Appendix

FAQ

Changing DB connection information

How to manually change DB connection information.

su ipadb
cd /rpa/pkgs/mariadb/bin
./mysql -u root -p
MariaDB [(none)]> SELECT * FROM catalog.tb_data_source;
MariaDB [(none)]> UPDATE catalog.tb_data_source_info SET CONNECT_URL='jdbc:mysql://DB_IP:DB_PORT' WHERE DATA_SOURCE_ID='DS_2bc4eb2ee9b74807941fce8fac7bde87';
엔터
Ctrl-C
su ipaadm
cd /rpa/apps/admin/admin/WEB-INF/classes/properties
vi comm.properties
jdbcUrl=jdbc:mysql:// DB_IP: DB_PORT/rpa?useLegacyDatet~~~생략~~~~
wq!
cd /rpa/apps/admin/user/WEB-INF/classes/properties
vi comm.properties
jdbcUrl=jdbc:mysql:// DB_IP: DB_PORT/rpa?useLegacyDatet~~~생략~~~~
wq!
cd /rpa/apps/admin/tenant/WEB-INF/classes/properties
vi comm.properties
jdbcUrl=jdbc:mysql:// DB_IP: DB_PORT/rpa?useLegacyDatet~~~생략~~~~
wq!
cd /rpa/properties
vi application.properties
ipa.db.server.url= DB_IP
ipa.db.server.port=DB_PORT
wq!
cd /rpa/pkgs/apache-activemq-5.15.9/conf
vi activemq.xml
<bean id="mysql-ds" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="org.mariadb.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://DB_IP:DB_PORT/activemq?relaxAutoCommit=true&amp;serverTimezone=GMT&amp;"/>
wq!

Server Restart Procedure

RPA Service and Tomcat are installed as ipaadm, MariaDB is installed as ipadb
It is installed and the installation folder is /rpa as an example.

Server startup should never be done with root authority, and the startup sequence is as follows.

Activation

su ipadb
cd /rpa/bin
./mysql-start.sh

or,

cd /rpa/pkgs/mariadb/bin
./mysqld_safe --defaults-file=/rpa/pkgs/mariadb/conf/mysqld.conf &

ps -ef|grep mysql
su ipaadm
cd /rpa/bin
./activemq-run.sh

Or,
cd /rpa/pkgs/apache-activemq-5.15.14/bin
./activemq start

ps -ef|grep activemq

- run.sh : There is a procedure to input once again to the y/n confirmation command of “Do you really want to start?”, and if you want to start only a specific service module you want in the RPA service, you can specify it as an argument and start it single.

(example : ./run.sh comm)

. run-y.sh : Immediately start all RPA service modules sequentially.

. ps-rpa.sh : Displays the overall process status whether RPA services are up normally.

cd /rpa/bin
./run.sh
ps -ef|grep rpa
cd /rpa/bin
./tomcat-run.sh

Or,

cd /rpa/pkgs/tomcat/bin
./startup.sh

ps -ef|grep tomcat

End

cd /rpa/bin
./tomcat-stop.sh

 or
 cd /rpa/pkgs/tomcat/bin
./shutdown.sh
cd /rpa/bin
./stop.sh
cd /rpa/bin
./ activemq-stop.sh

Or,
cd /rpa/pkgs/apache-activemq-5.15.14/bin
./activemq stop
Check process termination with ps -ef|grep activemq command
are ipadb
cd /rpa/bin
./mysql-stop.sh

or
cd /rpa/pkgs/mariadb/bin
./mysqladmin
-u root -p shutdown

Deleting the RPA solution

Stop the service by following the server restart procedure.

Check process termination with ps -ef|grep tomcat command
Check process termination with ps -ef|grep rpa command
Check process termination with ps -ef|grep activemq command
Check process termination with ps -ef|grep mariadb command

Run as root account in case of permission error

cd /rpa
rm -rf apps
rm -rf bin
rm -rf certificate
rm -rf logs
rm -rf pkgs
rm -rf properties

How to set up my.cnf file when installing DBMS individually

If you installed MariaDB or MySQL separately, you need to change the my.cnf file as follows. File changes must be made prior to installing the RPA solution.

After shutting down the DBMS, refer to the following to change my.cnf. After that, start the DBMS.
It is located in the /etc/mysql/my.cnf path during default installation, and root privileges are required to modify it.

[mysqld]

default_authentication_plugin=mysql_native_password
explicit_defaults_for_timestamp = 1
log_bin_trust_function_creators=1
open_files_limit = 20480
max_connections = 5000
max_allowed_packet = 64M
default-time-zone='+0:00'
innodb-strict-mode=0
collation-server=utf8_general_ci
character-set-server=utf8
sql_mode="STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"

[client]

default-character-set=utf8

Check DBMS character-set

The Brity RPA solution uses utf8 character-set and utf-general-ci COLLATION when using MySQL or MariaDB.

If you installed MariaDB through the installation package, you do not need to check the following.
cd /usr/bin
./mysql -u root -p or ./mysql -port 4406 -u root -p enter
Enter password
mysql> show variables like 'char%';
Confirm that charset is utf8 by executing the command.
mysql> show variables like 'coll%';
Confirm that collation is utf8_general_ci by executing the command.
When DBMS is set to utf8 and utf-general-ci, RPA solution must be installed to avoid COLLATION conflict.
When COLLATION crashes, you need to change the DBMS settings and reinstall the RPA solution.

DB Redundancy Configuration Architecture (Reference)

DB redundancy requires a separate configuration in advance if necessary.

* DB duplication configuration and technical support are not provided when installing Brity RPA Server.


When configuring DB redundancy, please refer to the architecture diagram and link below.

[Note] Red Hat Pacemaker https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/high_availability_add-on_administration/ch-startup-haaa

application/comm. properties Description of each property value

application.properties property description

The RPA server IP/PORT settings currently installed on the server.

Property

Description

ipa.server.ip.{servername}

{servername} The address where the server is installed.

ipa.server.port.{servername}

{servername} The port used by the server.

auth.ssl.verifyiplist

When a request is made from the RPA server to another server, it is necessary to specify the IP address. Separate the IP addresses with "," and enter them without spaces.

You can set the OCR server and server token timeout, etc.

Property

Description

auth.token.timeout

You can set the default timeout when issuing server tokens.

- Initial value: 43200, unit: seconds

auth.token.timeout.{detail}

You can set the detailed token timeout of {detail}. The unit is seconds. If not set, the default value is auth.token.timeout. (bot, designer, standalonebot, user, server, mobile)

useOcr

Whether to use the OCR function.

- Initial value: N,

Additionally, you need to set ipa.server.ip/port/contextPath.ocr in application.properties.

You need to set ocr.server in comm.properties.

server.domain

Server domain for designer SSO operation, no need to set if you do not use a domain

portal.port

If you use the domain of the server for designer SSO operation, port 8080, no configuration is required.

support.password.validation

This is a property that sets not to perform authentication with Brity RPA's own account when the external authentication linkage is configured and operated in the RPA portal. No, Mobile is not available.

By default, it does not exist in the file, and if necessary, after adding properties as shown below, the settings are reflected when the Gateway and Tenant servers are restarted.

support.password.validation=false

You can configure DB settings for each RPA server.

Property

Description

spring.datasource.{servername}.url

{servername} DB schema address of the initially set DB address.

spring.datasource.{servername}.username

{servername} DB user of the initially set DB address.

spring.datasource.{servername}.password

{servername} DB PW of the initially set DB address.

