Hosting WSO2 APIM as a Distributed Setup in Azure VM — Part 2

Photo by Zac Ong on Unsplash

In Part 1 of this article, we introduced the procedure of hosting WSO2 APIM in Azure VM and described the first four steps.

1. Getting the necessary VMs
2. Setting up the database
3. Configuring the VMs for traffic
4. Installing necessary softwares for VMs
5. Editing the Ansible script
6. Running the script and testing
7. Adding the Load balancer

In this article, we are continuing from the 5th step.

Source: https://giphy.com/gifs/keanu-reeves-im-back-john-wick-yoJC2BlMMydcdBvgze

5 Editing the Ansible Script

• Clone the Ansible repository https://github.com/GihanAyesh/ansible-apim.git to your local machine. You will be working with the 4.2.x branch.

Branch 4.2.x was picked because we are going to host APIM 4.2.0 packs. If you want to host a different version, checkout to the correct branch.

• Checkout to the 4.2.x branch from your local IDE. This is the script we will be using to host the APIM packs in our VMs. If you want to get familiar with the repo, read the README.md file in the repository.
• Let’s add the necessary files to the repo.

1. Go to files folder and create a folder called keys . This is where you add your VM key files. Copy your APIM CP+TM key file and APIM GW key files to the keys folder. Then make sure they are read only by using the command chmod 400
   ex: chmod 400 apimcp_key.pem
2. Go to the folder files/lib and add the mysql-connector jar since we are using MySQL. You can use this link to download it.
3. If you have already installed Java to your VMs, skip this step. Otherwise, go to files/lib and add your Java setup file (.tar.gz file).
4. If you have a link for the zip file of the APIM pack, skip this step. Otherwise, if you have it locally, copy the pack to files/packs.

• Your repository should now look like this. (Your file names could be different.) I have not added the APIM pack or the Java setup file because I’m going to use remote links.

The folder structure

• Now, go to the dev/group_vars/apim.yml file. Here, you can set the global variables of your packs. Make sure the following values are correct for your setup.
  product_version: The pack name of the unzipped pack
  jdbc_driver: The name of the driver jar you added
  pack_location and remote_pack: Set as instructed in the comments of the apim.yml.
  setup_java_enabled: Set to true if you add the file to lib. Otherwise, set to false.
  jdk_name and java_home: Java version you installed and the java_home value of the VM if you installed Java to VM. Otherwise, comment them out.
• Next, comment out the security_file_list in apim.yml since we are skipping the LB. You should also check for any link with lb in it and remove that part.
  ex: https://cplb.apim.com/devportal -> https://cp.apim.com/devportal
• Then go to the database configuration in apim.yml and add your database links to wso2shared_db_url and wso2am_db_url.
  The format of this should be jdbc:mysql://<hostname>:<port>/<db_name>?allowedPublicKeyRetrieval=true&amp;useSSL=false. In our case, it should be jdbc:mysql://db:3306/shared_db?allowedPublicKeyRetrieval=true&useSSL=false and jdbc:mysql://db:3306/apim_db?allowedPublicKeyRetrieval=true&useSSL=false.
• Since we are not using a LB at the moment, go to dev/host_vars/apim-control-pane_1.yml ,apim-gateway_1.yml , and apim_tm_1.yml files and remove lb from their hostnames.
  ex: cplb.apim.com -> cp.apim.com
• Go to the folder dev/inventory and check whether the ansible_host , ansible_user , and ansible_ssh_private_key_file are set correctly.

Source: https://giphy.com/gifs/dog-confused-i-have-no-idea-what-im-doing-xDQ3Oql1BN54c

6 Running the Script and Testing

• Before running the script, you need to do one more thing in the VM. SSH into APIM CP+TM and APIM GW VMs and go to the /mnt/ directory. If you execute the ls command, you will see a DATALOSS_WARNING_README.txt file. Since this is a read only file, Ansible will have trouble with setting up. You can use the following commands to remove this file.
  sudo chattr -i DATALOSS_WARNING_README.txt
sudo rm DATALOSS_WARNING_README.txt
• Then, install Ansible to your local machine. You can use this link for that. You will need version 2.5 or higher.
• Run the command ansible-playbook -i dev site.yml.

If all goes right, congrats! You have hosted the DS. The script will run and your packs will be up. The packs will be installed to the /mnt directory. You don’t need to go to VMs and manually start the packs as that task is done by the script.

Go to https://<cp_hostname>/devportal to see whether all is well. For example, the link is https://cp.apim.com/devportal in our case.

If something fails, check whether you have missed any of the steps we discussed.

7 Adding the Load Balancer

Now, let’s finish our setup by using a LB for better traffic management. In this guide we will use nginx . For more details about nginx check this link.

• First, go to the instance where you are planning to setup the LB and install nginx. The command for this is sudo apt install nginx.
• Then, you need to add the configs related to your setup. I have already included them in the files/lbconfig file. Go to cd /etc/nginx/conf.d
  and sudo namo nginx.conf to edit the nginx.conf file. The file I used can be found here. You may have to do some changes depending on your setup.
• Restart the nginx server. Use the command sudo pkill -f nginx & wait $! to terminate the current running nginx thread and start the server by sudo nginx.
• Next, go to cd /etc/nginx/ssl and download the nginx.crt file using scp . I have explained more about scp in the previous article(share link).
• Now, you need to add the downloaded nginx.crt into the APIM truststore. You can follow this guide to do that. Do not worry about creating a keystore using an existing certificate if this is a test setup.
• Add the newly created client-truststore.jks, wso2carbon.jks files alongside with the nginx.crt file to the files/security/wso2am directory.
• Remember the places where you renamed variables in dev/host_vars and dev/group_vars by removing lb in the 5th step? Now go back and change them to their original values.
• The final step is to rerun the Ansible code. This will host the DS with LB. The new links will be of the format,https://<hostname>/<portal>.
  ex: https://cplb.apim.com/devportal .

Additional Stuff

Sometimes, when you host the packs via Ansible script, they might not start up properly. To restart the packs, ssh into the VMs and use
ps aux|grep java to get the java thread values. Then, you can use
sudo kill -9 <java_thread_number> to stop the packs and restart as you normally start the APIM packs. Remeber to use the correct profile value. For more details, check this article.

Another thing you might want to do is to check the logs. For that, go to your <APIM_HOME>/repository/logs files and check the wso2carbon.log file. The commands cat, tail, and head would be useful on this.

Thank you for reading my article, and may the distributed system gods be with you. Good luck mates!

Source: https://giphy.com/gifs/let-black-white-people-2HtWpp60NQ9CU