Deploying API Manager with Pattern 01
WSO2 API Manager product includes Publisher (Developer Portal), Store (API Marketplace), Gateway, Key Manager and Traffic Manager components. These components play a distinctive role in the product’s functionality. You may find the detailed description of these each and every component in the official WSO2 API Manager key concepts [1]. Please familiarize yourself with the product by going through these basic quick start documents.
Pattern 01 is the basic deployment to consider for a minimum API Manager High-availability deployment containing two all in one API Manager nodes and a single Analytics node as depicted in the below diagram. This pattern is recommended if you are working with a low throughput requirement.
This article will explain the pattern deployment using an example scenario of having to integrate with an existing Active Directory user store, MSSQL databases, and implementing artifact sync between the two nodes using a network file system mount as depicted in the below diagram.
Set the WriteGroups property false with the class
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">.
If you are to work with the read-only mode with user entries written to Active Directory, you can just follow the read-only mode configuration section on [4] with the class <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">. This way it will write user entries to an LDAP user store (roles are not written, just user entries)
If you are using the MS SQL, one of the things to keep in mind is that to set the SendStringParametersAsUnicode parameter to ‘false’ in the database connection URL.
Moreover, you may want to check tune-up suggestions in the blog [7]. These params will avoid the known deadlock scenarios with API Manager running with MSSQL.
Here we are configuring only the Analytics worker node for the deployment since we are using publisher and store dashboards and analytics is not a distributed deployment here, the manager is not configured as well. Since API Manager Analytics is based on WSO2 Stream Processor you might want to read more into it. [10]
Loadbalancer and reverse proxy configurations: Follow the active-active deployment configuration guide on doing the load balancer and reverse proxy configurations. [9] for this example.
If you are using network file system file mount to share the gateway artifacts with each other you have to mount the <API_HOME>/repository/deployment/server directory to it. If you want to use rsync you might have to use the manager-worker configuration and do the configuration as mentioned in [11].
Pattern 01 is the basic deployment to consider for a minimum API Manager High-availability deployment containing two all in one API Manager nodes and a single Analytics node as depicted in the below diagram. This pattern is recommended if you are working with a low throughput requirement.
Figure: API Manager pattern 01 [2] |
Figure: deployment diagram |
Userstore configurations
If the requirement is to configure an existing Active Directory user store and use the existing roles and groups for the API Manager roles [3], you may want to consider using a read-only user store. There are two ways to configure the read-only mode for Active Directory [4].Set the WriteGroups property false with the class
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">.
If you are to work with the read-only mode with user entries written to Active Directory, you can just follow the read-only mode configuration section on [4] with the class <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">. This way it will write user entries to an LDAP user store (roles are not written, just user entries)
Database configurations
Article’s example is about setting up with MSSQL, therefore you can follow the official documentation on setting up the databases on the installing and configuring databases document [1], changing the default API-M databases document [2] and the configuring APIM Analytics document’s [8].If you are using the MS SQL, one of the things to keep in mind is that to set the SendStringParametersAsUnicode parameter to ‘false’ in the database connection URL.
Moreover, you may want to check tune-up suggestions in the blog [7]. These params will avoid the known deadlock scenarios with API Manager running with MSSQL.
Here we are configuring only the Analytics worker node for the deployment since we are using publisher and store dashboards and analytics is not a distributed deployment here, the manager is not configured as well. Since API Manager Analytics is based on WSO2 Stream Processor you might want to read more into it. [10]
userdb
|
This is the database where information about the users and user roles are stored, including log-in name, password, first name, last name, and e-mail address. Since we have configured AD as the primary userstore this will not be used.
Shared between the two APIM instances
Source script: <API-M_HOME>/dbscripts/mssql.sql
|
regdb
|
Shared database for config and governance registry mounts in the product's nodes
Shared between the two APIM instances
Source script: <API-M_HOME>/dbscripts/mssql.sql
|
mbstoredb
|
Stores instance data that are specific to the message broker profile
Database is unique for a traffic manager component.
Source script: <API-M_HOME>/dbscripts/mb-store/mssql-mb.sql
|
apimgtdb
|
This database is used to store all the raw data published to the EI-Analytics node from EI integrator nodes.
Shared between the two APIM instances
Source script: <API-M_HOME>/dbscripts/apimgt/mssql.sql
|
analyticsdb
|
This database is used to store summarized event data of the API Manager Analytics worker
Created the AM_USAGE_UPLOADED_FILES table in the database.
|
permissiondb
|
Source script: N/A, tables created at runtime
|
geolocationdatadb
|
Only if you need geo-location based statistics.
|
If you are using network file system file mount to share the gateway artifacts with each other you have to mount the <API_HOME>/repository/deployment/server directory to it. If you want to use rsync you might have to use the manager-worker configuration and do the configuration as mentioned in [11].
Comments
Post a Comment