- Initial value: jasyptEncryption (pw can be written in plain text)

spring.datasource.max-active

The maximum number of connections provided by the DB connection pool.

- Initial value: 30, unit: pieces

spring.datasource.max-idle

The maximum number of connections stored in the connection pool when idle.

- Initial value: 30, unit: pieces

spring.datasource.min-idle

The minimum number of connections stored in the connection pool when idle.

- Initial value: 30, unit: pieces

Knox api linkage (mail and messenger) related information settings. This property is exclusive to Samsung affiliates. Set the token/account information issued after applying for Knox linkage use.

Property

Description

knox..messenger.server.token

This is the issued token for Knox messenger connection.

knox.messenger.module.enabled

Whether to use Knox messenger linkage.

- Initial value: false, when used: true

knox.messenger.suffix

This is the additional domain search function when linked with knox messenger.

Use only when Id system is email

If there is no value, the existing logic works.

Example@samsung.com;@partner.samsung.com

knox.server.token

Linkage token to use when linking mail/schedule/user.

knox.server.id

Linked user to use when linking mail/schedule/user.

knox.server.pw

Linked user pw to use when linking mail/schedule/user.

jasyptEncoding value (pw can be expressed in plain text)

knox.calendar.defaultUserId

This is the user setting to use when linking schedules.

knox.server.url

Knox-linked address. (Production)

knox.server.devurl

Knox-linked address. (Stage)

Log level settings stored in /rpa/logs.

Property

Description

logging.level.com.sds.rpa

Log level settings for core, auth, scheduler, and gateway servers.

- Initial value: INFO

- Settable values: TRACE, DEBUG, INFO, WARN, ERROR

logging.level.com.sds.ipa.tenant

The log level setting for the tenant server.

- Initial value: INFO

- Settable values: TRACE, DEBUG, INFO, WARN, ERROR

This is the setting for SMTP mail linkage.
You can set it in Tenant Portal > Manage Settings (see SMTP Settings).
Certificate settings for the RPA server. Each server is set with a private certificate provided during installation.
When configuring redundancy, the AP2 server must have a different _02 certificate setting than that of the AP1 server.
This is the setting for the Brity RPA SaaS. The customer does not need to modify it separately.

A property value that can be changed.

Property

Description

scheduler.job.enableSecureParam

Restrict job-related file download API calls by enabling security settings so that parameters cannot be checked after job execution.It is recommended to match the settings of comm.properties below.To enable it, you must set its property to Y.

- Initial value: N

apikey.log.keepdays

When an API request is made using an API Key, the history is stored, and the period to keep the history is specified. The unit is Days.

- Initial value: 60

queueMaxMessageSizeMb

Specifies the maximum size of Queue messages processed by the RPA service application. The unit of message size is MB.

- Initial value: 5

comm.properties property description

Default settings such as language/timezone of the installed RPA portal.

Property

Description

defaultLang

Portal default language setting.

- Initial value: KO, KO/EN supported

maxUploadSizeMb

Set the maximum size of files uploaded by the portal, such as mail attachments, processes, and anniversaries.

- Initial value: 10, unit: MB

defaultTimeZondId

Portal default timezone setting.

- Initial value: Asia/Seoul (area/Location type tz format is used)

You can configure the certificate and queue of the RPA portal, and the RPA server associated with the portal.

Property

Description

auth.ssl.verifyiplist

When a request is made from the RPA server to another server, it is necessary to specify the IP address. Separate IP addresses with "," and enter them without spaces.

ex) 203.254.214.131,112.107.220.134

rpa.login.sso

Whether to use the Knox Portal SSO integration function.

- Initial value: false, when used: true

interface.sendmail

Value change is required when linking Knox

- Initial value: /interface/api/v1/mail/sendMail

- When linked : /interface/api/v1/knox/mail/sendMail

systemqueue.data.retention.days

The period of system queue data stored in DB.

- Initial value: 30, unit: days

userqueue.data.retention.days

The duration of user queue data stored in the DB.

- Initial value: 30, unit: days

queue.cron.start.expression

Set the period of data deletion in the queue.

- Initial value: 3 am every day (0 0 3 * * ?)

Second, minute, hour, day, month, day of the week, year cron expression values

useKnox

Sets the Knox link settings that can be used by Samsung affiliates so that they can be viewed on the screen. Since the property in the comm.properties file is not defined, if you need to change the property value, you must specify the property in the file (useKnox=true).

You can configure DB connection settings for RPA portal.

Property

Description

spring.datasource.max-active

The maximum number of connections provided by the DB connection pool.

- Initial value: 30, unit: pieces

spring.datasource.max-idle

The maximum number of connections stored in the connection pool when idle.

- Initial value: 30, unit: pieces

spring.datasource.min-idle

Minimum number of connections stored in the connection pool when idle

- Initial value: 30, unit: pieces

jdbcUserName

The admin account is used for initial installation.

jdbckey

The pw of the initially installed admin account.

Plain text input is also possible.

This is the setting for the Brity RPA SaaS. The customer does not need to make any separate modifications.
rpa.service.saas should always remain false.
Portal attribute values ​​that change frequently.

Property

Description

agreemetUse

Whether to use the Privacy Policy feature.

- Initial value: false, when used: true

When using, consent to the user's privacy policy becomes a required value when registering as a member, and it is stored in the catalog.fr_user_info_history table.

The personal information processing policy for each customer can be saved in the form of agreeContent.html (Korean) and agreeContent_en.html (English) under /rpa/apps/admin/{admin/user/tenant}/WEB-INF/classes.

passwordChangeCycle

Exposes the pw change popup upon user login according to the set cycle

- Initial value: 6, Unit: month

fcm.databse.url

*For mobile connection

Account information provided by firebase.

fcm.credentials.path

*For mobile connection

This is the credential file provided by firebase.

After saving in the path /rpa/apps/admin/{admin/user/tenant}/WEB-INF/classes

ex) fcm.credentials.path=classpath:{file name}

apns.cert.path

Certificate path for iOS mobile.

After saving in the path /rpa/apps/admin/{admin/user/tenant}/WEB-INF/classes

ex) apns.cert.path=classpath:{file name}

apns.cert.path

This is the issued iOS mobile certificate PW.

portalSSO

Whether to enable SSO between admin/tenant/user portals.

(Initial value: true) (When not used: false)

When not in use, a separate session between the admin/tenant/user portals is used to manage users.

portal.sso.***Url

The URL used when applying portalSSO.

When applying domain: https://{DOMAIN:PORT}/***

When redundancy is applied: https://{L4_IPAddr:PORT}/***

Apply single server: https://{Svr_IPAddr:PORT}/***

**In the initial installation, the IP address is the current server's IP address.

useOcr

It must be changed to Y when using the OCR function.

-Initial value: N

external.auth.login

false / true (initial value: false)

Set to true when the customer company interworks with its own authentication system.

scheduler.job.enableSecureParam

Enable the security setting so that parameters cannot be checked after job execution.

To enable it, you must set that property to Y.

It is recommended to match the setting value of application.properties above.

- Initial value: N

disableUserInfoCopy

Change the settings so that user data list copying and Excel download are not allowed.

To enable it, you must set that property to Y.

- Initial value: N

auth.apikey.addlimitdays

Set the maximum number of days of expiry date that can be set from when the API key is added.

