Merge pull request #195 from wso2/4.1.x

Merge 4.1.x branch to master
wso2 · Apr 12, 2022 · 44b98d8 · 44b98d8
2 parents 37c69c9 + 05259e0
commit 44b98d8
Show file tree

Hide file tree

Showing 15 changed files with 141 additions and 157 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,6 @@ hs_err_pid*
 
 # Auto-generated .retry files
 *.retry
+
+# macOS specific
+.DS_Store
diff --git a/README.md b/README.md
@@ -38,9 +38,9 @@ This repository contains the Ansible scripts for installing and configuring WSO2
 │   └── Pattern_5.md
 ├── files
 │   ├── lib
-│   │   ├── amazon-corretto-8.292.10.1-linux-x64.tar.gz
+│   │   ├── amazon-corretto-11.0.14.1-linux-x64.tar.gz
 │   └── packs
-│   │   ├── wso2am-4.0.0.zip
+│   │   ├── wso2am-4.1.0.zip
 │   ├── system
 │   │   └── etc
 │   │       ├── security
@@ -78,11 +78,11 @@ Packs could be either copied to a local directory, or downloaded from a remote l
 
 Copy the following files to `files/packs` directory.
 
-1. [WSO2 API Manager 4.0.0 package](https://wso2.com/api-management/install/)
+1. [WSO2 API Manager 4.1.0 package (.zip)](https://wso2.com/api-management/install/)
 
 Copy the following files to `files/lib` directory.
 
-1. [Amazon Corretto for Linux x64 JDK](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+1. [Amazon Corretto for Linux x64 JDK 11 (.tar.gz)](https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html)
 
 Copy the miscellaneous files to `files/misc` directory. To enable file copying,  uncomment the `misc_file_list` in the yaml files under `group_vars` and add the miscellaneous files to the list.
 
@@ -173,6 +173,6 @@ Refer the below documentation on configuring Load-Balancers for your deoloyment.
 
 The master branch of this repository contains the latest product version with the latest Ansible version. The Ansible resources for previous Ansible versions can be found in the branches. The following is an example.
 
-#### Ansible resources for API Manager 3.2.0
+#### Ansible resources for API Manager 4.0.0
 
-Branch name: 3.2.x
+Branch name: 4.0.x
diff --git a/dev/group_vars/apim.yml b/dev/group_vars/apim.yml
@@ -17,7 +17,7 @@
 wso2_group: wso2 # OS group to be created
 wso2_user: wso2carbon # OS user for WSO2 services
 product_name: wso2am
-product_version: 4.0.0
+product_version: 4.1.0
 target: /mnt # Product installation directory
 product_package_location: files
 backup_dir: /tmp # Artifact backup directory in the instance
@@ -70,34 +70,35 @@ performance_tuning_file_list:
 # Set the location the product packages should reside in (eg: "local" in the /files directory, "remote" in a remote location)
 pack_location: local
 #pack_location: remote
-#remote_jdk: "<URL_TO_JDK_FILE>"
-#remote_pack: "<URL_TO_APIM_PACK>"
+#remote_jdk: "<URL_TO_JDK_FILE>" Ex:- "https://corretto.aws/downloads/latest/amazon-corretto-11-x64-linux-jdk.tar.gz"
+#remote_pack: "<URL_TO_APIM_PACK>" Ex:- "https://github.com/wso2/product-apim/releases/download/v4.1.0/wso2am-4.1.0.zip"
 
 # JDK Distributions
 setup_java_enabled: true #If this is set to false java_home variable below needs to be specified.
-jdk_name: amazon-corretto-8.292.10.1-linux-x64
+jdk_name: amazon-corretto-11.0.14.1-linux-x64 # Update this as per jdk version you use
 java_dir: /opt
 java_symlink: "{{ java_dir }}/java"
 java_home: "{{ java_dir }}/{{ jdk_name }}"
 
 # Server URL of the Authentication service. Make sure to import the Key Manager's public certificate to WSO2 API-M's
 # client-truststore.jks. For more information, see https://docs.wso2.com/display/ADMIN44x/Creating+New+Keystores
-key_manager_server_url: https://localhost:${mgt.transport.https.port}${carbon.context}services/
+key_manager_server_url: https://localhost:${mgt.transport.https.port}/services/
 
