| Innehållsförteckning |
|---|
Konfiguration av Virtualiseringsplattformen
För att överlagra defaultinställningar behöver en fil med namnet vp-config-override.properties finnas på classpath.
...
| Varning |
|---|
Not! Använd inte mellanslag i de värden som konfigureras i vp-[config|security]override.properties. Detta är inte ok, vp_instance_id=VALUE # whitespace after the value |
Instruktion för tidigare versioner av VP
SKLTP VP - Konfiguration av äldre versioner
Release Note - Virtualiseringsplatformen, för att läsa om förändringar mellan olika versioner
Instruktion för senaste versionen av VP - 2.2.9
Release Note - Virtualiseringsplatformen, förändringar i properties sedan tidigare versioner
Typiska inställningar i vp-security-overide.properties
| Kodblock |
|---|
# Overrides applications default vp-config.properties #Location where certificate files are found TP_TLS_STORE_LOCATION=/etc/mule/conf #Truststore settings, what CAs and certificates VP should trust when communicating with #consumers and producers. TP_TLS_STORE_TRUSTSTORE_TYPE=jks TP_TLS_STORE_TRUSTSTORE_FILE=truststore.jks TP_TLS_STORE_TRUSTSTORE_PASSWORD=password #Settings for the producer connector, when VP acts as producer, receiving calls from consumers TP_TLS_STORE_PRODUCER_TYPE=jks TP_TLS_STORE_PRODUCER_FILE=keystore.jks TP_TLS_STORE_PRODUCER_PASSWORD=password TP_TLS_STORE_PRODUCER_KEY_PASSWORD=password #Settings for the consumer connector, when VP acts as consumer, making calls to producers TP_TLS_STORE_CONSUMER_TYPE=jks TP_TLS_STORE_CONSUMER_FILE=keystore.jks TP_TLS_STORE_CONSUMER_PASSWORD=password TP_TLS_STORE_CONSUMER_KEY_PASSWORD=password |
Typiska inställningar i vp-config-overide.properties
| Kodblock |
|---|
# Overrides applications default vp-config.properties
# Mule 3.7.0 and later
TP_HOST=0.0.0.0
###############################################################################################
# Comma separated list of ip addresses that should be valid to call virtual services (VP)
# using http (and of course valid headers for authorization). When using https this list
# is not used.
#
# IP_WHITE_LIST=127.0.0.1,127.0.0.X,127.0.0.Y
###############################################################################################
IP_WHITE_LIST=<your list>
# Standard properties for an external ActiveMQ broker, see soitoolkit-mule-jms-connector-activemq-external.xml.
SOITOOLKIT_MULE_AMQ_BROKER_URL=failover:(tcp://<your host x>:61616,tcp://<your host y>:61616)
##############################################################################
# Properties for service "VagvalRouter"
#
# Mandatory comma separated list of ip addresses (or subdomains, e.g 127.0.0 for all ip adresses under that domain)
# that should be valid to call virtual services (VP) using http (and of course valid headers for authorization).
# When using https this list is not used.
#
# IP_WHITE_LIST=127.0.0,127.1.2.3,127.4.6.7
#
# Mandatory identifier of this VP instance to be used when communicating over http with other
# SKLTP components
#
# VP_INSTANCE_ID=THIS_VP_INSTANCE_ID
#
# Optional http header to be used by e.g a load balancer to set the sender ip adress. A typical scenario
# is when a service consumer calls VP through a load balancer and VP would like to have information
# regarding the consumers ip adress.
#
# VAGVALROUTER_SENDER_IP_ADRESS_HTTP_HEADER=X-Forwarded-For
#
##############################################################################
TP_SOKVAGVALSINFO_URL=http://localhost:8080/tak-services/SokVagvalsInfo/v2
VP_INSTANCE_ID=<YOUR VP INSTANCE ID>
########################################################################################
# Properties for WSDL-query re-write of URL's (supporting WSDL-lookup using ?wsdl)
# when VP is fronted with a reverse-proxy/load-balancer that changes any of the below
# properties before forwarding to VP.
# Refer to response transformer: se.skl.tp.vp.util.wsdl.WsdlQueryReferencedUrlsResponseTransformer
#########################################################################################