The unit is Days.

- Initial value: 365

OCR Server Configuration

How to configure the OCR server

abbyy.classification=true //add property
abbyy.enginePath=/opt/ABBYY/FREngine12/Bin //Modify to fit ABBYY SDK path
abbyy.serialNumber=jYRy6SdjWv4RE8pCZTNN //Project ID issued
/rpa/apps/textrecognitionServer/run.sh

※ If it runs normally, you can check the Abbyy SDK information in the log.

Property Changes for Portal Linkage

useOcr=Y
ipa.server.ip.ocr={Installed server IP}
ipa.server.port.ocr={Server port to be installed}
/rpa/apps/gateway/stop.sh
/rpa/apps/gateway/run.sh
/rpa/bin/tomcat-run.sh
/rpa/bin/tomcat-stop.sh

Server Data Aging Settings

Working with Server Data Aging

Subject of Work

Aging Work Content

Internal Action Logic

Location and Change of Settings

Consider Optimize

Server

(automatic)

Delete table data tb_job_related_file

At 00:00 every day, data after the set value (days) is deleted from the tb_job_related_file table that exists for each tenant.

(Deletes the row)

Explicitly declare the following property values ​​in the application.properties file (if this value is not declared, 30 days is embedded in the code as a standard value)





scheduler.log.keepdays=30

tb_job_related_file table of each DB

Operator

(manual)

Delete old versions of projects registered in each tenant

As project versions accumulate, old versions that are no longer used accumulate. If older versions that are not in use are deleted using the Admin Portal function, the data in the tb_asset_file table is deleted.


tb_asset_file table of each DB

Server

(automatic)

Delete files used in Queue

Messages are deleted from the log 30 days after they are received.

Can be changed to the default defined contents in comm.properties as follows

#Queue historical data retention

systemqueue.data.retention.days=30

userqueue.data.retention.days=30

queue.cron.start.expression=0 0 3 * * ?


These operations delete unnecessary data in the DB whose retention period has passed. Still, even after the deletion, the physical file's capacity in the DB's corresponding tablespace does not significantly decrease.

For the gradual increase in storage space due to high usage, consider having the server administrator increase the storage accordingly.

To secure additional storage space for data deleted through aging, you can secure more storage space by periodically performing the following MariaDB efficiency operation in a situation with sufficient DB storage space. (recommendation for regular maintenance work, etc.)

Officially, MariaDB provides the OPTIMIZE TABLE function as follows,

https://mariadb.com/kb/en/optimize-table/

As for MariaDB work, each customer has different versions, operators, configuration architectures, etc., and it does not fall within the scope of RPA technical support. Therefore, backup/execution/procedures for optimization work are reviewed by DBA or contracted maintenance company, etc. I hope you do.

1) If you do not need to retain up to 30 days of data provided by default, try reducing the retention value. For example, add "scheduler.log.keepdays=30" to the server's application.properties file. After setting the desired retention period number (days), restart the scheduler service.
2) Admins of each tenant check and delete versions that are no longer in use among the old versions of each project accumulated.
3) Perform DB table optimization to secure physical DB capacity by using the time available for PM or service off.

Working with OPTIMIZE TABLE in MariaDB

MariaDB's OPTIMIZE TABLE operation can be reviewed in the following scenario.

The scenarios below do not include data backup/recovery. Please refer to the example scenarios and proceed with the procedure and action plan tailored to the customer company with the DBA. (In RPA technical support, MariaDB maintenance is not supported)

1) Check DB server disk capacity before operation (by schema): Record it for comparison with After.

cd /data/mariadb/data
du -h --max-depth=1

2) Connect to MariaDB.

cd /rpa/pkgs/mariadb/bin
./mysql -u root -p
Enter password

3) Check the total DB capacity before operation. (perform a query)

SELECT SUM(data_length+index_length)/1024/1024 used_MB, SUM(data_free)/1024/1024 free_MB FROM information_schema.tables;
You can easily check the status of how much you are using and how much DATA_FREE is.
(Record data before/after work to check Before & After)
☞ DATA_FREE: bytes allocated but not used
    The data_free column shows the amount of free space allocated to the table that is not in use.
    OPTIMIZE TABLE might help you free up this space.
    (This will reduce the space occupied by resolving table fragmentation)

4. Select target tables to reduce with OPTIMIZE operation (confirm with a query)

-- Look up the 20 tables that use the most data
select concat(round(data_length/(1024*1024),2),'M') data, t.* from information_schema.TABLES t order by DATA_LENGTH desc limit 20;
 
-- Look up the top 20 tables with the highest amount of DATA_FREE
select concat(round(DATA_FREE/(1024*1024),2),'M') data, t.* from information_schema.TABLES t order by DATA_FREE desc limit 20;

Among the tables with high DATA_FREE, especially tb_asset_file or tb_job_related_file are checked and listed.

5) Perform OPTIMIZE

With enough maintenance time to put down the RPA service, each command is executed sequentially for each selected table.

-- command
OPTIMIZE TABLE tablename

Example) When optimizing the rpa.tb_job_related_file table

MariaDB [(none)]> optimize table rpa.tb_job_related_file;
+-------------------------+----------+----------+-------------------------------------------------------------------+
| Table                   | Op       | Msg_type | Msg_text                                                          |
+-------------------------+----------+----------+-------------------------------------------------------------------+
| rpa.tb_job_related_file | optimize | note     | Table does not support optimize, doing recreate + analyze instead |
| rpa.tb_job_related_file | optimize | status   | OK                                                                |
+-------------------------+----------+----------+-------------------------------------------------------------------+
2 rows in set (0.074 sec)
As a result, the message "Table does not support optimize, doing recreate + analyze instead" is displayed, but optimize is actually applied.

6) When the job is complete, rerun the capacity check query to see how much data has been reduced.

7) Organize the work time and effect, reflect it into the policy of how often the efficiency work will be carried out, and include it in the operation work.

Redundancy - Session timeout issue "Connection Reset by Peer"

Solution

1) Check whether the TCP 'RST' flag transmission option can be turned on after L4 session timeout (request confirmation from the person in charge of infrastructure)

2) Added a reconnection attempt option in the server property, but check the session timeout value of L4 and set it to be smaller.

Setting up Job Triggers and Processflow Waitmail Polling Cycles

Job Triggers (Event Server) Setting the waitmail polling cycle

1) Add the following content to the /apps/core/run.sh file. (in ms)
- added "-Devent.polling.queue.interval=600000" (ms 600sec=10 minutes)
- If the value is not set, it will be operated as the default value (every 10 seconds)
2) Restart core for the settings to take effect.
    cd /rpa/apps/core
    ./stop.sh
    ./run.sh

Processflow waitmail PollingSet the Cycle

1) Add the following content to the /apps/workflow/run.sh file. (in seconds)
- Added "-Dworkflow.event.mail.interval=600" (sec 600sec=10 minutes)
- If the value is not set, it will be operated as the default value (1 minute cycle)
2) Restart workflow to apply the settings
    cd /rpa/apps/workflow
    ./stop.sh
    ./run.sh

Summary of questions related to the waitmail polling cycle

1) What is the JobTrigger & Process Flow Server Default?
- Job triggers related to the server default value are 10-second cycles and process flows are 1-minute cycles.


2) Are email job triggers repeated every 10 seconds, and are they executed by the number of job triggers (10)?
- Access the mail server as many registered email jobs per cycle.


