├── .gitignore ├── CONTRIBUTING.md ├── README.md ├── docs ├── Pattern_1.md ├── Pattern_2.md ├── Pattern_3.md └── images │ ├── Pattern-1.png │ ├── Pattern-2.png │ ├── Pattern-3.png │ └── module_architecture.png ├── issue_template.md ├── manifests └── site.pp ├── modules ├── apim │ ├── files │ │ └── .gitkeep │ ├── manifests │ │ ├── custom.pp │ │ ├── init.pp │ │ └── params.pp │ └── templates │ │ └── carbon-home │ │ ├── bin │ │ └── api-manager.sh.erb │ │ └── repository │ │ └── conf │ │ └── deployment.toml.erb ├── apim_common │ ├── .DS_Store │ ├── files │ │ ├── jdk │ │ │ └── .gitkeep │ │ ├── packs │ │ │ └── .gitkeep │ │ └── system │ │ │ └── etc │ │ │ ├── security │ │ │ └── limits.conf │ │ │ └── sysctl.conf │ ├── manifests │ │ ├── init.pp │ │ ├── params.pp │ │ └── service.pp │ └── templates │ │ └── carbon.service.erb ├── apim_control_plane │ ├── files │ │ └── .gitkeep │ ├── manifests │ │ ├── custom.pp │ │ ├── init.pp │ │ └── params.pp │ └── templates │ │ └── carbon-home │ │ ├── bin │ │ └── api-manager.sh.erb │ │ └── repository │ │ └── conf │ │ └── deployment.toml.erb ├── apim_gateway │ ├── files │ │ └── .gitkeep │ ├── manifests │ │ ├── custom.pp │ │ ├── init.pp │ │ └── params.pp │ └── templates │ │ └── carbon-home │ │ ├── bin │ │ └── api-manager.sh.erb │ │ └── repository │ │ └── conf │ │ └── deployment.toml.erb └── apim_tm │ ├── files │ └── .gitkeep │ ├── manifests │ ├── custom.pp │ ├── init.pp │ └── params.pp │ └── templates │ └── carbon-home │ ├── bin │ └── api-manager.sh.erb │ └── repository │ └── conf │ └── deployment.toml.erb ├── pull_request_template.md └── scripts ├── update.sh └── update_README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Eclipse Project Files 2 | .project 3 | .classpath 4 | .settings/ 5 | .metadata 6 | 7 | # IntelliJ IDEA Project Files 8 | .idea/ 9 | *.iml 10 | *.ipr 11 | *.iws 12 | *.swp 13 | 14 | #Backup files 15 | *~ 16 | 17 | # puppet-modules 18 | *.zip 19 | *.gz 20 | *.tar 21 | *.jar 22 | *.deb 23 | *.rpm 24 | 25 | # File directories 26 | modules/apim/files/* 27 | !modules/apim/files/.gitkeep 28 | 29 | target/ 30 | 31 | # puppet packages 32 | pkg/ 33 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to puppet-apim 2 | 3 | Puppet resources for WSO2 API Manager are open source, and we encourage contributions from our community. 4 | 5 | ## How you can Contribute 6 | 7 | ### Mailing Lists 8 | The recommended way to discuss anything related to WSO2 products is via our mailing lists. First, go to https://wso2.com/mail/ and subscribe to any mailing lists. Here are the two most popular lists: 9 | * dev@wso2.org: To discuss all WSO2 products. 10 | * architecture@wso2.org: To discuss the architecture of WSO2 products. 11 | 12 | ### Posting Issues 13 | We encourage you to report any problems in the WSO2 Puppet resources or their documentation by creating GitHub issues in the respective repositories. The [issues page](https://github.com/wso2/puppet-apim/issues) on GitHub is for tracking bugs and feature requests. When posing a new issue, follow the guidelines below. 14 | * Check whether the issue has already been reported. 15 | * Create a separate issue for each bug you are reporting or feature you are requesting. 16 | 17 | ### Code Contributions 18 | If you like to contribute with a bug fix or a new feature, start by posting an issue and discussing the best way to implement it. 19 | 20 | Unlike most projects, development for this repository is carried out on the **2.6.x branch**. This is because the master branch contains the latest stable release of the project. The code in 2.6.x is merged to the master branch after a final review and a round of testing. 21 | 22 | Please follow these guidelines when contributing to the code: 23 | 1. Fork the current repository. 24 | 2. Create a topic branch from the 2.6.x branch. 25 | 3. Make commits in logical units. 26 | 4. Before you send out the pull request, sync your forked repository with a remote repository. This makes your pull request simple and clear. 27 | 28 | ```bash 29 | git clone https://github.com//puppet-apim.git 30 | git remote add upstream https://github.com/wso2/puppet-apim.git 31 | git fetch upstream 32 | git checkout -b upstream/2.6.x 33 | 34 | # add some work 35 | 36 | git push origin 37 | # submit pull request 38 | 39 | ``` 40 | 41 | Thanks for contributing! 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Puppet Modules for WSO2 API Manager 2 | 3 | This repository contains the Puppet modules for profiles related to WSO2 API Manager and API Manager Analytics. 4 | 5 | ## Supported Puppet Versions 6 | 7 | - Puppet 7.31.0 8 | 9 | ## Quick Start Guide 10 | 1. Download a product package. Product packages can be downloaded and copied to a local directory, or downloaded from a remote location. 11 | * **Local**: Download wso2am-4.3.0.zip from [here](https://wso2.com/api-management/install/) and copy it to the `/modules/apim_common/files/packs` directory in the **Puppetmaster**. 12 | * **Remote**: 13 | 1. Change the value *$pack_location* variable in `/modules/apim_common/manifests/params.pp` to `remote`. 14 | 2. Change the value *$remote_pack* variable of the relevant profile in `/modules/apim_common/manifests/params.pp` to the URL in which the package should be downloaded from, and remove it as a comment. 15 | 16 | 2. Set up the JDK distribution as follows: 17 | 18 | The Puppet modules for WSO2 products use Amazon Corretto as the JDK distribution. However, you can use any [supported JDK distribution](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/product-compatibility/#tested-jdks). The JDK Distribution can be downloaded and copied to a local directory, or downloaded from a remote location. 19 | * **local**: Download Amazon Corretto for Linux x64 from [here](https://corretto.aws/downloads/resources/17.0.6.10.1/amazon-corretto-17.0.6.10.1-linux-x64.tar.gz) and copy .tar into the `/modules/apim_common/files/jdk` directory. 20 | * **remote**: Change the value *$remote_jdk* variable in `/modules/apim_common/manifests/params.pp` to the URL in which the JDK should be downloaded from, and remove it as a comment. 21 | * To use a different jdk distribution, reassign the *$jdk_name* and the *$java_home* variables in `/modules/apim_common/manifests/params.pp` accordingly. 22 | 23 | 3. Run the relevant profile on the **Puppet agent**. 24 | 1. Default profile: 25 | ```bash 26 | export FACTER_profile=apim 27 | puppet agent -vt 28 | ``` 29 | 2. Gateway profile: 30 | ```bash 31 | export FACTER_profile=apim_gateway 32 | puppet agent -vt 33 | ``` 34 | 3. Control Plane profile: 35 | ```bash 36 | export FACTER_profile=apim_control_plane 37 | puppet agent -vt 38 | ``` 39 | 4. Traffic Manager profile: 40 | ```bash 41 | export FACTER_profile=apim_tm 42 | puppet agent -vt 43 | ``` 44 | 45 | ## Performance Tuning 46 | System configurations can be changed through Puppet to optimize OS level performance. Performance tuning can be enabled by changing `$enable_performance_tuning` in `/modules/apim_common/manifests/params.pp` to `true`. 47 | 48 | System files that will be updated when performance tuning is enabled are available in `/modules/apim_common/files/system`. Update the configuration values according to the requirements of your deployment. 49 | 50 | ## Manifests in a module 51 | 52 | ![Module architecture](docs/images/module_architecture.png "Module architecture") 53 | 54 | The run stages for Puppet are described in `/manifests/site.pp`, and they are of the order Main -> Custom. 55 | 56 | Each Puppet module contains the following .pp files. 57 | * Main 58 | * params.pp: Contains all the parameters necessary for the main configuration and template. 59 | * init.pp: Contains the main script of the module. 60 | * Custom 61 | * custom.pp: Used to add custom configurations to the Puppet module. 62 | -------------------------------------------------------------------------------- /docs/Pattern_1.md: -------------------------------------------------------------------------------- 1 | # Customize WSO2 Puppet resources to deploy API Manager Pattern 1 2 | 3 | This document provides instructions to customize the WSO2 API Manager Puppet resources in order to deploy API Manager Pattern 1. 4 | 5 | ![API Manager Pattern 1](images/Pattern-1.png "API Manager Pattern 1") 6 | 7 | ## Copy the pack and JDK 8 | 9 | Copy the JDK and the product pack as mentioned in the [Quick start guide](../README.md). 10 | 11 | > NOTE: Make sure you include any third-party dependencies required to the downloaded product pack. 12 | 13 | ## Customize the WSO2 Puppet scripts 14 | 15 | The following is the module needed to deploy API Manager pattern 1. 16 | 17 | - apim 18 | 19 | API Manager pattern 1 contains 1 profile and the configurations specific for each profile should be in the respective `params.pp` files in the `/modules//manifests` directory. 20 | 21 | > NOTE: Moreover, the common configurations for all the profiles are included in the `params.pp` file in the `/modules/apim_comon/manifests` directory. 