpenStack buy using the IP address http://172.14.0.1/

[sourcecode language="bash"]
username : admin
password : openstack
[/sourcecode]

Go to Project -> Access and Security then go to section Key Pairs

Delete the already exist "stratos-demo" key and import it again

once you finish this again you can go to earlier command line and press enter to start servers

when it finished you can see the command line as follows

Now the stratos demo environment ready for use

6. Go to https://172.14.0.1:9445/carbon/admin/login.jsp
[sourcecode language="bash"]
username : admin
password : admin
[/sourcecode]

Create new tenant with following details

Domain : stratos.com
FirstName : statos2
LastName : alpha
Admin Username : dinuka
Password : dinuka123
Email : dinukam@wso2.com

Now we are done with the Stratos2 Demo Setup