3) How often does the JobTrigger access to the Nox API occur internally?
- To be precise, it connects via pop3, not API. One access per account per cycle.
Example) If the cycle is 10 seconds and five email job triggers are registered, the number of connections per minute is [1 * 6 = 5].
Since the cycle is 10 seconds, there is one repetition per minute, and there are six email job triggers, so five connections per cycle ==> 5 * 6 = 5


4) How often does the waitmail card go through the Knox API, including the KNOX login?
- ProcessFlow also attempts to access POP3 to the mail server as many waitmail cards per cycle.

Troubleshooting

Install Runtime Library additionally (libtinfo.so.5)

After initial installation, in some cases, depending on the Linux OS, an additional runtime library called libtinfo.so.5 may be required in relation to the case that MariaDB does not start normally or there is an error in connection. In this case, you need to check the error message and install the required library yourself. If the following error occurs on CentOS or RHEL, you need to install the library below additionally.
libtinfo.so.5: cannot open shared object file: No such file or directory

If you cannot connect to the Internet, install it yourself using the bundled package as follows. (CentOS)

cd /rpa/install/lib/ncurses
sudo rpm -i --nosignature ncurses-compat-libs-6.1-7.20180224.el8.x86_64.rpm

In an environment where an Internet connection is available, installation is possible as follows.

sudo yum install libncurses*

# For Ubuntu, use the following command instead
sudo apt install libncurses5

In some cases, the following error message may occur during the process of creating tables when installing MariaDB in Ubuntu environment.

/rpa/pkgs/mariadb/bin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory

In an environment where internet connection is available, you can install related libraries with the following command.

sudo apt-get install libaio1 libaio-dev

Or,
sudo yum install libaio

View IPv6 is enabled (disable IPv6)

If you use IPv6 and IPv4 at the same time, it may not work properly, so you may need to change it to not use IPv6.

You can check whether IPv6 is enabled on the server using CentOS 8 with the command below.

ip a | grep inet6 (disable IPv6)

If IPv6 setting is enabled, you can check the inet6 keyword as above, and if it is not set, nothing is output.

You can use the sysctl command as a way to disable IPv6 addresses.

To disable IPv6 addresses using the sysctl command, follow the steps below.

1. Use the command below to create a new sysctl configuration file /etc/sysctl.d/70-ipv6.conf.

# sudo vi /etc/sysctl.d/70-ipv6.conf

2. When the file creation is complete, enter the following command and save it.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

3. Enter the following command to disable IPv6 enabled.

# sudo sysctl --load /etc/sysctl.d/70-ipv6.conf

4. Enter the following command to check whether IPv6 is normally disabled.

# ip a | grep inet6

If there is no result message after entering the above command, you can check that the IPv6 settings are disabled for all network cards. (This setting is maintained even after rebooting)

If the IPv6 keyword is still found after disabling IPv6 using the above sysctl command in CentOS 8, this is because Network Manager is used by default in CentOS 8, so use the nmcli command to process it as follows. You need to reboot after that.

Enter the following command to disable IPv6 enabled state using nmcli command.

# sudo nmcli connection modify interface ipv6.method ignore

Finally, reboot CentOS 8 by entering the command below.

# sudo reboot

You can check whether IPv6 is enabled on the server using Ubuntu using the command below.

# ip a | grep inet6

If IPv6 setting is enabled, you can check the inet6 keyword as above, and if it is not set, nothing is output.

Ubuntu can also use the sysctl command as a way to disable IPv6 addresses.

To disable IPv6 addresses permanently on Ubuntu using the sysctl command, follow the steps below.

(Compared with CentOS 8, the files and contents to be modified are slightly different)

1. Using the command below, the sysctl configuration file, /etc/sysctl. Open conf with vi editor.

# sudo vi /etc/sysctl. conf

2. Append the following commands to the end of the file and save it.

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

3. Enter the following command to apply the settings.

# sudo sysctl -p

4. Enter the following command to check whether IPv6 is normally disabled.

# ip a | grep inet6

If there is no result message after entering the above command, you can check that the IPv6 settings are disabled for all network cards. (This setting is maintained even after rebooting)

If IPv6 keyword is still found after disabling IPv6 using the above sysctl command in Ubuntu, the following processing is required to force the OS to read the sysctl configuration file as a kernel parameter.

/etc/rc.local file is created.

# sudo vi /etc/rc.local

Fill in the contents of the /etc/rc.local file as follows and save it.

#!/bin/bash
# /etc/rc.local

/etc/sysctl.d
/etc/init.d/procps restart

exit 0

Reset the execute permission on this file as follows.

# sudo chmod 755 /etc/rc.local

In addition to the above methods, there is a way to disable IPv6 by setting GRUB, but this document does not cover it.

Viewing error log

If you installed the solution under /rpa, you can check the log of each service as shown below.

cd /rpa/logs/mariadb
tail -f mariadb.err

You can view the entire log with the more mariadb.err, vi mariadb command. Continue to output the log with the tail -f maraidb.err command.

cd /rpa/logs/admin
tail -f catalina.out
cd /rpa/logs

Check the error log under the asset, auth, comm, event, gateway, interface, scheduler, tenant, extrecognitionServer, workflow folder.

Viewing RPA service access

You can check if there is a problem with Linux internal/external connection with the command.

For example, if gateway communication succeeded inside Linux but failed on the bot PC, it can be expected that the firewall of the corresponding port is not open. (You can also check through the web browser, not the Curl command.)

If the connection is normal, the version of the installed service is displayed.

(Example)

curl https://182.193.17.236:8777/version --insecure
curl http://182.193.17.236:9091/auth/version

curl https://182.193.17.236:9001/communication/version -- insecure

See command for confirmation

You can use the commands below to check the for abnormal status.

When mysql command doesn't work

alias mysql=/rpa/pkgs/mariadb/bin/mysql
export PATH=$PATH:/rpa/pkgs/mariadb/bin/

Check the Date

date

SERVICE PORT LISTEN STATUS VIEW

While logged into the ipaadm account

lsof -i -nP | grep LISTEN

Check the operating system bits

getconf LONG_BIT

Check if port is open without telnet

Among the parameters of curl, the telnet scheme is also allowed in the url.

curl -v telnet://ip:port

Example) curl -v telnet://70.70.189.84:22

If it is open, it will appear as Connected to in the result.

Adjusting the size of heap memory for java execution of RPA service

If an error occurs while an OOM (Out Of Memory) error message of "java.lang.OutOfMemoryError: Java heap space" is recorded in the log of a specific RPA service module, increase the heap memory setting related to java execution of the RPA service module.

For example, if an asset-related problem fails to import common resources. In that case, the corresponding service module is core (from version 2.0, three services, including interface, asset, and event, are integrated into core). The execution script to be modified (run .sh) is located in the path below. Open run.sh with vi editors. 
cd /rpa/apps/core
vi run.sh

Find the "-Xms" and "Xmx" items among Java's execution options and modify the memory size higher than the currently set value. For reference, the above options are defined as follows.

-Xms : Initial heap size setting 
-Xmx : Set the maximum heap size
If you give an example of extending what is initially set to 1G to 2G.
Before change: -Xms1G -Xmx1G
After change: -Xms2G -Xmx2G
Save the modifications and restart the service module to take effect immediately.
As the memory usage rate of the service module will increase as the memory option value increases, check the memory usage by using the top or free command below on the server in advance, and proceed when there is enough physical memory. If there is insufficient memory, applying it after adding physical memory first is recommended.