 # API Store related configurations
 api_devportal_url: https://localhost:${mgt.transport.https.port}/devportal
-api_devportal_server_url: https://localhost:${mgt.transport.https.port}${carbon.context}services/
+api_devportal_server_url: https://localhost:${mgt.transport.https.port}/services/
 
 # Gateway configurations
 gateway_environments:
   - { type: 'hybrid',
       name: 'Default',
+      provider: 'wso2',
       description: 'This is a hybrid gateway that handles both production and sandbox token traffic.',
       service_url: 'https://localhost:${mgt.transport.https.port}/services/',
       ws_endpoint: 'ws://localhost:9099',
       wss_endpoint: 'wss://localhost:8099',
-      http_endpoint: 'http://localhost:${http.nio.port}',
-      https_endpoint: 'https://localhost:${https.nio.port}',
+      http_endpoint: 'http://localhost:8280',
+      https_endpoint: 'https://localhost:8243',
       websub_event_receiver_http_endpoint: "http://localhost:9021",
       websub_event_receiver_https_endpoint: "https://localhost:8021"}
 
@@ -154,6 +155,9 @@ internal_key_store_key_password: wso2carbon
 internal_key_store_password: wso2carbon
 internal_key_store_key_alias: wso2carbon
 
+# The KeyStore which is used for encrypting/decrypting internal data. This block is read by Carbon Crypto Service
+listner_profile_key_store_bind_address: 0.0.0.0
+
 # The KeyStore which is used for encrypting/decrypting internal data. This block is read by Carbon Crypto Service
 tls_key_store_name: wso2carbon.jks
 tls_key_store_key_password: wso2carbon
@@ -163,6 +167,10 @@ tls_key_store_key_alias: wso2carbon
 # If following is enabled all the sensitive information in server configurations will be encrypted.
 secure_vault_enabled: false
 
+# Make true and set auth_token to enable APIM choreo analytics
+analytics_apim_enabled: false
+analytics_apim_auth_token: auth_token
+
 # Add any new changes you want to add for the group/profile below.
 # If you add a new file under templates and parameterized the file, the values for those parameters should be added
 # below. An example is provided below.

diff --git a/dev/group_vars/micro-integrator.yml b/dev/group_vars/micro-integrator.yml
@@ -17,7 +17,7 @@
 wso2_group: wso2 # OS group to be created
 wso2_user: wso2carbon # OS user for WSO2 services
 product_name: wso2mi
-product_version: 4.0.0
+product_version: 4.1.0
 target: /mnt # Product installation directory
 product_package_location: files
 backup_dir: /tmp # Artifact backup directory in the instance
@@ -75,12 +75,12 @@ performance_tuning_file_list:
 # Set the location the product packages should reside in (eg: "local" in the /files directory, "remote" in a remote location)
 pack_location: local
 #pack_location: remote
-#remote_jdk: "<URL_TO_JDK_FILE>"
-#remote_pack: "<URL_TO_APIM_PACK>"
+#remote_jdk: "<URL_TO_JDK_FILE>" Ex:- "https://corretto.aws/downloads/latest/amazon-corretto-11-x64-linux-jdk.tar.gz"
+#remote_pack: "<URL_TO_APIM_PACK>" Ex:- "https://github.com/wso2/product-apim/releases/download/v4.1.0/wso2am-4.1.0.zip"
 
 # JDK Distributions
 setup_java_enabled: true #If this is set to false java_home variable below needs to be specified.
-jdk_name: amazon-corretto-8.292.10.1-linux-x64
+jdk_name: amazon-corretto-11.0.14.1-linux-x64 # Update this as per jdk version you use
 java_dir: /opt
 java_symlink: "{{ java_dir }}/java"
 java_home: "{{ java_dir }}/{{ jdk_name }}"

diff --git a/dev/host_vars/apim-control-plane_1.yml b/dev/host_vars/apim-control-plane_1.yml
@@ -25,7 +25,7 @@ admin_username: admin
 admin_password: admin
 
 # Configure the throttle policy deployer to point to the TRaffic-Manager e.g: https://[API-Traffic-Manager-LB-Host]/services
-throttle_config_policy_deployer_url: https://localhost:${mgt.transport.https.port}${carbon.context}services/
+throttle_config_policy_deployer_url: https://localhost:${mgt.transport.https.port}/services/
 
