This guide explains how to set up an API Manager cluster in an Amazon Web Services (AWS) instance.
...
To create a VPC Internet gateway, go to your AWS instance and click Services -> VPC -> Internet Gateways. Then, click Create Internet Gateway and give a name for your new gateway. Here's an example:
Creating subnets
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private subnet for the ones that don'tdo not.
According to the deployment pattern shared earlier, you need the following seven subnets across the three availability zones. You can use a subnet naming convention of your choice.
...
To create each subnet, go to your AWS instance and click Services -> VPC -> Subnets. Then, click Create Subnet, and then the details for the subnet. Here's The following is an example:
After creating the subnets, go to Services -> VPC -> Subnets to see the newly created subnets listed there.
...
Creating route tables
A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
In this guide, we create two route tables- one to configure the Internet gateway to face the public network (i.e., the Internet), and another for the internal routes.
Follow the steps below to create the public route table:
- Go to your AWS instance and click Services -> VPC -> Route Tables. Then, click Create Route Tables and give the details of the public route table. Here's an example:
- Select the public route table you just created, click the Routes tab, and add a route for the previously created Internet gateway as follows:
- Go to the Subnet Associations tab and configure the subnet associations to the route table. In this example, we associate the DMZ and DB subnets to the route table, since those subnets directly face the Internet.
Let's create the private route table next.
Follow the steps below to create the internal route table.
- Go to your AWS instance and click click Services -> VPC -> Route Tables. ThenThen, click Create Route Tables Tables and give the details of the internal route table. Here's an example:
- Configure the routes and subnets. See Creating a NAT Instance to create a NAT based gateway.
Here's an example:
Subnet association configuration:
After configuring the route tables, go to each subnet summary and verify that the details are correct.
Subnet Summary apim-subnet-b apim-subnet-c apim-dmz-b apim-dmz-d apim-dmz-c apim-db-subnet-c apim-db-subnet-b
Creating security groups
...
- Go to your AWS instance and click Services -> EC2 -> Security Group. Then, click Create security Group.
Create six security groups separately as follows and set their Inbound and OutBound rules.
Tip Tip: You can use a different naming convention for the groups or create a security group without rules and add them later.
Security Group Summary apim-bastion-sg apim-nat-sg apim-puppetmaster-sg apim-dmz-sg apim-cluster-sg apim-db-sg After creating the security groups, go to Services -> EC2 -> Security Groups and verify that the details are correct.
...
To create a new key pair, go to your AWS instance and click Services -> EC2 -> Key pair -> Create Key Pair. Then, download the created key pair to your host machine.
Creating instances
Let's see how to create six instances as follows:
...
- Find the EC2 NAT instance by clicking Services -> EC2 -> AMI in your AWS instance and giving the AMI ID (e.g., ami-ad227cc4).
- Select the AMI and click Launch.
- Choose an instance type (e.g., m1.small) and proceed to c onfigure the instance details .
- In the Configure Instance Details page that opens, select the network and subnet and enable the public IP. Keep the default settings for the network interfaces and advanced details and proceed to add storage information.
- In the Add Storage page that opens, set the optimal storage and proceed to tag the instance .
- Set a tag for your instance in the Tag Instance page that opens. Then, proceed to the configure a security group.
- In the Configure Security Group page that opens, select
apim-natsg
as the security group, and then click Review and Launch .
- In the Review page that opens, your instance configuration summary is listed. Verify its accuracy and click Launch .
- Select the key pair that you created earlier and click Launch Instances.
- Go to your AWS instance, click Services -> EC2 -> Instances, select select
apim-natbox
and note the the NAT instance that you just created listed there.
...
Creating a bastion instance
A bastion is a special-purpose server instance that is designed to be the primary access point from the Internet. It acts as a proxy to your other EC2 instances. In this guide, we use it as a base instance in our VPC and configure it to connect to other instances in our VPC via SSH.
Follow the steps below to create a bastion instance:
- In your AWS instance, click Services -> EC2 -> Instances -> Launch Instance .
The steps involved in creating a bastion instance is the same as a NAT instance. The table below summarises the configurations you do at each stage. Follow it until you get to the last tab, which is Review.
Tab Name Configurations Choose AMI Choose
Ubuntu Server 14.04 LTS (HVM), SSD Volume Type
Choose Instance Type t2.medium Configure Instance - Network: Select the VPC created here
- Subnet: apim-dmz-d
- Auto assign public IP: Enable
Keep default settings for the rest.
