Layer7 API Management

There is a need to copy few cluster-wide properties from Dev to QA since there are around 50 key-value pairs,is this properties file get stored somewhere on the server side so that its eazy to copy from one to another server.pls advice

Hi There,

I guess one would have a few options to achieve such.

For example, one can use the restman API and get the list of all the CWP from one server by running something like:

https://<yourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

(Export the output to XML)

Or use a CURL command such as

curl -k -H "Authorization: Basic <encoded user:pass>" -X GET https://<YourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

One you have this output - paste it into an XML file (see how to in Need to update cluster wide properties for service with RESTman service )

Then use something like the below to import into the destination GW:

curl -k -H "Authorization: Basic <encoded user:pass>" -H "Content-Type: text/xml" -X POST -d @<xmlfile create>  https://<YourTargetGWHost>:9443/restman/1.0/clusterProperties

Hope this helps.

Kind Regards,

Amit.

Executed below as cited

curl -k -H "-H "Authorization: Basic c2hhcmF0adsDpTYWliYWJhQDE=" -X GET https://localhost:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties >>output.xml

When I checked output.xml it doesn't contain the relevant key-value pairs, but rather contains the following.Am just wondering did you try this at your end and are you able to see any of the clusterwide properties(CWP) that defined exist in the output file?

Below is my output file rather doesn't contain any sensitive info this my lab and copied part of the file since the file is bit huge but doesn't contain the CWkey-valueue pair am looking for.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>API Resources</title>
<link type="text/css" rel="stylesheet" href="docStyle.css"/>
<link type="text/css" rel="stylesheet" href="rest-api-doc-styles.css"/>
</head>
<body>
<div id="top-container">
<div id="header-container">
<div class="header container">
<a class="logo" title="CA Technologies" href="home.html"></a>
<h1>REST Management API</h1>
</div>
</div>
<div id="content-container" class="container">
<div id="content">
<div id="content-body">
<div class="content-contents"><div xmlns="http://www.w3.org/1999/xhtml" xmlns:wadl="http://wadl.dev.java.net/2009/02" id="rest-api-docs">
<h1>Resources</h1>
<div class="table-of-contents">
<p>
<strong>Page Contents</strong>
</p>
<ul>
<li>
<a href="#1.0/activeConnectors">Active Connector</a>
</li>
<li>
<a href="#1.0/assertionSecurityZones">Assertion Security Zone</a>
</li>
<li>
<a href="#1.0/bundle">Bundle</a>
</li>
<li>
<a href="#1.0/cassandraConnections">Cassandra Connection</a>
</li>
<li>
<a href="#1.0/trustedCertificates">Certificate</a>
</li>
<li>
<a href="#1.0/clusterProperties">Cluster Property</a>
</li>
<li>
<a href="#1.0/customKeyValues">Custom Key Value Store</a>
</li>
<li>
<a href="#1.0/emailListeners">Email Listener</a>
</li>
<li>
<a href="#1.0/encapsulatedAssertions">Encapsulated Assertion</a>
</li>
<li>
<a href="#1.0/firewallRules">Firewall Rule</a>
</li>
<li>
<a href="#1.0/folders">Folder</a>
</li>
<li>
<a href="#1.0/genericEntities">Generic Entity</a>
</li>
<li>
<a href="#1.0/groups">Group</a>
</li>
<li>
<a href="#1.0/httpConfigurations">Http Configuration</a>
</li>
<li>
<a href="#1.0/identityProviders">Identity Provider</a>
</li>
<li>
<a href="#1.0/interfaceTags">Interface Tag</a>
</li>
<li>
<a href="#1.0/jdbcConnections">JDBC Connection</a>
</li>
<li>
<a href="#1.0/jmsDestinations">JMS Destination</a>
</li>
<li>

