Versions Compared

Old Version 24

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: removed configuring topic on the API publisher as requested via mail "Altering the APIM Documentation."

Follow the instructions below to deploy WSO2 API Manager (WSO2 API-M) in a distributed environment, as depicted in the following deployment diagram:

...

connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientid/carbon?brokerlist='tcp://[Traffic-Manager-host]:[Port-number]' topic.throttleData = throttleData
Expand
titleClick here for information on configuring and starting the API Publisher.

This section involves setting up the API Publisher node and enabling it to work with the other components in the distributed deployment .

  1. Open the <API-M_HOME>/repository/conf/api-manager.xml file in the API Publisher node and make the following changes.

    1. Configure the Publisher with the Key Manager.
      You need to update the following configuration ONLY when you do not wish to share the user stores with the WSO2 API-M instance.

      Warning

      This step is not applicable if you are enabling Single Sign-on (SSO).

      Localtabgroup
      Localtab
      activetrue
      idsingle-KM-Publisher
      titleSingle Key Manager

      Configure the Publisher with a single Key Manager as follows:

      Code Block
      <AuthManager>    
	<ServerURL>https://[Key-Manager-host]:9443/services/</ServerURL>
	<Username>admin</Username>
	<Password>admin</Password>
</AuthManager>
      Localtab
      idHA-KM-Publisher
      titleKey Manager with HA

      Configure the Publisher with multiple Key Managers that are fronted by a load balancer as follows:

      Code Block
      <AuthManager>
	<ServerURL>https://[Key-Manager-LB-host]:9443/services/</ServerURL>
	<Username>admin</Username>
	<Password>admin</Password>
</AuthManager>

    2. Configure the Publisher with the Traffic Manager.
      This configuration enables the publishing of throttling policies, custom templates, and block conditions to the Gateway node.

      Localtabgroup
      Localtab
      activetrue
      idsingle-TM-Publisher
      titleSingle Traffic Manager

      Configure the Publisher with a single Traffic Manager as follows:

      Code Block
      languagexml
      <ThrottlingConfigurations>     
<EnableAdvanceThrottling>true</EnableAdvanceThrottling>
     <TrafficManager>
     	<Type>Binary</Type>
     	<ReceiverUrlGroup>tcp://[Traffic-Manager-host]:9611</ReceiverUrlGroup>
     	<AuthUrlGroup>ssl://[Traffic-Manager-host]:9711</AuthUrlGroup>
    	<Username>${admin.username}</Username>
    	<Password>${admin.password}</Password>
    </TrafficManager>
    <DataPublisher>
    	<Enabled>false</Enabled>
		...
    </DataPublisher>
    <PolicyDeployer>
		<Enabled>true</Enabled>
        <ServiceURL>https://[Traffic-Manager-Host]:9443/services/</ServiceURL>
        <Username>${admin.username}</Username>
        <Password>${admin.password}</Password>
    </PolicyDeployer>
    <BlockCondition>
        <Enabled>false</Enabled>
        ………………
    </BlockCondition>
    <JMSConnectionDetails>
        <Enabled>false</Enabled>
         ……………………
    </JMSConnectionDetails>
     ………………………………
</ThrottlingConfigurations>
      Localtab
      idHA-TM-Publisher
      titleTraffic Manager with HA

      Configure the Publisher with multiple Traffic Managers that are fronted by a load balancer as follows:

      Code Block
      languagexml
      <ThrottlingConfigurations>     
<EnableAdvanceThrottling>true</EnableAdvanceThrottling>
    <TrafficManager>
    	<Type>Binary</Type>
		<ReceiverUrlGroup>{tcp://[Traffic-Manager-1-host]:9611}, {tcp://[Traffic-Manager-2-host]:9611}</ReceiverUrlGroup>
        <AuthUrlGroup>{ssl://[Traffic-Manager-1-host]:9711}, {ssl://[Traffic-Manager-2-host]:9711}</AuthUrlGroup>
        <Username>${admin.username}</Username>
        <Password>${admin.password}</Password>
    </TrafficManager>
    <DataPublisher>
    	<Enabled>false</Enabled>
		...
    </DataPublisher>
    <PolicyDeployer>
		<Enabled>true</Enabled>
        <ServiceURL>https://[Traffic-Manager-LB-Host]:9443/services/</ServiceURL>
        <Username>${admin.username}</Username>
        <Password>${admin.password}</Password>
    </PolicyDeployer>
    <BlockCondition>
        <Enabled>false</Enabled>
        ………………
    </BlockCondition>
    <JMSConnectionDetails>
        <Enabled>false</Enabled>
         ……………………
    </JMSConnectionDetails>
    
     ………………………………
</ThrottlingConfigurations>

    3. Configure the Publisher with the Gateway.
      You need to add these configurations, because when creating an API, it calls the Gateway endpoint to create the actual Synapse file. 


