Start new API Gateway Instance
You must install the new instance of API Gateway and perform the following prerequisites:
1. IS/File System Configurations and Custom Packages.
As zero downtime upgrade deals only with the migration of API Data Store data, the administrator must look after the migration of the non API Data Store configurations such as file system configurations, ports configurations (if port clustering is disabled), and custom ESB packages to the new API Gateway instance before running the migration of data.
The configurations are as follows:
Configuration | File Name | File Location |
Elasticsearch configuration | elasticsearch.yml | SAGInstallDir/InternalDatastore/config/ |
Elasticsearch client configuration | config.properties | SAGInstallDir/IntegrationServer/instances/ instance_name/packages/WmAPIGateway/config/ resources/elasticsearch/ |
Kibana configuration | kibana.yml | SAGInstallDir/profiles/instance_name/ apigateway/dashboard/config/ |
Master password | mpw.dat | SAGInstallDir/profiles/instance_name/ configuration/security/passman/ |
UI configurations | uiconfiguration.properties | SAGInstallDir/profiles/instance_name/ apigateway/config/ |
SAML group mapping | saml_groups_mapping.xml | SAGInstallDir/IntegrationServer/instances/ instance_name/packages/WmAPIGateway/config/ resources/security/ |
WebApp settings | com.softwareag.catalina.connector.http. pid-apigateway.properties com.softwareag.catalina.connector.https. pid-apigateway.properties | SAGInstallDir/profiles/instance_name/ configuration/ com.softwareag.platform. config.propsloader/ |
Custom wrapper settings | custom_wrapper.conf | SAGInstallDir/profiles/instance_name/configuration/ |
Server Ports Configuration
If you set the portClusteringEnabled extended setting to false, you must create server ports in each instance.
SAML SSO Configuration
You must ensure that the following file locations in SAML SSO configuration are accessible from the new instance of API Gateway. If not, you must manually copy the files to the new instance.
IDP metadata location
Gateway metadata location
Keystore location
You must ensure that all the custom packages are installed and ready in the new instances of API Gateway.
2. Configure re-index.remote.whitelist in elasticsearch.yml.
You must explicitly allow remote API Data Store host in elasticsearch.yml using the reindex.remote.whitelist property.
Configure reindex.remote.whitelist in SAG/InternalDataStore/config/elasticsearch.yml file and set the value of old API Data Store host and port as reindex.remote.whitelist: localhost:9200
3. If the old instance of API Data Store is secured with SSL, you must execute one of the following steps to configure the new instance of API Data Store to connect to old instance of API Data Store, securely.
Configuring SSL parameters in elasticsearch.yml Configure the SSL related reindex settings in the new API Data Store's elasticsearch.yml file. For more information, see
Elasticsearch documentation for re-index SSL settings. If you are having a cluster setup, this must be performed in each node.
Importing old API Data Store certificates into new API Data Store JVM You must add the old instance certificates (public key) in to the new instance API Data Store JVM's trust store. For example, in case of internal API Data Store you must add the public keys to the truststore cacerts file located at \jvm\jvm\jre\lib\security.
Note:
If external Elasticsearch is used for the new API Gateway instance, you must import the certificates to their corresponding JVM.
The following sample command imports the truststore of old API Data Store in to the new API Data Store JVM.
$>\jvm\jvm\bin\keytool -import -keystore \jvm\jvm\jre\lib\security\cacerts
-file <truststore.jks> -alias <alias>
Property | Detail | Example |
truststore.jks | Truststore used in Elasticsearch. Provide the full path of the truststore. It is available at \WmAPIGateway\config\resources\elasticsearch\config.properties file with property pg.gateway.elasticsearch.https.truststore.filepath. | sagconfig/root-ca.jks |
alias | This is the alias used in Elasticsearch | wm.sag.com |
You can now start the new API Gateway instance with the new API Data Store (cluster and Terracotta cluster).