Checking memory status with top command (Linux server)

It shows various usage status of Linux server. (When running without options, the screen refreshes every 3 seconds)
The screen is updated every second using the delay option below, and if you press Shift + m together on the screen, the processes with the highest memory usage are sorted and displayed first.

top -d 1

Execute the /rpa/bin/ps-rpa.sh command to check the starting (-Xms) maximum (-Xmx) memory setting.

Compare the PID of the top command to check that the physical memory (RES) value does not exceed the heap memory. If the heap memory is insufficient, increase the maximum memory Xmx value.

ipaadm 338 1 1 12:34 tty1 00:01:01 java -jar -DDEV_HOME=/rpa/logs -Dspring.config.location=/rpa/properties/application.properties,classpath:/application.properties -Xms2G -Xmx2G rpa_auth.jar
ipaadm 379 1 1 12:34 tty1 00:00:52 java -jar -DDEV_HOME=/rpa/logs -Xms1G -Xmx1G -Dspring.config.location=/rpa/properties/application.properties,classpath:/application.properties rpago_api_gateway.jar
To configure Java heap memory, modify run.sh of each service and restart it.
vi /rpa/apps/auth/run.sh
vi /rpa/apps/gateway/run.sh
vi /rpa/apps/tenant/run.sh
vi /rpa/apps/core/run.sh
vi /rpa/apps/comm/run.sh
vi /rpa/apps/scheduler/run.sh
vi /rpa/apps/workflow/run.sh
vi /rpa/apps/textrecognitionServer/run.sh

If there is available memory, Linux uses it for cache and other purposes to make the most of it and returns it when there is a memory request.

The actual memory used is (used - buff/cache), and the avail Mem value is the available memory.

It is not a situation where memory is insufficient simply because there are few free Mem, and if there are a lot of swaps used, performance degradation occurs.

To be considered a normal situation, the amount of (free + buff/cache) must be at least 20% of the total memory (Mem total). If this value does not exceed 20% and swap usage occurs frequently, physical memory expansion is considered necessary.

Using OutOfMemory check script in the error log

The method to check whether OutOfMemory has occurred in the server log file is as follows.

It provides a simple shell script to check the status of java heap memory and provides an efficient setting guide. In addition, it does not affect the system by performing only commands such as ps -ef, and jstat.

Extract and check the OutOfMemory log for the entire error log

1) Prepare the script file
Place the oom-check.sh file in /rpa/bin/oom-check.sh .

2) Run the script
cd /rpa/bin
./oom-check.sh

3) Run the script repeatedly
./oom-check.sh -t

Check memory status and take action

1) Check the result
 If OutOfMemory is found in the /rpa/logs/*/error.log file, the contents of the file are displayed on the screen. 
If there is no result, nothing is displayed.

Displays the Heap Memory status of RPA services.
You can check the number and duration of Minor GC and Full GC executions.

2) RPA Service Memory Check option
ETIME : Process Elapsed Time
YOUNG : Young Area Heap Size (GB)
YGC : Minor GC Count
YGCAT : Minor GC Average Time (sec)
OLD   : Old Area Heap Size (GB)
FGC   : Full GC Count
FGCAT : Full GC Average Time(sec)

3) Memory stabilization conditions
YGCAT : Around 0.05 sec
FGCAT: Around 1 sec

oom-check.sh
#!/bin/bash
grep -r 'OutOfMemory' ../logs/*/error.log

#Omitted below

Tomcat Log Time KST

Tomcat's logs are logged using a mixture of KST and UTC, as shown below. (Basic installation status)
Files to be changed
3 logback .xml configuration files in use by each web application
☞ location
/rpa/apps/admin/admin/WEB-INF/classes/logback.xml
/rpa/apps/admin/user/WEB-INF/classes/logback.xml
/rpa/apps/admin/tenant/WEB-INF/classes/logback.xml
<configuration>
    <!-- Console Log -->
    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
        <layout class="ch.qos.logback.classic.PatternLayout">
            <Pattern>
                [%-5p] [Thread Id=%t] [%date{"yyyy-MM-dd HH:mm:ss.SSSZ"}{KST}] %13F:%04L %m%n
            </Pattern>
        </layout>
    </appender>

Server Operation Guide

OS Parameter Application Guide

This section shows recommended values for OS kernel parameters that manage and control Linux systems. 
There are differences in setting methods depending on the OS, which is not directly controlled by the solution. 
Therefore, server operators are advised to use this guide to apply recommended values for kernel parameters.

Factors affecting the solution include:
NetWork Performance Tuning
File System Performance Tuning

Setting

OS kernel parameters are values that manage and control the Linux system, and you can optimize the system by setting kernel parameter values.

The primary setup method is as follows. 
- Just set the value in the file using the vi /etc/systl.conf command. (Applicable permanently) 
- You can also control the values of kernel variables with the sysctl command.

Detailed setup method

The detailed setting method is as follows.

1) How to query setting values
  - sysctl [kernel parameter]
  ex) # sysctl net.ipv4.tcp_max_syn_backlog

2) How to apply immediately
   - sysctl -w [kernel parameter]=[value to set]
    ex) # sysctl -w net.ipv4.tcp_max_syn_backlog=1024

3) On permanent setting
    # vi /etc/sysctl.conf
    net.ipv4.tcp_max_syn_backlog=1024 
    net.core.somaxconn=1024 
    net.ipv4.tcp_fin_timeout=60      
    net.ipv4.tcp_keepalive_intvl=75    
    net.ipv4.tcp_keepalive_probes=9    
    net.ipv4.tcp_keepalive_time=7200    
    net.ipv4.tcp_syn_retries=6
    net.ipv4.tcp_retries2=15

4)  How to apply after setting
    # Apply with the /sbin/sysctl -p command.

Recommended settings for each OS parameter item

Category

Entry

Default(OS and version varies)

Recommended value

Description

TCP/IP

net.ipv4.tcp_max_syn_backlog

128

8191

Set the maximum number of connections per global/port that can wait for connection requests

net.core.somaxconn

128

4096

net.ipv4.tcp_fin_timeout

60

60

Set the time to release a socket in the FIN_WAIT_2 state

net.ipv4.tcp_keepalive_intvl

75

75

net.ipv4.tcp_keepalive_probes

9

9

net.ipv4.tcp_keepalive_time

7200

1800

net.ipv4.tcp_syn_retries

6

4

Set the number of times to retry when there is no response to a connection request

net.ipv4.tcp_retries2

15

7

Set the number of times to retry before terminating a live TCP connection.

net.core.rmem_default

212992

262144

Set the socket default/maximum buffer size for send/receive data

net.core.rmem_max

212992

10485760

net.core.wmem_default

212992

262144

net.core.wmem_max

212992

10485760

net.ipv4.tcp_tw_reuse

0

1

If the Local Port is insufficient, reuse sockets in the TIME_WAIT state(Not recommended for RHEL 7.6 onwards)

net.ipv4.ip_local_port_range

32768 60999

16384 65000

Set the Local Port allocation range to control the number of concurrent connections available within the server

Resource parameter recommended settings

Category

Entry

Default (OS and version varies)

Recommended value

Description

ulimit

soft nofile

1024

8192 or later

Set the maximum number of FDs (File Descriptors) that can be opened by the user.

hard nofile

4096

8192 or later

WAS Recommended Setpoint Application Guide

This section provides recommended guides for Tomcat and Spring Boot settings required to run the solution. Most recommended values are applied during installation. Operators must be aware of the settings and be able to adjust and manage them when necessary. Additionally, you must be able to check essential logs and setup methods for analysis when an operational issue occurs.