Add Storage Set the optimal storage Tag Instance - Key: Name
- Value: apim-bastion
Configure Security Group Click the Select an existing security group option and select the apim-bastion-sg
instance from the list.- In the Review page, your instance configuration summary is listed. Verify its accuracy and click Launch .
- Select the Choose an existing key pair option and select the key pair that you created here. Then, click Launch Instances.
- Go to your AWS instance, click Services -> EC2 -> Instances, select select
apim-bastion
and note the bastion instance that you just created listed there.
...
Follow the steps below to create an SVN instance.
- In your AWS instance, click click Services -> EC2 -> Instances -> Launch Instance.
The steps involved in creating an SVN instance is the same as a NAT instance. The table below summarises the configurations you do at each stage. Follow it until you get to the last tab, which is Review.
Tab Name Configurations Choose AMI Choose
Ubuntu Server 14.04 LTS (HVM), SSD Volume Type
Choose Instance Type t2.small Configure Instance - Network: Select the VPC created here
- Subnet: apim-subnet-c
- Auto assign public IP: Disable
Keep default settings for the rest.
Add Storage Set the optimal storage Tag Instance - Key: Name
- Value: apim-svn
Configure Security Group Click the Select an existing security group option and select the apim-cluster-sg and apim-natsg
instance from the list.- In the Review page, your instance configuration summary is listed. Verify its accuracy and click Launch.
- Select the Choose an existing key pair option and select the key pair that you created here. Then, click Launch Instances.
- Go to your AWS instance, click click Services -> EC2 -> Instances, select
apim-svn
and note the SVN instance that you just created listed there.
...
Creating a puppet master instance
A puppet is a configuration management system that allows you to define the state of your IT infrastructure, then automatically enforces the correct state.
Follow the steps below to create a puppet master instance.
In your AWS instance, click Services -> EC2 -> Instances -> Launch Instance.
The steps involved in creating an puppet master instance is the same as a NAT instance. The table below summarises the configurations you do at each stage. Follow it until you get to the last tab, which is Review.
Tab Name Configurations Choose AMI Choose
Ubuntu Server 14.04 LTS (HVM), SSD Volume Type
Choose Instance Type t2.medium Configure Instance - Network: Select the VPC created here
- Subnet: apim-subnet-b
- Auto assign public IP: Disable
Keep default settings for the rest.
Add Storage Set the optimal storage Tag Instance - Key: Name
- Value: apim-puppet-master
Configure Security Group Click the Select an existing security group option and select the apim-puppetmaster-sg
andapim-natsg
instance from the list.- In the Review page, your instance configuration summary is listed. Verify its accuracy and click Launch.
- Select the Choose an existing key pair option and select the key pair that you created here. Then, click Launch Instances.
Go to your AWS instance, click Services -> EC2 -> Instances, select
apim-puppet-master
and note the puppet master instance that you just created listed there.
...
In your AWS instance, click Services -> EC2 -> Instances -> Launch Instance.
The steps involved in creating a base instance is the same as a NAT instance. The table below summarises the configurations you do at each stage. Follow it until you get to the last tab, which is Review.
Tab Name Configurations Choose AMI Choose
Ubuntu Server 14.04 LTS (HVM), SSD Volume Type
Choose Instance Type t2.micro Configure Instance - Network: Select the VPC created here
- Subnet: apim-subnet-c
- Auto assign public IP: Disable
Keep default settings for the rest.
Add Storage Set the optimal storage Tag Instance - Key: Name
- Value: apim-test-node
Configure Security Group Click the Select an existing security group option and select the apim-cluster-sg
andapim-natsg
instance from the list.- In the Review page, your instance configuration summary is listed. Verify its accuracy and click Launch.
- Select the Choose an existing key pair option and select the key pair that you created here. Then, click Launch Instances.
Go to your AWS instance, click Services -> EC2 -> Instances, select select
apim-test-node
and note the base instance that you just created listed there.
...
Amazon Relational Database Service (Amazon RDS) allows you to create and manage relational databases in the cloud. When you create an RDS instance, you need to specify a database subnet group for it. As you already created two database subnets, apim-db-subnet-b and apim-db-subnet-c, in separate availability zones, you can group them in this guide.
...
In your AWS instance, click Services -> RDS -> Subnet Groups -> Create DB Subnet Group.
In the Create DB Subnet Group page that opens, fill in the details according to your environment and click click Create.