22 | 23 | ### Customize `apim` module 24 | 25 | Navigate to [carbon-home](../modules/apim/templates/carbon-home) of the `apim` module. All the files required to deploy the API Manager active-active combination are here. Follow the instructions in the following document to modify the files. 26 | - [Configuring an active-active deployment](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/single-node/configuring-an-active-active-deployment/) 27 | 28 | -------------------------------------------------------------------------------- /docs/Pattern_2.md: -------------------------------------------------------------------------------- 1 | # Customize WSO2 Puppet resources to deploy API Manager Pattern 2 2 | 3 | This document provides instructions to customize the WSO2 API Manager Puppet resources in order to deploy API Manager Pattern 2. 4 | 5 | ![API Manager Pattern 2](images/Pattern-2.png "API Manager Pattern 2") 6 | 7 | ## Copy the pack and JDK 8 | 9 | Copy the JDK and the product pack as mentioned in the [Quick start guide](../README.md). 10 | 11 | > NOTE: Make sure you include any third-party dependencies required to the downloaded product pack. 12 | 13 | ## Customize the WSO2 Puppet scripts 14 | 15 | The followings are the modules needed to deploy API Manager pattern 2. 16 | 17 | - apim_gateway 18 | - apim_control_plane 19 | 20 | API Manager pattern 2 contains 2 profiles and the configurations specific for each profile should be in the respective params.pp files in the `/modules//manifests` folder. 21 | 22 | > NOTE: Moreover, the common configurations for all the profiles are included in the `params.pp` file in the `/modules/apim_comon/manifests` directory. 23 | 24 | ### 1. Customize `apim_gateway` module 25 | 26 | Navigate to [carbon-home](../modules/apim_gateway/templates/carbon-home) of the `apim_gateway` module. Follow the instructions in the [document](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-gateway-nodes) and modify the files. 27 | 28 | ### 2. Customize `apim_control_plane` module 29 | 30 | Navigate to [carbon-home](../modules/apim_control_plane/templates/carbon-home) of the `apim_control_plane` module. Follow the instructions in the [document](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-control-plane-nodes) and modify the files. 31 | 32 | -------------------------------------------------------------------------------- /docs/Pattern_3.md: -------------------------------------------------------------------------------- 1 | # Customize WSO2 Puppet resources to deploy API Manager Pattern 3 2 | 3 | This document provides instructions to customize the WSO2 API Manager Puppet resources in order to deploy API Manager Pattern 3 which is an extension of Pattern 2. 4 | 5 | ![API Manager Pattern 3](images/Pattern-2.png "API Manager Pattern 3") 6 | ![API Manager Pattern 3](images/Pattern-3.png "API Manager Pattern 3") 7 | 8 | ## Copy the pack and JDK 9 | 10 | Copy the JDK and the product pack as mentioned in the [Quick start guide](../README.md). 11 | 12 | > NOTE: Make sure you include any third-party dependencies required to the downloaded product pack. 13 | 14 | ## Customize the WSO2 Puppet scripts 15 | 16 | The followings are the modules needed to deploy API Manager pattern 3. 17 | 18 | - apim_gateway 19 | - apim_control_plane 20 | - apim_tm 21 | 22 | API Manager pattern 3 contains 3 profiles and the configurations specific for each profile should be in the respective params.pp files in the `/modules//manifests` folder. 23 | 24 | > NOTE: Moreover, the common configurations for all the profiles are included in the `params.pp` file in the `/modules/apim_comon/manifests` directory. 25 | 26 | ### 1. Customize `apim_gateway` module 27 | 28 | Navigate to [carbon-home](../modules/apim_gateway/templates/carbon-home) of the `apim_gateway` module. Follow the instructions in the [document](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-gateway-nodes) and modify the files. 29 | 30 | ### 2. Customize `apim_control_plane` module 31 | 32 | Navigate to [carbon-home](../modules/apim_control_plane/templates/carbon-home) of the `apim_control_plane` module. Follow the instructions in the [document](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-control-plane-nodes) and modify the files. 33 | 34 | ### 3. Customize `apim_tm` module 35 | 36 | Navigate to [carbon-home](../modules/apim_tm/templates/carbon-home) of the `apim_tm` module. Follow the instructions in the [document](https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-separate-traffic-manager-nodes-optional) and modify the files. 37 | -------------------------------------------------------------------------------- /docs/images/Pattern-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/docs/images/Pattern-1.png -------------------------------------------------------------------------------- /docs/images/Pattern-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/docs/images/Pattern-2.png -------------------------------------------------------------------------------- /docs/images/Pattern-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/docs/images/Pattern-3.png -------------------------------------------------------------------------------- /docs/images/module_architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/docs/images/module_architecture.png -------------------------------------------------------------------------------- /issue_template.md: -------------------------------------------------------------------------------- 1 | **Description:** 2 | 3 | 4 | **Suggested Labels:** 5 | 6 | 7 | **Suggested Assignees:** 8 | 9 | 10 | **Affected Product Version:** 11 | 12 | **OS, DB, other environment details and versions:** 13 | 14 | **Steps to reproduce:** 15 | 16 | 17 | **Related Issues:** 18 | -------------------------------------------------------------------------------- /manifests/site.pp: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2018 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either excustomss or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | # Run stages 18 | stage { 'custom': } 19 | 20 | # Order stages 21 | Stage['main'] -> Stage['custom'] 22 | 23 | node default { 24 | class { "::${facts['profile']}": } 25 | class { "::${facts['profile']}::custom": 26 | stage => 'custom' 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /modules/apim/files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim/files/.gitkeep -------------------------------------------------------------------------------- /modules/apim/manifests/custom.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2018 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim::custom 18 | # This class is reserved to run custom user code before starting the server. 19 | class apim::custom { 20 | # resources 21 | } 22 | -------------------------------------------------------------------------------- /modules/apim/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim 18 | # Init class of API Manager default profile 19 | class apim inherits apim::params { 20 | 21 | include apim_common 22 | 23 | # Copy configuration changes to the installed directory 24 | $template_list.each |String $template| { 25 | file { "${carbon_home}/${template}": 26 | ensure => file, 27 | mode => '0644', 28 | content => template("${module_name}/carbon-home/${template}.erb"), 29 | notify => Service["${wso2_service_name}"], 30 | require => Class["apim_common"] 31 | } 32 | } 33 | 34 | # Copy files to carbon home directory 35 | $file_list.each | String $file | { 36 | file { "${carbon_home}/${file}": 37 | ensure => present, 38 | owner => $user, 39 | recurse => remote, 40 | group => $user_group, 41 | mode => '0755', 42 | source => "puppet:///modules/${module_name}/${file}", 43 | notify => Service["${wso2_service_name}"], 44 | require => Class["apim_common"] 45 | } 46 | } 47 | 48 | # Delete files to carbon home directory 49 | $file_removelist.each | String $removefile | { 50 | file { "${carbon_home}/${removefile}": 51 | ensure => absent, 52 | owner => $user, 53 | group => $user_group, 54 | notify => Service["${wso2_service_name}"], 55 | require => Class["apim_common"] 56 | } 57 | } 58 | 59 | # Copy api-manager.sh to installed directory 60 | file { "${carbon_home}/${start_script_template}": 61 | ensure => file, 62 | owner => $user, 63 | group => $user_group, 64 | mode => '0754', 65 | content => template("${module_name}/carbon-home/${start_script_template}.erb"), 66 | notify => Service["${wso2_service_name}"], 67 | require => Class["apim_common"] 68 | } 69 | 70 | /* 71 | Following script can be used to copy file to a given location. 72 | This will copy some_file to install_path -> repository. 73 | Note: Ensure that file is available in modules -> apim -> files 74 | */ 75 | # file { "${install_path}/repository/some_file": 76 | # owner => $user, 77 | # group => $user_group, 78 | # mode => '0644', 79 | # source => "puppet:///modules/${module_name}/some_file", 80 | # } 81 | } 82 | -------------------------------------------------------------------------------- /modules/apim/manifests/params.