API Management 2018.1和DataPower 7.7 [英] API Management 2018.1 and DataPower 7.7
问题描述
我正在尝试将DataPower 7.7添加到API Management 2018.1中.
I am trying to add DataPower 7.7 into API Management 2018.1.
我需要在DataPower中配置API Connect网关服务(新的APIC 2018.1不适用于XML Management Service).
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).
配置后出现错误:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP版本为7.7.
DP version is 7.7.
如果您有任何信息或手册,请提出建议.
Please suggest, if you have any information or manuals.
注意:域存在,已启用主要服务
Note: Domain exists, main services are enabled
推荐答案
根据上面显示的日志消息很难确定问题的确切原因.
It's hard to tell what exactly the problem is based on the log messages shown above.
更新为原始答案: 另请参阅IBM API Connect知识中心现在提供的文档:
Update to original answer: See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
但是,以下是配置DataPower网关以与API Connect 2018.x一起使用的基本步骤.
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.
您需要确保:
- DataPower运行的是DP 7.7.0.0或更高版本.
- 您已安装AppOpt许可证. (使用DataPower CLI中的显示许可证"命令进行确认.)
- 您有一个共享证书和一个私钥,用于保护 API Connect管理服务器与 网关.
- DataPower is running DP 7.7.0.0 or higher.
- You have the AppOpt license installed. (Use the "show license" command in the DataPower CLI to confirm.)
- You have a shared certificate and a private key for securing the communication between the API Connect management server and the gateway.
在DataPower上,您需要:
On DataPower, you need to:
- 创建一个应用程序域.所有后续配置都应在应用程序域中完成.
- 启用统计信息
- 将您的私钥和共享证书上传到应用程序域中的cert://目录.
- 使用您的密钥和证书创建一个加密密钥对象,一个加密证书和一个加密标识凭证对象.
- 创建引用加密标识凭据对象的SSL客户端配置文件和SSL服务器配置文件.
- 配置网关对等对象.
- 在应用程序域中配置并启用API Connect网关服务.
到那时,您应该能够在API Connect云管理器中配置网关.
At that point, you should be able to configure the gateway in the API Connect cloud manager.
这是DataPower CLI命令,用于创建基本配置.在以下配置中,IP地址1.1.1.1代表DataPower设备上的本地IP地址.从API Connect管理服务器到网关的流量将发送到端口3000.API请求将转到端口9443(但您可以根据需要将其更改为更标准的端口443.)
Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)
对于生产环境,您将希望以此配置为基础,以确保您在对等组中至少使用3个网关来运行,但这将使您入门.
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
使用Web GUI将您的私钥和共享证书上载到apiconnect域中的cert://文件夹中
然后运行这些命令以在apiconnect域中创建配置
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
这篇关于API Management 2018.1和DataPower 7.7的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!