Common Application Guide

entry

Application Effect

How to Apply

Whether the installation package is applied.

Applying Heap Dump

In the event of a failure, it is used for cause analysis and debugging

Add to the JVM execution options in the startup script

Basic application

Applying GC log settings

It can be used for performance tuning and memory leakage analysis, such as monitoring the memory usage and GC performance of the application.

Add to the JVM execution options in the startup script

1) In the case of Tomatat, specify the CATALINA_OPS to export from the setenv.shLocation: CATALINA_BASE/bin/setenv.sh


2) API servers are optional to run.sh


3) Configurable items

-XX:+PrintGCDateStamps Prints the time of the GC event occurrence.

-XX:+PrintGCDetails Logs GC event details.

-XX:+UseGCLogFileRotation Turn on log rotation.

-XX:+NumberOfGCLogFiles=<n> Set the maximum number of log files that can be stored.

-XX:+GCLogFileSize=<size> Sets the maximum size of each file just before rotation.

Optional

Applying Serve Mode Operations

The JVM is configured to perform more optimizations when running in a server environment.

Add JVM Options to Startup Script (-server)


1) In the case of Tomcat, specify the CATALINA_OPTS to export to the setenv.shLocation CATALINA_BASE/bin/setenv.shexport CATALINA_OPTS="$CATALINA_OPTS -Xmx2g –Xms2g -server"


2) API servers are added as an option to the run.sh

Basic application

Tomcat Application Guide

Entry

Application Effect

How to Apply

Whether the installation package is applied.

Access Log Time Taken Field Default

Based on response time data, performance monitoring, optimization, user experience evaluation, etc. can be performed

Add %D or %T to the server.xml in Tomcat



<Valve className="org.apache.catalina.valves.AccessLogValve"directory="/rpa/logs/admin"prefix="admin_access_log" suffix=".txt"

pattern="%h %l %u %t %D "%r" %s %b" />

Basic application(%D option)

Set Heap Memory Options

Prevent instance memory from rising indefinitely

Assign to CATALINA_OPTS to export to setenv.shLocation CATALINA_BASE/bin/setenv.sh

export CATALINA_OPTS="$CATALINA_OPTS -Xmx2g –Xms2g -server

Basic application(Default 2g)

Log Level INFO Settings

It can be used to analyze the cause of a problem through the server log.

Location: set in logging.properties in Tomcat



The available levels are:

ALL, FINEST, FINER, FINE, CONFIG, INFO, WARNING, SEVERE

Basic application(INFO)

connectionTimeout setting

If there are many service requests, unnecessary resources may be occupied when waiting for a connection connection, resulting in failure due to lack of available threads.

Set in the Connector property in the tomcat server.xml file



<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="10000" redirectPort="8443" />

Basic application(10000 or less)

ValidationInterval Settings

If the validation time is short, it may cause load due to frequent connection check cycles. If the validation time is long, the failure may occur using a damaged connection due to failure to perform the validity normally.

Setting validationInterval in the JDBC connection pool library

Basic application(30000)

Set the StuckThreadDetectionValve

Delay in recognizing requests that are executed for an abnormally long time may cause thread overoccupancy, and overall service delays and failures may occur due to thread shortages.



(StuckThreadDetectionValve detects threads with a long execution time and logs and interrupts)

Set the valve to be applied in the server.xml file under the target container



<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="600" />

Basic application(600 seconds)

Spring Boot Application Guide

entry

Application Effect

How to Apply

Whether the installation package is applied.

Access log settings

It is recommended to leave an access log as it is essential for request records, problem diagnosis, monitoring, and performance tuning.(Periodic deletion of Access/AP/GC logs is specified in the 3.4 Periodic Log File Deletion Guide document)

3.3 Refer to the Accesslog Settings Activation Guide

Optional

Application of Circuit Breaker

When a circuit breaker is used in an MSA structure, it prevents a failure from occurring in one service from propagating to another service.If the request is repeated during a failure, resources may be wasted and service processing power may be reduced.

A separate guide is being worked on

Basic application(CommunicationScheduler)Optional(Rest of the service)

WebClient ConnectionTimeout Settings

If there are many service requests, unnecessary resources may be occupied when waiting for a connection connection, resulting in failure due to lack of available threads.

CONNECT_TIMEOUT_MILLIS Set to 10000 or less

Basic application

Accesslog Settings Activation Guide

This section provides a guide to activating Accesslog settings. Accesslog is essential for recording client requests, diagnosing problems, monitoring, and performance tuning, so it is recommended to set it up as it can be used to identify the cause when a failure occurs.

Adding Access Log to a gateway service

1) Add parameters to run.sh in the gateway service folder (e.g. /rpa/apps/gateway)
Add -Dlogging.config=./logback.xml -Dreactor.netty.http.server.accessLogEnabled=true
2) Upload the attached logback.xml file to the gateway service folder (e.g. /rpa/apps/gateway)
attachment: logback.xml
3) Restart the gateway service and check the /rpa/logs/gateway/access log.log file.

Adding Access Log to auth, batch, comm, core, scheduler, tenant, textrecognitionServer, workflow service

1) Access Log Create application.properties in the service folder you want to add (e.g. /rpa/apps/auth), and add the contents if it already exists.
Change the directory (server.tomcat.accesslog.directory) to suit each service.
2) Add apllication.properties to run.sh execution shell

3) Restart the service and check if /rpa/logs/service name/access-log is created.

Guide to periodic deletion of log files

This section provides a guide to deleting logs that accumulate periodically. Since log files that are continuously accumulating may cause a shortage of disk space, you must check the log directory and apply a deletion method. It is recommended that detailed operation plans, such as deletion cycle and backup settings, be applied according to each company's policy and environment.

Create a shell script to automatically delete logs

Example

1) Files modified for more than 11 days will be deleted. Open the file and write as below.
> cd /rpa/tools
> vi log_del.sh

#!/bin/sh
find /rpa/logs/*/* -mtime +10 -delete
find /rpa/logs/*/archived/*.* -mtime +10 -delete
find /rpa/logs/admin/*.* -mtime +10 -delete
cp /rpa/logs/admin/catalina.out /rpa/logs/admin/catalina_$(date +%F_%H-%M-%S).log
cat /dev/null > /rpa/logs/admin/catalina.out

2) Save and exit (:wq)

3) Give execution permission
> chmod 755 log_del.sh

Register schedule (crontab), root privileges

Example

1) Registered in crontab, executes delete shell every day at 00:30.
>crontab -e
30 00 * * * /home/rpco/tools/log_del.sh

2) Save and exit (:wq)

Portal Instance Separation Guide (User, Admin, Tenant Separation)

This section explains how to detach a Brity RPA Orchestrator Portal instance.
Brity RPA has user, admin, and tenant portals for each user's permission.
The three portals are installed to run as one service.
This section will explain how to separate the three portals and the pros and cons.

Advantages and Disadvantages

Operating the three portals separately in each instance has advantages and disadvantages and can be set based on the customer's policy.

