Linux OS Pre-Check

Check whether the OS environment necessary for the programs to be installed to operate normally is properly configured.

The pre-check process can be performed with an ipaadm account with sudo privileges.

OpenJDK installation can be done during Brity RPA Orchestrator installation, so support is available if requested.

Install OpenJDK

The Java Runtime environment is essential for Brity RPA Orchestrator to work. If the java -version command line command does not work, check how to install the JDK and configure the environment below and take appropriate action. If you unpack the installation package by referring to this document 2. Prepare the installation script, the OpenJDK package that can be installed is included in the sub-lib directory.

• New installation of JDK by copying OpenJDK File

cd /rpa/install/lib/openjdk
tar xvzf zulu8.54.0.21-ca-jdk8.0.292-linux_x64.tar.gz
mv zulu8.54.0.21-ca-jdk8.0.292-linux_x64 /usr/local/src/

• Add JDK Path

vi /etc/profile
# add information below
export JAVA_HOME=/usr/local/src/zulu8.54.0.21-ca-jdk8.0.292-linux_x64
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=$CLASSPATH:$JAVA_HOME/jre/lib/ext:$JAVA_HOME/lib/tools.jar
 alias java=/usr/local/src/zulu8.54.0.21-ca-jdk8.0.292-linux_x64/bin/java

Execute the java -version command in the Java installation completion test command window to check the version information.

source /etc/profile
java –version

Check OS Date Setting

If there is an error in the Linux system time or time zone setting, authentication may fail or license activation may not work properly. You can check the current time with the date command, and you can check the current time with the zdump /etc/localtime command, and you can check the time zone with the

$date
2020. 10. 18. (일) 03:49:06 EDT 

$zdump /etc/localtime 
/etc/localtime Sun Oct 18 03:49:06 2020 EDT 

$ timedatectl set-timezone Asia/Seoul
$date
2020. 10. 18. (일) 16:49:06 KST

From "timedatectl set-timezone Asia/Seoul" you can see that the time zone has been changed to KST.

OS firewall check

Depending on the firewall settings included in the OS itself, service access from inside/outside may not be possible. In this case, the server's own firewall must be set to disable.

(CentOS 8)

# Check status (active / inactive)
systemctl status firewalld

# stop service
systemctl stop firewalld

# Permanently disable firewall
systemctl disable firewalld

(Ubuntu)

# status check (active / inactive)
sudo ufw status

# stop and disable firewall
sudo ufw disable

Checking Linux OS

In Linux, if there is a limit on the maximum number of openable files that a process can request from the OS, if the limit is exceeded, an error with the phrase "Too many open files" will occur in the log.

Check how the ulimit is set for each account (mainly using ipaadm and ipadb) of each Linux server where the RPA service and DB are installed,
If the open file's item in the contents is set to the default value of 1024, change it to a larger value as follows.

# Check status (number of open files)
[ipaadm@brity ~]$ ulimit -a
syncopation 
open files                      (-n) 1024

How to change the maximum number of open files a process can open.

There are two methods: using a command and modifying the limits.conf file and both methods can be set without rebooting the device.
The way to use the command is initialized when the session is disconnected.
The method of modifying the limits.conf file is applied after disconnecting the session and logging in again.

For permanent settings, be sure to register them in the limits.conf file, and if the immediate application in the current session is required, use the command method to apply them immediately.

1) How to use the command (temporary, immediate application)

The way to change the ulimit using this command is to initialize the set value when the session is disconnected.

Execute the following command while logged in with the account you are using.
(If ipaadm and ipadb are in use, all apply)

[ipaadm@brity ~]$ ulimit -Hn 65536
[ipaadm@brity ~]$ ulimit -Sn 65536

2) How to permanently apply by modifying the limits.conf file

When logged in with the account you are using, go to the directory below
cd /etc/security/
Open the limits.conf file below with the vi editor and add the contents at the bottom
(Example of ipaadm account, the same applies if ipadb is also in use)

The account's value is permanently applied if you log in again or reboot.

