Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add Distributed Cache

...

  1. Install Oracle JDK 1.8 or later in all nodes used for the setup.

  2. In the environment variables, update the JAVA_HOME and PATH variables. For instance, you can do this by adding the following to the ~/.bashrc file in Linux or Mac:

    Code Block
    languagebash
    export JAVA_HOME="<JDK_LOCATION>"

export PATH=$PATH:$JAVA_HOME/bin



    Multiexcerpt
    MultiExcerptNameWUM_Instructions

    Set up the WSO2 Update Manager (WUM). 

    • WUM is a simple command-line tool that connects to the WSO2 update service, determines which updates are new and relevant, and downloads them. You can get the latest version of the WSO2 Open Banking product packs through WUM.

      License

      WSO2 Open Banking is not distributed under the Apache Community License and is only available under the WSO2 Software License. You need a WSO2 subscription to install and update the WSO2 Open Banking solution via WUM. Contact us to find out how you can access a free evaluation copy.

    • WUM_Updates

      Follow the guidelines provided in the Download WUM page to download, and install WUM in your environment. For more information on how to use WUM, see the .

        1. Add the necessary product packs using the commands given below:

        2. Update the product packs using the commands given below:

        3. Additionally, download and update the other instances of WSO2 Open Banking product.

          WSO2 OB APIM Analytics provides the API analytics feature.

          WSO2 OB BI provides the following features:

          • API Analytics

          • Transaction Risk Analysis

          • Fraud Detection

          • Data Reporting

    • The product packs reside in the <WUM_HOME>/products/<Product_Name>/<version>/full directory as <Product_name-<version>+<timestamp>.full.zip. Copy the product packs to a preferred location in each node, and extract them.

    WSO2 Updates Manager (WUM) is deprecated and will be unavailable from July 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates.

    Click here to see how to update the solution via WSO2 Update tool...

    The WSO2 Update tool delivers hotfixes and updates seamlessly on top of products as WSO2 Updates. They include improvements that are released by WSO2. You need to update all the products using the relevant script.

    • Go to <PRODUCT_HOME>/bin and run the WSO2 Update tool: 

      On LinuxOn MacOn Windows
    • Repeat this step for all the products in the solution:
      • wso2-obiam-2.0.0 
      • wso2-obam-2.0.0 
      • wso2-obbi-2.0.0
      • wso2am-analytics-3.1.0

    This document refers to the file paths of the product packs for the Identity and Access Management module, API Management module, API Manager Analytics, and Enterprise Integrator as <WSO2_OB_IAM_HOME>, <WSO2_OB_APIM_HOME>, <WSO2_AM_ANALYTICS_HOME>,<WSO2_OB_BI_HOME> and <WSO2_EI_HOME> respectively.

  3. Anchor
    solution-specific-ports
    solution-specific-ports
    Open the ports, as described below.
    WSO2 Open Banking consists of six instances that run in different machines/servers. It is mandatory to open the ports of each server to allow a successful data flow. The six instances mentioned below specify the ports that need to be opened.

    Instance/ProductPortUsage
    WSO2_OBAM9443

    HTTPS servlet transport

    (The default URL of the management console is  https://WSO2_OB_APIM_HOST:9443/carbon )

    8243

    NIO/PT transport HTTPS port

    WSO2_OBIAM9446

    HTTPS servlet transport

    (The default URL of the management console is https://WSO2_OB_IAM_HOST:9446/carbon )

    WSO2_AM_Analytics9444HTTPS servlet transport
    7612Thrift TCP port to receive events from clients
    7712Thrift SSL port for secure transport where the client is authenticated
    WSO2_EI_Integrator9447HTTPS servlet transport
    8247NIO/PT transport HTTPS port.
    WSO2_EI_BPS9445

    HTTPS servlet transport

    (The default URL of the management console is  https://WSO2_BPS_HOST:9445/carbon )

    WSO2_OBBI_Worker9444HTTPS netty transport
    7612

    Thrift TCP port to receive events from clients

    7712Thrift SSL port for secure transport where the client is authenticated
    WSO2_OBBI_Dashboard9449HTTPS netty transport

...

  1. Generate a key against the keystore of a particular server. For example, server A with an alias and common name that is equal to the hostname.