Advantage: Minimizes impact in case of failure through separation of portal instances
Disadvantage: Increase in server resource usage such as CPU/Memory and management targets due to starting instances individually

Command Execution Guide

It is not provided separately in the basic installation package and can be manually set separately as follows:
Portal Instance Detach Command

The instance detachment is performed through the command below.

1) Existing folders will be backed up.
tomcat folderbackup /home/rpa/pkgs/tomcat_bak
admin folderbackup /home/rpa/apps/admin_bak
Tomcat Runshell /home/rpa/bin/tomcat-run.sh.bak
Tomcat shutdownshell /home/rpa/bin/tomcat-stop.sh.bak

2) Perform commands
The commands below are based on the RPA path /home/rpa; please change your installation path.

cd /home/rpa/apps
cp -R admin admin_bak
cd /home/rpa/pkgs
cp -R tomcat tomcat_bak
mkdir tomcat/tomcat_admin
mkdir tomcat/tomcat_user
mkdir tomcat/tomcat_tenant
cp -R tomcat_bak/* tomcat/tomcat_admin
cp -R tomcat_bak/* tomcat/tomcat_user
cp -R tomcat_bak/* tomcat/tomcat_tenant
cd /home/rpa/apps
mkdir portal_admin
mkdir portal_user
mkdir portal_tenant
ln -s /home/rpa/apps/admin/user /home/rpa/apps/portal_user/user
ln -s /home/rpa/apps/admin/admin /home/rpa/apps/portal_admin/admin
ln -s /home/rpa/apps/admin/tenant /home/rpa/apps/portal_tenant/tenant
f=server.xml
cd /home/rpa/pkgs/tomcat/tomcat_user/conf
sed -i 's/8080/8080/g' $f
sed -i 's/8009/8009/g' $f
sed -i 's/8443/8443/g' $f
sed -i 's/8005/8005/g' $f
sed -i 's/\/apps\/admin/\/apps\/portal_user/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/user/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/user/g' logging.properties
cd /home/rpa/pkgs/tomcat/tomcat_admin/conf
sed -i 's/8080/8090/g' $f
sed -i 's/8009/8010/g' $f
sed -i 's/8443/8444/g' $f
sed -i 's/8005/8006/g' $f
sed -i 's/\/apps\/admin/\/apps\/portal_admin/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/admin/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/admin/g' logging.properties
cd /home/rpa/pkgs/tomcat/tomcat_tenant/conf
sed -i 's/8080/8070/g' $f
sed -i 's/8009/8011/g' $f
sed -i 's/8443/8445/g' $f
sed -i 's/8005/8007/g' $f
sed -i 's/\/apps\/admin/\/apps\/portal_tenant/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/tenant/g' $f
sed -i 's/\/logs\/admin/\/logs\/admin\/tenant/g' logging.properties
f=comm.properties
cd /home/rpa/apps/admin/user/WEB-INF/classes/properties
sed -i 's/\/user\/auth/\/tenant\/auth/g' $f
sed -i 's/\/admin\/admin/\/portal_user\/user/g' $f
sed -i 's/8080\/user/8080\/user/g' $f
sed -i 's/8080\/admin/8090\/admin/g' $f
sed -i 's/8080\/tenant/8070\/tenant/g' $f
sed -i 's/portalSSO=true/portalSSO=false/g' $f
cd /home/rpa/apps/admin/admin/WEB-INF/classes/properties
sed -i 's/\/user\/auth/\/admin\/auth/g' $f
sed -i 's/\/admin\/admin/\/portal_admin\/admin/g' $f
sed -i 's/8080\/user/8080\/user/g' $f
sed -i 's/8080\/admin/8090\/admin/g' $f
sed -i 's/8080\/tenant/8070\/tenant/g' $f
sed -i 's/portalSSO=true/portalSSO=false/g' $f
cd /home/rpa/apps/admin/tenant/WEB-INF/classes/properties
sed -i 's/\/user\/auth/\/tenant\/auth/g' $f
sed -i 's/\/admin\/admin/\/portal_tenant\/tenant/g' $f
sed -i 's/8080\/user/8080\/user/g' $f
sed -i 's/8080\/admin/8090\/admin/g' $f
sed -i 's/8080\/tenant/8070\/tenant/g' $f
sed -i 's/portalSSO=true/portalSSO=false/g' $f
cd /home/rpa/bin
cp tomcat-run.sh tomcat-run.sh.bak
sed -i 's/.\/startup.sh/#.\/startup.sh/g' tomcat-run.sh
sed -i 's/cd /#cd /g' tomcat-run.sh
sed -i 's/sudo -u/sudo /g' tomcat-run.sh
f=tomcat-run.sh
sed -i '19 i cd /home/rpa/pkgs/tomcat/tomcat_user/bin' $f
sed -i '20 i ./startup.sh' $f
sed -i '21 i cd /home/rpa/pkgs/tomcat/tomcat_admin/bin' $f
sed -i '22 i ./startup.sh' $f
sed -i '23 i cd /home/rpa/pkgs/tomcat/tomcat_tenant/bin' $f
sed -i '24 i ./startup.sh' $f
sed -i '12 i cd /home/rpa/pkgs/tomcat/tomcat_user/bin' $f
sed -i '13 i ./startup.sh' $f
sed -i '14 i cd /home/rpa/pkgs/tomcat/tomcat_admin/bin' $f
sed -i '15 i ./startup.sh' $f
sed -i '16 i cd /home/rpa/pkgs/tomcat/tomcat_tenant/bin' $f
sed -i '17 i ./startup.sh' $f
cp tomcat-stop.sh tomcat-stop.sh.bak
sed -i 's/.\/shutdown.sh/#.\/shutdown.sh/g' tomcat-stop.sh
sed -i 's/cd /#cd /g' tomcat-stop.sh
f=tomcat-stop.sh
sed -i '20 i cd /home/rpa/pkgs/tomcat/tomcat_user/bin' $f
sed -i '21 i ./shutdown.sh' $f
sed -i '22 i cd /home/rpa/pkgs/tomcat/tomcat_admin/bin' $f
sed -i '23 i ./shutdown.sh' $f
sed -i '24 i cd /home/rpa/pkgs/tomcat/tomcat_tenant/bin' $f
sed -i '25 i ./shutdown.sh' $f

Changes and start-up procedures

1. Change the port according to the separation of instances
- user portal https://ip:8080/user => https://ip:8080/user
- admin portal https://ip:8080/admin => https://ip:8090/admin
- tenant portal https://ip:8080/tenant => https://ip:8070/tenant
* An additional firewall needs to be opened for added webports 8090 and 8070
2. Web application source folder symbolic link
- user portal /home/rpa/apps/admin/user => /home/rpa/apps/portal_user/user
- admin portal /home/rpa/apps/admin/admin => /home/rpa/apps/portal_admin/admin
- tenant portal /home/rpa/apps/admin/tenant => /home/rpa/apps/portal_tenant/tenant
3. Detach the Tomcat instance
- Run with one existing instance /home/rpa/pkgs/tomcat/bin/startup.sh
- Can be run individually with three instances of change
=> user portal operation /home/rpa/pkgs/tomcat/user/bin/startup.sh
=> user portal exit /home/rpa/pkgs/tomcat/user/bin/shutdown.sh
=> admin portal operation /home/rpa/pkgs/tomcat/admin/bin/startup.sh
=> admin portal exit /home/rpa/pkgs/tomcat/admin/bin/shutdown.sh
=> tenant portal operation /home/rpa/pkgs/tomcat/tenant/bin/startup.sh
=> tenant portal exit /home/rpa/pkgs/tomcat/tenant/bin/shutdown.sh
4. Starting Tomcat
- Tomcat starts up to three instantaneous, simultaneous starts via /home/rpa/bin/tomcat-run.sh as before.
5. Shutting down Tomcat
- Tomcat shutdown is configured to terminate three instantaneously via /home/rpa/bin/tomcat-stop.sh as before.