 # Configure the Token Revoke endpoint to point to the Key Manager e.g: https://[API-Key-Manager-LB-Host]/oauth2/revoke
 oauth_configs_revoke_api_url: https://localhost:${https.nio.port}/revoke

diff --git a/dev/host_vars/apim-gateway_1.yml b/dev/host_vars/apim-gateway_1.yml
@@ -34,15 +34,22 @@ gw_memory: -Xms256m -Xmx1024m
 #gw_https_proxy_port: 443 
 
 # If you want to enable 'Passing Enduser Attributes to the Backend Using JWT' feature, uncomment the following segment
-#jwt_enable: true
-#jwt_encoding: "base64" # base64,base64url
-#jwt_generator_impl: "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
-#jwt_claim_dialect: "http://wso2.org/claims"
-#jwt_convert_dialect: false
-#jwt_header: "X-JWT-Assertion"
-#jwt_signing_algorithm: "SHA256withRSA"
-#jwt_enable_user_claims: true
-#jwt_claims_extractor_impl: "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+jwt_enable: true
+jwt_encoding: "base64" # base64,base64url
+jwt_generator_impl: "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
+jwt_claim_dialect: "http://wso2.org/claims"
+jwt_header: "X-JWT-Assertion"
+jwt_signing_algorithm: "SHA256withRSA"
+jwt_enable_user_claims: false
+jwt_claims_extractor_impl: "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+
+# Shared db configurations
+wso2shared_db_type: mysql
+wso2shared_db_hostname: shared_db.mysql
+wso2shared_db_name: shared_db
+wso2shared_db_port: 3306
+wso2shared_db_username: shareduser
+wso2shared_db_password: shareduser
 
 # List of configuration file templates, and the paths they should be written to
 config_files:

diff --git a/dev/host_vars/apim-tm_1.yml b/dev/host_vars/apim-tm_1.yml
@@ -33,6 +33,22 @@ admin_password: admin
 # Heap memory allocation
 tm_memory: -Xms256m -Xmx1024m
 
+# Shared db configurations
+wso2shared_db_type: mysql
+wso2shared_db_hostname: shared_db.mysql
+wso2shared_db_name: shared_db
+wso2shared_db_port: 3306
+wso2shared_db_username: shareduser
+wso2shared_db_password: shareduser
+
+# APIM db configurations
+wso2am_db_type: mysql
+wso2am_db_hostname: shared_db.mysql
+wso2am_db_name: shared_db
+wso2am_db_port: 3306
+wso2am_db_username: apimuser
+wso2am_db_password: apimuser
+
 config_files:
   - { src: 'carbon-home/repository/conf/deployment.toml.j2',
       dest: '{{ carbon_home }}/repository/conf/deployment.toml' }

diff --git a/docs/Pattern_1.md b/docs/Pattern_1.md
@@ -9,7 +9,7 @@ The Ansible scripts are capable of installing java from a given JDK installer fr
 
 Copy the following files to `files/lib` directory.
 
-1. [Amazon Corretto for Linux x64 JDK](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+1. [Amazon Corretto JDK 11 for Linux x64 (.tar.gz)](https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html)
 
 ## Adding miscellaneous files
 If additional files needs to be added to the VMs, copy the miscellaneous files to `files/misc` directory. To enable file copying,  uncomment the `misc_file_list` in the yaml files under `group_vars` and add the miscellaneous files to the list.
@@ -18,8 +18,8 @@ If additional files needs to be added to the VMs, copy the miscellaneous files t
 
 Copy the following files to `files/packs` directory.
 
-1. [WSO2 API Manager 4.0.0 package](https://wso2.com/api-management/install/)
-2. [WSO2 Micro Integrator](https://github.com/wso2/micro-integrator/releases/tag/v4.0.0)
+1. [WSO2 API Manager 4.1.0 package (.zip)](https://wso2.com/api-management/install/)
+2. [WSO2 Micro Integrator 4.1.0 package (.zip)](https://github.com/wso2/micro-integrator/releases/tag/v4.1.0)
 
 ## Database configurations
 

diff --git a/docs/Pattern_2.md b/docs/Pattern_2.md
@@ -9,7 +9,7 @@ The Ansible scripts are capable of installing java from a given JDK installer fr
 
 Copy the following files to `files/lib` directory.
 
