Layer 7 API Management

Expand all | Collapse all

cluster wide properties

  • 1.  cluster wide properties

    Posted 07-19-2018 09:27 PM

    There is a need to copy few cluster-wide properties from Dev to QA since there are around 50 key-value pairs,is this properties file get stored somewhere on the server side so that its eazy to copy from one to another server.pls advice



  • 2.  Re: cluster wide properties

    Posted 07-20-2018 12:53 AM

    Hi There,

     

    I guess one would have a few options to achieve such.

     

    For example, one can use the restman API and get the list of all the CWP from one server by running something like:

     

    https://<yourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

     

    (Export the output to XML)

     

    Or use a CURL command such as

     

    curl -k -H "Authorization: Basic <encoded user:pass>" -X GET https://<YourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

     

    One you have this output - paste it into an XML file (see how to in Need to update cluster wide properties for service with RESTman service )

     

    Then use something like the below to import into the destination GW:

     

    curl -k -H "Authorization: Basic <encoded user:pass>" -H "Content-Type: text/xml" -X POST -d @<xmlfile create>  https://<YourTargetGWHost>:9443/restman/1.0/clusterProperties

     

    Hope this helps.

     

    Kind Regards,

     

    Amit.



  • 3.  Re: cluster wide properties

    Posted 07-21-2018 10:50 AM

    Executed below as cited

    curl -k -H "-H "Authorization: Basic c2hhcmF0adsDpTYWliYWJhQDE=" -X GET https://localhost:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties >>output.xml

    When I checked output.xml it doesn't contain the relevant key-value pairs, but rather contains the following.Am just wondering did you try this at your end and are you able to see any of the clusterwide properties(CWP) that defined exist in the output file?

    Below is my output file rather doesn't contain any sensitive info this my lab and copied part of the file since the file is bit huge but doesn't contain the CWkey-valueue pair am looking for.

     

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>API Resources</title>
    <link type="text/css" rel="stylesheet" href="docStyle.css"/>
    <link type="text/css" rel="stylesheet" href="rest-api-doc-styles.css"/>
    </head>
    <body>
    <div id="top-container">
    <div id="header-container">
    <div class="header container">
    <a class="logo" title="CA Technologies" href="home.html"></a>
    <h1>REST Management API</h1>
    </div>
    </div>
    <div id="content-container" class="container">
    <div id="content">
    <div id="content-body">
    <div class="content-contents"><div xmlns="http://www.w3.org/1999/xhtml" xmlns:wadl="http://wadl.dev.java.net/2009/02" id="rest-api-docs">
    <h1>Resources</h1>
    <div class="table-of-contents">
    <p>
    <strong>Page Contents</strong>
    </p>
    <ul>
    <li>
    <a href="#1.0/activeConnectors">Active Connector</a>
    </li>
    <li>
    <a href="#1.0/assertionSecurityZones">Assertion Security Zone</a>
    </li>
    <li>
    <a href="#1.0/bundle">Bundle</a>
    </li>
    <li>
    <a href="#1.0/cassandraConnections">Cassandra Connection</a>
    </li>
    <li>
    <a href="#1.0/trustedCertificates">Certificate</a>
    </li>
    <li>
    <a href="#1.0/clusterProperties">Cluster Property</a>
    </li>
    <li>
    <a href="#1.0/customKeyValues">Custom Key Value Store</a>
    </li>
    <li>
    <a href="#1.0/emailListeners">Email Listener</a>
    </li>
    <li>
    <a href="#1.0/encapsulatedAssertions">Encapsulated Assertion</a>
    </li>
    <li>
    <a href="#1.0/firewallRules">Firewall Rule</a>
    </li>
    <li>
    <a href="#1.0/folders">Folder</a>
    </li>
    <li>
    <a href="#1.0/genericEntities">Generic Entity</a>
    </li>
    <li>
    <a href="#1.0/groups">Group</a>
    </li>
    <li>
    <a href="#1.0/httpConfigurations">Http Configuration</a>
    </li>
    <li>
    <a href="#1.0/identityProviders">Identity Provider</a>
    </li>
    <li>
    <a href="#1.0/interfaceTags">Interface Tag</a>
    </li>
    <li>
    <a href="#1.0/jdbcConnections">JDBC Connection</a>
    </li>
    <li>
    <a href="#1.0/jmsDestinations">JMS Destination</a>
    </li>
    <li>

