X

@OracleIMC Partner Resources & Training: Discover your Modernization options + Reach new potential through Innovation

How to provision a Node API Gateway in the new Oracle Cloud Infrastructure (OCI) - part 1

Alexandru Dinea
Oracle EMEA A&C Cloud Adoption & Implementation Consultant

Introduction

API platforms enable enterprises to accelerate innovation, provide shared services and data, and adapt to market and customer needs. APIs have become the foundation of the fast-moving digital economy. As customer expectations increase, companies need to be able to meet those demands with flexible and scalable technology.

Oracle’s API Platform Cloud Service offers full life cycle API management: planning, design, implementation, publication, operation, consumption, maintenance and retirement of APIs. It includes a developer’s portal to target, assist and govern the communities of developers who embed the APIs, as well as runtime management and analytics, all built on top of a mature gateway used by telecommunication companies for a decade.

Oracle API Platform comprises 3 major components as stated below to serve specific purpose:

Management Portal – This is used to create and manage APIs, deploy APIs to gateways, and manage gateways, and create and manage applications. You can also manage and Deploy APIs and manage gateways with the REST API.

Developer Portal – Application developers subscribe to APIs and get the necessary information to invoke them from this portal.

Gateway Node – This is the security and access control run-time layer for APIs. Each API is deployed to a gateway node from the Management Portal or via the REST API.

API Gateway Nodes are the runtime components that enforce all policies specified through the management portal. Gateways also help in collecting data for analytics. The gateways can be deployed anywhere – on premise, on Oracle Cloud or to any third-party cloud providers. This allows the gateways to be closest to your backend services. Some organizations may not want to expose their data at runtime through the cloud, so it is possible for them to deploy the gateway on premise. Their data is never published back to the cloud. For analytics also, only the aggregated information is passed back periodically to the management service running on the cloud.

In this blog miniseries, I will show how to successfully provision your Node API Gateway in the new OCI to start the full life cycle of your APIs. For this installation I am going to use two third-party tools – in this case, Putty and WinSCP. Make sure you have them installed if you are going to follow through the entire miniseries.

In this first part, I will cover some of the prerequisites that you have to meet before installing the Node API Gateway on your VM from OCI. On the second part, I will cover the rest of prerequisites and, finally, on the third part I will cover the installation process with registration and testing of the Node API Gateway.

 

Prerequisite: Create a new VM in OCI

To successfully provision a Node API Gateway, you must first create a new VM running on Linux in Oracle Cloud Infrastructure. In order to accomplish this task, you must have a Compartment and a Virtual Cloud Network (VCN) or create them. By default, when you receive your Oracle Cloud Account you should already have a Compartment and a VCN created for you.

 

Create a new Compartment

  1. Open the navigation menu. Under Governance and Administration, go to Identity and click Compartments.
  2. Click Create Compartment.
  3. Enter the following:
    • Name: Enter a name (required), for example "DemoVM".
    • Description: Enter a description (required), for example: "Demo compartment for the VM".
  1. Click Create Compartment.

Your compartment is displayed in the list.

  1. Switch to your new compartment by selecting it from the Compartment list on the left side of the Console.

 

Create a new VCN

  1. Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.

Ensure that the “DemoVM” compartment (or the compartment designated for you) is selected in the Compartment list on the left.

  1. Click Create Virtual Cloud Network.
  2. Enter the following:
    • Create in Compartment: This field defaults to your current compartment. Select the compartment you want to create the VCN in, if not already selected.
    • Name: Enter a name for your cloud network, for example “VCNforAPINodeGateway”.
    • Select Create Virtual Cloud Network Plus Related Resources. The dialog expands to list the items that will be created with your cloud network.
    • Accept the defaults for any other fields.
  3. Scroll to the bottom of the dialog and click Create Virtual Cloud Network.

 

Create a new VM in OCI

To create a Linux instance using the Console:

  1. Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances. Choose a Compartment you have permission to work in, and then click Create Instance.
  2. In the Create Compute Instance dialog box, you specify the resources to use for your instance. By default, your instance launches in the current compartment, and the resources you choose also come from the current compartment.

In the Create Compute Instance dialog box, you can specify the following:

    • Name your instance, for example “APINodeGatewayVM”
    • Choose an operating system or image source: The source of the image to use for booting the instance – by default it should be Oracle Linux 7.6. If not, click Change Image Source, the Browse All Images dialog box opens with the operating system or image source options. Select Oracle Linux 7.6 for this example.
    • Select an availability domain for your instance: The availability domain in which you want to run the instance – just leave the default.
    • Choose instance type: Select Virtual Machine.
    • Choose instance shape: A template that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance – by default it should be VM.Standard2.1. For this example I am going to use VM.Standard2.2, so click Change Shape, the Browse All Shapes dialog box opens with a list of the virtual machine (VM) that are available for the instance type that you selected. Choose VM.Standard2.2 shape and then click Select Shape.
    • Configure boot volume: Size and encryption options for the instance's boot volume – just leave the default (nothing checked).
    • Configure networking: The network details for the instance. Just make sure you are in the right compartment, “DemoVM” in this case.
    • Add SSH key: You need to have a SSH key previously configured. Here you will add the public key portion of the key pair that you want to use for SSH access to the instance.
    • Show Advanced Options: Advanced networking and management options – there is no need to access advanced options for our scenario
  1. Click Create.

To track the progress of the operation, you can monitor the associated work request.

After the instance is provisioned, details about it appear in the instance list. To view additional details, including IP addresses, click the instance name.

 

Prerequisite: Open the communication ports 8011 and 9022

Oracle API Gateway Node communicates with the exterior world on 2 (two) main ports: 8011 for HTTP and 9022 for HTTPS. In order to obtain this communication, you must open these ports on the VM and on the OCI level through the “Ingress Rules”. This information can be seen in the Security List Details under the VCN you created or you already have (for this example, the name of the VCN is “VCNforAPINodeGateway”)

 

Open ports 8011 and 9022 on the VM

To open the ports on the VM, I use Putty to connect via SSH to the VM instance.

Once you have access to the terminal from your VM instance, run the following commands:

sudo firewall-cmd --permanent --zone=public --add-port=8011/tcp

sudo firewall-cmd --permanent --zone=public --add-port=9022/tcp

sudo firewall-cmd --reload

 

 

Very important! The VMs on OCI already have installed a firewall package. If you are doing these actions on other machines/VMs please install the firewall package by running the following command:

sudo yum install firewalld

 

Open ports 8011 and 9022 on OCI level

  1. Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.
  2. Click the VCN you're interested in. In this case, it’s the “VCNforAPINodeGateway”.
  3. Under Resources, click Security Lists.
  4. Click the security list you're interested in. In this case, it’s the “Default Security List for VCNforAPINodeGateway”.
  5. Under Resources, click on the Ingress Rules.
  1. Add a new ingress rule
    1. Click on Add Ingress Rule.
    2. Choose whether it's a stateful or stateless rule. In this case, rules are stateful.
    3. Enter the source CIDR (for ingress). For this example, use 0.0.0.0/0 to indicate all IP addresses.
    4. Select the IP protocol (for example, TCP, UDP, ICMP, "All protocols", and so on).
    5. Enter further details depending on the protocol:
      • Choose TCP and only enter the “Destination Port Range” with the value of 8011. You can enter "All" to cover all ports for “Source Port Range”.
    6. Click on the Add Ingress Rules button. Changes should be active almost immediately.
    7. Repeat the process for the value of 9022.

 

Now go to part 2 of this blog mini series where I list the other prerequisites that you have to meet before installing the Node API Gateway on your VM from OCI.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.