# /etc/security/limits.conf

syncopation


ipaadm soft nofile 65536
ipaadm hard nofile 65536

# End of file

Preparing the installation script

The installation script consists of two versions for convenience in installation.

• rpa-basic-install.sh: ipaadm One-click single installation on one server with a single account (for simple installation)

1. For installation, ipaadm and ipadb accounts must already be created. (Installing with an ipaadm account is the default, but if you need to divide the DB account, you need to create an additional ipadb account. If you use a single ipaadm account, you can also use ipaadm for the ipadb account-related information in the description below. It's possible)

2. If it is not created, the account is created as follows, and the install directory to upload the installation file is created in advance under /rpa.

Works with the root account.
useradd ipaadm
useradd ipadb
passwd ipaadm
passwd ipadb

mkdir / rpa
mkdir /rpa/install
chown -R ipaadm:ipaadm /rpa

Upload the installation file to the server /rpa/install folder with the ipaadm account. The /rpa/install folder should contain the following 4 files.

apache-activemq-5.15.14.tgz
apache-tomcat-9.0.46.tar.gz
BRITY_RPA_server_install.tgz
mariadb-10.3.17-linux-x86_64.tar.gz

Unzip the Brity RPA install program as shown below.

are ipadm
cd /rpa/install
tar xvzf BRITY_RPA_server_install.tgz
chmod -R ugo+rwx /rpa/install (grant access to all users)

Basic Installation

The case of installing to the ipaadm account is described as an example.
(It can be installed with a user account other than ipaadm, and it can be installed without sudo privileges because it is a batch installation procedure under home with a single account.)
 
The installation proceeds in batches without complicated steps in the Step by Step format, and the installer does not intentionally make any changes.
Otherwise, RPA's services and open sources are stored in the home directory of the install account, /home/ipaadm/rpa.
It is installed by default. After completing the installation, open sources and RPA services are automatically started.

If you want to change the installation path and IP/Port, you can change the installation environment by entering ‘C’ and modifying each item sequentially to the desired value.

Please proceed as follows.

1. Run the installation by typing the following on the command line:

cd /rpa/install
./rpa-basic-install.sh

2. If you select Y for the End User License Agreement (EULA) on the first screen, you will be taken directly to the installation menu.

3. Select the DBMS to use for your RPA solution. Brity RPA officially supports MariaDB and MS-SQL (Microsoft SQL Server).

4. Check the prerequisits, which are Java, MariaDB, Tomcat, ActiveMQ, RPA Process and IPv6 on the first run. If the Process is not OK, select 2) Exit to end the process and proceed again. If you are using IPv6, it is recommended to disable ipv6. (For details, refer to Checking whether IPv6 is used (Disable IPv6) in this document.)

5. After confirming that the pre-checks are all OK and the optimal state is 1) Install new Brity RPA v2.5.0. Select (Basic Install). Installation setup information is displayed.

6. When the installation information is displayed, check the settings in detail. If you want to change the information, you can change all the setting values ​​to the desired value in sequence by pressing C. If all of the displayed settings are not correct, press Y to proceed with the installation.

As the installation proceeds automatically, MariaDB -> Tomcat -> ActiveMQ -> RPA Application -> RPA Web Portal -> DB Schema is installed one by one.

Before proceeding with DB Schema installation, a question about the table definition cache appears. This is because the default value of table_definition_cache of installed MariaDB is small, so it should be temporarily increased to 14000 or higher.

Change the value to a value greater than or equal to 14000 and press Enter.

7. After DB Schema installation is finished, Tomcat starts, and the installation ends when everything is installed sequentially. There is no need to start each service separately because it starts up after installation is completed at each stage.

5. When the installation information is displayed, press Y to proceed with the installation.

Custom Installation

An example of how to install Brity RPA on one server, including MariaDB, ActiveMQ, and Tomcat. The account explains how to install using the ipaadm account. If you want to proceed with the installation by dividing the DB installation account into ipadb, run rpa-custom-install.sh with sudo privileges.