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Claas apim::params 18 | # This class includes all the necessary parameters. 19 | class apim::params inherits apim_common::params { 20 | 21 | $start_script_template = 'bin/api-manager.sh' 22 | $jvmxms = '256m' 23 | $jvmxmx = '1024m' 24 | 25 | $template_list = [ 26 | 'repository/conf/deployment.toml' 27 | ] 28 | 29 | # Define file list 30 | $file_list = [] 31 | 32 | # Define remove file list 33 | $file_removelist = [] 34 | 35 | # ----- Carbon.xml config params ----- 36 | /* 37 | Host name or IP address of the machine hosting this server 38 | e.g. www.wso2.org, 192.168.1.10 39 | This is will become part of the End Point Reference of the 40 | services deployed on this server instance. 41 | */ 42 | $hostname = 'localhost' 43 | 44 | # ----- api-manager.xml config params ----- 45 | $oauth_configs_revoke_api_url = 'https://localhost:${https.nio.port}/revoke' 46 | $throttle_config_policy_deployer_url = 'https://localhost:${mgt.transport.https.port}${carbon.context}services/' 47 | } 48 | -------------------------------------------------------------------------------- /modules/apim/templates/carbon-home/bin/api-manager.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2005-2021 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # ---------------------------------------------------------------------------- 18 | # Main Script for the WSO2 Carbon Server 19 | # 20 | # Environment Variable Prerequisites 21 | # 22 | # CARBON_HOME Home of WSO2 Carbon installation. If not set I will try 23 | # to figure it out. 24 | # 25 | # JAVA_HOME Must point at your Java Development Kit installation. 26 | # 27 | # JAVA_OPTS (Optional) Java runtime options used when the commands 28 | # is executed. 29 | # 30 | # NOTE: Borrowed generously from Apache Tomcat startup scripts. 31 | # ----------------------------------------------------------------------------- 32 | 33 | # OS specific support. $var _must_ be set to either true or false. 34 | #ulimit -n 100000 35 | 36 | export JAVA_HOME="<%= @java_symlink %>" 37 | cygwin=false; 38 | darwin=false; 39 | os400=false; 40 | mingw=false; 41 | case "`uname`" in 42 | CYGWIN*) cygwin=true;; 43 | MINGW*) mingw=true;; 44 | OS400*) os400=true;; 45 | Darwin*) darwin=true 46 | if [ -z "$JAVA_VERSION" ] ; then 47 | JAVA_VERSION="CurrentJDK" 48 | else 49 | echo "Using Java version: $JAVA_VERSION" 50 | fi 51 | if [ -z "$JAVA_HOME" ] ; then 52 | JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home 53 | fi 54 | ;; 55 | esac 56 | 57 | # resolve links - $0 may be a softlink 58 | PRG="$0" 59 | 60 | while [ -h "$PRG" ]; do 61 | ls=`ls -ld "$PRG"` 62 | link=`expr "$ls" : '.*-> \(.*\)$'` 63 | if expr "$link" : '.*/.*' > /dev/null; then 64 | PRG="$link" 65 | else 66 | PRG=`dirname "$PRG"`/"$link" 67 | fi 68 | done 69 | 70 | # Get standard environment variables 71 | PRGDIR=`dirname "$PRG"` 72 | 73 | # Only set CARBON_HOME if not already set 74 | [ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` 75 | 76 | # Set AXIS2_HOME. Needed for One Click JAR Download 77 | AXIS2_HOME="$CARBON_HOME" 78 | 79 | # For Cygwin, ensure paths are in UNIX format before anything is touched 80 | if $cygwin; then 81 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 82 | [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 83 | [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 84 | fi 85 | 86 | # For OS400 87 | if $os400; then 88 | # Set job priority to standard for interactive (interactive - 6) by using 89 | # the interactive priority - 6, the helper threads that respond to requests 90 | # will be running at the same priority as interactive jobs. 91 | COMMAND='chgjob job('$JOBNAME') runpty(6)' 92 | system $COMMAND 93 | 94 | # Enable multi threading 95 | QIBM_MULTI_THREADED=Y 96 | export QIBM_MULTI_THREADED 97 | fi 98 | 99 | # For Migwn, ensure paths are in UNIX format before anything is touched 100 | if $mingw ; then 101 | [ -n "$CARBON_HOME" ] && 102 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 103 | [ -n "$JAVA_HOME" ] && 104 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 105 | [ -n "$AXIS2_HOME" ] && 106 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 107 | # TODO classpath? 108 | fi 109 | 110 | if [ -z "$JAVACMD" ] ; then 111 | if [ -n "$JAVA_HOME" ] ; then 112 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 113 | # IBM's JDK on AIX uses strange locations for the executables 114 | JAVACMD="$JAVA_HOME/jre/sh/java" 115 | else 116 | JAVACMD="$JAVA_HOME/bin/java" 117 | fi 118 | else 119 | JAVACMD=java 120 | fi 121 | fi 122 | 123 | if [ ! -x "$JAVACMD" ] ; then 124 | echo "Error: JAVA_HOME is not defined correctly." 125 | echo " CARBON cannot execute $JAVACMD" 126 | exit 1 127 | fi 128 | 129 | # if JAVA_HOME is not set we're not happy 130 | if [ -z "$JAVA_HOME" ]; then 131 | echo "You must set the JAVA_HOME variable before running CARBON." 132 | exit 1 133 | fi 134 | 135 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 136 | PID=`cat "$CARBON_HOME"/wso2carbon.pid` 137 | fi 138 | 139 | # ----- Process the input command ---------------------------------------------- 140 | args="" 141 | for c in $* 142 | do 143 | if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then 144 | CMD="--debug" 145 | continue 146 | elif [ "$CMD" = "--debug" ]; then 147 | if [ -z "$PORT" ]; then 148 | PORT=$c 149 | fi 150 | elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then 151 | CMD="stop" 152 | elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then 153 | CMD="start" 154 | elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then 155 | CMD="version" 156 | elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then 157 | CMD="restart" 158 | elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then 159 | CMD="test" 160 | elif [ "$c" = "--optimize" ] || [ "$c" = "-optimize" ] || [ "$c" = "optimize" ]; then 161 | for option in $*; do 162 | if [ "$option" = "--skipConfigOptimization" ] || [ "$option" = "-skipConfigOptimization" ] || 163 | [ "$option" = "skipConfigOptimization" ]; then 164 | passedSkipConfigOptimizationOption=true 165 | echo "Passed skipConfigOptimization Option: $passedSkipConfigOptimizationOption" 166 | fi 167 | done 168 | 169 | for profile in $*; do 170 | case "$profile" in 171 | *Dprofile=*) 172 | cd $(dirname "$0") 173 | if [ "$passedSkipConfigOptimizationOption" = true ]; then 174 | sh profileSetup.sh $profile --skipConfigOptimization 175 | else 176 | sh profileSetup.sh $profile 177 | fi 178 | echo "Starting the server..." 179 | ;; 180 | esac 181 | done 182 | else 183 | args="$args $c" 184 | fi 185 | done 186 | 187 | if [ "$CMD" = "--debug" ]; then 188 | if [ "$PORT" = "" ]; then 189 | echo " Please specify the debug port after the --debug option" 190 | exit 1 191 | fi 192 | if [ -n "$JAVA_OPTS" ]; then 193 | echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." 194 | fi 195 | CMD="RUN" 196 | JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" 197 | echo "Please start the remote debugging client to continue..." 198 | elif [ "$CMD" = "start" ]; then 199 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 200 | if ps -p $PID > /dev/null ; then 201 | echo "Process is already running" 202 | exit 0 203 | fi 204 | fi 205 | export CARBON_HOME="$CARBON_HOME" 206 | # using nohup sh to avoid erros in solaris OS.TODO 207 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 208 | exit 0 209 | elif [ "$CMD" = "stop" ]; then 210 | export CARBON_HOME="$CARBON_HOME" 211 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 212 | exit 0 213 | elif [ "$CMD" = "restart" ]; then 214 | export CARBON_HOME="$CARBON_HOME" 215 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 216 | process_status=0 217 | pid=`cat "$CARBON_HOME"/wso2carbon.pid` 218 | while [ "$process_status" -eq "0" ] 219 | do 220 | sleep 1; 221 | ps -p$pid 2>&1 > /dev/null 222 | process_status=$? 