    </table>
    </div>
    </div>
    <h5 class="response-title">Response</h5>
    <div class="response-body">
    <h6 class="body-title">Body</h6>
    <div class="body-doc">A reference to the newly created or updated work queue.</div>
    </div>
    </div>
    </div>
    <div class="api-call">
    <h3 class="call-title">Delete</h3>
    <div class="api-call-content">
    <div class="doc">Deletes an existing work queue.</div>
    <div class="request">
    <h5 class="request-title">Request</h5>
    <div class="request-body">
    <div class="resource-path">DELETE 1.0/workQueues/{id}</div>
    <table cellspacing="0" cellpadding="0" class="params-table">
    <caption>Path Parameters</caption>
    <tr>
    <th>Param</th>
    <th>Type</th>
    <th>Description</th>
    </tr>
    <tr>
    <td>id</td>
    <td>string</td>
    <td>The ID of the work queue to delete.</td>
    </tr>
    </table>
    </div>
    </div>
    <h5 class="response-title">Response</h5>
    <div class="response-body">No Response Body</div>
    </div>
    </div>
    <div class="api-call">
    <h3 class="call-title">Get</h3>
    <div class="api-call-content">
    <div class="doc">Returns a work queue with the given ID.</div>
    <div class="request">
    <h5 class="request-title">Request</h5>
    <div class="request-body">
    <div class="resource-path">GET 1.0/workQueues/{id}</div>
    <table cellspacing="0" cellpadding="0" class="params-table">
    <caption>Path Parameters</caption>
    <tr>
    <th>Param</th>
    <th>Type</th>
    <th>Description</th>
    </tr>
    <tr>
    <td>id</td>
    <td>string</td>
    <td>The ID of the Cassandra connection to return</td>
    </tr>
    </table>
    </div>
    </div>
    <h5 class="response-title">Response</h5>
    <div class="response-body">
    <h6 class="body-title">Body</h6>
    <div class="body-doc">
    <wadl:doc xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" xmlns:xsd="http://www.w3.org/2001/XMLSchema">The work queue.</wadl:doc>
    </div>
    <table class="body-info-table">
    <tr>
    <td class="body-info">Element</td>
    <td>l7:Item</td>
    </tr>
    </table>
    </div>
    </div>
    </div>
    <div class="api-call">
    <h3 class="call-title">Template</h3>
    <div class="api-call-content">
    <div class="doc">Returns a template, which is an example work queue that can be used as a reference for what work queue
    objects should look like.</div>
    <div class="request">
    <h5 class="request-title">Request</h5>
    <div class="request-body">
    <div class="resource-path">GET 1.0/workQueues/template</div>
    </div>
    </div>
    <h5 class="response-title">Response</h5>
    <div class="response-body">
    <h6 class="body-title">Body</h6>
    <div class="body-doc">
    <wadl:doc xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" xmlns:xsd="http://www.w3.org/2001/XMLSchema">The template work queue.</wadl:doc>
    </div>
    <table class="body-info-table">
    <tr>
    <td class="body-info">Element</td>
    <td>l7:Item</td>
    </tr>
    </table>
    </div>
    </div>
    </div>
    </div>
    </div>
    </div>
    </div>
    </div>
    <div id="content-menu">
    <div class="menu-wrapper">
    <div class="menu">
    <ul>
    <li><a href="home.html">Getting Started</a></li>
    <li><a href="authentication.html">Authentication</a></li>
    <li><a href="restDoc.html">Resources</a></li>
    <li><a href="gmu.html">Gateway Migration Utility</a></li>
    <li><a href="migration.html">Migration</a></li>
    <li><a href="migration-example.html">Migration Example</a></li>
    </ul>
    </div>
    </div>
    </div>
    </div>
    </div>
    </div>
    </body>
    </html>



  • 4.  Re: cluster wide properties

    Posted 07-22-2018 07:00 PM

    Hello PopleysYsb ,

    /restman/1.0/doc/restDoc.html#1.0/clusterProperties is the uri for help/document,

    /restman/1.0/clusterProperties is the uri to CRUD the CWP resource.