1. Run the installer as follows.

cd /rpa/install
./rpa-custom-install.sh

2. In the End User License Agreement (EULA) that appears on the first screen, you must select Y to proceed with the installation.

3. Select the DBMS to use for your RPA solution. Brity RPA officially supports MariaDB and MS-SQL (Microsoft SQL Server).

4. Select Install Opensource Program ( MariaDB, Tomcat, ActiveMQ ).

5. Select install Mariadb.

6. The default Installation Path is /rpa, and the installation account is ipaadm. If it is set to a different value or you want to change it intentionally, select C to change the values. After that, when the values ​​are finally set, select Y to proceed with the installation. Even if you want to install a separate DB installation account, you can specify the account (eg, ipadb) on this screen and proceed with the installation.

7. Check that MariaDB is installed normally and the process is running. In the case of MariaDB, in order to apply DB schemas in the process of subsequently installing RPA services, connect directly to MariaDB as a client and proceed with installation commands, so start it up at the same time as DB installation.

8. After running the installation script (rpa-custom-install.sh) again, go to the open source installation menu and select 2) install Tomcat.

9. Press Y to proceed with Tomcat installation.

10. Check that Tomcat installation was successful. However, it does not start automatically.

11. After running the installation script (rpa-custom-install.sh) again, go to the open source installation menu and select 3) install ActiveMq.

12. Check the IP of the DB server. If you need to change it, press C to change it to the correct DB server IP, and then press Y to proceed with the installation. The default port for MQ is 8888.

13. Check if ActiveMQ installation was performed normally.

14. After running the installation script (rpa-custom-install.sh) again, go to the #HOME menu for RPA AP installation. 2) Install new Brity RPA v2.5.0 Please select

15. To install the RPA service application first 1) Install the RPA v3.0.0 Service application. Please select

16.  When installation information is displayed, check the settings in detail. If you want to change the information, press C to sequentially change all setting values ​​to the desired value. If all the displayed settings are correct, press Y to proceed with the installation. In the case of non-duplicate installation, there is no need to change the bottom 2 settings related to Redundant Server. Change. In the redundant installation, enter the VIP of L4 in the Gateway server address.

17. If 16G or more memory is installed, you can change the Maximum Heap Memory setting. If no changes are required, press N to proceed with the installation.

18. Check that the Brity RPA service application has been successfully installed.

19. After running the installation script (rpa-custom-install.sh) again, go to the #HOME menu to install RPA AP 2) Install new Brity RPA v3.0.0. Select again, and 2) Install the RPA v3.0.0 Web application. Please select

20. Press Y to proceed with the installation and check that the Brity RPA web application installation was successful.

21. After running the installation script (rpa-custom-install.sh) again, go to the #HOME menu to install RPA AP 2) Install new Brity RPA v3.0.0. again, and 3) Install the RPA v3.0.0 DB schema. Please select (If the DB installation account is installed separately as ipadb, the above rpa-custom-install.sh script must be executed with sudo privileges)

22. Check that the Database installed path item is properly specified, and if you need to change it, press C to make the appropriate change, and finally press Y to proceed with the installation.

"Remote DB Install" selection guide

: By default, it is n, which means that the installation program is executed directly on the server where the DB is installed. However, in a restrictive environment (using cloud RDS service, etc.) where you cannot directly upload the installation program to the DB server, you can select y to install the schema to the DB server remotely from the AP server, etc.

However, it should be noted that in this remote installation, the remote installation of DB Schema uses the MariaDB binary internally, so temporarily install MariaDB on the AP server to complete the remote operation, and then Please uninstall MariaDB.

MariaDB, which was temporarily installed on the AP server for remote work, is deleted.