223 | done 224 | 225 | # using nohup sh to avoid erros in solaris OS.TODO 226 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 227 | exit 0 228 | elif [ "$CMD" = "test" ]; then 229 | JAVACMD="exec "$JAVACMD"" 230 | elif [ "$CMD" = "version" ]; then 231 | cat "$CARBON_HOME"/bin/version.txt 232 | cat "$CARBON_HOME"/bin/wso2carbon-version.txt 233 | exit 0 234 | fi 235 | 236 | # ---------- Handle the SSL Issue with proper JDK version -------------------- 237 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 238 | java_version_formatted=$(echo "$java_version" | awk -F. '{printf("%02d%02d",$1,$2);}') 239 | if [ $java_version_formatted -lt 1100 ] || [ $java_version_formatted -gt 2100 ]; then 240 | echo " Starting WSO2 Carbon (in unsupported JDK)" 241 | echo " [ERROR] CARBON is supported only between JDK 11 and JDK 21" 242 | fi 243 | 244 | CARBON_XBOOTCLASSPATH="" 245 | for f in "$CARBON_HOME"/lib/xboot/*.jar 246 | do 247 | if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then 248 | CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f 249 | fi 250 | done 251 | 252 | 253 | CARBON_CLASSPATH="" 254 | if [ -e "$JAVA_HOME/lib/tools.jar" ]; then 255 | CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" 256 | fi 257 | for f in "$CARBON_HOME"/bin/*.jar 258 | do 259 | if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then 260 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$f 261 | fi 262 | done 263 | for t in "$CARBON_HOME"/lib/*.jar 264 | do 265 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 266 | done 267 | for t in "$CARBON_HOME"/lib/endorsed/*.jar 268 | do 269 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 270 | done 271 | 272 | 273 | 274 | # For Cygwin, switch paths to Windows format before running java 275 | if $cygwin; then 276 | JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` 277 | CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 278 | AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 279 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 280 | CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` 281 | CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` 282 | fi 283 | 284 | # ----- Execute The Requested Command ----------------------------------------- 285 | 286 | echo JAVA_HOME environment variable is set to $JAVA_HOME 287 | echo CARBON_HOME environment variable is set to "$CARBON_HOME" 288 | 289 | cd "$CARBON_HOME" 290 | 291 | TMP_DIR="$CARBON_HOME"/tmp 292 | if [ -d "$TMP_DIR" ]; then 293 | rm -rf "$TMP_DIR"/* 294 | fi 295 | 296 | START_EXIT_STATUS=121 297 | status=$START_EXIT_STATUS 298 | 299 | if [ -z "$JVM_MEM_OPTS" ]; then 300 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 301 | JVM_MEM_OPTS="-Xms<%=@jvmxms%> -Xmx<%=@jvmxmx%>" 302 | if [ "$java_version" \< "1.8" ]; then 303 | JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=<%=@jvmxmx%>" 304 | fi 305 | fi 306 | echo "Using Java memory options: $JVM_MEM_OPTS" 307 | 308 | #To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. 309 | # -Djava.rmi.server.hostname="your.IP.goes.here" 310 | 311 | JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED " 312 | 313 | if [ $java_version_formatted -ge 1700 ]; then 314 | JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED" 315 | fi 316 | 317 | # start diagnostic tool in background in diagnostic-tool/bin/diagnostic 318 | "$CARBON_HOME"/diagnostics-tool/bin/diagnostics.sh & 319 | diagnostic_tool_pid=$! 320 | 321 | # trap signals so we can shutdown the diagnostic tool 322 | cleanup() { 323 | kill "$diagnostic_tool_pid" 324 | } 325 | trap 'cleanup' EXIT INT 326 | 327 | while [ "$status" = "$START_EXIT_STATUS" ] 328 | do 329 | $JAVACMD \ 330 | -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ 331 | $JVM_MEM_OPTS \ 332 | -XX:+HeapDumpOnOutOfMemoryError \ 333 | -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ 334 | $JAVA_OPTS \ 335 | -Dcom.sun.management.jmxremote \ 336 | -classpath "$CARBON_CLASSPATH" \ 337 | $JAVA_VER_BASED_OPTS \ 338 | -Djava.io.tmpdir="$CARBON_HOME/tmp" \ 339 | -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ 340 | -Dwso2.server.standalone=true \ 341 | -Dcarbon.registry.root=/ \ 342 | -Djava.command="$JAVACMD" \ 343 | -Dcarbon.home="$CARBON_HOME" \ 344 | -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ 345 | -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ 346 | -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ 347 | -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ 348 | -Dconf.location="$CARBON_HOME/repository/conf"\ 349 | -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ 350 | -Dcom.atomikos.icatch.hide_init_file_path=true \ 351 | -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ 352 | -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ 353 | -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ 354 | -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ 355 | -Dorg.terracotta.quartz.skipUpdateCheck=true \ 356 | -Djava.security.egd=file:/dev/./urandom \ 357 | -Dfile.encoding=UTF8 \ 358 | -Djava.net.preferIPv4Stack=true \ 359 | -Dcom.ibm.cacheLocalHost=true \ 360 | -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \ 361 | -Dhttpclient.hostnameVerifier=AllowAll \ 362 | -DworkerNode=false \ 363 | -DenableCorrelationLogs=false \ 364 | -Dcarbon.new.config.dir.path="$CARBON_HOME/repository/resources/conf" \ 365 | -Djavax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom=net.sf.saxon.xpath.XPathFactoryImpl \ 366 | -Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector \ 367 | -Dorg.ops4j.pax.logging.logReaderEnabled=false \ 368 | -Dorg.ops4j.pax.logging.eventAdminEnabled=false \ 369 | -Djdk.util.zip.disableZip64ExtraFieldValidation=true \ 370 | -Djdk.nio.zipfs.allowDotZipEntry=true \ 371 | org.wso2.carbon.bootstrap.Bootstrap $* 372 | status=$? 373 | done 374 | -------------------------------------------------------------------------------- /modules/apim/templates/carbon-home/repository/conf/deployment.toml.erb: -------------------------------------------------------------------------------- 1 | [server] 2 | hostname = "<%= @hostname %>" 3 | base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" 4 | #discard_empty_caches = false 5 | server_role = "default" 6 | offset = "<%= @ports_offset %>" 7 | 8 | [super_admin] 9 | username = "<%= @admin_username %>" 10 | password = "<%= @admin_password %>" 11 | create_admin_account = true 12 | 13 | [user_store] 14 | type = "database_unique_id" 15 | 16 | [database.apim_db] 17 | type = "<%= @wso2am_db_type %>" 18 | url = "<%= @wso2am_db_url %>" 19 | username = "<%= @wso2am_db_username %>" 20 | password = "<%= @wso2am_db_password %>" 21 | 22 | [database.apim_db.pool_options] 23 | validationQuery = "<%= @wso2am_db_validation_query %>" 24 | 25 | [database.shared_db] 26 | type = "<%= @wso2shared_db_type %>" 27 | url = "<%= @wso2shared_db_url %>" 28 | username = "<%= @wso2shared_db_username %>" 29 | password = "<%= @wso2shared_db_password %>" 30 | 31 | [database.shared_db.pool_options] 32 | validationQuery = "<%= @wso2shared_db_validation_query %>" 33 | 34 | [keystore.tls] 35 | file_name = "<%= @key_store_location %>" 36 | type = "JKS" 37 | password = "<%= @key_store_password %>" 38 | alias = "<%= @key_store_key_alias %>" 39 | key_password = "<%= @key_store_key_password %>" 40 | 41 | #[keystore.listener_profile] 42 | #bind_address = "0.0.0.0" 43 | 44 | #[keystore.primary] 45 | #file_name = "wso2carbon.jks" 46 | #type = "JKS" 47 | #password = "wso2carbon" 48 | #alias = "wso2carbon" 49 | #key_password = "wso2carbon" 50 | 51 | #[keystore.internal] 52 | #file_name = "wso2carbon.jks" 53 | #type = "JKS" 54 | #password = "wso2carbon" 55 | #alias = "wso2carbon" 56 | #key_password = "wso2carbon" 57 | 58 | <% @gateway_environments.each do |environment| %> 59 | [[apim.gateway.environment]] 60 | name = "<%= environment['name'] %>" 61 | type = "<%= environment['type'] %>" 62 | gateway_type = "<%= environment['gateway_type'] %>" 63 | provider = "<%= environment['provider'] %>" 64 | display_in_api_console = true 65 | description = "<%= environment['description'] %>" 66 | show_as_token_endpoint_url = true 67 | service_url = "<%= environment['server_url'] %>" 68 | username= "${admin.username}" 69 | password= "${admin.password}" 70 | ws_endpoint = "<%= environment['ws_endpoint'] %>" 71 | wss_endpoint = "<%= environment['wss_endpoint'] %>" 72 | http_endpoint = "<%= environment['http_endpoint'] %>" 73 | https_endpoint = "<%= environment['https_endpoint'] %>" 74 | websub_event_receiver_http_endpoint = "<%= environment['websub_event_receiver_http_endpoint'] %>" 75 | websub_event_receiver_https_endpoint = "<%= environment['websub_event_receiver_https_endpoint'] %>" 76 | <% end %> 77 | 78 | [apim.sync_runtime_artifacts.gateway] 79 | gateway_labels =<%= @gateway_labels %> 80 | 81 | #[apim.cache.gateway_token] 82 | #enable = true 83 | #expiry_time = "900s" 84 | 85 | #[apim.cache.resource] 86 | #enable = true 87 | #expiry_time = "900s" 88 | 89 | #[apim.cache.km_token] 90 | #enable = false 91 | #expiry_time = "15m" 92 | 93 | #[apim.cache.recent_apis] 94 | #enable = false 95 | 96 | #[apim.cache.scopes] 97 | #enable = true 98 | 99 | #[apim.cache.publisher_roles] 100 | #enable = true 101 | 102 | #[apim.cache.jwt_claim] 103 | #enable = true 104 | #expiry_time = "15m" 105 | 106 | #[apim.cache.tags] 107 | #expiry_time = "2m" 108 | 109 | [apim.analytics] 110 | enable = <%= @analytics_enabled %> 111 | config_endpoint = "<%= @analytics_config_endpoint %>" 112 | auth_token = "<%= @analytics_auth_token %>" 113 | 114 | [apim.ai] 115 | enable = <%= @ai_enabled %> 116 | token = <%= @ai_token %> 117 | endpoint = <%= @ai_endpoint %> 118 | 119 | [apim.key_manager] 120 | enable_apikey_subscription_validation = true 121 | service_url = "<%= @key_manager_server_url %>" 122 | #username = "$ref{super_admin.username}" 123 | #password = "$ref{super_admin.password}" 124 | #pool.init_idle_capacity = 50 125 | #pool.max_idle = 100 126 | #key_validation_handler_type = "default" 127 | #key_validation_handler_type = "custom" 128 | #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" 129 | 130 | #[apim.idp] 131 | #server_url = "https://localhost:${mgt.transport.https.port}" 132 | #authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize" 