Layer7 API Management

  • 1.  Dockerized CA API Gateway can't connect to MySQL container

    Posted May 17, 2017 03:41 PM

    I'm trying to setup a pair of Docker containers to host the CA API Gateway and its supporting MySQL database. Here's the relevant portion of my docker-compose.yml:

      gateway-db:
        image: mysql:5.7
        environment:
          - MYSQL_ROOT_PASSWORD=password
          - MYSQL_USER=test
          - MYSQL_PASSWORD=password
          - MYSQL_DATABASE=ssg
        networks:
          gateway_net:
            ipv4_address: 10.1.2.3

      gateway:
        image: caapim/gateway
        environment:
          SSG_CLUSTER_COMMAND: join
          SSG_CLUSTER_HOST: localhost
          SSG_CLUSTER_PASSWORD: 7layer
          SSG_DATABASE_TYPE: mysql
          SSG_DATABASE_HOST: gateway-db
          SSG_DATABASE_PORT: 3306
          SSG_DATABASE_NAME: ssg
          SSG_DATABASE_USER: test
          SSG_DATABASE_PASSWORD: password
          SSG_DATABASE_ADMIN_USER: root
          SSG_DATABASE_ADMIN_PASS: password
          SSG_ADMIN_USER: admin
          SSG_ADMIN_PASS: password
        networks:
          #suite_net:
          #  ipv4_address: 10.1.1.4
          gateway_net:
            ipv4_address: 10.1.2.2
          #client_net:
          #  ipv4_address: 10.1.0.3

     

    Unfortunately, when I try to `docker-compose up`, the Gateway is unable to connect to the MySQL database:

    [vagrant@vagrantbox ~]$ docker-compose logs gateway
    Attaching to vagrant_gateway_1
    gateway_1     | apim-provisioning: INFO: checking if a Consul server has been set in the SSG_CONSUL_IP environment variable
    gateway_1     | apim-provisioning: INFO: no Consul server set via the SSG_CONSUL_IP environment variable
    gateway_1     | apim-provisioning: INFO: checking for an etcd server
    gateway_1     | apim-provisioning: INFO: no etcd server available (neither ETCDCTL_ENDPOINT nor ETCDCTL_DISCOVERY_SRV were set in the environment
    gateway_1     | apim-provisioning: INFO: validating the collected config
    gateway_1     | apim-provisioning: INFO: done validating the collected config
    gateway_1     | apim-provisioning: INFO: starting the process controller
    gateway_1     | Starting Gateway Services: [  OK  ]
    gateway_1     | apim-provisioning: INFO: waiting for the process controller to start up
    gateway_1     | apim-provisioning: INFO: process controller is not running yet.
    gateway_1     | apim-provisioning: INFO: process controller is not running yet.
    gateway_1     | apim-provisioning: INFO: waiting for MySQL to become ready
    gateway_1     | apim-provisioning: INFO: running gateway's headless autoconfig
    gateway_1     | Exception configuring gateway: Error saving configuration 'Error during node configuration 'Database connection error 'Access denied for user 'test'@'10.1.2.2' (using password: YES)'.''
    gateway_1     | apim-provisioning: ERROR: gateway headless autoconfig failed
    gateway_1     | apim-provisioning: INFO: checking if a Consul server has been set in the SSG_CONSUL_IP environment variable
    gateway_1     | apim-provisioning: INFO: no Consul server set via the SSG_CONSUL_IP environment variable
    gateway_1     | apim-provisioning: INFO: checking for an etcd server
    gateway_1     | apim-provisioning: INFO: no etcd server available (neither ETCDCTL_ENDPOINT nor ETCDCTL_DISCOVERY_SRV were set in the environment
    gateway_1     | apim-provisioning: INFO: validating the collected config
    gateway_1     | apim-provisioning: INFO: done validating the collected config
    gateway_1     | apim-provisioning: INFO: starting the process controller
    gateway_1     | Starting Gateway Services: [  OK  ]
    gateway_1     | apim-provisioning: INFO: waiting for the process controller to start up
    gateway_1     | apim-provisioning: INFO: process controller is not running yet.
    gateway_1     | apim-provisioning: INFO: process controller is not running yet.
    gateway_1     | apim-provisioning: INFO: waiting for MySQL to become ready
    gateway_1     | apim-provisioning: INFO: running gateway's headless autoconfig
    gateway_1     | Exception configuring gateway: Error saving configuration 'Error during node configuration 'Database connection error 'Access denied for user 'test'@'10.1.2.2' (using password: YES)'.''
    gateway_1     | apim-provisioning: ERROR: gateway headless autoconfig failed

     

    Based on the last few lines, it seems that the API Gateway appears to be attempting to connect to the MySQL database '10.1.2.2' hosted on IP address 10.1.2.2, instead of connecting to the database 'ssg'. Is there another way to force the Gateway to connect to the 'ssg' database (overriding the $SSG_DATABASE_NAME/$SSG_DATABASE_HOST collision that appears to be the problem)?