• Stop the MariaDB process floating on the AP server

• Remove mysql start/stop script under /rpa/bin

• Delete the mariadb folder under /rpa/logs

• Delete the mariadb folder under /rpa/pkgs

And in the remote installation, you need to specify the path of MariaDB temporarily installed in the AP server in the "Database installed path" item . (Note that it is not the installation path in the DB server)

"DB Install user" selection guide

: By default, it is root, and when using MariaDB, which is provided as a managed service in a cloud environment, the root account is not provided, so enter the account value only when you need to use a specific account that has acquired all privileges.

Before proceeding with DB Schema installation, a question about the table definition cache appears. This is because the default value of table_definition_cache of installed MariaDB is small, so it should be temporarily increased to 14000 or higher.

Change the value to a value greater than or equal to 14000 and press Enter.

23. Check that the Brity RPA v3.0.0 database schema installation was successful.

All installations are complete.

Separation of RPA AP server and DB server

Firewall settings

If the application (AP) server and DB server are installed in a separate environment, communication on port 4406 of the DB server must be possible.

• Firewall setting between AP server and DB server: AP server → DB server (4406)

Installation

You must use the Custom installation script in the installation program for the following tasks.

1. DB server work

   1. Install MariaDB first using "1) Install Opensource Program" -> "1) install Mariadb" in Setup Program. After the installation is complete, MariaDB starts up automatically.

   2. When MariaDB is installed, once again in the Setup Program, select "2) Install new Brity RPA v3.0.0." -> Execute "3) Install the RPA v3.0.0 DB schema." In this case, be sure to enter the DB server IP as the IP of the actual DB server, not 127.0.0.1.

2. AP Server Tasks

   1. Install Tomcat using "1) Install Opensource Program" -> "2) install Tomcat" in Setup Program.

   2. Then, install Tomcat using "1) Install Opensource Program" -> "3) install ActiveMq" in Setup Program.

   3. Tomcat and ActiveMQ do not start automatically after installation is complete.

   4. Following the open source installation, install the RPA solution. In the Setup Program, select "2) Install new Brity RPA v3.0.0." -> Install the RPA service using "1) Install the RPA v3.0.0 Service application."

   5. Finally, in the Setup Program, select "2) Install new Brity RPA v3.0.0." -> Install the RPA web portal using "2) Install the RPA v3.0.0 Web application." In this case, be sure to enter the DB server IP as the IP of the actual DB server, not 127.0.0.1.

   6. Start the services sequentially. The order is ActiveMQ -> RPA service -> Tomcat.

MS-SQL Installation

Preparing to install MS-SQL DB

Installation of MS-SQL 2019 Server, a commercial solution, is not supported by Brity RPA.

To proceed with the DB Schema installation of Brity RPA Orchestrator after installation, MS-SQL must be running, and a user account with database creation and user creation privileges must be prepared.

• Supported MS-SQL is 2019 version

• When configuring rpa initial data for MS-SQL, it must be configured using the MSSQL DB Installer file.

• DB schema is installed in rpa database (requires drop if rpa database exists)

• If the new installation fails, you need to reinstall the database after dropping the database.

• User account added during installation (admin,auth,catalog,rpa,inerface,{additional tenant ID}_rpa)

• It is recommended to set Read committed snapshot for performance on the installed MS-SQL server.

• Since activemq for MS-SQL changes DB settings, it must be installed or modified using the package file provided.

Read committed snapshot Set

select is_read_committed_snapshot_on from sys.databases where name = N'rpa';
use master;
alter database rpa set single_user with rollback immediate;
alter database rpa set read_committed_snapshot on;
alter database rpa set multi_user;
select is_read_committed_snapshot_on from sys.databases where name = N'rpa';

Separate DB data or Main Log File Storage

Change the location of Maria DB's data file

If you want to operate the DB data by separating it into separate storage, change the file contents below, and the data file will be accumulated in the corresponding location.

Change target file: /rpa/pkgs/mariadb/conf/mysqld.conf

After stopping MariaDB first, open the mysqld.conf file with an editor, change the path information of the datadir attribute to the desired storage path and restart it.

