Hosting WSO2 APIM as a Distributed Setup in Azure VM — Part 2
In Part 1 of this article, we introduced the procedure of hosting WSO2 APIM in Azure VM and described the first four steps.
- Getting the necessary VMs
- Setting up the database
- Configuring the VMs for traffic
- Installing necessary softwares for VMs
- Editing the Ansible script
- Running the script and testing
- Adding the Load balancer
In this article, we are continuing from the 5th step.
5 Editing the Ansible Script
- Clone the Ansible repository https://github.com/GihanAyesh/ansible-apim.git to your local machine. You will be working with the 4.2.x branch.
Branch 4.2.x was picked because we are going to host APIM 4.2.0 packs. If you want to host a different version, checkout to the correct branch.
- Checkout to the 4.2.x branch from your local IDE. This is the script we will be using to host the APIM packs in our VMs. If you want to get familiar with the repo, read the README.md file in the repository.
- Let’s add the necessary files to the repo.
- Go to
files
folder and create a folder calledkeys
. This is where you add your VM key files. Copy your APIM CP+TM key file and APIM GW key files to thekeys
folder. Then make sure they are read only by using the commandchmod 400
ex:chmod 400 apimcp_key.pem
- Go to the folder
files/lib
and add the mysql-connector jar since we are using MySQL. You can use this link to download it. - If you have already installed Java to your VMs, skip this step. Otherwise, go to
files/lib
and add your Java setup file (.tar.gz file). - If you have a link for the zip file of the APIM pack, skip this step. Otherwise, if you have it locally, copy the pack to
files/packs
.
- Your repository should now look like this. (Your file names could be different.) I have not added the APIM pack or the Java setup file because I’m going to use remote links.
- Now, go to the
dev/group_vars/apim.yml
file. Here, you can set the global variables of your packs. Make sure the following values are correct for your setup.
product_version: The pack name of the unzipped pack
jdbc_driver: The name of the driver jar you added
pack_location and remote_pack: Set as instructed in the comments of the apim.yml.
setup_java_enabled: Set to true if you add the file to lib. Otherwise, set to false.
jdk_name and java_home: Java version you installed and the java_home value of the VM if you installed Java to VM. Otherwise, comment them out. - Next, comment out the
security_file_list
inapim.yml
since we are skipping the LB. You should also check for any link withlb
in it and remove that part.
ex:https://cplb.apim.com/devportal
->https://cp.apim.com/devportal
- Then go to the database configuration in
apim.yml
and add your database links towso2shared_db_url
andwso2am_db_url
.
The format of this should bejdbc:mysql://<hostname>:<port>/<db_name>?allowedPublicKeyRetrieval=true&useSSL=false
. In our case, it should bejdbc:mysql://db:3306/shared_db?allowedPublicKeyRetrieval=true&useSSL=false
andjdbc:mysql://db:3306/apim_db?allowedPublicKeyRetrieval=true&useSSL=false
. - Since we are not using a LB at the moment, go to
dev/host_vars/apim-control-pane_1.yml
,apim-gateway_1.yml
, andapim_tm_1.yml
files and removelb
from their hostnames.
ex:cplb.apim.com
->cp.apim.com
- Go to the folder
dev/inventory
and check whether theansible_host
,ansible_user
, andansible_ssh_private_key_file
are set correctly.
6 Running the Script and Testing
- Before running the script, you need to do one more thing in the VM. SSH into APIM CP+TM and APIM GW VMs and go to the
/mnt/
directory. If you execute thels
command, you will see aDATALOSS_WARNING_README.txt
file. Since this is a read only file, Ansible will have trouble with setting up. You can use the following commands to remove this file.sudo chattr -i DATALOSS_WARNING_README.txt
sudo rm DATALOSS_WARNING_README.txt
- Then, install Ansible to your local machine. You can use this link for that. You will need version 2.5 or higher.
- Run the command
ansible-playbook -i dev site.yml
.
If all goes right, congrats! You have hosted the DS. The script will run and your packs will be up. The packs will be installed to the /mnt
directory. You don’t need to go to VMs and manually start the packs as that task is done by the script.
Go to https://<cp_hostname>/devportal
to see whether all is well. For example, the link is https://cp.apim.com/devportal
in our case.
If something fails, check whether you have missed any of the steps we discussed.
7 Adding the Load Balancer
Now, let’s finish our setup by using a LB for better traffic management. In this guide we will use nginx
. For more details about nginx check this link.
- First, go to the instance where you are planning to setup the LB and install nginx. The command for this is
sudo apt install nginx
. - Then, you need to add the configs related to your setup. I have already included them in the
files/lbconfig
file. Go tocd /etc/nginx/conf.d
andsudo namo nginx.conf
to edit thenginx.conf
file. The file I used can be found here. You may have to do some changes depending on your setup. - Restart the nginx server. Use the command
sudo pkill -f nginx & wait $!
to terminate the current running nginx thread and start the server bysudo nginx
. - Next, go to
cd /etc/nginx/ssl
and download thenginx.crt
file usingscp
. I have explained more aboutscp
in the previous article(share link). - Now, you need to add the downloaded
nginx.crt
into the APIM truststore. You can follow this guide to do that. Do not worry about creating a keystore using an existing certificate if this is a test setup. - Add the newly created
client-truststore.jks
,wso2carbon.jks
files alongside with thenginx.crt
file to thefiles/security/wso2am
directory. - Remember the places where you renamed variables in
dev/host_vars
anddev/group_vars
by removinglb
in the 5th step? Now go back and change them to their original values. - The final step is to rerun the Ansible code. This will host the DS with LB. The new links will be of the format,
https://<hostname>/<portal>
.
ex:https://cplb.apim.com/devportal
.
Additional Stuff
Sometimes, when you host the packs via Ansible script, they might not start up properly. To restart the packs, ssh into the VMs and useps aux|grep java
to get the java thread values. Then, you can usesudo kill -9 <java_thread_number>
to stop the packs and restart as you normally start the APIM packs. Remeber to use the correct profile
value. For more details, check this article.
Another thing you might want to do is to check the logs. For that, go to your <APIM_HOME>/repository/logs
files and check the wso2carbon.log
file. The commands cat
, tail
, and head
would be useful on this.
Thank you for reading my article, and may the distributed system gods be with you. Good luck mates!