In this guide, we select the VPC that is created here and add the two subnets that are hosted in two availability zones separately.
Next, let's create the RDS instance.In your AWS instance, click Services -> RDS -> Instance -> Launch DB Instance.
Select MySQL as the database engine.
In the second step, choose the options to use Multi-AZ deployment.
In step 3, the the Specify DB Details page, enter the database settings.
In this guide, the DB instance identifier is apim-db and master username is wso2.
In the Configure Advanced Settings page, set the network, database options, and backup plans.
Go to your AWS instance and click click Services -> RDS -> Instances. Then, select the database that you created earlier (in this example, it is
apim-db
) and note the details of the RDS instance that you just created. The Endpoint specifies the server URL for connecting to the database.
...
Connect to the bastion instance using SSH.
Code Block root# ssh -i <security certificate file path> ubuntu@<give the public IP>
- Check to ensure that the apim-puppet-master instance is running. As you are now in the private network, you can use the puppet master instance's private IP.
From the bastion instance, connect to the puppet master instance using SSH.
Code Block ubuntu@bastion-public:~$ ssh ubuntu@<private IP>
- Install the puppet master in this instance. See https://docs.puppetlabs.com/guides/install_puppet/install_debian_ubuntu.html for instructions.
Download the APIM-1.9 puppet modules from here, extract and copy to the
/etc/puppet
directory. Overwrite any existing files.Change the parameter file
/etc/puppet/module/apimanager/manifest/param.pp
according to the requirements of your environment.Download the following files and place them in the given locations.
File Download from Copy to wso2am-1.9.0.zip http://wso2.com/api-management/try-it/ modules/apimanager/files/distribution
jdk-7u75-linux-x64.tar.gz http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html modules/apimanager/files
mysql-connector-java-5.1.23-bin.jar http://mvnrepository.com/artifact/mysql/mysql-connector-java/5.1.23 modules/apimanager/files/common/configs/repository/components/lib
svnkit-1.3.9.wso2v2.jar Click here modules/apimanager/files/gate-way-m/configs/repository/components/dropins/
modules/apimanager/files/gateway/configs/repository/components/dropins
trilead-ssh2-1.0.0-build215.jar Click here modules/apimanager/files/gate-way-m/configs/repository/components/lib
modules/apimanager/files/gateway/configs/repository/components/lib
Configuring the base instance
...
Connect to the bastion instance using SSH.
Code Block root# ssh -i <security certificate file path> ubuntu@<give the public IP>
- Connect to the MySQL server using the MySQL client.
- Create the databases described in https://docs.wso2.com/display/AM190/Setting+up+MySQL using the MySQL server. Note that you can change the names of these databases as you like.
...
- In your AWS instance, click Services -> EC2 -> Load Balancers -> Create Load Balancer.
- In the Define Load Balancer page that opens, give a name for the ELB (e.g.,
apim-elb-pubstore
), specify the VPC, and map the incoming port to another port in the backend by configuring the Basic Configuration tab as shown below: - On the Select Subnets tab, add the DMZ subnets as selected subnets and go to the next page.
- In the Assign Security Groups page that opens, select
apim-dmz-sg
as the security group and go to the next page. - In the Configure Security Settings page that opens, configure the SSL details and proceed to the next page.
- In the Configure Health Check page that opens, set the following options and proceed to the next page.
Ping port: 9443
Ping path /services/echo?wsdl
- Leave the default settings in the Add EC2 Instances page that opens and proceed to the next page. You can edit the ELB later to add the instances that are fronted by this ELB.
- In the Add Tags page that opens, tag the ELB and click Create.
- Click the load balancer's name in the status message that appears confirming that the load balancer is created.
- Find the DNS name in the ELB’s description tab and make a note of it. You need this later for configuring the Puppet Master parameter file.
- Repeat the steps you used to create the
apim-elb-pubstore
ELB to createapim-elb-keymanager
,apim-elb-gateway-mgt
, andapim-elb-gateway-wkr
ELBs as well.
...
According to our sample deployment architecture, you need only one Gateway Manager instance in a us-east-1b
availability. The instance must be in the apim-subnet-b subnet.
...
After spawning the product instances, add them to the four ELBs as follows:
ELB Name | Instances to be Added |
---|---|
apim-elb-pubstore |
|
apim-elb-keymanager |
|
apim-elb-gateway-mgt |
|
apim-elb-gateway-wkr |
|
Tip |
---|
Tip: At least one instance in an ELB should have the |
...