Change log file storage path

• Change MariaDB log file storage information

  • Change target file: /rpa/pkgs/mariadb/conf/mysqld.conf

  • Change Path Attributes (3)

server_audit_file_path
    slow_query_log_file
    log-error

• Change the storage information of Tomcat access log file

  • Change target file: /rpa/pkgs/tomcat/conf/server.xml

  • Change information: directory

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/DATA/rpa/logs/admin" prefix="admin_access_log" suffix=".txt" omitted below>

• Changing Tomcat log file storage information

  • Change target file: /rpa/pkgs/tomcat/conf/logging.properties

  • Change information (4): directory

1catalina.org.apache.juli.AsyncFileHandler.directory = /DATA/rpa/logs/admin
2localhost.org.apache.juli.AsyncFileHandler.directory = /DATA/rpa/logs/admin
3manager.org.apache.juli.AsyncFileHandler.directory = /DATA/rpa/logs/admin
4host-manager.org.apache.juli.AsyncFileHandler.directory = /DATA/rpa/logs/admin

• Tomcat catalina.out log file storage information change

  • Change target file: /rpa/pkgs/tomcat/bin/catalina.sh

  • Change information

. CATALINA_OUT=/DATA/rpa/logs/admin/catalina.out

• Change the storage information of RPA AP's logs sub-log file

  • File to be changed: Run.sh for each service under /rpa/apps (total of 8)

  • Change information

. java -jar -DDEV_HOME=/DATA/rpa/logs

Installing Redundancy

For example, the case where the L4 switch is placed at the front end and configured in two RPA AP servers, one ActiveMQ and one DB server, will be described.

Except for the comm service that operates as Active-Standby, all service modules operate as an Active-Active load balancing cluster.

ActiveMQ and DB redundancy must be configured separately if necessary.

L4 settings

• Apply Sticky Session setting for Web Portal connected through port 8080

• Removed X-forwarded-for setting for communication service using port 9001

• When applying the public certificate, the certificate is applied to the 8080, 8777, 9001 port of the L7 (L4) switch.

Firewall settings

• RPA BOT ↔ ​​L4 switch (8777, 9001)

• RPA Designer ↔ L4 switch (8777)

• Portal access PC ↔ L4 switch (8080, 9001)

• Firewall setting between AP server and DB server

  • AP1 Server → DB Server (4406)

  • AP2 Server → DB Server (4406)

• Firewall settings between L4 switch and server

  • L4 → Server1 8080 8777 9001 9091 9093 9096 9099 9094

  • L4 → Server2 8080 8777 9001 9091 9093 9096 9099 9094

Installation

1. Install MariaDB using Custom installation on the DB server and perform Install the RPA v3.0.0 DB schema. At this time, enter the DB server IP as the IP of the actual DB server, not 127.0.0.1.

2. Install ActiveMQ and Tomcat on AP1 server. Install the RPA v3.0.0 Service application step, change the DB server IP in the installation options, and set it to Redundant Server : Y, Redundant Server type : 1.

3. API GW information generally designates VIP, and ActiveMQ designates AP1 IP.

4. Install Tomcat on the AP2 server. Install the RPA v3.0.0 Service application step, change the DB server IP in the installation options, and set it to Redundant Server: Y, Redundant Server type: 2.

5. As Redundant Server 2 is selected, the certificate is set internally separately from the AP1 server.

6. API GW information generally designates VIP, and ActiveMQ designates AP1 IP.

7. In the three comm.properties, in the Portal SSO Properties items, if there is a part that is set to the Real IP of each server, change it to VIP. -> Reference: Adding and changing properties

8. Run ActiveMQ, RPA AP, Tomcat on AP1 server.

9. Run RPA AP and Tomcat of AP2 server.

Add settings

[Task 1]
Perform the following tasks only on the AP2 server. 
You need to register additional properties for each property file.