VP_HTTP_HEADER_NAME_FORWARDED_PROTO=X-Forwarded-Proto
VP_HTTP_HEADER_NAME_FORWARDED_HOST=X-Forwarded-Host
VP_HTTP_HEADER_NAME_FORWARDED_PORT=X-Forwarded-Port
###VAGVALROUTER_SENDERID=2.5.4.5
VAGVALROUTER_SENDERID=OU
# Control if event-logging should be done to JMS or not.
ENABLE_LOG_TO_JMS=false
# Enable resend on VP009. Logs 'Could not route. Will retry after ... millisec' if first request fails.
# To disable remove property or set RETRY_ROUTE_AFTER_MS=0
RETRY_ROUTE_AFTER_MS=2000
#################################################################
# Properties for service "resetVagvalCache"
#
# RESETVAGVALCACHE_INBOUND_URI=URI for reset cache
# RESETVAGVALCACHE_PORT=Port number for reset cache
# LOCAL_TAK_CACHE=Path to file where local TAK cache should exist
# Default LOCAL_TAK_CACHE=${user.home}${file.separator}.tk.localCache
#################################################################
LOCAL_TAK_CACHE=<your>/<path>/<to>/.tk.localCache
RESETVAGVALCACHE_TIMEOUT_MS=30000
#####################################################################################################
# HSA cache properties #
# #
# HSA_FILES=<file1,file,filex> #
#####################################################################################################
# List if files to be read by HSA cache, first file is master, rest is complementary
HSA_FILES=<your>/<path>/<to>/hsacache.xml,<your>/<path>/<to>/hsacachecomplementary.xml
#############################################################################################################
# Response timeout Feature properties
# It is possible to control response timeout on each service in VP, if the service supports it.
# Default values for all services are defined in SERVICE_TIMEOUT_MS, to override follow the convention
# described below and make sure the service to use supports this feature.
#
# Convention: feature.featureresponsetimeout.<service contract namespace>=5000
# Example: feature.featureresponsetimeout.urn.riv.crm.scheduling.GetSubjectOfCareScheduleResponder.1=5000
#############################################################################################################
# Default timeout for synchronous services
SERVICE_TIMEOUT_MS=30000
feature.featureresponsetimeout.druglogistics.dosedispensing=5000
#Infektionsverktyget
feature.featureresponsetimeout.urn.riv.processdevelopment.infections.DeleteActivityResponder.1=5000
#####################################################################################################
# Keep alive Feature properties
# It is possible to control keep-alive settings on each service in VP. If a service has keep-alive #
# enabled all consumers and producers are affected. Default setting is used by all services and #
# is set to feature.keepalive=false. To enable keep-alive for one service use this convention: #
# Convention: feature.keepalive.<service contract namespace>=true #
# Example: feature.keepalive.urn.riv.crm.scheduling.GetSubjectOfCareScheduleResponder.1=true #
#####################################################################################################
#Default setting is false, used by all services that does not specify any specific configuration
feature.keepalive=false
feature.keepalive.urn.riv.crm.scheduling.GetSubjectOfCareScheduleResponder.1=false
|
Komplett sammanställning av alla inställningar som finns i VP
Terminering av SSL/TLS framför VP
Om SSL/TLS trafik termineras framför VP, i t ex en reverse-proxy, behöver dessa konfigurationer göras:
- Propagera certifikat och inkommande HTTP-header(s) från reverse-proxy till VP:
- Sätta certifikat för inkommande anrop i HTTP-header: x-vp-auth-cert
- Lägga till IP-nr (inre) för reverse-proxy till VP's whitelist property (i vp-config.properties): IP_WHITE_LIST
- Propagera HTTP-header om den är satt: x-rivta-original-serviceconsumer-hsaid
- Propagera IP-nr för inkommande anrop i HTTP-header med namn enligt property i vp-config.properties (namn kan konfigureras): VAGVALROUTER_SENDER_IP_ADRESS_HTTP_HEADER=X-Forwarded-For
Ref: SKLTP VP SAD - Arkitekturella krav#Arkitekturellakrav-FK-5,Ursprungligavsändare
Sätta HTTP "forwarded" headers för att stödja WSDL-lookup (t ex som: https://vp/service_x?wsdl):
Ref: SKLTP - Lastbalanserare / Reverse-proxy
Namn på HTTP headers kan ändras i vp-config.properties (se exempel på konfigurationsfil ovan):Inget format VP_HTTP_HEADER_NAME_FORWARDED_PROTO=X-Forwarded-Proto VP_HTTP_HEADER_NAME_FORWARDED_HOST=X-Forwarded-Host VP_HTTP_HEADER_NAME_FORWARDED_PORT=X-Forwarded-Port
Exempel: HTTP headers prefixade med VP:
Inget format VP_HTTP_HEADER_NAME_FORWARDED_PROTO=VP-X-Forwarded-Proto VP_HTTP_HEADER_NAME_FORWARDED_HOST=VP-X-Forwarded-Host VP_HTTP_HEADER_NAME_FORWARDED_PORT=VP-X-Forwarded-Port
Konfiguration av specifika features
Feature keep-alive
För de virtuella tjänster i VP som har stöd för keep-alive finns det möjlighet att per tjänst styra om keep-alive skall vara aktiverat eller ej. Ett default värde (feature.keepalive) sätts för alla virtuella tjänster som sedan kan överlagras av respektive tjänst som vill aktivera keep-alive. Aktiveringen av keep-alive görs enligt en given konvention:
...