Setting up a Suit

After setting, the original method is as follows. Please be careful when deleting.

cd /home/rpa/apps
rm -rf portal_admin
rm -rf portal_tenant
rm -rf portal_user
cp /home/rpa/apps/admin_bak/user/WEB-INF/classes/properties/comm.properties /home/rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
cp /home/rpa/apps/admin_bak/user/WEB-INF/classes/properties/comm.properties /home/rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
cp /home/rpa/apps/admin_bak/user/WEB-INF/classes/properties/comm.properties /home/rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
cd /home/rpa/pkgs/tomcat
rm -rf tomcat_admin
rm -rf tomcat_user
rm -rf tomcat_tenant
cd /home/rpa/bin
rm tomcat-run.sh tomcat-stop.sh
mv tomcat-run.sh.bak tomcat-run.sh
mv tomcat-stop.sh.bak tomcat-stop.sh

Server Resource Expansion Guide

When installing an orchestrator, the solution will give you basic recommended specifications. However, as the period of use increases, the total usage increases, such as the number of server users, bots, jobs performed, and scheduled tasks, creating a limit that can be used with the initial server resources. In this case, the operator should consider increasing server resources. Operators should consider the infrastructure configuration from the initial installation to consider the increase in users and bots.
This section provides a baseline guide for Brity RPA orchestrators to increase server resources.

Comparison of resource expansion plans

1) Advantages
Capacity can be increased without additional network connectivity.
It has fewer management costs and operational issues than the scale-out method, and it can be applied relatively easily by raising the specifications of server resources.

2) Disadvantages
Performance improvements and load balancing are limited.
Due to the significant burden on one server, there is no backup plan in the event of a failure.
If you replace an existing server to improve performance, you will experience service downtime.
1) Advantages
Multiple nodes can distribute the load to provide smooth service.
A backup plan can be established in the event of a failure, and flexible resource operation is possible.


2) Disadvantages
As the number of servers increases, server management becomes more complex, and initial costs, such as securing infrastructure such as network equipment, are involved when introducing the initial architecture.
As the node expands, it may be challenging to identify the cause of various failures, such as L4, which occur when a problem occurs.
If there are fewer users or the need for expansion is eliminated, the use of the resources that have been secured may be compromised.

Entry

Scale Up

Scale Out

Configuration

Scalability

Increasing the performance of hardware equipment by changing the CPU, adding memory, etc.

What used to be done on one machine is divided into multiple machines.

configuration

Unifying configuration, limits to performance scaling

Redundant configuration, can be scaled horizontally.

Failure Response

The load is concentrated on one server, and the failure impact is high.

Distributed processing on multiple servers, In case of failure, there is less chance of total failure.

Resources Required

CPU, Memory, Disk

Additional Server Codes

Scale-up expansion criteria

1) The CPU usage of the server may vary depending on the throughput or workload, and in general, if the CPU usage is more than 70% on average, consider whether to increase it.
2) Memory usage depends on the amount of concurrent execution of the project, but if the memory usage is more than 80% on average, you should consider adding it. Detailed memory usage is Memory calculation criteria. Note:
3) The exact criteria may vary depending on the purpose of the server, the nature of the work, etc. Therefore, it should be judged according to the customer's agreed procedures and criteria for expanding the server.
4) Other disk expansion standards are found in the following installation manual. Disk capacity calculation criteria Note:

Scale-out expansion criteria

1) The redundancy configuration must be applied by default to consider scaling out.

2) One node considers expansion based on the server resources of the recommended installation specifications.
Detailed recommended specifications are available in the installation manual. Note:
3) Generally, when the number of bots operating at 80% or more increases to 100, it is presented as a standard for adding nodes for load balancing.
4) Threshold settings for each node can be set in the resource monitoring function as follows.

Server Configurations

Server Diagram

Default installation path: /RPA

Screenshot 1

No.

Module Name

Port

Program Tokol

Function

Installation Path

1

Portal

8080

https

A web portal that provides admin/user/tenant management UI

/apps/admin

2

Gateway

8777

https

URL ROUTING and event login for all API requests

/apps/gateway

3

Auth

9091

http

Provides functions for license authentication and API authorization

/apps/auth

4

Scheduler

9093

http

Assign and execute jobs and manage the job results

/apps/scheduler

5

Communication

9001

https

(wss)

Responsible for overseeing bot communication and monitoring its status.


(WebSocket)

/apps/comm

6

Tenant

9099

http

Complete tenant information management and tenant change event management

/apps/tenant

7

Workflow

9094

http

Executing Process and managing result

/apps/workflow

8

Core

9096

http

- Consolidate previous versions of Asset, Interface, and Event services into one core service

- Manage projects, public resources

- Providing external API (Konx mail, messenger, push, etc.)

- Manage publish and subscriber for asynchronous events

/apps/core

9

TextRecognition

9095

http

OCR function and API

(# Abby license required)

/apps/textrecognitionServer

10

Batch

9098

http

Perform batch operations such as statistics, data cleansing, etc.

/apps/batch

Redundant server diagram

RPA servers can configure duplication depending on the switch configuration.
※ Separately configure hardware (L4/L7) or software reverse proxy (nginx) switch. We have not separately explained how to configure RDBMS for redundancy regardless of the application.

Screenshot 2

No.

Module Name

Port

Redundant

1

Portal

8080

Active-Active

2

Gateway

8777

Active-Active

3

Auth

9091

Active-Active

4

Scheduler

9093

Active-Active

5

Communication

9001

Active-Active

6

Tenant

9099

Active-Active

7

Workflow

9094

Active-Active

8

Core

9096

Active-Active

9

TextRecognition

9095

Active-Active

10

Batch

9098

Active-Active

Service Health Check

1. Call the Health Check API
Use the API call format and module name below to call the API locally. (Method: GET) 

For example, http://127.0.0.1:9091/auth/version

Exceptions)
 •Gateway, Comm services must use HTTPS
 •gateway is used without module name (https:// server address: 8777/version)

No.

Module Name

Port

Module Name

1

Web Portal

8080

admin

2

Core

9096

core

3

Auth

9091

auth

4

Communication

9001

communication

5

API Gateway

8777

gateway

6

Scheduler

9093

scheduler

7

Tenant

9099

tenant

8

OCR

9095

textrecognitionServer

9

Workflow

9094

workflow

10

Batch

9098

batch

2. Call Result
When the service functions normally, calling the API will display version information.
RPA Portal displays the HTML of the login page.

Log location and file management

1. Module-specific log location
/{Installation Location}/logs/{Module Name}/server.log #Full log
/{Installation Location}/logs/{Module Name}/error.log #Error log
   Ex) /rpa/logs/auth/serverlog
2. Keep track of errors.
Refer to the module relationship diagram between functions to check the relevant logs first.
3. You should manage your error files. The default log storage is set to 1 day, and the maximum file size is 10 MB. A new log file is automatically created when the maximum size is exceeded. Periodically, you should delete log files you don't need to free up server space.

Module