While creating NodeJS based services for one of the project, I realise we need an good open source API Gateway.
By the way, what is API gateway ?
"An API Gateway is a server that is the single entry point into the system. It is similar to the Facade pattern from object‑oriented design. The API Gateway encapsulates the internal system architecture and provides an API that is tailored to each client. It might have other responsibilities such as authentication, monitoring, load balancing, caching, request shaping and management, and static response handling" - Quoted from here.
But you must be thinking, go and use AWS or Azure for hosting Services and they all come up with API mangement or gateway features. Our issue was PII data which we only host with trusted datacenter partner. So we need on-premise API Gateway which can scale if required & atleast free for initial instalation on production to tryout how it goes.
So we zoomed on Tyk after couple of options. We like it because of simplicty of its instalation, interface & easy to follow documentation.
In our case, Tyk Gateway will take inbound requests, run them through a set of middleware components which apply transforms and any other service-specific operations, and then proxy the request out again to the origin, intercepting the response, running a set of response middleware and then returning
Sharing my quick instalation script for Tyk Gateway on RHEL, it may help somebody else. Script assume it is clean & fresh RHEL instance to which you have Sudo access, still in some place you may need to change or add additional commands as per your context.
But before starting with Gateway script following is script to setup machine quick
But before starting with Gateway script following is script to setup machine quick
Machine Setup Commands -------------------- yum upgrade yum install -y NetworkManager-tui nano wget #use ip addr command to see the current network interface name then set it up to be used by network manager nano /etc/sysconfig/network-scripts/ifcfg-ens33 #change the address to below nmtui edit ens33 #add the google DNS & local dns nano /etc/resolv.conf #add the local hostname nano /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 dev.apigateway.com ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.171.130 dev.apigateway.com 192.168.171.130 portal.apigateway.com #restart the network service systemctl restart network.service ping dev.apigateway.com ping portal.apigateway.com sudo firewall-cmd --zone=public --add-port=27017/tcp --permanent sudo firewall-cmd --reload
Now following is Gateway instalation code..
STEP-A - Gateway Instalation -------------------- TYK-Gateway Installation -------------------- Step-1 ------ sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent sudo firewall-cmd --reload sudo yum install pygpgme yum-utils wget Step-2 ------ nano /etc/yum.repos.d/tyk_tyk-gateway.repo #Copy & Paste below [tyk_tyk-gateway] name=tyk_tyk-gateway baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-gateway-source] name=tyk_tyk-gateway-source baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt Step-3 ------ #Make sure you refer latest epel version for example i changed it to epel 7-8 to 7-10 cd GatewayInstall wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm sudo rpm -ivh epel-release-7-10.noarch.rpm sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-gateway' --enablerepo=epel info zabbix Step-4 ------ ##In order to allow your custom port from default linux firewalls sudo firewall-cmd --zone=public --add-port=6379/tcp --permanent sudo firewall-cmd --reload sudo yum install -y redis tyk-gateway sudo /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" Step-5 ------ sudo service redis start ---------------------- STEP-B - Dashboard Instalation -------------------- TYK-Dashboard Installation -------------------- Step-1 ------ #ignore if already done yum install pygpgme yum-utils wget Step-2 ------ nano /etc/yum.repos.d/tyk_tyk-dashboard.repo #Copy & Paste below [tyk_tyk-dashboard] name=tyk_tyk-dashboard baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-dashboard-source] name=tyk_tyk-dashboard-source baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt Step-4 ------ nano /etc/yum.repos.d/mongodb-org-3.0.repo #Copy & Paste below [mongodb-org-3.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/ gpgcheck=0 enabled=1 Step-5 ------ sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-dashboard' info zabbix Step-6 ------ sudo yum install -y mongodb-org tyk-dashboard Step-7 ------ sudo firewall-cmd --zone=public --add-port=3000/tcp --permanent sudo firewall-cmd --reload sudo /opt/tyk-dashboard/install/setup.sh --listenport=3000 --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics --tyk_api_hostname=$HOSTNAME --tyk_node_hostname=http://localhost --tyk_node_port=8080 --portal_root=/portal --domain="apigateway.com" sudo service tyk-dashboard start #enter the license by browsing the url & restart the service sudo service tyk-dashboard restart #Configuring Tyk Gateway with Dashboard sudo /opt/tyk-gateway/install/setup.sh --dashboard=1 --listenport=8080 --redishost=localhost --redisport=6379 #Boostrap the Dashboard sudo /opt/tyk-dashboard/install/bootstrap.sh apigateway.com:3000 TYK-PUMP Installation --------------------- Step-1 ------ nano /etc/yum.repos.d/tyk_tyk-pump.repo #copy paste below [tyk_tyk-pump] name=tyk_tyk-pump baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-pump-source] name=tyk_tyk-pump-source baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt Step-2 ------ sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-pump' info zabbix sudo yum install -y tyk-pump Step-3 ------ sudo /opt/tyk-pump/install/setup.sh --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics sudo service tyk-pump startFollowing are quick service commands
Service Start Commands for gateway
-------------------
service mongod stop
service redis stop
service tyk-gateway stop
service tyk-dashboard stop
service tyk-pump stop
service mongod restart
service redis restart
service tyk-gateway restart
service tyk-dashboard restart
service tyk-pump restart
service mongod start
service redis start
service tyk-gateway start
service tyk-dashboard start
service tyk-pump start
-------------------
After installing Mongo as default, i realised that this will not scale as we analytics portion of gateway will quickly eat GB's, so need to shift mongo data directory to its dedicated drive. While good thing with this gateway is even if mongo server is choked, API gateway still continue to work, which saved the day.
#Better to change dbpath so that mongo don't run under default directory, assume here new dbpath to be is /data02/mongodb/ #http://blog.carl.pro/2016/07/installing-mongodb-on-rhel-defining-a-custom-data-directory sudo service mongod stop cd /var/lib/mongodb cp -rf mongodb /data02/mongodb/ cd /data02/ sudo mkdir /data02/mongodb/ cd /data02/mongodb/ sudo chown -R mongod:mongod /data02/mongodb/ sudo chmod -R 700 mongodb/ #Change dbpath to above example directory /data02/mongodb/ nano /etc/mongod.conf #if SELinux enabled sestatus yum install policycoreutils-python semanage fcontext -a -t mongod_var_lib_t '/data02/mongodb/' restorecon -v '/data02/mongodb/' semanage port -a -t mongod_port_t -p tcp 27017 sudo service mongod start # test if mongodb user can access new location: sudo -u mongodb -s cd /data02/mongodb/
Will write more on how we develop our NodeJS service & share our learning.
No comments:
Post a Comment