Layer7 API Developer Portal: Un-enroll and Re-enroll portal 4.x
Article ID: 136584
Updated On:
Products
Issue/Introduction
Environment
API Portal 4.x
API Gateway 9.3
Resolution
*** Note: If possible a un-deployment should be done prior to un-enrollment.
***Note: un-deployment is defined as;
------------------------------------------------
- Application keys
- APIs
- Gateway Bundles
------------------------------------------------
This is the process for removing and re-enrolling the Gateway with portal. Before doing anything make sure you have a backup.
- Login to the Gateway and confirm the value for the cluster property cluster.hostname is set correctly. They have recently changed this, so we want to be sure it is the value they expect it to be
- Remove the current enrollment:
a. In the Policy Manager, log in to the Gateway as a Gateway administrator.
b. On the Tasks menu, click Certificates, Keys and Secrets and Manage Certificates. Use the dialog to remove the TSSG, PSSG and DSSG certificates. Note: Do not delete the API Gateway’s self-signed SSL certificate.
NOTE: YOU MAY HAVE A CERTIFICATE THAT STARTS WITH A WILDCARD, SOMETHING ALONG THESE LINES *.app.prod.cce1.dev.ca'. If so, EXPORT this certificate (back it up), and then remove it. If you do not you will get a RESTMAN error during the enrollment process.
c. On the Tasks menu, click Certificates, Keys and Secrets and Manage Private Keys. Use the dialog to remove the portalman private key.
d. On the Tasks menu, click Global Settings and Manage Scheduled Tasks. Use the dialog to remove the following tasks:
· Portal Sync Application
· Portal Sync API
· Portal Tenant Sync Policy Template
· Portal Sync Account Plan
· Portal Bulk Sync Application
· Portal Check Bundle Version
· Delete Portal Entities
· Move Metrics Data Off Box Task
· Portal Sync SSO Configuration
NOTE: If you also use Precision API Monitoring. Be sure you DO NOT remove the scheduled tasks for APM
e. On the Tasks menu, click Global Settings and Manage Cluster-wide Properties. Use the dialog to remove all properties that begin with portal.
NOTE: If using an earlier versions of Gateway there is no confirmation message when deleting these… tread lightly.
f. DO NOT RESTART THE GATEWAY SERVICE YET. The doc says you have to, it is wrong, and this was confirmed by dev.
- Create the new proxy
a. Log in to the API Portal as an API Portal administrator.
b. Click Publish
c. Click Proxies up top
d. Click Add Proxy
e. Enter any descriptive name here (doesn’t need to be a resolvable name, it’s just a label) and click Create
f. Copy the Enrollment URL
- Open Policy Manager and navigate to Tasks -> Extensions and Add-Ons -> Enroll with Portal
- Paste in the URL here you got from the portal and click apply
Once this succeeds, you can now reboot the Gateway nodes.
NOTE: IF WORKING WITH A SAAS PORTAL AND THE SAAS TEAM, MAKE SURE SAAS OPS RESTARTS ALL NODES INCLUDING THE ‘LEADER’ NODE.
Next verify that all is working as it should be.
- Open the portal and navigate back to the proxies (as noted above)
- Find the new proxy we added and click View Details
- Make sure everything now has a green check mark.
NOTE: THE APIS AND APPS TAKE 3 MINUTES OR SO TO SYNCH, IF THEY ARE RED GIVE THEM A FEW TO COME AROUND. ACCOUNT PLANS ON THE OTHER HAND ARE SET FOR 30 MINUTES, THAT WILL REMAIN RED UNTIL THAT TIME HAS PASSED. TD IS AWARE AND AS LONG AS APIS AND APPS ARE GREEN THEY WILL BE HAPPY
- One final thing, in SaaS environments with vanity URL’s you need to make sure that CORS won’t be a problem here. Go back to policy manager and locate the policy named PORTAL SERVICE PREFACE
- Open line 11 Process CORS Request assertion
- Verify the hostnames in this list are accurate for their environment:
Feedback