     

    Please run GET on /restman/1.0/clusterProperties to list the CWP.

     

    For more details of this api, you may use a browser to view the help/document, https://<YourSourceGWHost>:9443/restman/1.0/doc/restDoc.html#1.0/clusterProperties

     

    Regards,

    Mark



  • 5.  Re: cluster wide properties

    Posted 07-29-2018 03:57 AM

    Thanks for the info.Is there any similar URI for Manage passwords to export and import?



  • 6.  Re: cluster wide properties

    Posted 07-30-2018 08:19 PM

    from restman, you can list the stored password, but I don't think you can get the value of password,

    https://<your gateway>:9443/restman/1.0/doc/restDoc.html#1.0/passwords 

     

    You may need GMU to migrate stored password.



  • 7.  Re: cluster wide properties

    Posted 08-02-2018 09:09 PM

    Complex to understand the stuff in the link. Would you mind taking an example of migrating from Dev to prod env that is stored a password to manage passwords assume the password is similar in dev and prod for a client secret of routing URL which is again an oAuth?



  • 8.  Re: cluster wide properties

    Posted 08-03-2018 01:55 AM

    Dear SHARATH YERAMALLA,

    From another discussion, it seems you're trying to migrate otk.

    The beauty of GMU is, when you migrateOut an entity, all dependent entities will be migrateOut as well.

    ie. if you have a service using stored password, when you migrate  the service, stored password will be migrated, too.

     

    To migrate OTK, you can use option --all to migrate everything, then it will include OTK, as showed in product document.

     

    Here is an example only migrate the OTK folder,

    ./GatewayMigrationUtility.sh migrateOut --argFile sourcearg.txt --encassAsPolicyDependency --dest OTK.xml --folderName /OTK
    ./GatewayMigrationUtility.sh migrateIn --argFile targetarg.txt --bundle OTK.xml

     

    NOTE0: you may need to map jdbc connection before migrateIn, as different env should have different database.

    ./GatewayMigrationUtility.sh manageMappings --bundle OTK.xml --type JDBC_CONNECTION --srcName <src jdbc name> --targetName <target jdbc name>

     

    NOTE1: --encassAsPolicyDependency is required, otherwise the OTK encapsulated assertion cannot migrate.

     

    NOTE2: argument file is used to connect to the gateway, here is a common sample of argument file,

    host=<gateway hostname>
    username=admin
    plaintextPassword=7layer
    encryptUsingClusterPassphrase
    trustCertificate
    trustHostname
    results=<any name of result file>.xml

     

    You can change the host/username/password etc. to connect to source and target server.

     

    NOTE3: in argument file, encryptUsingClusterPassphrase will be used to encrypt stored password, that means the encryptionPassphrase needs to be the same for both migrateOut and migrateIn, otherwise the when migrateIn you will fail to migrateIn as you fail to decrypt. As we don't specify encryptionPassphrase, we are using cluster passphrase to encrypt, that means the lower and higher env need to be configured with same cluster passphrase (on gateway main menu when install gateway)

     

    You can use plaintextEncryptionPassphrase, or encryptionPassphrase, to replace encryptUsingClusterPassphrase, refer to the product document for the details.

     

    NOTE4:the above will not migrate solution kit settings, ie. on higher env, the Manage Solution kits task will not show the migrated OTK, as we don't need to install otk again on higher env. (and we don't need to manage solution kit on prod env,  any change should be done on lower env, and then migrate to prod env)

     

    NOTE5:

    If you also have MAG install on the gateway, you cannot migrate them separately, as I found that they depend on each other. We need to migrate them altogether,

    ./GatewayMigrationUtility.sh migrateOut --argFile sourcearg.txt --encassAsPolicyDependency --dest OTK_MAG.xml --folderName /OTK --folderName /MAG
    ./GatewayMigrationUtility.sh migrateIn --argFile targetarg.txt --bundle OTK_MAG.xml

     

    Regards,

    Mark