API Gateway 10.11 | Upgrading and Migrating to API Gateway | Upgrading API Gateway in Zero Downtime | Upgrading Major Versions in Zero Downtime | Start the new API Gateway instance
 
Start the new API Gateway instance
You must install the new API Gateway instance and perform the following steps:
1. As zero downtime upgrade deals only with the migration of Elasticsearch or API Data Store data, the platform configurations must be migrated to the new API Gateway instance either manually or using the externalized configurations..
For more information on the platform configurations that must be migrated to the target API Gateway instance, see Migrating the platform configurations.
2. Configure reindex.remote.whitelist in the elasticsearch.yml file.
You must explicitly allow the remote Elasticsearch or API Data Store host in elasticsearch.yml using the reindex.remote.whitelist property.
Configure reindex.remote.whitelist in elasticsearch.yml file located at SAG/InternalDataStore/config. Set the value of old Elasticsearch or API Data Store host and port .
An example to set the Elasticsearch or API Data Store host and port using the as reindex.remote.whitelist is as follows:
reindex.remote.whitelist: localhost:9200
3. If the old Elasticsearch or API Data Store instance is secured with SSL, you must perform one of the following steps to configure the new Elasticsearch or API Data Store to securely connect to the old Elasticsearch or API Data Store.
*Configuring SSL parameters in elasticsearch.yml
Configure the SSL related re-index settings in the new Elasticsearch or API Data Store's elasticsearch.yml file. For more information, see Elasticsearch documentation for re-index SSL settings. If you are having a cluster setup, this must be performed in each node.
*Importing old Elasticsearch or API Data Store certificates into new Elasticsearch or API Data Store JVM
You must add the old instance certificates (public key) into the new Elasticsearch or API Data Store JVM's truststore. For example, in case of internal Elasticsearch or API Data Store you must add the public keys to the truststore cacerts file located at \jvm\jvm\jre\lib\security.
Note:
If external Elasticsearch is used for the new API Gateway instance, you must import the certificates to their corresponding JVM.
The following sample command imports the truststore of old Elasticsearch or API Data Store to the new Elasticsearch or API Data Store JVM.
$>\jvm\jvm\bin\keytool -import -keystore \jvm\jvm\jre\lib\security\cacerts
-file <truststore.jks> -alias <alias>
Property
Detail
Example
truststore.jks
Truststore used in the Elasticsearch. Provide the full path of the truststore. It is available at \WmAPIGateway\config\resources\elasticsearch\config.properties file with property pg.gateway.elasticsearch.https.truststore.filepath.
sagconfig/root-ca.jks
alias
The alias used in the Elasticsearch.
wm.sag.com
You can now start the new API Gateway instance with the new Elasticsearch or API Data Store (cluster and Terracotta cluster).