- Change the scheduling job cycle that updates and creates statistical data in the tenant portal
- Changed file: /rpa/apps/admin/tenant/WEB-INF/classes/properties/comm.properties

Open the file with a vi editor, etc., and append the following contents.

tenant.statistics.cron_expression = 0 30 1/3 * * *

[Task 2]
Communication, ProcessFlow changes to Server Redundancy
On the AP1/AP2 server, please do the following:
- Changes to prevent catalog server certificates from overlapping with each other
- Change target file: /rpa/properties/application.properties

Open the file with a vi editor, etc., and append the following contents.

workflow.redundancy_configuration=Y

#gateway port
server.vPort=8777

#gateway IP (= L4 Switch IP)
server.domain=182.193.17.123

- Create and add files: /rpa/apps/gateway/addconfig.properties

Create a file, open it with the vi editor, etc., and add the following content.

spring.cloud.loadbalancer.enabled=true
spring.application.name=gateway
spring.cloud.loadbalancer.health-check.refetch-instances=true
spring.cloud.loadbalancer.health-check.refetch-instances-interval=5S
rpa.server.communication.url=lb://communication
spring.cloud.loadbalancer.health-check.path.communication=${ipa.server.contextPath.communication}/version
#real No. 1 communication server IP/port
spring.cloud.discovery.client.simple.instances.communication[0].uri=https://182.193.17.111:9001
#real No. 2 communication server IP/port
spring.cloud.discovery.client.simple.instances.communication[1].uri=https://182.193.17.222:9001

- File to change: /rpa/apps/gateway/run.sh

Open the file with the VI Editor, etc., and edit the following content.

java -jar -DDEV_HOME=/data/rpa/logs -Xms2G -Xmx2G spring.config.location=/data/rpa/properties/application.properties,classpath:/application.properties rpago_api_gateway.jar &
==>
java -jar -DDEV_HOME=/data/rpa/logs -Xms2G -Xmx2G spring.config.location=/data/rpa/properties/application.properties,classpath:/application.properties,./addconfig.properties  rpago_api_gateway.jar &

[Task3]
Orchestrator PortalActions to share server sessions (optional)
Sequential rehashing of the portal does not require additional logins for portal users East Sea
On the AP1/AP2 server Please do the following:

- File subject to change:
/rpa/apps/admin/admin/WEB-INF/classes/config/applicationContext-security.xml
/rpa/apps/admin/tenant/WEB-INF/classes/config/applicationContext-security.xml
/rpa/apps/admin/user/WEB-INF/classes/config/applicationContext-security.xml
Open the file with vi editor and modify the contents below.

line 154
    <bean id="rpaSessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
==>
 <bean id="rpaSessionRegistry" class="org.springframework.session.security.SpringSessionBackedSessionRegistry">
    <constructor-arg ref="sessionRepository"/>
  </bean>

- File subject to change:
/rpa/apps/admin/admin/WEB-INF/web.xml
/rpa/apps/admin/tenant/WEB-INF/web.xml
/rpa/apps/admin/user/WEB-INF/web.xmlvi 
Open the file with an editor, etc., and remove the comments below.

line 140 149 Comment removal
    <filter>
        <filter-name>springSessionRepositoryFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSessionRepositoryFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

- Add files:
/rpa/apps/admin/admin/WEB-INF/classes/properties/jdbcsession.properties
/rpa/apps/admin/tenant/WEB-INF/classes/properties/jdbcsession.properties
/rpa/apps/admin/user/WEB-INF/classes/properties/jdbcsession.properties
Create a file, open the file with an editor and add the following content.

#1800candle 30 minutes
portal.session.timeout=1800

- Create a table for orchestrator session sharing Perform query:
Create the following table in the catalog schema to store JDBC Session data.
tb_spring_session_admin
tb_spring_session_admin_attributes
tb_spring_session_tenant
tb_spring_session_tenant_attributes
tb_spring_session_user
tb_spring_session_user_attributes
See the attachment. Provides queries for mariaDB and SqlServer databases.

