Gateway published API not syncing with the portal
Article ID: 254250
Updated On:
Products
Issue/Introduction
The newly created APIs in Gateway with the "Set as Portal Managed Service" setting do not show up in the Portal UI. The portal sync job shows successful but the API count did not increase.
The Gateway log also shows this SSL connection error for the Portal's broker container:
2022-11-11T00:28:23.730+0530 INFO 145 com.l7tech.server.service.ServiceCache: Created/Updated/Deleted: [c4c67bc31cfb43f68294bc82efbe24e8]
2022-11-11T00:28:41.748+0530 INFO 1317 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Attempting to reconnect to broker [wss://broker.portal.com:9443/]
2022-11-11T00:28:41.759+0530 SEVERE 1325 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Failed connecting to Broker: wss://broker.portal.com:9443/
MqttException (0) - javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)
at java.lang.Thread.run(Thread.java:750)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1570)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1400)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
at org.eclipse.paho.client.mqttv3.internal.websocket.WebSocketSecureNetworkModule.start(WebSocketSecureNetworkModule.java:63)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)
... 1 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
... 6 more
Environment
Release : 4.5 5.0.X
Cause
The MAG license in the Portal's in-built Gateway (Ingress/APIM container) expired.
Resolution
To confirm this issue is caused by the license expiration, connect a 9.4 version of the policy manager to the portal APIM container:
- Run this command to get the Gateway admin password (Ingress/apim container)
- docker inspect $(docker ps --filter name=portal_apim -q) | grep -e TSSG_PUBLIC_HOST -e SSG_ADMIN_PASSWORD -e SSG_ADMIN_USERNAME
- Using a 9.4 version of the policy manager, connect to the apim-ssg host of the portal. Example: apim-ssg.hostname:9443 (you must use 9443)
- Use admin and the password from the above docker inspect command to connect
- You will see a notification about an expired license
- Here is a copy of the expired license
If you see this expired license, then you can add the attached license. Please make sure not to remove the expired license.
After these steps on portal 5.0.x it may be needed to restart the deployer service on the proxy gateway's if this is a cluster it needs to be done on all nodes see the following section in the docs.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-0-2/manage/manage-apis/manage-api-deployments/troubleshoot-api-deployments.html
Additional Information
- This is a workaround for the Portal 4.5 version
- This issue is fixed in Portal 5.0.2.6 version
- The new license will not be there if the portal is restarted; so you need to add the license every time the portal restarts
- DO NOT remove the old license
Attachments
Feedback