      • If you are using a single Gateway node, configure the Publisher with the Gateway as follows:

        Code Block
        languagexml
        <APIGateway>
   <Environments>
       <Environment type="hybrid" api-console="true">
            <Name>Production and Sandbox</Name>
            <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>           
			<ServerURL>https://[API-Gateway-Host-or-IP]:9443/services/</ServerURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>          
			<GatewayEndpoint>http://[API-Gateway-Host]:8280,https://[API-Gateway-Host]:8243</GatewayEndpoint>
       </Environment>
   </Environments>
</APIGateway>

      • If you are using multiple Gateway nodes, configure the Publisher with the Gateway nodes as follows:

        Localtabgroup
        Localtab
        activetrue
        idgateway-with-NFS-Publisher
        titleGateway with Shared File System

        Configure the Publisher when working with multiple Gateways that are fronted by a load balancer when using a shared file system (e.g., NFS), to synchronize the data between your Gateway nodes as follows:

        Code Block
        languagexml
        <APIGateway>
   <Environments>
       <Environment type="hybrid" api-console="true">
            <Name>Production and Sandbox</Name>
            <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>           
			<ServerURL>https://[API-Gateway-LB-Host-or-IP]:9443/services/</ServerURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>          
			<GatewayEndpoint>http://[API-Gateway-LB-Host]:8280,https://[API-Gateway-LB-Host]:8243</GatewayEndpoint>
       </Environment>
   </Environments>
</APIGateway>
        Localtab
        idgateway-with-rsync-Publisher
        titleGateway with rsync

        Configure the Publisher with a multiple Gateways that are fronted by a load balancer when using Remote Synchronization (rsync), to synchronize the data between your Gateway nodes as follows:

        Code Block
        languagexml
        <APIGateway>
   <Environments>
       <Environment type="hybrid" api-console="true">
            <Name>Production and Sandbox</Name>
            <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>           
			<ServerURL>https://[API-Gateway-Manager-Host-or-IP]:9443/services/</ServerURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>          
			<GatewayEndpoint>http://[API-Gateway-Manager-Host]:8280,https://[API-Gateway-Manager-Host]:8243</GatewayEndpoint>
       </Environment>
   </Environments>
</APIGateway>
      Info

      To change the admin password, see Changing the super admin password. Furthermore, make sure to adhere to the note given under step 2 in the latter mentioned section if your password has special characters.

    4. Configure the Store URL to appear in the Publisher UI.
      For this purpose you need to set the <DisplayURL> to true and provide the URL of the Store.

      Localtabgroup
      Localtab
      activetrue
      idsingle-Store-Publisher
      titleSingle Store

      Configure the Publisher with a single API Store as follows:

      Code Block
      titleExample
      <APIStore>  
       <DisplayURL>true</DisplayURL>     
       <URL>https://[Store-hostname]:9443/store</URL>
</APIStore>
      Localtab
      idHA-Store-Publisher
      titleStore with HA

      Configure the Publisher with multiple API Stores that are fronted by a load balancer as follows:

      Code Block
      titleExample
      <APIStore>  
       <DisplayURL>true</DisplayURL>     
       <URL>https://[Store-LB-hostname]:9443/store</URL>
</APIStore>

    Configure the blocked apps and API notifications to go to the Topic.
    Open the <API-M_HOME>/repository/conf/jndi.properties file and make the following changes.

    Note

    • The following configuration is related to the Admin App in WSO2 API-M. In this guide it is assumed that the WSO2 API-M Admin App is configured in the Publisher node.

    • If you change the default username (i.e., admin) and password (i.e., admin) in the user-mgt.xml file, that username and password should be changed at the broker connection URL as well. 

