API Management 2018.1和DataPower 7.7
[英]API Management 2018.1 and DataPower 7.7
问题描述
I am trying to add DataPower 7.7 into API Management 2018.1. 
我正在尝试将DataPower 7.7添加到API Management 2018.1中。
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service). 我需要在DataPower中配置API Connect Gateway Service(新的APIC 2018.1不适用于XML Management Service)。
After configuration I got an error: 配置后,我得到一个错误:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP version is 7.7. DP版本为7.7。
Please suggest, if you have any information or manuals. 如果您有任何信息或手册,请提出建议。
Note: Domain exists, main services are enabled 注意:域存在,已启用主要服务
2 个解决方案
解决方案1
2 已采纳 2018-06-21 12:54:41
It's hard to tell what exactly the problem is based on the log messages shown above. 根据上面显示的日志消息很难分辨出问题的确切原因。
Update to original answer: See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html 更新为原始答案:另请参阅IBM API Connect知识中心现在提供的文档: https : //www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x. 但是,以下是配置DataPower网关以与API Connect 2018.x一起使用的基本步骤。
You will need to ensure: 您将需要确保:
- DataPower is running DP 7.7.0.0 or higher. DataPower正在运行DP 7.7.0.0或更高版本。
- You have the AppOpt license installed. 您已安装AppOpt许可证。 (Use the “show license” command in the DataPower CLI to confirm.) (使用DataPower CLI中的“ show license”命令进行确认。)
- You have a shared certificate and a private key for securing the communication between the API Connect management server and the gateway. 您具有共享证书和私钥,用于保护API Connect管理服务器和网关之间的通信。
On DataPower, you need to: 在DataPower上,您需要:
- Create an application domain. 创建一个应用程序域。 All of the subsequent configuration should be done in the application domain. 所有后续配置均应在应用程序域中完成。
- Enable statistics 启用统计
- Upload your private key and shared certificate to the cert:// directory in the application domain. 将您的私钥和共享证书上载到应用程序域中的cert://目录。
- Create a crypto key object, a crypto certificate and a crypto identification credentials object using your key and certificate. 使用您的密钥和证书创建一个加密密钥对象,一个加密证书和一个加密标识凭证对象。
- Create an SSL client profile and an SSL server profile that reference the crypto identification credential object. 创建引用加密标识凭据对象的SSL客户端配置文件和SSL服务器配置文件。
- Configure a gateway-peering object. 配置网关对等对象。
- Configure and enable the API Connect Gateway Service in the application domain. 在应用程序域中配置并启用API Connect网关服务。
At that point, you should be able to configure the gateway in the API Connect cloud manager. 届时,您应该能够在API Connect云管理器中配置网关。
Here are the DataPower CLI commands to create a basic configuration. 这是用于创建基本配置的DataPower CLI命令。 In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. 在以下配置中,IP地址1.1.1.1代表DataPower设备上的本地IP地址。 Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.) 从API Connect管理服务器到网关的流量将发送到端口3000。API请求将发送到端口9443(但您可以根据需要将其更改为更标准的端口443。)
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started. 对于生产环境,您将需要在此配置上构建,以确保您在对等组中至少使用3个网关运行,但这可以帮助您入门。
Create the application domain called apiconnect 创建名为apiconnect的应用程序域
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain 使用Web GUI将您的私钥和共享证书上载到apiconnect域中的cert://文件夹
Then run these commands to create the configuration in the apiconnect domain 然后运行这些命令以在apiconnect域中创建配置
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
解决方案2
0 2018-07-24 22:00:35
The problem you are seeing is an issue with creating your api connect service in the default domain. 您看到的问题是在默认域中创建api连接服务时遇到的问题。 To work around just put your Api Gateway Service in a domain other than default. 要解决此问题,只需将Api网关服务放在默认域以外的域中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.