WSO2 API Manager not working in AWS EC2 - wso2-api-manager

I have configured combination of API Manager and pre configured Identity server in AWS EC2 .
The problem is that API Manager internally refers to the private IP and its invoking the API using the private IP and the private IP is not accessible from internet.
suppose if i have /users/add API , when i use the swagger console , its trying to invoke the privateIp/users/add which is not working...
How to solve this?
I tried to hit using publicip/users/add ;but its neither giving any results.
Thank You

You can set your public IP or Hostname in carbon.xml for HostName and MgtHostName.
<!--
Host name or IP address of the machine hosting this server
e.g. www.wso2.org, 192.168.1.10
This is will become part of the End Point Reference of the
services deployed on this server instance.
-->
<!--HostName>www.wso2.org</HostName-->
<!--
Host name to be used for the Carbon management console
-->
<!--MgtHostName>mgt.wso2.org</MgtHostName-->
Also, you have to replace ${carbon.local.ip} in all configuration files by required IP/Hostname too.

Related

Will HttpClient api gateway calls work on kubernetes cluster?

Hello I have worked on API gateway for a identity service. I used HttpClient and currently call the identity service with localhost. My worry is when we deploy them we plan to have identity service in a cluster in azure there will be a need to use DNS name then. Will the calls still work like they do now using the localhost just by switching to production it will use the DNS name of the cluster? Or are there any other configurations that need to be done?

API Management 2018.1 and DataPower 7.7

I am trying to add DataPower 7.7 into API Management 2018.1.
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).
After configuration I got an error:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP version is 7.7.
Please suggest, if you have any information or manuals.
Note: Domain exists, main services are enabled
It's hard to tell what exactly the problem is based on the log messages shown above.
Update to original answer:
See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.
You will need to ensure:
DataPower is running DP 7.7.0.0 or higher.
You have the AppOpt license installed. (Use the “show license” command in the DataPower CLI to confirm.)
You have a shared certificate and a private key for securing the
communication between the API Connect management server and the
gateway.
On DataPower, you need to:
Create an application domain. All of the subsequent configuration should be done in the application domain.
Enable statistics
Upload your private key and shared certificate to the cert:// directory in the application domain.
Create a crypto key object, a crypto certificate and a crypto identification credentials object using your key and certificate.
Create an SSL client profile and an SSL server profile that reference the crypto identification credential object.
Configure a gateway-peering object.
Configure and enable the API Connect Gateway Service in the application domain.
At that point, you should be able to configure the gateway in the API Connect cloud manager.
Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.
Create the application domain called apiconnect
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain
Then run these commands to create the configuration in the apiconnect domain
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
The problem you are seeing is an issue with creating your api connect service in the default domain. To work around just put your Api Gateway Service in a domain other than default.

Azure VM DNS - What to specify as 'NS' and 'A' record

I have created virtual machine in Azure with static IP. I specified a DNS Name in my ResourceGroup called somevm. So Azure automatically made it somevm.southeastasia.cloudapp.azure.com
Then I added endpoint on public port 80, so the website can be accessed via localhost, via http:// ipaddress/ (outside of VM) and http://somevm.southeastasia.cloudapp.azure.com
On my existing hosting provider, I see the following DNS entries.
NS ns1.myhost.arvixevps.com
NS ns2.myhost.arvixevps.com
A <ipaddress>
* A <ipaddress>
www A <ipaddress>
mail A <ipaddress>
mail2 A <ipaddress>
MX [10], mail.mywebsite.com
MX [21], mail2.mywebsite.com
TXT globalsign-domain-verification=SKFHKSJHDLKUERIJKDCFJLKF_234KJFDJK
I want to migrate my website from Existing hosting to the Azure VM.
What do I need to enter in NS, and 'A' records. Do I also need to enter CNAME? If yes, what will it be and how to find it for my Azure VM.
Everything you need to be able to configure your domain for Azure Virtual Machine is here including CNAME/A records difference and what do you need to put on your domain registrar site. The reason that i added the link for the Cloud Service is that virtual machines in a classic mode (if you created that VM) reside in the specific entity called Cloud Service.
If you created the new Azure VM, then you could go with the Azure DNS service or that approach.
So, CNAME is basically the alias for the azure domain, and you may see the first domain. With A, the domain maps to the IP address of the resource instead of the domain. The choice depends on your scenario. The simplest way is to configure CNAME because if you configure A, you will need to configure static IP (or, because of the dynamic nature of a cloud, it may change in a future, so you will need to change it on your domain registrar site).
Some useful links for understanding how things are working here:
https://azure.microsoft.com/en-in/documentation/articles/dns-domain-delegation/
https://azure.microsoft.com/en-in/documentation/articles/dns-operations-recordsets/
http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/05/05/creating-azure-vms-with-arm-powershell-cmdlets.aspx