133 | #oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout" 134 | #oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession" 135 | 136 | #[apim.jwt] 137 | #enable = true 138 | #encoding = "base64" # base64,base64url 139 | #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" 140 | #claim_dialect = "http://wso2.org/claims" 141 | #convert_dialect = false 142 | #header = "X-JWT-Assertion" 143 | #signing_algorithm = "SHA256withRSA" 144 | #enable_user_claims = true 145 | #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" 146 | 147 | [apim.oauth_config] 148 | #enable_outbound_auth_header = false 149 | #auth_header = "Authorization" 150 | revoke_endpoint = "<%= @oauth_configs_revoke_api_url %>" 151 | #enable_token_encryption = false 152 | #enable_token_hashing = false 153 | 154 | [apim.devportal] 155 | url = "<%= @api_devportal_url %>" 156 | #enable_application_sharing = false 157 | #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl 158 | #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api 159 | #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" 160 | #display_multiple_versions = false 161 | #display_deprecated_apis = false 162 | #enable_comments = true 163 | #enable_ratings = true 164 | #enable_forum = true 165 | #enable_anonymous_mode=true 166 | #enable_cross_tenant_subscriptions = true 167 | #default_reserved_username = "apim_reserved_user" 168 | 169 | [apim.cors] 170 | allow_origins = "*" 171 | allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] 172 | allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] 173 | allow_credentials = false 174 | 175 | #[apim.throttling] 176 | #enable_data_publishing = true 177 | #enable_policy_deploy = true 178 | #enable_blacklist_condition = true 179 | #enable_persistence = true 180 | #throttle_decision_endpoints = [ <%= @throttle_decision_endpoints%> ] 181 | #[apim.throttling.blacklist_condition] 182 | #start_delay = "5m" 183 | #period = "1h" 184 | 185 | #[apim.throttling.jms] 186 | #start_delay = "5m" 187 | 188 | #[apim.throttling.event_sync] 189 | #hostName = "0.0.0.0" 190 | #port = 11224 191 | 192 | #[apim.throttling.event_management] 193 | #hostName = "0.0.0.0" 194 | #port = 10005 195 | 196 | 197 | # <% @throttling_url_group.each do |url_group| %> 198 | # [[apim.throttling.url_group]] 199 | # traffic_manager_urls=[<%= url_group['traffic_manager_urls'] %>] 200 | # traffic_manager_auth_urls=[<%= url_group['traffic_manager_auth_urls'] %>] 201 | # type = "loadbalance" 202 | # <% end %> 203 | 204 | #[apim.workflow] 205 | #enable = false 206 | #service_url = "https://localhost:9445/bpmn" 207 | #username = "$ref{super_admin.username}" 208 | #password = "$ref{super_admin.password}" 209 | #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" 210 | #token_endpoint = "https://localhost:${https.nio.port}/token" 211 | #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" 212 | #client_registration_username = "$ref{super_admin.username}" 213 | #client_registration_password = "$ref{super_admin.password}" 214 | 215 | #data bridge config 216 | #[transport.receiver] 217 | #type = "binary" 218 | #worker_threads = 10 219 | #session_timeout = "30m" 220 | #keystore.file_name = "$ref{keystore.tls.file_name}" 221 | #keystore.password = "$ref{keystore.tls.password}" 222 | #tcp_port = 9611 223 | #ssl_port = 9711 224 | #ssl_receiver_thread_pool_size = 100 225 | #tcp_receiver_thread_pool_size = 100 226 | #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] 227 | #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] 228 | 229 | #[apim.notification] 230 | #from_address = "APIM.com" 231 | #username = "APIM" 232 | #password = "APIM+123" 233 | #hostname = "localhost" 234 | #port = 3025 235 | #enable_start_tls = false 236 | #enable_authentication = true 237 | 238 | #[apim.token.revocation] 239 | #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" 240 | #enable_realtime_notifier = true 241 | #realtime_notifier.ttl = 5000 242 | #enable_persistent_notifier = true 243 | #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" 244 | #persistent_notifier.ttl = 5000 245 | #persistent_notifier.username = "root" 246 | #persistent_notifier.password = "root" 247 | 248 | [[event_handler]] 249 | name = "userPostSelfRegistration" 250 | subscriptions = ["POST_ADD_USER"] 251 | 252 | [service_provider] 253 | sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" 254 | 255 | [database.local] 256 | url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" 257 | 258 | [[event_listener]] 259 | id = "token_revocation" 260 | type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" 261 | name = "org.wso2.is.notification.ApimOauthEventInterceptor" 262 | order = 1 263 | [event_listener.properties] 264 | notification_endpoint = "<%= @event_listener_notification_endpoint %>" 265 | username = "${admin.username}" 266 | password = "${admin.password}" 267 | 'header.X-WSO2-KEY-MANAGER' = "default" 268 | 269 | [oauth.grant_type.token_exchange] 270 | enable = "<%= @token_exchange_enable %>" 271 | allow_refresh_tokens = "<%= @token_exchange_allow_refresh_tokens %>" 272 | iat_validity_period = "<%= @token_exchange_iat_validity_period %>" 273 | -------------------------------------------------------------------------------- /modules/apim_common/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_common/.DS_Store -------------------------------------------------------------------------------- /modules/apim_common/files/jdk/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_common/files/jdk/.gitkeep -------------------------------------------------------------------------------- /modules/apim_common/files/packs/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_common/files/packs/.gitkeep -------------------------------------------------------------------------------- /modules/apim_common/files/system/etc/security/limits.conf: -------------------------------------------------------------------------------- 1 | # /etc/security/limits.conf 2 | # 3 | #Each line describes a limit for a user in the form: 4 | # 5 | # 6 | # 7 | #Where: 8 | # can be: 9 | # - a user name 10 | # - a group name, with @group syntax 11 | # - the wildcard *, for default entry 12 | # - the wildcard %, can be also used with %group syntax, 13 | # for maxlogin limit 14 | # - NOTE: group and wildcard limits are not applied to root. 15 | # To apply a limit to the root user, must be 16 | # the literal username root. 17 | # 18 | # can have the two values: 19 | # - "soft" for enforcing the soft limits 20 | # - "hard" for enforcing hard limits 21 | # 22 | # can be one of the following: 23 | # - core - limits the core file size (KB) 24 | # - data - max data size (KB) 25 | # - fsize - maximum filesize (KB) 26 | # - memlock - max locked-in-memory address space (KB) 27 | # - nofile - max number of open files 28 | # - rss - max resident set size (KB) 29 | # - stack - max stack size (KB) 30 | # - cpu - max CPU time (MIN) 31 | # - nproc - max number of processes 32 | # - as - address space limit (KB) 33 | # - maxlogins - max number of logins for this user 34 | # - maxsyslogins - max number of logins on the system 35 | # - priority - the priority to run user process with 36 | # - locks - max number of file locks the user can hold 37 | # - sigpending - max number of pending signals 38 | # - msgqueue - max memory used by POSIX message queues (bytes) 39 | # - nice - max nice priority allowed to raise to values: [-20, 19] 40 | # - rtprio - max realtime priority 41 | # - chroot - change root to directory (Debian-specific) 42 | # 43 | # 44 | # 45 | 46 | * soft nofile 4096 47 | * hard nofile 65535 48 | * soft nproc 20000 49 | * hard nproc 20000 50 | #* soft core 0 51 | #root hard core 100000 52 | #* hard rss 10000 53 | #@student hard nproc 20 54 | #@faculty soft nproc 20 55 | #@faculty hard nproc 50 56 | #ftp hard nproc 0 57 | #ftp - chroot /ftp 58 | #@student - maxlogins 4 59 | 60 | # End of file 61 | -------------------------------------------------------------------------------- /modules/apim_common/files/system/etc/sysctl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/sysctl.conf - Configuration file for setting system variables 3 | # See /etc/sysctl.d/ for additional system variables. 4 | # See sysctl.conf (5) for information. 