Attachment RPA Jdbc Session Table DB Script.txt

MariaDB Installed/Managed Separately

Large-scale customers sometimes have a separate department dedicated to managing and operating the DB. For example, the customer's DBA may install/configure MariaDB on a separate DB server.

In this case, you must request the DBA in advance so that the required settings below can be applied without omission.

DB Config Settings

If you installed MariaDB on your own without going through the installation package, the following DB Config should be applied.
If the installation path is different, the customer must apply the change himself.

[client]
port = 4406
default-character-set = utf8

[mysqld]
datadir = /rpa/pkgs/mariadb/data
basedir = /rpa/pkgs/mariadb
explicit_defaults_for_timestamp = 1
log_bin_trust_function_creators=1
open_files_limit = 20480
plugin_load=server_audit=server_audit.so
server_audit_file_path = /rpa/logs/mariadb/server_audit.log
server_audit_file_rotate_size = 104857600
server_audit_events = CONNECT
server_audit_logging = ON
max_connections = 5000
max_allowed_packet = 64M
init_connect = SET collation_connection = utf8_general_ci
init_connect = SET NAMES utf8
character-set-server = utf8
collation-server = utf8_general_ci
lower_case_table_names = 1
user = ipaadm
port = 4406
pid-file = /rpa/pkgs/mariadb/conf/mysqld.pid
log-output=FILE
slow-query-log=1
slow_query_log_file=/rpa/logs/mariadb/mariadb-slow.log
long_query_time=30
log-error=/rpa/logs/mariadb/mariadb.err
default-time-zone='+0:00'

[mysqldump]
default-character-set = utf8

[mysql]
default-character-set = utf8

Adding Property and Changing

There are two types of property files used in the RPA service, and most of the properties are configured with infrastructure information entered during the installation process, but some property values ​​may need to be changed depending on the installation environment.

In the case of application.properties, there is not much to change, but in the case of comm.properties related to Web Portal, review the following items and change them if necessary.
(Example assuming that the RPA installation home is /rpa)

• comm.properties (3 are the same)

path : /rpa/apps/admin/tenant/WEB-INF/classes/properties/comm.properties
        /rpa/apps/admin/user/WEB-INF/classes/properties/comm.properties
        /rpa/apps/admin/admin/WEB-INF/classes/properties/comm.properties

* If the default 8080 connection port for Web Portal is not used

Set the Portal SSO related property values ​​according to the URL that the client actually connects to the web.
(If using VIP, enter as VIP, and if you receive port 443 from L4 and throw it back to 8080, you can omit the default https port 443)
Below is an example of connecting as VIP and changing the port to 8090.

#Portal SSO Properties
portalSSO=true
portal.sso.authUrl=https://서버VIP:8090/user/auth
portal.sso.adminLoginUrl=https://서버VIP:8090/admin/portal/sso
portal.sso.tenantLoginUrl=https://서버VIP:8090/tenant/portal/sso
portal.sso.userLoginUrl=https://서버VIP:8090/user/portal/sso
portal.sso.logout=https://서버VIP:8090/user/portal/logoutFilter
portal.sso.adminLogoutUrl=https://서버VIP:8090/admin/logoutProcess
portal.sso.tenantLogoutUrl=https://서버VIP:8090/tenant/logoutProcess
portal.sso.userLogoutUrl=https://서버VIP:8090/user/logoutProcess

If the actual Tomcat running port needs to be changed to 8090, Tomcat's configuration file (server.xml) must also be changed.

Path: /rpa/pkgs/tomcat/conf/server.xml

The following is an example of changing Tomcat's connection port to 8090.

<Connector port="8090"
scheme="https" secure="true" SSLEnabled="true" below omitted

Attributes to be added only in case of Samsung affiliate installation
The item “KNOX Linkage” appears in the configuration menu of the tenant portal only when the following property values ​​are explicitly added.
Since this property value is not included in the properties file even after basic installation is completed, it must be manually entered in the last line.

useKnox=true

logback.xml Settings (Custom Appender)

Each RPA service uses logback.xml to manage log storage policies. In addition to file-related log policies, you can manage a custom appender that stores logs in the DB. You can check these stored logs on the "Server Monitoring" screen of the tenant portal.

