ibm-datapowerapiconnect

API Management 2018.1 and DataPower 7.7


I am trying to add DataPower 7.7 into API Management 2018.1.

I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).

After configuration I got an error:

8:07:19 mgmt    notice  959         0x00350015  apic-gw-service (default): 
Operational state down

8:07:19 apic-gw-service error   959         0x88e00001  apic-gw-service 
(default): Unexpected queue error: Domain check failed! Please ensure that 
the 'default' domain exists and is enabled. Also, please verify that the API 
Gateway Service is configured with the correct domain and SOMA credentials.

8:07:19 apic-gw-service error   959         0x88e000a0  apic-gw-service 
(default): Failed to initialize gateway environment: datapower

DP version is 7.7.

Please suggest, if you have any information or manuals.

Note: Domain exists, main services are enabled


Solution

  • It's hard to tell what exactly the problem is based on the log messages shown above.

    Update to original answer: See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html

    However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.

    You will need to ensure:

    On DataPower, you need to:

    At that point, you should be able to configure the gateway in the API Connect cloud manager.

    Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)

    For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.

    Create the application domain called apiconnect

    top; configure terminal;
    domain apiconnect; visible default; exit;
    write mem 
    

    Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain

    Then run these commands to create the configuration in the apiconnect domain

      switch apiconnect       
      statistics 
    
      crypto
        key gw_to_apic cert:///your-privkey.cer
        certificate gw_to_apic cert:///your-sscert.cer
        idcred gw_to_apic gw_to_apic gw_to_apic
        ssl-client gwd_to_mgmt
          idcred gw_to_apic
          no validate-server-cert
        exit 
        ssl-server gwd_to_mgmt
          idcred gw_to_apic
          no request-client-auth
          validate-client-cert off 
        exit 
      exit
    
      gateway-peering apic
        admin-state enabled
        local-address 1.1.1.1 
        local-port 15379
        monitor-port 25379
        priority 100
        enable-ssl off
        enable-peer-group off
        persistence local
      exit
    
      apic-gw-service
        admin-state enabled
        local-address 0.0.0.0
        local-port 3000
        api-gw-address 0.0.0.0
        api-gw-port 9443
        v5-compatibility-mode on
        gateway-peering apic
        ssl-server gwd_to_mgmt
        ssl-client gwd_to_mgmt
      exit
    
      write mem