search cancel

Gateway published API not syncing with the portal

book

Article ID: 254250

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

The newly created APIs in Gateway with the "Set as Portal Managed Service" setting do not show up in the Portal UI. The portal sync job shows successful but the API count did not increase.

The Gateway log also shows this SSL connection error for the Portal's broker container:

2022-11-11T00:28:23.730+0530 INFO    145 com.l7tech.server.service.ServiceCache: Created/Updated/Deleted: [c4c67bc31cfb43f68294bc82efbe24e8]
2022-11-11T00:28:41.748+0530 INFO    1317 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Attempting to reconnect to broker [wss://broker.portal.com:9443/]
2022-11-11T00:28:41.759+0530 SEVERE  1325 com.l7tech.external.assertions.portaldeployer.server.client.PortalDeployerClient: Failed connecting to Broker: wss://broker.portal.com:9443/
MqttException (0) - javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)
        at java.lang.Thread.run(Thread.java:750)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1570)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1400)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
        at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:149)
        at org.eclipse.paho.client.mqttv3.internal.websocket.WebSocketSecureNetworkModule.start(WebSocketSecureNetworkModule.java:63)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)
        ... 1 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
        ... 6 more

Environment

Release : 4.5 5.0.X

Cause

The MAG license in the Portal's in-built Gateway (Ingress/APIM container) expired.

Resolution

To confirm this issue is caused by the license expiration, connect a 9.4 version of the policy manager to the portal APIM container:

  • Run this command to get the Gateway admin password (Ingress/apim container)
    • docker inspect $(docker ps --filter name=portal_apim -q) | grep SSG_ADMIN_PASSWORD
  • Using a 9.4 version of the policy manager, connect to the apim-ssg host of the portal. Example: apim-ssg.hostname:9443 (you must use 9443)
  • Use admin and the password from the above docker inspect command to connect
  • You will see a notification about an expired license
  • Here is a copy of the expired license

If you see this expired license, then you can add the attached license. Please make sure not to remove the expired license.

After these steps on portal 5.0.x it may be needed to restart the deployer service on the proxy gateway's  if this is a cluster it needs to be done on all nodes see the following section in the docs.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-0-2/manage/manage-apis/manage-api-deployments/troubleshoot-api-deployments.html

Additional Information

  • This is a workaround for the Portal 4.5 version
  • This issue is fixed in Portal 5.0.2.6 version
  • The new license will not be there if the portal is restarted; so you need to add the license every time the portal restarts
  • DO NOT remove the old license 

Attachments

1668448853835__Layer7 Internal_1715135477960984800_SSG_MOB_9.xml get_app