-1. [Amazon Corretto for Linux x64 JDK](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+1. [Amazon Corretto JDK 11 for Linux x64 (.tar.gz)](https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html)
 
 ## Adding miscellaneous files
 If additional files needs to be added to the VMs, copy the miscellaneous files to `files/misc` directory. To enable file copying,  uncomment the `misc_file_list` in the yaml files under `group_vars` and add the miscellaneous files to the list.
@@ -18,8 +18,8 @@ If additional files needs to be added to the VMs, copy the miscellaneous files t
 
 Copy the following files to `files/packs` directory.
 
-1. [WSO2 API Manager 4.0.0 package](https://wso2.com/api-management/install/)
-2. [WSO2 Micro Integrator](https://github.com/wso2/micro-integrator/releases/tag/v4.0.0)
+1. [WSO2 API Manager 4.1.0 package (.zip)](https://wso2.com/api-management/install/)
+2. [WSO2 Micro Integrator 4.1.0 package (.zip)](https://github.com/wso2/micro-integrator/releases/tag/v4.1.0)
 
 ## Database configurations
 

diff --git a/docs/Pattern_3.md b/docs/Pattern_3.md
@@ -9,17 +9,17 @@ The Ansible scripts are capable of installing java from a given JDK installer fr
 
 Copy the following files to `files/lib` directory.
 
-1. [Amazon Corretto for Linux x64 JDK](https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html)
+1. [Amazon Corretto JDK 11 for Linux x64 (.tar.gz)](https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html)
 
 ## Adding miscellaneous files
 If additional files needs to be added to the VMs, copy the miscellaneous files to `files/misc` directory. To enable file copying,  uncomment the `misc_file_list` in the yaml files under `group_vars` and add the miscellaneous files to the list.
 
 ## Packs to be Copied
 
-Copy the following files to `files` directory. (Packs must be copied as per the required components). You need to add the ZIP Archive of the WSO2 distributions.
+Copy the following files to `files/packs` directory. (Packs must be copied as per the required components). You need to add the ZIP Archive of the WSO2 distributions.
 
-1. [WSO2 API Manager package](https://wso2.com/api-management/install/) to files/packs
-2. [WSO2 Micro Integrator](https://github.com/wso2/micro-integrator/releases/tag/v4.0.0)
+1. [WSO2 API Manager 4.1.0 package (.zip)](https://wso2.com/api-management/install/)
+2. [WSO2 Micro Integrator 4.1.0 package (.zip)](https://github.com/wso2/micro-integrator/releases/tag/v4.1.0)
 
 ## Database configurations
 

diff --git a/roles/apim-control-plane/templates/carbon-home/repository/conf/deployment.toml.j2 b/roles/apim-control-plane/templates/carbon-home/repository/conf/deployment.toml.j2
@@ -32,29 +32,25 @@ password =  "{% if secure_vault_enabled|bool %}$secret{tls_key_store_password}{%
 alias =  "{{ tls_key_store_key_alias }}"
 key_password =  "{% if secure_vault_enabled|bool %}$secret{tls_key_store_key_password}{% else %}{{ tls_key_store_key_password }}{% endif %}"
 
-[keystore.primary]
-file_name =  "{{ primary_key_store_name }}"
-type =  "JKS"
-password =  "{% if secure_vault_enabled|bool %}$secret{primary_key_store_password}{% else %}{{ primary_key_store_password }}{% endif %}"
-alias =  "{{ primary_key_store_key_alias }}"
-key_password =  "{% if secure_vault_enabled|bool %}$secret{primary_key_store_key_password}{% else %}{{ primary_key_store_key_password }}{% endif %}"
-
-[keystore.internal]
-file_name =  "{{ internal_key_store_name }}"
-type =  "JKS"
-password =  "{% if secure_vault_enabled|bool %}$secret{internal_key_store_password}{% else %}{{ internal_key_store_password }}{% endif %}"
-alias =  "{{ internal_key_store_key_alias }}"
-key_password =  "{% if secure_vault_enabled|bool %}$secret{internal_key_store_key_password}{% else %}{{ internal_key_store_key_password }}{% endif %}"
-
-[truststore]
-file_name = "{{ trust_store_name }}"
-type = "JKS"
-password = "{% if secure_vault_enabled|bool %}$secret{trust_store_password}{% else %}{{ trust_store_password }}{% endif %}"
+# [keystore.primary]
+# file_name =  "{{ primary_key_store_name }}"
+# type =  "JKS"
+# password =  "{% if secure_vault_enabled|bool %}$secret{primary_key_store_password}{% else %}{{ primary_key_store_password }}{% endif %}"
+# alias =  "{{ primary_key_store_key_alias }}"
+# key_password =  "{% if secure_vault_enabled|bool %}$secret{primary_key_store_key_password}{% else %}{{ primary_key_store_key_password }}{% endif %}"
+
+# [keystore.internal]
+# file_name =  "{{ internal_key_store_name }}"
+# type =  "JKS"
+# password =  "{% if secure_vault_enabled|bool %}$secret{internal_key_store_password}{% else %}{{ internal_key_store_password }}{% endif %}"
+# alias =  "{{ internal_key_store_key_alias }}"
+# key_password =  "{% if secure_vault_enabled|bool %}$secret{internal_key_store_key_password}{% else %}{{ internal_key_store_key_password }}{% endif %}"
 