| Parameter | Default värde | Kommentar |
|---|---|---|
feature.keepalive | false | Default värde som sätter alla virtuella tjänster till att keep-alive inte skall vara aktiverat. Detta överlagras av respektive tjänst som vill ha keep-alive påslaget enligt konventionen beskriven ovan. |
Feature responseTimeout
För de virtuella tjänster i VP som har stöd för individuell inställning av timeout går detta att styra per tjänst, såväl connection som response timeouten styrs av denna inställning. Ett default värde (SERVICE_TIMEOUT_MS) sätts för alla virtuella tjänster som sedan kan överlagras av repektive tjänst enligt följande tillvägagångssätt.
...
Default sätts connection och response timeouten i parametern SERVICE_TIMEOUT_MS.
Konfigurera loggning av LogEvents
Konfiguration av loggning görs i <mule-hom>/apps/<vp-services>/classes/log4j.xml, notera att det inte krävs någon omstart av applikationen, ändringar slår direkt i runtime.
Exempel på logEvents
DEBUG
| Kodblock | ||
|---|---|---|
| ||
** logEvent-debug.start ***********************************************************
IntegrationScenarioId=
ContractId=
LogMessage=xreq-in
ServiceImpl=vagval-dynamic-routing-flow
Host=33.33.33.1 (33.33.33.1)
ComponentId=1133a557-b5cc-11e3-bd36-2da34769782a
Endpoint=https://localhost:20000/vp/tjanst1
MessageId=15c27c95-b5cc-11e3-bd36-2da34769782a
BusinessCorrelationId=15cc67b1-b5cc-11e3-bd36-2da34769782a
BusinessContextId=
ExtraInfo=
-senderid=tp
-originalServiceconsumerHsaid=null
-source=se.skl.tp.vp.util.LogTransformer
-cxf_service=urn:skl:tjanst1:rivtabp20
-rivversion=RIVTABP20
-receiverid=vp-test-producer
Payload=<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:riv:interoperability:headers:1" xmlns:urn1="urn:riv:itintegration:registry:1">
<soapenv:Header>
<ns2:To xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:skl:tjanst1:rivtabp20">vp-test-producer</ns2:To>
</soapenv:Header>
<soapenv:Body>
<ns3:getProductDetailElem xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3="urn:skl:tjanst1:rivtabp20">
<productId>Exception</productId>
</ns3:getProductDetailElem>
</soapenv:Body>
</soapenv:Envelope>
** logEvent-debug.end ************************************************************* |
INFO
| Kodblock | ||
|---|---|---|
| ||
** logEvent-info.start *********************************************************** IntegrationScenarioId= ContractId= LogMessage=xreq-in ServiceImpl=vagval-dynamic-routing-flow Host=33.33.33.1 (33.33.33.1) ComponentId=1133a557-b5cc-11e3-bd36-2da34769782a Endpoint=https://localhost:20000/vp/tjanst1 MessageId=15c27c95-b5cc-11e3-bd36-2da34769782a BusinessCorrelationId=15cc67b1-b5cc-11e3-bd36-2da34769782a BusinessContextId= ExtraInfo= -senderid=tp -originalServiceconsumerHsaid=null -source=se.skl.tp.vp.util.LogTransformer -cxf_service=urn:skl:tjanst1:rivtabp20 -rivversion=RIVTABP20 -receiverid=vp-test-producer Payload= ** logEvent-info.end ************************************************************* |
...