API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Support required to setup DMZ envrionement for IBM API COnnect 2018

  • 1.  Support required to setup DMZ envrionement for IBM API COnnect 2018

    Posted Wed February 06, 2019 03:07 AM
    Hi ,
    I am trying to setup the test environment for IBM API Connect 2018 and have got stuck at the point where I have to configure the topology in API Cloud manager. 
    I am getting an error saying

    Failed to create analytics service Analytics Server

    An error occurred communicating with the https://analytics-dx8014.etisalat.corp.ae at 'Error: getaddrinfo ENOTFOUND analytics-dx8014.etisalat.corp.ae analytics-dx8014.etisalat.corp.ae:443' (error: 'undefined').



    I am able to telnet from my API management server to Analytics server
    apicadm@dx1816:~$ ping 10.51.166.83
    PING 10.51.166.83 (10.51.166.83) 56(84) bytes of data.
    64 bytes from 10.51.166.83: icmp_seq=1 ttl=64 time=0.276 ms
    64 bytes from 10.51.166.83: icmp_seq=2 ttl=64 time=0.420 ms
    64 bytes from 10.51.166.83: icmp_seq=3 ttl=64 time=0.255 ms
    64 bytes from 10.51.166.83: icmp_seq=4 ttl=64 time=0.277 ms

    I have created the ISO image for both portal and analytics with in the same folder.
    Shared below is the  APIConnect.yaml file :

    apiVersion: v1
    kind: apic.ibm.com/APIConnectCluster
    metadata:
    creationTimestamp: "2019-02-05T12:04:00Z"
    name: SIT
    spec:
    secret-name: SIT
    subsystems:
    - apiVersion: v1
    kind: apic.ibm.com/AnalyticsSubsystem
    metadata:
    creationTimestamp: "2019-02-05T12:04:00Z"
    name: analyt
    spec:
    ApplianceProperties:
    default-password: $6$rounds=4096$6umiI598ng4MaKYE$.PpKsSsEBiUr78U5rhOgLID5qgEDst2e1wSb76o01Zz31WELAO0P7/A4CQ1nWDeBPNe8nvJsMRNos3b2lxDfr.
    dns-servers:
    - 10.55.153.31
    hosts:
    - fqdn: dx8014.etisalat.corp.ae
    interfaces:
    - device: eth0
    gateway: 10.51.166.1
    ip: 10.51.166.83
    mask: 255.255.255.0
    password: MTAuNTEuMTY2LjgzLzI1NS4yNTUuMjU1LjA=
    public-iface: eth0
    search-domain:
    - etisalat.corp.ae
    ssh-keyfiles:
    - C:\Users\Etisalat\.ssh\id_rsa.pub
    traffic-iface: eth0
    CloudProperties:
    mode: dev
    namespace: default
    registry: apiconnect
    SubsystemProperties:
    secret-name: SIT-analyt
    target: appliance
    endpoints:
    analytics-client: analytics-dx8014.etisalat.corp.ae
    analytics-ingestion: ingestion-dx8014.etisalat.corp.ae
    settings: {}
    status: {}
    - apiVersion: v1
    kind: apic.ibm.com/PortalSubsystem
    metadata:
    creationTimestamp: "2019-02-05T12:06:20Z"
    name: port
    spec:
    ApplianceProperties:
    default-password: $6$rounds=4096$6umiI598ng4MaKYE$.PpKsSsEBiUr78U5rhOgLID5qgEDst2e1wSb76o01Zz31WELAO0P7/A4CQ1nWDeBPNe8nvJsMRNos3b2lxDfr.
    dns-servers:
    - 10.55.153.31
    hosts:
    - fqdn: dx1815.etisalat.corp.ae
    interfaces:
    - device: eth0
    gateway: 10.51.166.1
    ip: 10.51.166.197
    mask: 255.255.255.0
    password: MTAuNTEuMTY2LjE5Ny8yNTUuMjU1LjI1NS4w
    public-iface: eth0
    search-domain:
    - etisalat.corp.ae
    ssh-keyfiles:
    - C:\Users\Etisalat\.ssh\id_rsa.pub
    traffic-iface: eth0
    CloudProperties:
    mode: dev
    namespace: default
    registry: apiconnect
    SubsystemProperties:
    secret-name: SIT-port
    target: appliance
    endpoints:
    portal-admin: portal-dx1815.etisalat.corp.ae
    portal-www: ui-dx1815.etisalat.corp.ae
    settings:
    site-backup-host: ""
    site-backup-path: ""
    site-backup-port: 0
    status: {}
    status:
    Ready: false

    Regards
    Susant


    ------------------------------
    Susant Kumar Palai
    ------------------------------


  • 2.  RE: Support required to setup DMZ envrionement for IBM API COnnect 2018

    Posted Thu February 07, 2019 09:12 AM
    If your DataPowers are running in the DMZ and your Analytic cluster is in the trusted zone make sure you follow the firewall requirements for the necessary ports.
    https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/overview_apimgmt_portreqs.html

    Also I had PMR TS001623236 about how to cluster multiple OVAs and there are additional ports necessary, here is the relevant part

    Ports that need to be open between
    • Management Service VMs 442, 2379, 2380, 6443, 7001, 7199, 8778, 9042, 9099, 10248, 10249, 10250,10251, 10252, 10254, 10255, 10256, 18080
    • Ports that need to be open between Developer Portal VMs 3009, 3010, 3306, 3307, 4443, 4444, 4567, 4568, 30865
    • Ports that need to be open between Gateway Service VMs 5550, 5554, 16380, 16381, 26380, 26381
    • Ports that need to be open between Analytics VMs No additional ports are needed


    ------------------------------
    Devin
    IBM Champion - Cloud 2019
    ------------------------------

    Original Message