09 November 2017

Install Tyk Gateway

While creating NodeJS based services for one of the project, I realise we need an good open source API Gateway.

By the way, what is API gateway ?
"An API Gateway is a server that is the single entry point into the system. It is similar to the Facade pattern from object‑oriented design. The API Gateway encapsulates the internal system architecture and provides an API that is tailored to each client. It might have other responsibilities such as authentication, monitoring, load balancing, caching, request shaping and management, and static response handling" - Quoted from here.

But you must be thinking, go and use AWS or Azure for hosting Services and they all come up with API mangement or gateway features. Our issue was PII data which we only host with trusted datacenter partner. So we need on-premise API Gateway which can scale if required & atleast free for initial instalation on production to tryout how it goes. 

So we zoomed on Tyk after couple of options. We like it because of simplicty of its instalation, interface & easy to follow documentation. 

In our case, Tyk Gateway will take inbound requests, run them through a set of middleware components which apply transforms and any other service-specific operations, and then proxy the request out again to the origin, intercepting the response, running a set of response middleware and then returning

Sharing my quick instalation script for Tyk Gateway on RHEL, it may help somebody else. Script assume it is clean & fresh RHEL instance to which you have Sudo access, still in some place you may need to change or add additional commands as per your context.

But  before starting with Gateway script following is script to setup machine quick


Machine Setup Commands
--------------------
yum upgrade
yum install -y NetworkManager-tui nano wget
#use ip addr command to see the current network interface name then set it up to be used by network manager
nano /etc/sysconfig/network-scripts/ifcfg-ens33
#change the address to below    
nmtui edit ens33
#add the google DNS & local dns
nano /etc/resolv.conf
#add the local hostname
nano /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 dev.apigateway.com
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.171.130 dev.apigateway.com
192.168.171.130 portal.apigateway.com
#restart the network service
systemctl restart network.service
ping dev.apigateway.com
ping portal.apigateway.com
sudo firewall-cmd --zone=public --add-port=27017/tcp --permanent
sudo firewall-cmd --reload
Now following is Gateway instalation code..
STEP-A - Gateway Instalation
--------------------
TYK-Gateway Installation
--------------------
Step-1
------
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
sudo yum install pygpgme yum-utils wget
Step-2
------
nano /etc/yum.repos.d/tyk_tyk-gateway.repo
#Copy & Paste below
[tyk_tyk-gateway]
name=tyk_tyk-gateway
baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

[tyk_tyk-gateway-source]
name=tyk_tyk-gateway-source
baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/SRPMS
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Step-3
------
#Make sure you refer latest epel version for example i changed it to epel 7-8 to 7-10
cd GatewayInstall
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm
sudo rpm -ivh epel-release-7-10.noarch.rpm
sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-gateway' 
--enablerepo=epel info zabbix
Step-4
------
##In order to allow your custom port from default linux firewalls
sudo firewall-cmd --zone=public --add-port=6379/tcp --permanent
sudo firewall-cmd --reload
sudo yum install -y redis tyk-gateway
sudo /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost 
--redisport=6379 --domain=""
Step-5
------
sudo service redis start
----------------------



STEP-B - Dashboard Instalation
--------------------
TYK-Dashboard Installation
--------------------
Step-1
------
#ignore if already done
yum install pygpgme yum-utils wget
Step-2
------
nano /etc/yum.repos.d/tyk_tyk-dashboard.repo
#Copy & Paste below
[tyk_tyk-dashboard]
name=tyk_tyk-dashboard
baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

[tyk_tyk-dashboard-source]
name=tyk_tyk-dashboard-source
baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/SRPMS
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Step-4
------
nano /etc/yum.repos.d/mongodb-org-3.0.repo
#Copy & Paste below
[mongodb-org-3.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1

Step-5
------
sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-dashboard' info zabbix

Step-6
------
sudo yum install -y mongodb-org tyk-dashboard

Step-7
------
sudo firewall-cmd --zone=public --add-port=3000/tcp --permanent
sudo firewall-cmd --reload
sudo /opt/tyk-dashboard/install/setup.sh --listenport=3000 --redishost=localhost
--redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics --tyk_api_hostname=$HOSTNAME
--tyk_node_hostname=http://localhost --tyk_node_port=8080 --portal_root=/portal
--domain="apigateway.com"
sudo service tyk-dashboard start
#enter the license by browsing the url & restart the service
sudo service tyk-dashboard restart 
#Configuring Tyk Gateway with Dashboard
sudo /opt/tyk-gateway/install/setup.sh --dashboard=1 --listenport=8080 
--redishost=localhost --redisport=6379
#Boostrap the Dashboard
sudo /opt/tyk-dashboard/install/bootstrap.sh apigateway.com:3000

TYK-PUMP Installation
---------------------
Step-1
------
nano /etc/yum.repos.d/tyk_tyk-pump.repo
#copy paste below
[tyk_tyk-pump]
name=tyk_tyk-pump
baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

[tyk_tyk-pump-source]
name=tyk_tyk-pump-source
baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/SRPMS
repo_gpgcheck=1
enabled=1
gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key
   https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Step-2
------
sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-pump' info zabbix
sudo yum install -y tyk-pump

Step-3
------
sudo /opt/tyk-pump/install/setup.sh --redishost=localhost --redisport=6379
--mongo=mongodb://127.0.0.1/tyk_analytics
sudo service tyk-pump start
Following are quick service commands

Service Start Commands for gateway
-------------------
service mongod stop
service redis stop
service tyk-gateway stop
service tyk-dashboard stop
service tyk-pump stop

service mongod restart
service redis restart
service tyk-gateway restart
service tyk-dashboard restart
service tyk-pump restart
service mongod start
service redis start
service tyk-gateway start
service tyk-dashboard start
service tyk-pump start
-------------------
After installing Mongo as default, i realised that this will not scale as we analytics portion of gateway will quickly eat GB's, so need to shift mongo data directory to its dedicated drive. While good thing with this gateway is even if mongo server is choked, API gateway still continue to work, which saved the day.
#Better to change dbpath so that mongo don't run under default directory, assume here
new dbpath to be is /data02/mongodb/
#http://blog.carl.pro/2016/07/installing-mongodb-on-rhel-defining-a-custom-data-directory
sudo service mongod stop
cd /var/lib/mongodb
cp -rf mongodb /data02/mongodb/
cd /data02/
sudo mkdir /data02/mongodb/
cd /data02/mongodb/
sudo chown -R mongod:mongod  /data02/mongodb/
sudo chmod -R 700 mongodb/
#Change dbpath to above example directory /data02/mongodb/
nano /etc/mongod.conf
#if SELinux enabled
sestatus
yum install policycoreutils-python
semanage fcontext -a -t mongod_var_lib_t '/data02/mongodb/'
restorecon -v '/data02/mongodb/'
semanage port -a -t mongod_port_t -p tcp 27017
sudo service mongod start
# test if mongodb user can access new location:
sudo -u mongodb -s cd /data02/mongodb/
Will write more on how we develop our NodeJS service & share our learning.

No comments:

Post a Comment