WSO2 APIM 2.0 deployment

1
votes

I'm trying to understand WSO2 APIM components and deployment scenarios but the terminology is confusing/vague for me. Clustering vs distributed deployments, profiles, and Port Offsets.

Basically I'd like to deploy a minimal 5 node setup where:

Node # (Location) Purpose

  1. (DMZ) the GW (worker=True right?) and KeyManager
  2. (DMZ) 2nd GW node (as above) for GW & KeyManager
  3. (non-dmz) the Management Console, MySQL master
  4. (non-dmz) the Publisher UI,TrafficManager, MySQL slave
  5. (DMZ) the Store

looks like this

Questions:

  1. Should I use -DportOffset=0 on all nodes?
  2. What -Dprofile=?? do I need to use on each of the 5 nodes?
  3. The 2 gateway nodes will be load-balanced by an F5 load balancer for incoming api-traffic. What port is used there, 9443 or 9763?
  4. What ports need to be accessible on the DMZ hosts for this to work? I assume 3306,9443,9763,8280,8243,7711, and 9999,11111 if JMX reqd

Please don't point me to the documentation, that's what is confusing me.

2
wso2wso2-am

2 Answers

0
votes

Should I use -DportOffset=0 on all nodes?

It depends on how do you set up those nodes. If all of these servers in the same node (machine), you must use different port offset as all the API Manager servers use those port, so, there will be port conflicts.

What -Dprofile=?? do I need to use on each of the 5 nodes? It will adjust the ports used by API Manager so that, there won't be any port conflicts between them if you are running on same node.

The 2 gateway nodes will be load-balanced by an F5 load balancer for incoming api-traffic. What port is used there, 9443 or 9763?

For API requests/responses handling, you need 9763.

What ports need to be accessible on the DMZ hosts for this to work? I assume 3306,9443,9763,8280,8243,7711, and 9999,11111 if JMX reqd Yes, it's correct.

Further, you can use WSO2 support any issues you encountered.

0
votes

Running the key manager nodes, Store node in the DMZ is not recommended as they need db access. If you are using multi tenancy, you cannot host gateway worker nodes in the DMZ as well due to db access. What you can do is host those nodes in LAN and have a reverse proxy in the DMZ to expose the endpoints on the Gateway and Store. If you do not use multi tenancy, then you can run gateway worker nodes in the DMZ as dbs are not used.

  1. As you are running multiple WSO2 servers in a single server you need to use port offsets to avoid conflicts. Default port offset is 0. You can run one WSO2 server with default port offset. For the other server you need to use port offset 1 or any value other than 0. You can start the server by giving the -DportOffset=1 at the startup. Best way is to change the value offset to 1 in /repository/conf/carbon.xml so that you do not need to provide the -DportOffset value at the startup.

  2. -Dprofile is denote the profile which API Manager should start. If you start with -Dprofile=api-publisher, it would only starts the front end/backend features relevant to the API Publisher. Running product profiles are mostly recommended as it would only load relevant features of the profile. You can use profiles in your deployment as you are running 6 profiles of API Manager.

  3. I think you are referring gateway worker nodes which serve API traffic. If so, it will use passthrough ports that are 8280(http) and 8243(https). Requests can serve using both. 9443 and 9763 are servlet ports are those will not used in gateway worker nodes and only in gateway manager node for service calls.

    1. My recommendation is you should revise this setup as you are running nodes in DMZ which have db access.