5 | # 6 | 7 | #kernel.domainname = example.com 8 | 9 | # Uncomment the following to stop low-level messages on console 10 | #kernel.printk = 3 4 1 3 11 | 12 | ##############################################################3 13 | # Functions previously found in netbase 14 | # 15 | 16 | # Uncomment the next two lines to enable Spoof protection (reverse-path filter) 17 | # Turn on Source Address Verification in all interfaces to 18 | # prevent some spoofing attacks 19 | #net.ipv4.conf.default.rp_filter=1 20 | #net.ipv4.conf.all.rp_filter=1 21 | 22 | # Uncomment the next line to enable TCP/IP SYN cookies 23 | # See http://lwn.net/Articles/277146/ 24 | # Note: This may impact IPv6 TCP sessions too 25 | #net.ipv4.tcp_syncookies=1 26 | 27 | # Uncomment the next line to enable packet forwarding for IPv4 28 | #net.ipv4.ip_forward=1 29 | 30 | # Uncomment the next line to enable packet forwarding for IPv6 31 | # Enabling this option disables Stateless Address Autoconfiguration 32 | # based on Router Advertisements for this host 33 | #net.ipv6.conf.all.forwarding=1 34 | 35 | net.ipv4.tcp_fin_timeout = 30 36 | fs.file-max = 2097152 37 | net.ipv4.tcp_tw_recycle = 1 38 | net.ipv4.tcp_tw_reuse = 1 39 | net.core.rmem_default = 524288 40 | net.core.wmem_default = 524288 41 | net.core.rmem_max = 67108864 42 | net.core.wmem_max = 67108864 43 | net.ipv4.tcp_rmem = 4096 87380 16777216 44 | net.ipv4.tcp_wmem = 4096 65536 16777216 45 | net.ipv4.ip_local_port_range = 1024 65535 46 | 47 | ################################################################### 48 | # Additional settings - these settings can improve the network 49 | # security of the host and prevent against some network attacks 50 | # including spoofing attacks and man in the middle attacks through 51 | # redirection. Some network environments, however, require that these 52 | # settings are disabled so review and enable them as needed. 53 | # 54 | # Do not accept ICMP redirects (prevent MITM attacks) 55 | #net.ipv4.conf.all.accept_redirects = 0 56 | #net.ipv6.conf.all.accept_redirects = 0 57 | # _or_ 58 | # Accept ICMP redirects only for gateways listed in our default 59 | # gateway list (enabled by default) 60 | # net.ipv4.conf.all.secure_redirects = 1 61 | # 62 | # Do not send ICMP redirects (we are not a router) 63 | #net.ipv4.conf.all.send_redirects = 0 64 | # 65 | # Do not accept IP source route packets (we are not a router) 66 | #net.ipv4.conf.all.accept_source_route = 0 67 | #net.ipv6.conf.all.accept_source_route = 0 68 | # 69 | # Log Martian Packets 70 | #net.ipv4.conf.all.log_martians = 1 71 | # 72 | 73 | ################################################################### 74 | -------------------------------------------------------------------------------- /modules/apim_common/manifests/init.pp: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | class apim_common inherits apim_common::params { 18 | 19 | include '::apim_common::service' 20 | 21 | # Install system packages 22 | package { $packages: 23 | ensure => installed 24 | } 25 | 26 | # Create wso2 group 27 | group { $user_group: 28 | ensure => present, 29 | gid => $user_group_id, 30 | system => true, 31 | } 32 | 33 | # Create wso2 user 34 | user { $user: 35 | ensure => present, 36 | uid => $user_id, 37 | gid => $user_group_id, 38 | home => "/home/${user}", 39 | system => true, 40 | require => Group["${user_group}"] 41 | } 42 | 43 | /* 44 | * System Performance Tuning 45 | */ 46 | if $enable_performance_tuning { 47 | $performance_tuning_flie_list.each | String $file | { 48 | file { "/${file}": 49 | path => "/${file}", 50 | ensure => present, 51 | recurse => remote, 52 | source => "puppet:///modules/${module_name}/system/${file}", 53 | owner => root, 54 | group => root 55 | } 56 | } 57 | } 58 | 59 | /* 60 | * Java Distribution 61 | */ 62 | 63 | # Copy JDK to Java distribution path 64 | if $pack_location == "local" { 65 | file { "jdk-distribution": 66 | path => "${java_home}.tar.gz", 67 | source => "puppet:///modules/${module_name}/jdk/${jdk_name}.tar.gz", 68 | notify => Exec["unpack-jdk"], 69 | } 70 | } 71 | elsif $pack_location == "remote" { 72 | exec { "retrieve-jdk": 73 | command => "wget -q ${remote_jdk} -O ${java_home}.tar.gz", 74 | path => "/usr/bin/", 75 | onlyif => "/usr/bin/test ! -f ${java_home}.tar.gz", 76 | notify => Exec["unpack-jdk"], 77 | } 78 | } 79 | 80 | # Unzip distribution 81 | exec { "unpack-jdk": 82 | command => "tar -zxvf ${java_home}.tar.gz", 83 | path => "/bin/", 84 | cwd => "${java_dir}", 85 | onlyif => "/usr/bin/test ! -d ${java_home}", 86 | } 87 | 88 | # Create symlink to Java binary 89 | file { "${java_symlink}": 90 | ensure => "link", 91 | target => "${java_home}", 92 | require => Exec["unpack-jdk"] 93 | } 94 | 95 | /* 96 | * WSO2 Distribution 97 | */ 98 | 99 | file { ["${product_dir}", "${pack_dir}"]: 100 | ensure => directory, 101 | owner => $user, 102 | group => $user_group, 103 | require => [ User["${user}"], Group["${user_group}"] ] 104 | } 105 | 106 | # Copy binary to distribution path 107 | if $pack_location == "local" { 108 | file { "wso2-binary": 109 | path => "${pack_dir}/${product_binary}", 110 | owner => $user, 111 | group => $user_group, 112 | mode => '0644', 113 | source => "puppet:///modules/${module_name}/packs/${product_binary}", 114 | require => File["${product_dir}", "${pack_dir}"], 115 | notify => [Exec["stop-server"], Exec["unzip-update"]], 116 | } 117 | } 118 | elsif $pack_location == "remote" { 119 | file { "delete-existing-pack": 120 | path => "${pack_dir}/${product_binary}", 121 | ensure => absent, 122 | require => File["${product_dir}", "${pack_dir}"], 123 | } 124 | exec { "retrieve-pack": 125 | command => "wget -q ${remote_pack} -O ${pack_dir}/${product_binary}", 126 | path => "/usr/bin/", 127 | require => File["delete-existing-pack"], 128 | notify => [Exec["stop-server"], Exec["detele-pack"], Exec["unzip-update"]], 129 | } 130 | } 131 | 132 | # Stop the existing setup 133 | exec { "stop-server": 134 | command => "systemctl stop ${wso2_service_name}", 135 | path => [ '/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/' ], 136 | tries => $try_count, 137 | try_sleep => $try_sleep, 138 | onlyif => "/usr/bin/test -f /etc/systemd/system/${wso2_service_name}.service", 139 | } 140 | 141 | # Delete existing setup 142 | exec { "detele-pack": 143 | command => "rm -rf ${carbon_home}", 144 | path => "/bin/", 145 | onlyif => "/usr/bin/test -d ${carbon_home}", 146 | subscribe => Exec["stop-server"], 147 | refreshonly => true, 148 | } 149 | 150 | # Unzip the binary and create setup 151 | exec { "unzip-update": 152 | command => "unzip -o ${product_binary} -d ${product_dir}", 153 | path => "/usr/bin/", 154 | user => $user, 155 | group => $user_group, 156 | cwd => "${pack_dir}", 157 | } 158 | 159 | # Copy the unit file required to deploy the server as a service 160 | file { "/etc/systemd/system/${wso2_service_name}.service": 161 | ensure => present, 162 | owner => root, 163 | group => root, 164 | mode => '0754', 165 | content => template("${module_name}/carbon.service.erb"), 166 | } 167 | 168 | exec { 'systemctl daemon-reload': 169 | path => '/bin/:/sbin/:/usr/bin/:/usr/sbin/', 170 | subscribe => File["/etc/systemd/system/${wso2_service_name}.service"], 171 | refreshonly => true, 172 | } 173 | } 174 | -------------------------------------------------------------------------------- /modules/apim_common/manifests/params.pp: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | class apim_common::params { 18 | 19 | $packages = ["unzip"] 20 | $version = "4.3.0" 21 | 22 | # Set the location the product packages should reside in (eg: "local" in the /files directory, "remote" in a remote location) 23 | $pack_location = "local" 24 | # $pack_location = "remote" 25 | # $remote_jdk = "" 26 | 27 | $user = 'wso2carbon' 28 | $user_group = 'wso2' 29 | $user_id = 802 30 | $user_group_id = 802 31 | 32 | # Performance tuning configurations 33 | $enable_performance_tuning = false 34 | $performance_tuning_flie_list = [ 35 | 'etc/sysctl.conf', 36 | 'etc/security/limits.conf', 37 | ] 38 | 39 | # JDK Distributions 40 | $java_dir = "/opt" 41 | $java_symlink = "${java_dir}/java" 42 | $jdk_name = 'amazon-corretto-17.0.6.10.1-linux-x64' 43 | $java_home = "${java_dir}/${jdk_name}" 44 | 45 | $profile = $profile 46 | $target = "/mnt" 47 | $product_dir = "${target}/${profile}" 48 | $pack_dir = "${target}/${profile}/packs" 49 | $wso2_service_name = "wso2${profile}" 50 | 51 | # ----- Profile configs ----- 52 | case $profile { 53 | 'apim_gateway': { 54 | $pack = "wso2am-${version}" 55 | # $remote_pack = "" 56 | $server_script_path = "${product_dir}/${pack}/bin/api-manager.sh" 57 | $pid_file_path = "${product_dir}/${pack}/wso2carbon.pid" 58 | $optimize_params = "-Dprofile=gateway-worker" 59 | } 60 | 'apim_control_plane': { 61 | $pack = "wso2am-${version}" 62 | # $remote_pack = "" 63 | $server_script_path = "${product_dir}/${pack}/bin/api-manager.sh" 64 | $pid_file_path = "${product_dir}/${pack}/wso2carbon.pid" 65 | $optimize_params = "-Dprofile=control-plane" 66 | } 67 | 'apim_tm': { 68 | $pack = "wso2am-${version}" 69 | # $remote_pack = "" 70 | $server_script_path = "${product_dir}/${pack}/bin/api-manager.sh" 71 | $pid_file_path = "${product_dir}/${pack}/wso2carbon.pid" 72 | $optimize_params = "-Dprofile=traffic-manager" 73 | } 74 | default: { 75 | $pack = "wso2am-${version}" 76 | # $remote_pack = "" 77 | $server_script_path = "${product_dir}/${pack}/bin/api-manager.sh" 78 | $pid_file_path = "${product_dir}/${pack}/wso2carbon.pid" 79 | $optimize_params = "" 80 | } 81 | } 82 | 83 | # Pack Directories 84 | $carbon_home = "${product_dir}/${pack}" 85 | $product_binary = "${pack}.zip" 86 | 87 | # Server stop retry configs 88 | $try_count = 5 89 | $try_sleep = 5 90 | 91 | # ----- api-manager.xml config params ----- 92 | $analytics_enabled = 'false' 93 | $analytics_config_endpoint = 'https://localhost:8080/auth/v1' 94 | $analytics_auth_token = '' 95 | 96 | $ai_enabled = 'true' 97 | $ai_endpoint = '' 98 | $ai_token = '' 99 | 100 | $throttle_decision_endpoints = '"tcp://tm1.local:5672","tcp://tm2.local:5672"' 101 | $throttling_url_group = [ 102 | { 103 | traffic_manager_urls => '"tcp://tm1.local:9611"', 104 | traffic_manager_auth_urls => '"ssl://tm1.local:9711"' 105 | }, 106 | { 107 | traffic_manager_urls => '"tcp://tm2.local:9611"', 108 | traffic_manager_auth_urls => '"ssl://tm2.local:9711"' 109 | } 110 | ] 111 | 112 | $gateway_environments = [ 113 | { 114 | type => 'hybrid', 115 | name => 'Default', 116 | gateway_type => 'Regular', 117 | provider => 'wso2', 118 | description => 'This is a hybrid gateway that handles both production and sandbox token traffic.', 119 | server_url => 'https://localhost:${mgt.transport.https.port}${carbon.context}services/', 120 | ws_endpoint => 'ws://localhost:9099', 121 | wss_endpoint => 'wss://localhost:8099', 122 | http_endpoint => 'http://localhost:8280', 123 | https_endpoint => 'https://localhost:8243', 124 | websub_event_receiver_http_endpoint => 'http://localhost:9021', 125 | websub_event_receiver_https_endpoint => 'https://localhost:8021' 126 | } 127 | ] 128 | 129 | $gateway_labels = ["Default"] 130 | 131 | $key_manager_server_url = 'https://localhost:${mgt.transport.https.port}${carbon.context}services/' 132 | $key_validator_thrift_server_host = 'localhost' 133 | 134 | $api_devportal_url = 'https://localhost:${mgt.transport.https.port}/devportal' 135 | $throttle_service_url = 'https://localhost:${mgt.transport.https.port}${carbon.context}services/' 136 | 137 | $traffic_manager_receiver_url = 'tcp://${carbon.local.ip}:${receiver.url.port}' 138 | $traffic_manager_auth_url = 'ssl://${carbon.local.ip}:${auth.url.port}' 139 | 140 | # ----- Master-datasources config params ----- 141 | 142 | $wso2am_db_url = 'jdbc:h2:./repository/database/WSO2AM_DB;DB_CLOSE_ON_EXIT=FALSE' 143 | $wso2am_db_username = 'wso2carbon' 144 | $wso2am_db_password = 'wso2carbon' 145 | $wso2am_db_type = 'h2' 146 | $wso2am_db_validation_query = 'SELECT 1' 147 | 148 | $wso2shared_db_url = 'jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE' 149 | $wso2shared_db_username = 'wso2carbon' 150 | $wso2shared_db_password = 'wso2carbon' 151 | $wso2shared_db_type = 'h2' 152 | $wso2shared_db_validation_query = 'SELECT 1' 153 | 154 | # ----- Carbon.xml config params ----- 155 | $ports_offset = 0 156 | 157 | $key_store_location = 'wso2carbon.jks' 158 | $analytics_key_store_location = '${sys:carbon.home}/resources/security/wso2carbon.jks' 159 | $key_store_password = 'wso2carbon' 160 | $key_store_key_alias = 'wso2carbon' 161 | $key_store_key_password = 'wso2carbon' 162 | 163 | $internal_keystore_location = 'wso2carbon.jks' 164 | $internal_keystore_password = 'wso2carbon' 165 | $internal_keystore_key_alias = 'wso2carbon' 166 | $internal_keystore_key_password = 'wso2carbon' 167 | 168 | $trust_store_location = 'client-truststore.jks' 169 | $analytics_trust_store_location = '${sys:carbon.home}/resources/security/client-truststore.jks' 170 | $trust_store_password = 'wso2carbon' 171 | 172 | # ----- user-mgt.xml config params ----- 173 | $admin_username = 'admin' 174 | $admin_password = 'admin' 175 | 176 | $event_listener_notification_endpoint = 'https://localhost:${mgt.transport.https.port}/internal/data/v1/notify' 177 | 178 | $token_exchange_enable = true 179 | $token_exchange_allow_refresh_tokens = true 180 | $token_exchange_iat_validity_period = '1h' 181 | 182 | } 183 | -------------------------------------------------------------------------------- /modules/apim_common/manifests/service.pp: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------------- 2 | # Copyright (c) 2019 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | #---------------------------------------------------------------------------- 16 | 17 | class apim_common::service inherits apim_common::params { 18 | 19 | service { "${wso2_service_name}": 20 | enable => true, 21 | ensure => running, 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /modules/apim_common/templates/carbon.service.erb: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=WSO2 API Manager: <% @profile %> 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart=/bin/sh <%= @server_script_path %> <%= @optimize_params %> start 7 | ExecStop=/bin/sh <%= @server_script_path %> stop 8 | ExecReload=/bin/sh <%= @server_script_path %> restart 9 | PIDFile=<%= @pid_file_path %> 10 | User=<%= @user %> 11 | Group=<%= @user_group %> 12 | Type=forking 13 | Restart=on-failure 14 | RestartSec=5 15 | StartLimitInterval=60s 16 | StartLimitBurst=3 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /modules/apim_control_plane/files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_control_plane/files/.gitkeep -------------------------------------------------------------------------------- /modules/apim_control_plane/manifests/custom.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_control_plane::custom 18 | # This class is reserved to run custom user code before starting the server. 19 | class apim_control_plane::custom { 20 | # resources 21 | } 22 | -------------------------------------------------------------------------------- /modules/apim_control_plane/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_control_plane 18 | # Init class of API Manager - API Control Plane profile 19 | class apim_control_plane inherits apim_control_plane::params { 20 | 21 | include apim_common 22 | 23 | # Optimize for profile 24 | exec { "optimize-profile": 25 | command => "/bin/sh ${carbon_home}/bin/profileSetup.sh -Dprofile=control-plane", 26 | } 27 | 28 | # Copy configuration changes to the installed directory 29 | $template_list.each |String $template| { 30 | file { "${carbon_home}/${template}": 31 | ensure => file, 32 | mode => '0644', 33 | content => template("${module_name}/carbon-home/${template}.erb"), 34 | notify => Service["${wso2_service_name}"], 35 | require => Class["apim_common"] 36 | } 37 | } 38 | 39 | # Copy files to carbon home directory 40 | $file_list.each | String $file | { 41 | file { "${carbon_home}/${file}": 42 | ensure => present, 43 | owner => $user, 44 | recurse => remote, 45 | group => $user_group, 46 | mode => '0755', 47 | source => "puppet:///modules/${module_name}/${file}", 48 | notify => Service["${wso2_service_name}"], 49 | require => Class["apim_common"] 50 | } 51 | } 52 | 53 | # Delete files to carbon home directory 54 | $file_removelist.each | String $removefile | { 55 | file { "${carbon_home}/${removefile}": 56 | ensure => absent, 57 | owner => $user, 58 | group => $user_group, 59 | notify => Service["${wso2_service_name}"], 60 | require => Class["apim_common"] 61 | } 62 | } 63 | 64 | # Copy api-manager.sh to installed directory 65 | file { "${carbon_home}/${start_script_template}": 66 | ensure => file, 67 | owner => $user, 68 | group => $user_group, 69 | mode => '0754', 70 | content => template("${module_name}/carbon-home/${start_script_template}.erb"), 71 | notify => Service["${wso2_service_name}"], 72 | require => Class["apim_common"] 73 | } 74 | 75 | /* 76 | Following script can be used to copy file to a given location. 77 | This will copy some_file to install_path -> repository. 78 | Note: Ensure that file is available in modules -> apim_control_plane -> files 79 | */ 80 | # file { "${install_path}/repository/some_file": 81 | # owner => $user, 82 | # group => $user_group, 83 | # mode => '0644', 84 | # source => "puppet:///modules/${module_name}/some_file", 85 | # } 86 | } 87 | -------------------------------------------------------------------------------- /modules/apim_control_plane/manifests/params.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class apim_control_plane::params 18 | # This class includes all the necessary parameters. 19 | class apim_control_plane::params inherits apim_common::params { 20 | 21 | $start_script_template = 'bin/api-manager.sh' 22 | $jvmxms = '256m' 23 | $jvmxmx = '1024m' 24 | 25 | $template_list = [ 26 | 'repository/conf/deployment.toml', 27 | ] 28 | 29 | # Define file list 30 | $file_list = [] 31 | 32 | # Define remove file list 33 | $file_removelist = [] 34 | 35 | # ----- Carbon.xml config params ----- 36 | $ports_offset = 0 37 | /* 38 | Host name or IP address of the machine hosting this server 39 | e.g. www.wso2.org, 192.168.1.10 40 | This is will become part of the End Point Reference of the 41 | services deployed on this server instance. 42 | */ 43 | $hostname = 'localhost' 44 | } 45 | -------------------------------------------------------------------------------- /modules/apim_control_plane/templates/carbon-home/bin/api-manager.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2005-2021 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # ---------------------------------------------------------------------------- 18 | # Main Script for the WSO2 Carbon Server 19 | # 20 | # Environment Variable Prerequisites 21 | # 22 | # CARBON_HOME Home of WSO2 Carbon installation. If not set I will try 23 | # to figure it out. 24 | # 25 | # JAVA_HOME Must point at your Java Development Kit installation. 