How to configure Target Endpoint's containing localhost and port in apigee?

I have created a very simple RESTful service and deployed it on my local tomcat server. I would like to create and configure an API proxy and test it out using Apigee. While trying to creating a new API proxy it does not allow me to point me to url endpoint containing containing localhost and port information.
http://localhost:8080/PageNameService/ /**** DOES NOT WORK ***/
http://weather.yahooapis.com /***** WORKS ************/
Does this mean that you cannot configure Target Endpoint URL's that contain localhost and ports in apigee ? Please guide.
Apigee Edge is hosted on a 4G cloud infrastructure and would accept a backend url for which it can act as a facade and pass on the traffic processed by it. It would not be able to connect to your tomcat server with localhost:8080. You can give any globally accessible complete URL's(it can have domain names or even ip addresses with correct ports is fine.)
I solved this need by using ngrok. I am able to route calls from Edge to my local machine. Absolutely love ngork! :-)

azure connect between azure myWebRole and nonazure server not working

My webapplication hosted on windows azure, needs to communicate with TFS Server. When any one login to my web app using live id, I want the logged in user to use my Team foundation server(TFS) credentials -username,password and domain to programatically authenticate and connect to our TFS server and create some work items.
I configured my azure connect for the communication to happen between azure WebRole and TFS server (our TFS is non-azure ).I added both the WebRole and the TFS Server into single Connection Group
In my azureportal ,I can see mywebrole and my TFSServer as connected the machine endpoint is active, and that it refreshes since the last connected updates
.But when I try to run my web application from azure and when it tries to communicate with our TFS server ,its throwing error message saying Error message : Team Foundation services are not available from server eg.,http://xyz-abcxyx-01:8080/tfs/eas/. Technical information (for administrator): The remote name could not be resolved: 'xyz-abcxyx-01'
Any suggestions to resolve this issue ?
You should enable remote desktop on your WebRole and connect to one of your instances. Then, try to ping the IP of your TFS server (not the hostname xyz-abcxyx-01). Maybe this is simply a DNS issue (even though using hostnames works with Windows Azure Connect).
If pinging the IP works, but pinging the hostname doesn't work you have a few options left:
Use the IP instead of the hostname. This won't work if you configured your TFS to use host headers.
Create an elevated startup task to modify the hosts file and map the IP to the hostname. In your code you can keep working with the hostname.
Try to modify the DNS server configured in your WebRole to use the default DNS server + your internal DNS server. But to me this doesn't look like a clean solution.
Anyways, in each solution you'll want to store the IP/hostname in the ServiceConfiguration and make sure your code supports changes to the ServiceConfiguration. This will allow you to change the IP/hostname without having to redeploy.
You should check if TFS server is listening on all network interfaces, include the one created by Azure Connect (start with 2a01). Next try to connect to TFS from a machine on the local LAN, just to make sure it is configured correctly. You don't need to use IP for referring to TFS, DNS name is definitely supported out of box.

Resources