I am trying to deploy API Manager in a simple HA configuration. I'd like the entire API Manager setup on server A, and just the API Gateway on server B.
I'm trying to follow the instructions on the following link: http://docs.wso2.org/display/Cluster/Clustering+API+Manager
My question is, how do I remove the store and publisher from server B, as instructed by this sentance: "To set up each API Manager component in separate servers, simply remove the unwanted Jaggery apps from the deployment directory. For example, to set up only API Gateway in a severer, remove the store and publisher Jaggery apps.".
I have SVN Deployment Synchronization set up as per the following link with server A the master: http://docs.wso2.org/display/Cluster/Configuring+Deployment+Synchronizer
If I remove the store and publisher from jaggeryapps on server B, won't the deployment sychronizer just put them back the next time I restart server B?
Those are webapps, you can simply delete the jaggery webapps from AM_HOME\repository\deployment\server\jaggeryapps.
Deployment synchornizer won't put back the webapps again. You have to again deploy both jaggery apps in the same folder
Related
I am doing a POC with my team as we are introducing WSO2 components and am working with the API Manager 3.0.
I seem to be having issues loading the WSO2 API Manager / API Publisher on the defined URL;
https://[ip address]/publisher
The page is not loading and I keep getting a spinning circle.
Steps I have taken:
Stop API Manager at command prompt with [Ctrl + C] command
Modified deployment.toml file specified paths for the localhost to our IP Address, API [publisher, gateway and store] URL values to use our IP Address as well.
Changed carbon.xml and api_manager.xml
Start API Manager with wso2server.bat --run command
Issues are as follows;
api_manager.xml values are reset to localhost and not the IP Address I modified it to.
The API Publisher page is not loading and I am not able to get to the API Publisher login page.
I am an administrator on the Windows Server hosting this, so all changes are made as admin.
First of all, APIM 3.0 has a new config model, where all configurations are available (only) in deployment.toml. All other configurations are populated based on that, and shouldn't be changed manually.
Second, you don't need to replace all occurrences of localhost to IP as many are local calls.
Third, the correct URL should have the port, unless you have a reverse proxy in front of API.
eg. https://[ip address]:9443/publisher
Sounds good and thanks for the input. I will give this a try and post back to the thread.
I am using the IP and Port for now with no reverse proxy but plan to add one, once I can get through this part.
Much appreciated.
I have two web-applications, one running on port 8001 and another running on 8002 and another stand-alone auth-application running on 8090.
I want every request to first pass through auth-application:8090 and then this decides whether it should be processed by web-application:8001 or by web-application:8002.
There could be multiple auth-application which could be decided by putting a Load-balancer on top of those and several web-application cluster and the auth-application decides the web-application cluster to forward the request.
By meaning on several web-application cluster, I mean one cluster is built on Java application and another cluster is composed on Django web-application. I want to decide the cluster based on request-header or request parameters.
What is the best away to achieve this?
I could think of using a script to be called in nginx proxy_pass block but am not sure how this could work or even if this would work. There might be some existing implementation for this problem; Might Google / Amazon use this kind of architecture?
Usually authentication flow is initiated from the application (how the auth server should know where do you want to go after the successful auth?), so the flow should be:
1. user reaches app
2. app checks if user is authenticated
3. if no, redirects to auth service
4. let's you in (based on the success of the auth)
So the users should know first of all what app do they want (8001 or 8002). If the two apps are the same then it's a loadbalancer you need but the auth flow still has to be initiated from the app.
I'm running Ws02 products in docker containers
I have a strange problem. I publish an API in publisher, subscribe to it using the store and access the API using the curl command. It works fine. The DB is also running in a separate mysql container and Im persisting the DB data to a volume. However, if I shutdown the containers (docker-compose down) , bring it back up and access the API again, I get a 404 error with the following errordetails .Any idea?
errorCode":900000
errorDescription":"Not Found""
errorDetails":"The requested resource is not available
404
In API Manager, some API data is persisted in the File system as well. You can see the artifacts located at "/repository/deployment/server/synapse-configs/default/api. You need to make sure this is not replaced when the docker container is restarted.
I was trying to deploy a back-end web service to IBM Message Broker. Then create a Java client to call Broker, which in turn calls the back-end web service.
If the Java client can call Broker, then so can any other Java app.
The IBM documentation on the subject is massive. So here are the steps that I took, plus a couple of issues I struggled with, and then resolved.
Two useful links:
Setting up a flow:
http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r1m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Fad64230_.htm
Deploying a flow:
http://publib.boulder.ibm.com/infocenter/wmbhelp/v7r0m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Faa40160_.htm
Create a new Application.
Within the Application, create a new Message Flow.
On the flow workspace, on the left menu column, select Web Services.
Select a SOAPInput, SOAPRequest, SOAPReply.
Connect the input to the request, and the output of the request to the reply.
When you double-click on the Request, it will be looking for a WSDL. Select import/create new at the bottom of the window. On the next window, select the bottom option to select a WSDL from outside the environment. Paste in the entire URL to your back-end web service.
Click next and finish on the following windows to get back to the Flow work space.
One point that I struggled with and was not obvious in the documentation, is that you will need to create a new flow for each method in your back-end web service.
In the SOAPRequest properties, set the "binding operation" to the method behind that flow.
Once you build and deploy the bar, you can right-click anywhere on the Flow work space and select Test...
The test tool will display the WSDL of the web service that is deployed to your Broker instance. You can grab that WSDL and use Ant or Maven to create a Java client and call your web service (which in turn calls the back-end service)
That's not strictly speaking true, you can route to a label based on the operation name in the wsdl or even use the SOAPInput node in generic gateway mode. Generally you'll want a flow per "service" not per method.
I apologize in advance if the question is ridiculous.
I have an asmx service running in Azure (HTTP - no SSL).
I have a WPF app that loads a X509Certificate2 and adds it to the request by doing the following:
X509Certificate2 cert = new X509Certificate2("...");
webRequest.ClientCertificates.Add(cert);
In the web service I get the certificate by
new X509Certificate2(this.Context.Request.ClientCertificate.Certificate)
And then I load a cert (that I have both uploaded to the Azure control panel and added to my service definition file) by using the following sample:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, certName, true);
And then I validate by doing the following:
clientCert.Thumbprint == certs[0].Thumbprint
Now unfortunately I get an exception (System.Security.Cryptography.CryptographicException: m_safeCertContext is an invalid handle) as soon as I do
Request.ClientCertificate.Certificate
So I have a few questions. How do I avoid the exception. This answer states I need to modify an IIS setting, but how can I do that in Azure?
In any case is this even the proper way to do certificate authentication?
Thanks!
You can use command scripts to modify IIS, in combination with appcmd.exe.
For a quick example (disabling timeout in an application pool), take a look at this sample by Steve Marx.
In this example, you'd call DisableTimeout.cmd as a startup task. For more info on creating startup tasks, you can watch this episode of Cloud Cover Show. There should be a lab on startup tasks in the Platform Training Kit as well.
Just remember that any type of IIS configuration change should be made via an automated task at startup. If you manually change IIS via RDP, those changes won't propagate to all of your instances, and won't remain persistent in the event of hardware failure or OS update.
You can remote into your azure instances to manage IIS. As for a way to do it globally for all instances at once, I'm not sure. That would be an interesting side project though.
http://learn.iis.net/page.aspx/979/managing-iis-on-windows-azure-via-remote-desktop/