    Code Block
    languagebash
    keytool -genkey -alias <keystore_alias> -keyalg RSA -keysize 2048 -validity 3650 -keystore <keystore_path> -storepass <keystore_password> -keypass <key password> -noprompt

  2. Export the public cert of the newly generated key pair.  

    Code Block
    languagebash
    keytool -export -alias <cert_alias> -file <certificate_path> -keystore <keystore path>>

  3. Import the public cert of Server A to the client truststores of all the servers including Server A.

    Code Block
    languagebash
    keytool -import -trustcacerts -alias <cert_alias> -file <certificate_path> -keystore <trustore_path> -storepass <keystore_password> -noprompt

  4. Repeat the above steps for all the servers.

    Note
    • If there is an Active Directory/LDAP configured in your deployment, add the AD certificate to the client-truststore of all the servers.
    • If there is an enterprise integrator (EI) instance in your deployment, and if it is connected to a backend, i.e., core banking system (CBS) through a secure connection (ex: SSL), add your backend's certificate to the client-truststore of the EI server.

WSO2 Open Banking Distributed Cache

Info

This is only available as a WSO2 Update from  WSO2 Open Banking API Manager Level 2.0.0.125  and  WSO2 Open Banking Identity Server 2.0.0.133 onwards. For more information on updating, see  Getting WSO2 Updates.

WSO2 Open Banking Distributed Cache is a caching service that creates a clustered cache among one or more WSO2 API Manager or Identity Server instances. Distributed Cache is based on the Hazelcast IMDG library. This cache can be used as a single instance cache as well.

Distribute Cache has two types of network configurations to recognize clustered members:

  • TCP-IP
  • Multicast

Configure the  deployment.toml  file of the instance based on your caching requirements.

  • <IS_HOME>/repository/conf/deployment.toml  or
  • <APIM_HOME>/repository/conf/deployment.toml

Common configurations


Localtabgroup
Localtab
titleSample config
Code Block
languagexml
[open_banking.distributed_cache]
enabled=true
host_name="localhost"
port=5701
discovery_mechanism="Multicast"
Localtab
titleDescription
Configuration nameTypeDefault ValueDescription
enabledbooleanfalseSet this to true to enable distributed cache. Otherwise, distributed caching functionality is disabled.
host_namestring"localhost"The hostname of the cache instance.
portinteger5701The port on which the cluster is hosted.
discovery_mechanismstring"Multicast"This checks the discovery mechanism of the cache cluster. If it is set to “TCP” it will be TCP-IP, if it is set to “Multicast” discovery mechanism will be Multicast. If not configured, the default value is “Multicast”.

TCP configurations

If open_banking.distributed_cache.discovery_mechanism is set to TCP,

Localtabgroup
Localtab
titleSample config
Code Block
languagexml
[open_banking.distributed_cache]
discovery_mechanism="TCP"
members=["192.168.1.0-7", "localhost:5703"]
Localtab
titleDescription
Configuration nameTypeDefault ValueDescription
membersstring arraynullAdd the Public address (HostName: Port) of the members as a string array. Public addresses can be given in ranges (as the example above). If not configured, there won't be any default members.

Multicast configurations

If open_banking.distributed_cache.discovery_mechanism is set to Multicast,

Localtabgroup
Localtab
titleSample config
Code Block
languagexml
[open_banking.distributed_cache]
discovery_mechanism="Multicast"
multicast_group="224.2.2.3"
multicast_port=54321
trusted_interfaces=["192.168.1.*", "192.168.1.100-110"]
Localtab
titleDescription
Configuration nameTypeDefault ValueDescription
multicast_groupstring"224.2.2.3"The multicast group of the cluster.
multicast_portinteger54321The multicast port.
trusted_interfacesstring arraynullThe IP addresses of trusted members in a multicast. You can configure an IP range as well.

Hazelcast property Configurations

Localtabgroup
Localtab
titleSample config
Code Block
languagexml
[open_banking.distributed_cache.properties]
max_heartbeat=600
max_master_confirmation=900
merge_first_run_delay=60
merge_next_run_delay=30
logging_type="none"
Localtab
titleDescription
Configuration nameTypeDefault ValueDescription
max_heartbeatinteger600Time in seconds after which the clustered member assumes the client is dead and closes its connections with the client.
max_master_confirmationinteger900Max timeout of master confirmation from other nodes. This is calculated in seconds.
merge_first_run_delayinteger60The inital run delay of split brain/merge process in seconds.
merge_next_run_delayinteger30Run interval of split brain/merge process in seconds.
logging_typestring“none”Specify logging framework type to send logging events. For example, “none”, “jdk”, “log4j”, “log4j2”, “slf4j”