This documentation is for older WSO2 products. View documentation for the latest release.
Page Comparison - Clustering API Manager (v.124 vs v.125) - Clustering Guide 4.2.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed - as JWT needs to be enabled in the KM and Gateway

...

API Manager uses the following four main components:

Publisher

Enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on API features, quality, and usage.

Store

Enables consumers to self-register, discover API functionality, subscribe to APIs, evaluate them, and interact with API publishers.

Key Manager

Responsible for all security and key-related operations.

Gateway

Responsible for securing, protecting, managing, and scaling API calls. 

For more information on the above, see the main components of a distributed system.

...

The API Manager components use the databases as follows:



 
 

(API Manager Database)

apimgtdb

(User Manager Database)

userdb

(Registry Database)

regdb

Publisher

Used

Used

Used

Store

Used

Used

Used

Key Manager

Used

Used

Used (in multi-tenancy mode)

Gateway

Not used

Used (in multi-tenancy mode)

Used (in multi-tenancy mode)

Note

Note: Although the Gateway does not use the API Manager database, this connection is required so do not remove the default configuration in the <APIM_HOME>/repository/conf/datasources/master-datasources.xml file.

 


When we consider distributed deployment of WSO2 API Manager, we have the option of separating its four components and clustering each component as needed. Let's look more closely at how the API Manager components are deployed separately.

...

    1. In each of the directories you just created, open the <PRODUCT_HOME>/repository/conf/carbon.xml file.

    2. Edit the <Offset> attribute in each file as shown in the Port Offset column in the following table. The port value will automatically be increased as shown in the Port Value column, allowing all five WSO2 server instances to run on the same machine.

      WSO2 Server instance

      Port Offset

      Port Value

      KeyManager

      0

      9443

      Gateway

      1

      9444

      Publisher

      2

      9445

      Store

      3

      9446

      Warning

      This step is optional and only required if all server instances are running in the same machine. This is not a recommended approach for production environments. Note that you need to change all ports used in your configurations based on the offset value if you are to do this. See Changing the Default Ports with Offset for more information.

...

  1. Configure key management related communication.

    Localtab Group
    Localtab
    activetrue
    titleCluster fronted by a load balancer

    In a clustered setup if the Key Manager is fronted by a load balancer, you have to use WSClient as KeyValidatorClientType in <APIM_HOME>/repository/conf/api-manager.xml. This should be configured in all Gateway and Key Manager components.

    Code Block
    languagenone
    <KeyValidatorClientType>WSClient</KeyValidatorClientType>
    Localtab
    titleCluster without a load balancer
    1. In a clustered setup if the Key Manager is NOT fronted by a load balancer, you have to use ThriftClient as KeyValidatorClientType in <APIM_HOME>/repository/conf/api-manager.xml. This should be configured in all Gateway and Key Manager components.

      Code Block
      languagenone
      <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
    2. Ensure that the Thrift server is enabled only in the Key Manager. This is enabled by default in all instances of the product, so you need to disable the Thrift server in the Gateway, the Publisher and the Store by setting EnableThriftServer to false in <APIM_HOME>/repository/conf/api-manager.xml for each node.

      Code Block
      languagenone
      <EnableThriftServer>false</EnableThriftServer>
    3. Specify the ThriftClientPort and ThriftServerPort values. 10397 is the default.

      Code Block
      <ThriftClientPort>10397</ThriftClientPort>
      <ThriftServerPort>10397</ThriftServerPort>
    4. Specify the host name or IP of the Key Manager. The default is localhost. In a distributed deployment we must set this parameter in both keymanager nodes and gateway nodes only if the Key Manager is running on a separate machine. Gateway uses this parameter to connect to the key validation thrift service.

      Code Block
      <ThriftServerHost>localhost</ThriftServerHost>
  2. If you need to enable JWT you have to enable it in all key-manager and publisher Gateway components. Refer Generating JSON Web Token on how to configure JWT.  

  3. In the Gateway, set up the Key Manager endpoint in the following files: 

    • _TokenAPI_xml found in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_xml file. 

    • _AuthorizeAPI_xml found in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_AuthorizeAPI_xml file. 
    • _RevokeAPI_xml found in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_RevokeAPI_xml file. 

    This value needs to be the host or IP of the Key Manager.

    Localtab Group
    Localtab
    activetrue
    titleApi Manager 1.9.0
    Code Block
    <inSequence>
                <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
    	        <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
                <send>
                    <endpoint>
                         <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
                            <timeout>
                                <duration>60000</duration>
                                <responseAction>fault</responseAction>
                            </timeout>
                        </http>
                    </endpoint>
                </send>
    </inSequence>
    Note

    Note: If there is additional context required for the Key Manager URL, you must change the uri-template value by adding a context value as show below.

    Code Block
    languagexml
    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/context/oauth2/token">
    Localtab
    titleApi Manager 1.8.0
    Code Block
    <inSequence>
             <property name="uri.var.portnum" expression="get-property('mgtHttpsPort')"/> 
             <send> 
                 <endpoint> 
                     <http uri-template="https://localhost:{uri.var.portnum}/oauth2/revoke"> 
                         <timeout> 
                             <duration>60000</duration> 
                             <responseAction>fault</responseAction> 
                         </timeout> 
                     </http> 
                 </endpoint> 
             </send> 
    </inSequence>
    Localtab
    titleAPI Manager 1.7.0, 1.6.0 and 1.5.0
    Code Block
    <inSequence>
             <send>
                 <endpoint>
                      <address uri="https://{KEY_MANAGER_IP}:{KEY_MANAGER_PORT}/oauth2/token"/>
                 </endpoint>
             </send>
    </inSequence>

...