Code Block
languagexml
  • Disable the Thrift Server to optimize performance.
    You need to configure this in the Publisher <API-M_HOME>/repository/conf/api-manager.xml file.
     Code Block
    <APIKeyValidator> 
...  
	<EnableThriftServer>false</EnableThriftServer>
</APIKeyValidator>
  • Optionally, configure High Availability (HA) for the Publisher.
     Warning
    These instructions are ONLY applicable if you need to configure HA for the Publisher.
    1. Make a copy of the active Publisher instance configured above and use this copy as the second active Publisher instance.
    2. Configure a load balancer to front the two Publisher nodes.
      For information on configuring the load balancer, see Configuring the Proxy Server and the Load Balancer.
  • Start the WSO2 API-M Publisher node(s).
     Make sure to run the product optimizer either before starting the server or while starting the server, so that the resource utilization can be optimized on each of the nodes. For more information on product profile optimization, see  Product Profiles .
    • ...
     Expand
    titleClick here for information on configuring and starting the API Store.
    This section involves setting up the API Store node and enabling it to work with the other components in the distributed  deployment .
    1. Open the  <API-M_HOME>/repository/conf/api-manager.xml  file in the API Store node and make the following changes.
      1. Configure the API Store with the Key Manager.
         Localtabgroup
         Localtab
        activetrue
        idsingle-Key-Manager-Store
        titleSingle Key Manager
        Configure the API Store with a single Key Manager as follows:
        1. Configure the API key validator.
          When you are connecting the API Store directly to the Key Manager, add ThriftClient for the <KeyValidatorClientType> element to use the Thrift protocol.
           Code Block
          languagenone
          <APIKeyValidator>
	<ServerURL>https://[Key-Manager-host]:9443/services/</ServerURL>
	<Username>${admin.username}</Username>
	<Password>${admin.password}</Password>
	<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>    
	<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
    <!--ThriftClientPort>10397</ThriftClientPort-->
 
    <EnableThriftServer>true</EnableThriftServer>
    <ThriftServerHost>[Key-Manager_host]</ThriftServerHost>
    <!--ThriftServerPort>10397</ThriftServerPort-->
    ...
</APIKeyValidator>
        2. Configure the Authentication Manager, so that the API Store can connect to the Key Manager.
          You need to update the following configuration ONLY when you do not wish to share the user stores with the WSO2 API-M instance.
           Warning
          This step is not applicable if you are enabling Single Sign-on (SSO).
           Code Block
          <AuthManager>
	<ServerURL>https://[Key-Manager-host]:9443/services/</ServerURL>
	<Username>${admin.username}</Username>
	<Password>${admin.password}</Password>
</AuthManager>
         Localtab
        idHA-Key-Manager-Store
        titleKey Manager with HA
        Configure the Store with multiple Key Managers that are fronted by a load balancer as follows:
        1. Configure the API key validator. 
          When you are using multiple Key Managers fronted by a load balancer, you need to add WSClient for the <KeyValidatorClientType> element to use the Web Service Client.
           Code Block
          languagenone
          <RevokeAPIURL>https://[Gateway-host]:8243/revoke</RevokeAPIURL>
 
<APIKeyValidator>
	<ServerURL>https://[Key-Manager-LB-host]:9443/services/</ServerURL>
	<Username>${admin.username}</Username>
	<Password>${admin.password}</Password>
	<KeyValidatorClientType>WSClient</KeyValidatorClientType>    
	<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
    <!--ThriftClientPort>10397</ThriftClientPort-->
 
    <EnableThriftServer>false</EnableThriftServer>
    <ThriftServerHost>localhost</ThriftServerHost>
    <!--ThriftServerPort>10397</ThriftServerPort-->
 