  • 2.  Re: Dockerized CA API Gateway can't connect to MySQL container

    Broadcom Employee
    Posted May 17, 2017 06:00 PM

    Good afternoon,

     

    The following link - Sample docker-compose Files - CA API Gateway - 9.2 - CA Technologies Documentation - will outline a tested compose file. The couple things that don't align is the quoting around the values and the Links lines to connect the Gateway and MySQL containers.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: Dockerized CA API Gateway can't connect to MySQL container

    Posted May 18, 2017 03:29 PM

    Hi Stephen,

     

    Thanks for your suggestions.

     

    I managed to fix the "Access denied" error I was having above, by implementing a GRANT MySQL statement to configure the MySQL database with access to the ssg database for the "test" and "root" users at the Gateway's IP address.

     

    However, I am still having trouble connecting:

    [vagrant@vagrantbox ~]$ docker-compose logs gateway
    Attaching to vagrant_gateway_1
    gateway_1             | apim-provisioning: INFO: checking if a Consul server has been set in the SSG_CONSUL_IP environment variable
    gateway_1             | apim-provisioning: INFO: no Consul server set via the SSG_CONSUL_IP environment variable
    gateway_1             | apim-provisioning: INFO: checking for an etcd server
    gateway_1             | apim-provisioning: INFO: no etcd server available (neither ETCDCTL_ENDPOINT nor ETCDCTL_DISCOVERY_SRV were set in the environment
    gateway_1             | apim-provisioning: INFO: validating the collected config
    gateway_1             | apim-provisioning: INFO: done validating the collected config
    gateway_1             | apim-provisioning: INFO: starting the process controller
    gateway_1             | Starting Gateway Services: [  OK  ]
    gateway_1             | apim-provisioning: INFO: waiting for the process controller to start up
    gateway_1             | apim-provisioning: INFO: process controller is not running yet.
    gateway_1             | apim-provisioning: INFO: process controller is not running yet.
    gateway_1             | apim-provisioning: INFO: process controller is not running yet.
    gateway_1             | apim-provisioning: INFO: process controller is not running yet.
    gateway_1             | apim-provisioning: INFO: process controller is not running yet.
    gateway_1             | apim-provisioning: INFO: waiting for MySQLto become ready
    gateway_1             | apim-provisioning: INFO: running gateway'sheadless autoconfig
    gateway_1             | Exception configuring gateway: Error saving configuration 'Error during node configuration 'Cannot connect todatabase.''
    gateway_1             | apim-provisioning: ERROR: gateway headlessautoconfig failed

     

    Unfortunately, neither of your suggestions fix this error.

     

    I have verified that I have MySQL connectivity between the Gateway instance the MySQL instance:

    `docker-compose up gateway-db`

    `docker-compose run gateway /bin/bash -c "mysql -hgateway-db -utest -ppassword -e 'exit'"`

     

    At this point, the Gateway database is up and configured, and I am able to connect to it from the would-be Gateway instance. However, when I go to start the actual Gateway instance (including its proper Entrypoint, which is the crucial step to start the actual CA API Gateway), I get the "Cannot connect todatabase" error.



  • 4.  Re: Dockerized CA API Gateway can't connect to MySQL container
    Best Answer

    Broadcom Employee
    Posted May 20, 2017 02:47 PM

    I've been running through some scenarios based on the yml file that you provided. I believe that the way that the cluster is being built is causing you all these errors. If this is a brand new instances you will need to change the SSG_CLUSTER_COMMAND option from join to create and remove the lines - MYSQL_USER=test /  - MYSQL_PASSWORD=password / - MYSQL_DATABASE=ssg - from your yml file otherwise it will not generate the users and the databases properly. This is why you have had to add each item at a time. When you use the create command you need to ensure that you include the "SSG_LICENSE:" in the yml file and ensure that SSG_LICENSE env variable is setup (export SSG_LICENSE="$(cat /c/my-license/LICENSE.xml | gzip | base64)") or the base 64 input is included in the yml file. Once the gateway has been created then change the value to join so that it will only join the cluster not attempt to recreate it. All other nodes in the cluster will now use the join value instead of create.

     

    Error output from starting the gateway

     

    1) Exception configuring gateway: Error saving configuration 'Error during node configuration 'Database connection error 'Access denied for user 'test'@'10.1.2.2' (using password: YES)'.''

     

    When you use the join in the SSG_CLUSTER_COMMAND option and existing configured ssg database and users does not exist. You will need to use the create command so that the database and users are created.

     

    2) Exception configuring gateway: Error saving configuration 'Error during node configuration 'Cannot connect todatabase.''

     

    When you use join in the SSG_CLUSTER_COMMAND option and an existing configured ssg database does not exist, you will see this error. You need to use the create value so that the database is created.

     

    3) Exception configuring gateway: Error creating database when saving configuration
     'Cannot create database: '' [code:2, ALREADY_EXISTS]'
     
    When you use the create option it attempts to connect to the MySQL instance and finds an existing ssg database. You can either change the SSG_CLUSTER_COMMAND option in the yml file from create to join. This does assume that the gateway is joining an existing configured ssg database. The other option is to change the SSG_DATABASE_NAME option to a unique value.

     

    Additional Troubleshooting: Troubleshoot the Gateway Docker Appliance - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support