• They do not use it for Batch and OCR service.

How to Use Property Values (Web Portal)


You can use the properties in the comm.properties file for the web portal.
logback.xml Add the attribute below at the top of the file (it is added by default). If the path to comm. Properties have changed, so they will need to be fixed.

<property resource="properties/comm.properties" />

How to Use Property Values (Services Except Web Portal)
application.properties file.
Use the <springProperty> tag at the top of the logback.xml file to define the properties you want to use.

<springProperty name="serverPort" source="server.port"/>
<springProperty name="loggingServerProtocol" source="ipa.server.scheme"/>
<springProperty name="loggingServerIp" source="ipa.server.ip"/>
<springProperty name="loggingServerPort" source="ipa.server.port"/>
<springProperty name="loggingServerContextPath" source="ipa.server.contextPath.batch"/>

BatchModify Server Information
LogHttpAppender needs the port information of the current server and the information on the service (Batch service) to store the log information.
Below is the web portal's logback.xml, where you can save and change the server port information (8080 for the portal) and batch server information. The Batch server information can be changed by the attribute values defined in comm.properties.

<appender name="logHttp" class="com.sds.rpa.lib.appender.LogHttpAppender">
    <serverPort>8080</serverPort>
    <loggingServerProtocol>${gateway.server.protocol}</loggingServerProtocol>
    <loggingServerIp>${gateway.server.ip}</loggingServerIp>
    <loggingServerPort>${gateway.server.port}</loggingServerPort>
    <loggingServerContextPath>/batch</loggingServerContextPath>
</appender>

This is an example of a logback.xml service, except for the web portal.
You can use the <springProperty> variables defined at the top of logback.
In the case of gateway, the information in the loggingServer is used to make a direct call to the Batch server, not the gateway IP and port.

<appender name="logHttp" class="com.sds.rpa.lib.appender.LogHttpAppender">
    <serverPort>${serverPort}</serverPort>
    <loggingServerProtocol>${loggingServerProtocol}</loggingServerProtocol>
    <loggingServerIp>${loggingServerIp}</loggingServerIp>
    <loggingServerPort>${loggingServerPort}</loggingServerPort>
    <loggingServerContextPath>${loggingServerContextPath}</loggingServerContextPath>
</appender>

Change log level and modify log options.

Change the log level to be stored in the DB in the <filter> sub-<level> tag. By default, it is set to the ERROR level.

If the log level is not set to ERROR, the system stores a lot of data in DB, potentially causing a decrease in system performance.

includerCallerData: This option shows additional caller information, but it is currently in a false state because it does not use any caller information. When using true, performance can be significantly reduced.

queueSize: You can also change the size option of the queue that Appender keeps during log delivery. The rest will not be saved if information over that size is queued.

neverBlock: If set to false, the appender will block the application. If set to true, discard the message.

maxFlushTime: When the LoggerContext stops, AsyncApperder's stop method waits for the task thread to time out, setting maxFlushTime to discard any events that it can't handle within that time.

<appender name="HTTP-APPENDER" class="ch.qos.logback.classic.AsyncAppender">
    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
        <level>ERROR</level>
    </filter>
    <includeCallerData value="false"/>
    <queueSize value="2048"/>
    <neverBlock value="true"/>
    <maxFlushTime value="60000"/>
    <appender-ref ref="logHttp"/>
</appender>

Whether to use Appender or not

You can also set whether to use the appender for added DB storage.

If you add the corresponding appender information among the logger information at the bottom of the logback.xml, you will use it, and if you remove it, you will not.

<logger name="com.sds.ipa" level="DEBUG" additivity="false">
    <appender-ref ref="FILE-AUDIT" />
    <appender-ref ref="FILE-ERROR"/>
    <appender-ref ref="STDOUT" />
    <appender-ref ref="HTTP-APPENDER" />
</logger>