</table>
</div>
</div>
<h5 class="response-title">Response</h5>
<div class="response-body">
<h6 class="body-title">Body</h6>
<div class="body-doc">A reference to the newly created or updated work queue.</div>
</div>
</div>
</div>
<div class="api-call">
<h3 class="call-title">Delete</h3>
<div class="api-call-content">
<div class="doc">Deletes an existing work queue.</div>
<div class="request">
<h5 class="request-title">Request</h5>
<div class="request-body">
<div class="resource-path">DELETE 1.0/workQueues/{id}</div>
<table cellspacing="0" cellpadding="0" class="params-table">
<caption>Path Parameters</caption>
<tr>
<th>Param</th>
<th>Type</th>
<th>Description</th>
</tr>
<tr>
<td>id</td>
<td>string</td>
<td>The ID of the work queue to delete.</td>
</tr>
</table>
</div>
</div>
<h5 class="response-title">Response</h5>
<div class="response-body">No Response Body</div>
</div>
</div>
<div class="api-call">
<h3 class="call-title">Get</h3>
<div class="api-call-content">
<div class="doc">Returns a work queue with the given ID.</div>
<div class="request">
<h5 class="request-title">Request</h5>
<div class="request-body">
<div class="resource-path">GET 1.0/workQueues/{id}</div>
<table cellspacing="0" cellpadding="0" class="params-table">
<caption>Path Parameters</caption>
<tr>
<th>Param</th>
<th>Type</th>
<th>Description</th>
</tr>
<tr>
<td>id</td>
<td>string</td>
<td>The ID of the Cassandra connection to return</td>
</tr>
</table>
</div>
</div>
<h5 class="response-title">Response</h5>
<div class="response-body">
<h6 class="body-title">Body</h6>
<div class="body-doc">
<wadl:doc xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" xmlns:xsd="http://www.w3.org/2001/XMLSchema">The work queue.</wadl:doc>
</div>
<table class="body-info-table">
<tr>
<td class="body-info">Element</td>
<td>l7:Item</td>
</tr>
</table>
</div>
</div>
</div>
<div class="api-call">
<h3 class="call-title">Template</h3>
<div class="api-call-content">
<div class="doc">Returns a template, which is an example work queue that can be used as a reference for what work queue
objects should look like.</div>
<div class="request">
<h5 class="request-title">Request</h5>
<div class="request-body">
<div class="resource-path">GET 1.0/workQueues/template</div>
</div>
</div>
<h5 class="response-title">Response</h5>
<div class="response-body">
<h6 class="body-title">Body</h6>
<div class="body-doc">
<wadl:doc xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" xmlns:xsd="http://www.w3.org/2001/XMLSchema">The template work queue.</wadl:doc>
</div>
<table class="body-info-table">
<tr>
<td class="body-info">Element</td>
<td>l7:Item</td>
</tr>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="content-menu">
<div class="menu-wrapper">
<div class="menu">
<ul>
<li><a href="home.html">Getting Started</a></li>
<li><a href="authentication.html">Authentication</a></li>
<li><a href="restDoc.html">Resources</a></li>
<li><a href="gmu.html">Gateway Migration Utility</a></li>
<li><a href="migration.html">Migration</a></li>
<li><a href="migration-example.html">Migration Example</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

Hello PopleysYsb ,

/restman/1.0/doc/restDoc.html#1.0/clusterProperties is the uri for help/document,

/restman/1.0/clusterProperties is the uri to CRUD the CWP resource.

Please run GET on /restman/1.0/clusterProperties to list the CWP.

For more details of this api, you may use a browser to view the help/document, https://<YourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

Regards,

Mark

Thanks for the info.Is there any similar URI for Manage passwords to export and import?

from restman, you can list the stored password, but I don't think you can get the value of password,

https://<your gateway>:9443/restman/1.0/doc/restDoc.html#1.0/passwords 

You may need GMU to migrate stored password.

Complex to understand the stuff in the link. Would you mind taking an example of migrating from Dev to prod env that is stored a password to manage passwords assume the password is similar in dev and prod for a client secret of routing URL which is again an oAuth?

Dear SHARATH YERAMALLA,

From another discussion, it seems you're trying to migrate otk.

The beauty of GMU is, when you migrateOut an entity, all dependent entities will be migrateOut as well.

ie. if you have a service using stored password, when you migrate  the service, stored password will be migrated, too.

To migrate OTK, you can use option --all to migrate everything, then it will include OTK, as showed in product document.

Here is an example only migrate the OTK folder,

./GatewayMigrationUtility.sh migrateOut --argFile sourcearg.txt --encassAsPolicyDependency --dest OTK.xml --folderName /OTK
./GatewayMigrationUtility.sh migrateIn --argFile targetarg.txt --bundle OTK.xml

NOTE0: you may need to map jdbc connection before migrateIn, as different env should have different database.

./GatewayMigrationUtility.sh manageMappings --bundle OTK.xml --type JDBC_CONNECTION --srcName <src jdbc name> --targetName <target jdbc name>

NOTE1: --encassAsPolicyDependency is required, otherwise the OTK encapsulated assertion cannot migrate.

NOTE2: argument file is used to connect to the gateway, here is a common sample of argument file,

host=<gateway hostname>
username=admin
plaintextPassword=7layer
encryptUsingClusterPassphrase
trustCertificate
trustHostname
results=<any name of result file>.xml

You can change the host/username/password etc. to connect to source and target server.

NOTE3: in argument file, encryptUsingClusterPassphrase will be used to encrypt stored password, that means the encryptionPassphrase needs to be the same for both migrateOut and migrateIn, otherwise the when migrateIn you will fail to migrateIn as you fail to decrypt. As we don't specify encryptionPassphrase, we are using cluster passphrase to encrypt, that means the lower and higher env need to be configured with same cluster passphrase (on gateway main menu when install gateway)

You can use plaintextEncryptionPassphrase, or encryptionPassphrase, to replace encryptUsingClusterPassphrase, refer to the product document for the details.

NOTE4:the above will not migrate solution kit settings, ie. on higher env, the Manage Solution kits task will not show the migrated OTK, as we don't need to install otk again on higher env. (and we don't need to manage solution kit on prod env,  any change should be done on lower env, and then migrate to prod env)

NOTE5:

If you also have MAG install on the gateway, you cannot migrate them separately, as I found that they depend on each other. We need to migrate them altogether,

./GatewayMigrationUtility.sh migrateOut --argFile sourcearg.txt --encassAsPolicyDependency --dest OTK_MAG.xml --folderName /OTK --folderName /MAG
./GatewayMigrationUtility.sh migrateIn --argFile targetarg.txt --bundle OTK_MAG.xml

Regards,

Mark