Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

This topic provides instructions on how to configure the multiple Gateways in WSO2 API Manager (WSO2 API-M) in a distributed deployment to facilitate high availability (HA). The instructions in this topic are based on the Distributed Deployment of API Manager and these configurations will only work if the configurations in that topic are done correctly. For instance, all datasource configurations are already done for the Gateway in that topic and hence do not need to be repeated here.

The following sections provide specific instructions on configuring the Gateway cluster.

Gateway deployment pattern

The configurations in this topic will be done based on the following pattern. This pattern is used as a basic Gateway cluster where the worker nodes and manager nodes are separated.

 Click here to view a sample of the full API Manager cluster.

Step 1 - Configure the load balancer

NGINX is used for this scenario, but you can use any load balancer that you prefer here. The following are the configurations that need to be done for the load balancer.

Use the following steps to configure Nginx as the load balancer for WSO2 products.

  1. Install Nginx using the following command.
    $sudo apt-get install nginx
  2. Configure Nginx Plus to direct the HTTP requests to the two worker nodes via the HTTP 80 port using the http://am.wso2.com/<service>. To do this, create a VHost file (am.http.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    upstream wso2.am.com {
            sticky cookie JSESSIONID;
            server xxx.xxx.xxx.xx4:9763;
            server xxx.xxx.xxx.xx5:9763;
    }
    
    server {
            listen 80;
            server_name am.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://wso2.am.com;
            }
    }
  3. Configure Nginx Plus to direct the HTTPS requests to the two worker nodes via the HTTPS 443 port using https://am.wso2.com/<service>. To do this, create a VHost file (am.https.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    upstream ssl.wso2.am.com {
    	sticky cookie JSESSIONID;
    	server xxx.xxx.xxx.xx4:9443;
    	server xxx.xxx.xxx.xx5:9443;
    }
    
    server {
    listen 443;
    	server_name am.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/wrk.crt;
    	ssl_certificate_key /etc/nginx/ssl/wrk.key;
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    	    proxy_pass https://ssl.wso2.am.com;
        	}
    }
  4. Configure Nginx Plus to access the Management Console as  https://mgt.am.wso2.com/carbon via HTTPS 443 port. This is to direct requests to the manager node. To do this, create a VHost file (mgt.am.https.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    server {
    	listen 443;
    	server_name mgt.am.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/mgt.crt;
    	ssl_certificate_key /etc/nginx/ssl/mgt.key;
    
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    	    proxy_pass https://xxx.xxx.xxx.xx3:9443/;
        	}
    	error_log  /var/log/nginx/mgt-error.log ;
               access_log  /var/log/nginx/mgt-access.log;
    }
  5. Restart the Nginx Plus server.
    $sudo service nginx restart

    Tip: You do not need to restart the server if you are simply making a modification to the VHost file. The following command should be sufficient in such cases.
    sudo service nginx reload

Step 2 - Create SSL certificates

Create SSL certificates for both the manager and worker nodes using the instructions that follow. 

  • In the sample configurations given under Step 1 - Configure the Load Balancer, the names of ssl key and the certificate for the manager node is mgt.key and mgt.crt, and for worker node its wrk.key and wrk.crt respectively. Please uset these names for <key_name> and <certificate_name> when you are generating keys and certificates.
  • While creating keys, enter the host name (am.wso2.com or mgt.am.wso2.com) as the Common Name.
  1. Create the Server Key.

    $sudo openssl genrsa -des3 -out <key_name>.key 1024
  2. Certificate Signing Request.

    $sudo openssl req -new -key <key_name>.key -out server.csr
  3. Remove the password.

    $sudo cp server.key <key_name>.key.org 
    $sudo openssl rsa -in <key_name>.key.org -out <key_name>.key
  4. Sign your SSL Certificate.

    $sudo openssl x509 -req -days 365 -in server.csr -signkey <key_name>.key -out <certificate_name>.crt
  5. Copy the key and certificate files generated in above step 4 to /etc/nginx/ssl/ location. 

You have now configured the load balancer to handle requests sent to am.wso2.com and to distribute the load among the worker nodes in the worker sub-domain of the wso2.am.domain cluster.

You are now ready to set up the cluster configurations. The next step is to configure the Gateway manager.

Step 3 - Configure the Gateway manager

Management nodes specialize in management of the setup. Only management nodes are authorized to add new artifacts into the system or make configuration changes. Management nodes are usually behind an internal firewall and are exposed to clients running within the organization only. This section involves setting up the Gateway node and enabling it to work with the other components in the distributed setup.

Step 3.1 - Configure the common configurations

Carryout the following configurations on the Gateway manager node.

Note that these configurations are common to the Gateway Manager and Gateway Worker nodes.

  1. Open the <API-M_HOME>/repository/conf/api-manager.xml file in the Gateway node.
  2. Modify the api-manager.xml file as follows. This configures the connection to the Key Manager component.

    <APIKeyValidator> 
      <ServerURL>https://<IP of the Key Manager>:9443/services/</ServerURL>
      <Username>admin</Username>
      <Password>admin</Password>
      ...
    </APIKeyValidator>

    Change admin password

    To change the admin password go to Changing the super admin password. See the note given under step 2 for instructions to follow if your password has special characters.

  3. Configure key management related communication.

  4. If you need to enable JSON Web Token (JWT) you have to enable it in all Gateway and Key Manager components.
    For more information on enabling JWT, see Generating JSON Web Token.