    ...
</APIKeyValidator>
        2. Configure the Authentication Manager, so that the API Store can connect to the Key Manager. 
           You need to update the following configuration ONLY when you do not wish to share the user stores with the WSO2 API-M instance.
           Warning
          This step is not applicable if you are enabling Single Sign-on (SSO).
           Code Block
          <AuthManager>
	<ServerURL>https://[Key-Manager-LB-host]:9443/services/</ServerURL>
	<Username>${admin.username}</Username>
	<Password>${admin.password}</Password>
</AuthManager>
      2. Make the following throttling related changes that correspond to the Traffic Manager.
         Code Block
        languagexml
        <ThrottlingConfigurations>
        <EnableAdvanceThrottling>true</EnableAdvanceThrottling>
        <DataPublisher>
            <Enabled>false</Enabled>
	    ……………………
        </DataPublisher> 
        <PolicyDeployer>
            <Enabled>false</Enabled>
			……………………
        </PolicyDeployer>
        <BlockCondition>
            <Enabled>false</Enabled>
	    ………………………
        </BlockCondition>
        <JMSConnectionDetails>
            <Enabled>false</Enabled>
	     …………………………………
        </JMSConnectionDetails>
     ………………………………
</ThrottlingConfigurations>
      3. Configure the Store with the Gateway
        • If you are using a single Gateway node, configure the Store with the Gateway as follows:
           Code Block
          <APIGateway>
	<Environments>
		<Environment type="hybrid">
		...
			<ServerURL>https://[API-Gateway-host-or-IP]:9443/services/</ServerURL>
			<Username>${admin.username}</Username>
			<Password>${admin.password}</Password> 
			<GatewayEndpoint>http://[API-Gateway-host]:8280,https://[API-Gateway-host]:8243</GatewayEndpoint>
		</Environment>
	</Environments> 
...
</APIGateway>
        • If you are using multiple Gateway nodes, configure the Store with the Gateway nodes as follows:
           Localtabgroup
           Localtab
          activetrue
          idgateway-with-NFS-Store
          titleGateway with Shared File System
          Configure the Store when working with multiple Gateways that are fronted by a load balancer, and when using a shared file system (e.g., NFS), to synchronize the data between your Gateway nodes as follows:
           Code Block
          <APIGateway>
	<Environments>
		<Environment type="hybrid">
		...
			<ServerURL>https://[API-Gateway-LB-Host-or-IP]:9443/services/</ServerURL>
			<Username>${admin.username}</Username>
			<Password>${admin.password}</Password> 
			<GatewayEndpoint>http://[API-Gateway-LB-Host]:8280,https://[API-Gateway-LB-Host]:8243</GatewayEndpoint>
		</Environment>
	</Environments> 
...
</APIGateway>
           Localtab
          idgateway-with-rsync-Store
          titleGateway with rsync
          Configure the Store with multiple Gateways that are fronted by a load balancer, and when using Remote Synchronization (rsync), to synchronize the data between your Gateway nodes as follows:
           Code Block
          <APIGateway>
	<Environments>
		<Environment type="hybrid">
		...
			<ServerURL>https://[API-Gateway-Manager-host]:9443/services/</ServerURL>
			<Username>${admin.username}</Username>
			<Password>${admin.password}</Password> 
			<GatewayEndpoint>http://[API-Gateway-Manager-host]:8280,https://[API-Gateway-Manager-host]:8243</GatewayEndpoint>
		</Environment>
	</Environments> 
...
</APIGateway>
      4. Configure the Token Revoke endpoint to point to Gateway.
         Localtabgroup
         Localtab
        activetrue
        idtokenRevoke-GW
        titleSingle Gateway
        Configure the Token Revoke endpoint with a single Gateway as follows:
         Code Block
        <OAuthConfigurations>
    ...
    <RevokeAPIURL>https://[API-Gateway-host]:8243/revoke</RevokeAPIURL>
</OAuthConfigurations>
         Localtab
        idtokenRevoke-2GW
        titleGateway with HA
        Configure the Token Revoke endpoint with multiple Gateways, which are fronted by a load balancer as follows:
         Code Block
        <OAuthConfigurations>
    ...
    <RevokeAPIURL>https://[API-Gateway-Worker-LB-host]:8243/revoke</RevokeAPIURL>
</OAuthConfigurations>
    2. Optionally, configure High Availability (HA) for the Store.
       Warning
      This is ONLY applicable if you need to configure HA for the Store.
      Make a copy of the active instance configured above and use this copy as the second API Store active instance.
    3. Start the API Store node(s).
       Make sure to run the product optimizer either before starting the server or while starting the server, so that the resource utilization can be optimized on each of the nodes. For more information on product profile optimization, see  Product Profiles.
    ...