 {% for environment in gateway_environments %}
     [[apim.gateway.environment]]
     name = "{{ environment.name }}"
     type = "{{ environment.type }}"
+    provider = "{{ environment.provider }}"
     display_in_api_console = true
     description = "{{ environment.description }}"
     show_as_token_endpoint_url = true
@@ -69,9 +65,6 @@ password = "{% if secure_vault_enabled|bool %}$secret{trust_store_password}{% el
     websub_event_receiver_https_endpoint = "{{environment.websub_event_receiver_https_endpoint}}"
 {% endfor %}
 
-#[apim.sync_runtime_artifacts.gateway]
-#gateway_labels = [{% for label in sync_runtime_gateway_labels %}"{{ label }}"{%- if not loop.last -%},{% endif %}{% endfor %}]
-
 #[apim.cache.gateway_token]
 #enable = true
 #expiry_time = "900s"
@@ -100,36 +93,25 @@ password = "{% if secure_vault_enabled|bool %}$secret{trust_store_password}{% el
 #[apim.cache.tags]
 #expiry_time = "2m"
 
-[apim.key_manager]
-service_url = "{{ key_manager_server_url }}"
-username = "$ref{super_admin.username}"
-password = "$ref{super_admin.password}"
+# [apim.key_manager]
+# service_url = "{{ key_manager_server_url }}"
+# username = "$ref{super_admin.username}"
+# password = "$ref{super_admin.password}"
 #pool.init_idle_capacity = 50
 #pool.max_idle = 100
 #key_validation_handler_type = "default"
 #key_validation_handler_type = "custom"
 #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
 
-#[apim.jwt]
-#enable = true
-#encoding = "base64" # base64,base64url
-#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
-#claim_dialect = "http://wso2.org/claims"
-#convert_dialect = false
-#header = "X-JWT-Assertion"
-#signing_algorithm = "SHA256withRSA"
-#enable_user_claims = true
-#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
-
-[apim.oauth_config]
-enable_outbound_auth_header = false
-auth_header = "Authorization"
-revoke_endpoint = "{{ oauth_configs_revoke_api_url }}"
-enable_token_encryption = false
-enable_token_hashing = false
-
-[apim.devportal]
-url = "{{ api_devportal_url }}"
+#[apim.oauth_config]
+#enable_outbound_auth_header = false
+#auth_header = "Authorization"
+#revoke_endpoint = "{{ oauth_configs_revoke_api_url }}"
+#enable_token_encryption = false
+#enable_token_hashing = false
+
+#[apim.devportal]
+#url = "{{ api_devportal_url }}"
 #enable_application_sharing = false
 #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
 #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
@@ -156,21 +138,6 @@ allow_credentials = false
 #enable_persistence = true
 #throttle_decision_endpoints = [{% for endpoint in throttle_decision_endpoints %}"{{ endpoint }}"{%- if not loop.last -%},{% endif %}{% endfor %}]
 
-#[apim.throttling.blacklist_condition]
-#start_delay = "5m"
-#period = "1h"
-
-#[apim.throttling.jms]
-#start_delay = "5m"
-
-#[apim.throttling.event_sync]
-#hostName = "0.0.0.0"
-#port = 11224
-
-#[apim.throttling.event_management]
-#hostName = "0.0.0.0"
-#port = 10005
-
 #[[apim.throttling.url_group]]
 #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
 #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]