Step 3.2 - Configure the carbon.xml file

The following configurations are done in the <GATEWAY_MANAGER_HOME>/repository/conf/carbon.xml file.

  1. Open <GATEWAY_MANAGER_HOME>/repository/conf/carbon.xml.
  2. Locate the <HostName> tag and add the cluster host name:  <HostName>am.wso2.com</HostName>
  3. Locate the <MgtHostName> tag and uncomment it. Make sure that the management host name is defined as follows: <MgtHostName> mgt.am.wso2.com </MgtHostName> 

Step 3.3 - Configure the catalina-server.xml file

Specify the following configurations in the catalina-server.xml file located in the <GATEWAY_MANAGER_HOME>/repository/conf/tomcat/ directory.

<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9763"
                proxyPort="80"
--------
/>
<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9443"
                proxyPort="443"
--------
/>

The TCP port number is the value that this Connector will use to create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address.

Step 3.4 - Map the hostnames to IPs

Open the server's /etc/hosts file and add the following.

<GATEWAY-WORKER-IP> am.wso2.com

In this example, it would look like this:

xxx.xxx.xxx.xx4 am.wso2.com

Once you replicate these configurations for all the manager nodes, your Gateway manager is configured. Next configure the Gateway worker.  

Step 4 - Configure the Gateway worker

Worker nodes specialize in serving requests to deployment artifacts and and reading them. They can be exposed to external clients.

Step 4.1 - Configure the common configurations

Carryout the following configurations on the Gateway worker node.

Macro lookup error: excerpt "common-gw-steps" was not found on page "Distributed Deployment of the Gateway" (with ID 32736398) in space "AM210".

If you're experiencing issues please see our Troubleshooting Guide.

Step 4.2 - Configure the carbon.xml file

  1. Open <GATEWAY_WORKER_HOME>/repository/conf/carbon.xml on each worker node.
  2. Specify the host name as follows.
    <HostName>am.wso2.com</HostName>

You can configure the Deployment Synchronizer, which is also done in the  carbon.xml file.

Step 4.3 - Configure the catalina-server.xml file

Make the following configuration changes in the catalina-server.xml file which is found in the <GATEWAY_WORKER_HOME>/repository/conf/tomcat/ directory.

<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9763"
                proxyPort="80"
--------
/>
<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9443"
                proxyPort="443"
--------
/>

In the next section, we will map the host names we specified to real IPs.

Step 4.4 - Map the hostnames to IPs

Open the server's /etc/hosts file and add the following.

<GATEWAY-MANAGER-IP> mgt.am.wso2.com 

In this example, it would look like this:

xxx.xxx.xxx.xx3 mgt.am.wso2.com 

Step 5 - Optionally configure Hazelcast

You can seamlessly deploy WSO2 API Manager using local caching in a clustered setup without Hazelcast clustering. However, there are edge case scenarios where you need to enable Hazelcast clustering. To identify whether you need Hazelcast clustering and to configure Hazelcast clustering if needed, see Working with Hazelcast Clustering.

Step 6 - Start the Gateway Nodes

Step 6.1 - Start the Gateway manager

  1. Comment the following configurations in the <API-M_HOME>/repository/conf/api-manager.xml file.

    <JMSEventPublisherParameters>
       <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
       <java.naming.provider.url>repository/conf/jndi.properties</java.naming.provider.url>
       <transport.jms.DestinationType>topic</transport.jms.DestinationType>
       <transport.jms.Destination>throttleData</transport.jms.Destination>
       <transport.jms.ConcurrentPublishers>allow</transport.jms.ConcurrentPublishers>
       <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
    </JMSEventPublisherParameters>
  2. Start the Gateway manager by typing the following command in the terminal.

    sh <GATEWAY_MANAGER_HOME>/bin/wso2server.sh

Step 6.2 - Start the Gateway worker

It is recommendation is to delete the <API-M_HOME>/repository/deployment/server directory and create an empty server directory in the worker node. This is done to avoid any SVN conflicts that may arise. Note that when you do this, you may have to restart the worker node after you start it in order to avoid an error.

  1. Update the <API-M_HOME>/repository/conf/api-manager.xml file by commenting out the following configurations.

    <JMSEventPublisherParameters>
       <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
       <java.naming.provider.url>repository/conf/jndi.properties</java.naming.provider.url>
       <transport.jms.DestinationType>topic</transport.jms.DestinationType>
       <transport.jms.Destination>throttleData</transport.jms.Destination>
       <transport.jms.ConcurrentPublishers>allow</transport.jms.ConcurrentPublishers>
       <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
    </JMSEventPublisherParameters>
  2. Start the Gateway worker by typing the following command in the terminal.

    sh <GATEWAY_WORKER_HOME>/bin/wso2server.sh -Dprofile=gateway-worker

    The additional -Dprofile=gateway-worker argument indicates that this is a worker node specific to the Gateway. This parameter basically makes a server read-only. A node with this parameter will not be able to do any changes such as writing or making modifications to the deployment repository, etc. Starting this node as a Gateway worker ensures that Store and Publisher related functionality is disabled. This parameter also ensures that the node starts as the worker profile, where the UI bundles will not be activated and only the back end bundles will be activated once the server starts up. See API Manager product profiles for more information on the various product profiles available in API Manager.

  • No labels