26 | # 27 | # JAVA_OPTS (Optional) Java runtime options used when the commands 28 | # is executed. 29 | # 30 | # NOTE: Borrowed generously from Apache Tomcat startup scripts. 31 | # ----------------------------------------------------------------------------- 32 | 33 | # OS specific support. $var _must_ be set to either true or false. 34 | #ulimit -n 100000 35 | 36 | export JAVA_HOME="<%= @java_symlink %>" 37 | cygwin=false; 38 | darwin=false; 39 | os400=false; 40 | mingw=false; 41 | case "`uname`" in 42 | CYGWIN*) cygwin=true;; 43 | MINGW*) mingw=true;; 44 | OS400*) os400=true;; 45 | Darwin*) darwin=true 46 | if [ -z "$JAVA_VERSION" ] ; then 47 | JAVA_VERSION="CurrentJDK" 48 | else 49 | echo "Using Java version: $JAVA_VERSION" 50 | fi 51 | if [ -z "$JAVA_HOME" ] ; then 52 | JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home 53 | fi 54 | ;; 55 | esac 56 | 57 | # resolve links - $0 may be a softlink 58 | PRG="$0" 59 | 60 | while [ -h "$PRG" ]; do 61 | ls=`ls -ld "$PRG"` 62 | link=`expr "$ls" : '.*-> \(.*\)$'` 63 | if expr "$link" : '.*/.*' > /dev/null; then 64 | PRG="$link" 65 | else 66 | PRG=`dirname "$PRG"`/"$link" 67 | fi 68 | done 69 | 70 | # Get standard environment variables 71 | PRGDIR=`dirname "$PRG"` 72 | 73 | # Only set CARBON_HOME if not already set 74 | [ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` 75 | 76 | # Set AXIS2_HOME. Needed for One Click JAR Download 77 | AXIS2_HOME="$CARBON_HOME" 78 | 79 | # For Cygwin, ensure paths are in UNIX format before anything is touched 80 | if $cygwin; then 81 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 82 | [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 83 | [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 84 | fi 85 | 86 | # For OS400 87 | if $os400; then 88 | # Set job priority to standard for interactive (interactive - 6) by using 89 | # the interactive priority - 6, the helper threads that respond to requests 90 | # will be running at the same priority as interactive jobs. 91 | COMMAND='chgjob job('$JOBNAME') runpty(6)' 92 | system $COMMAND 93 | 94 | # Enable multi threading 95 | QIBM_MULTI_THREADED=Y 96 | export QIBM_MULTI_THREADED 97 | fi 98 | 99 | # For Migwn, ensure paths are in UNIX format before anything is touched 100 | if $mingw ; then 101 | [ -n "$CARBON_HOME" ] && 102 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 103 | [ -n "$JAVA_HOME" ] && 104 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 105 | [ -n "$AXIS2_HOME" ] && 106 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 107 | # TODO classpath? 108 | fi 109 | 110 | if [ -z "$JAVACMD" ] ; then 111 | if [ -n "$JAVA_HOME" ] ; then 112 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 113 | # IBM's JDK on AIX uses strange locations for the executables 114 | JAVACMD="$JAVA_HOME/jre/sh/java" 115 | else 116 | JAVACMD="$JAVA_HOME/bin/java" 117 | fi 118 | else 119 | JAVACMD=java 120 | fi 121 | fi 122 | 123 | if [ ! -x "$JAVACMD" ] ; then 124 | echo "Error: JAVA_HOME is not defined correctly." 125 | echo " CARBON cannot execute $JAVACMD" 126 | exit 1 127 | fi 128 | 129 | # if JAVA_HOME is not set we're not happy 130 | if [ -z "$JAVA_HOME" ]; then 131 | echo "You must set the JAVA_HOME variable before running CARBON." 132 | exit 1 133 | fi 134 | 135 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 136 | PID=`cat "$CARBON_HOME"/wso2carbon.pid` 137 | fi 138 | 139 | # ----- Process the input command ---------------------------------------------- 140 | args="" 141 | for c in $* 142 | do 143 | if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then 144 | CMD="--debug" 145 | continue 146 | elif [ "$CMD" = "--debug" ]; then 147 | if [ -z "$PORT" ]; then 148 | PORT=$c 149 | fi 150 | elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then 151 | CMD="stop" 152 | elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then 153 | CMD="start" 154 | elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then 155 | CMD="version" 156 | elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then 157 | CMD="restart" 158 | elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then 159 | CMD="test" 160 | elif [ "$c" = "--optimize" ] || [ "$c" = "-optimize" ] || [ "$c" = "optimize" ]; then 161 | for option in $*; do 162 | if [ "$option" = "--skipConfigOptimization" ] || [ "$option" = "-skipConfigOptimization" ] || 163 | [ "$option" = "skipConfigOptimization" ]; then 164 | passedSkipConfigOptimizationOption=true 165 | echo "Passed skipConfigOptimization Option: $passedSkipConfigOptimizationOption" 166 | fi 167 | done 168 | 169 | for profile in $*; do 170 | case "$profile" in 171 | *Dprofile=*) 172 | cd $(dirname "$0") 173 | if [ "$passedSkipConfigOptimizationOption" = true ]; then 174 | sh profileSetup.sh $profile --skipConfigOptimization 175 | else 176 | sh profileSetup.sh $profile 177 | fi 178 | echo "Starting the server..." 179 | ;; 180 | esac 181 | done 182 | else 183 | args="$args $c" 184 | fi 185 | done 186 | 187 | if [ "$CMD" = "--debug" ]; then 188 | if [ "$PORT" = "" ]; then 189 | echo " Please specify the debug port after the --debug option" 190 | exit 1 191 | fi 192 | if [ -n "$JAVA_OPTS" ]; then 193 | echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." 194 | fi 195 | CMD="RUN" 196 | JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" 197 | echo "Please start the remote debugging client to continue..." 198 | elif [ "$CMD" = "start" ]; then 199 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 200 | if ps -p $PID > /dev/null ; then 201 | echo "Process is already running" 202 | exit 0 203 | fi 204 | fi 205 | export CARBON_HOME="$CARBON_HOME" 206 | # using nohup sh to avoid erros in solaris OS.TODO 207 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 208 | exit 0 209 | elif [ "$CMD" = "stop" ]; then 210 | export CARBON_HOME="$CARBON_HOME" 211 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 212 | exit 0 213 | elif [ "$CMD" = "restart" ]; then 214 | export CARBON_HOME="$CARBON_HOME" 215 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 216 | process_status=0 217 | pid=`cat "$CARBON_HOME"/wso2carbon.pid` 218 | while [ "$process_status" -eq "0" ] 219 | do 220 | sleep 1; 221 | ps -p$pid 2>&1 > /dev/null 222 | process_status=$? 223 | done 224 | 225 | # using nohup sh to avoid erros in solaris OS.TODO 226 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 227 | exit 0 228 | elif [ "$CMD" = "test" ]; then 229 | JAVACMD="exec "$JAVACMD"" 230 | elif [ "$CMD" = "version" ]; then 231 | cat "$CARBON_HOME"/bin/version.txt 232 | cat "$CARBON_HOME"/bin/wso2carbon-version.txt 233 | exit 0 234 | fi 235 | 236 | # ---------- Handle the SSL Issue with proper JDK version -------------------- 237 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 238 | java_version_formatted=$(echo "$java_version" | awk -F. '{printf("%02d%02d",$1,$2);}') 239 | if [ $java_version_formatted -lt 1100 ] || [ $java_version_formatted -gt 2100 ]; then 240 | echo " Starting WSO2 Carbon (in unsupported JDK)" 241 | echo " [ERROR] CARBON is supported only between JDK 11 and JDK 21" 242 | fi 243 | 244 | CARBON_XBOOTCLASSPATH="" 245 | for f in "$CARBON_HOME"/lib/xboot/*.jar 246 | do 247 | if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then 248 | CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f 249 | fi 250 | done 251 | 252 | 253 | CARBON_CLASSPATH="" 254 | if [ -e "$JAVA_HOME/lib/tools.jar" ]; then 255 | CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" 256 | fi 257 | for f in "$CARBON_HOME"/bin/*.jar 258 | do 259 | if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then 260 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$f 261 | fi 262 | done 263 | for t in "$CARBON_HOME"/lib/*.jar 264 | do 265 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 266 | done 267 | for t in "$CARBON_HOME"/lib/endorsed/*.jar 268 | do 269 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 270 | done 271 | 272 | 273 | 274 | # For Cygwin, switch paths to Windows format before running java 275 | if $cygwin; then 276 | JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` 277 | CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 278 | AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 279 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 280 | CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` 281 | CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` 282 | fi 283 | 284 | # ----- Execute The Requested Command ----------------------------------------- 285 | 286 | echo JAVA_HOME environment variable is set to $JAVA_HOME 287 | echo CARBON_HOME environment variable is set to "$CARBON_HOME" 288 | 289 | cd "$CARBON_HOME" 290 | 291 | TMP_DIR="$CARBON_HOME"/tmp 292 | if [ -d "$TMP_DIR" ]; then 293 | rm -rf "$TMP_DIR"/* 294 | fi 295 | 296 | START_EXIT_STATUS=121 297 | status=$START_EXIT_STATUS 298 | 299 | if [ -z "$JVM_MEM_OPTS" ]; then 300 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 301 | JVM_MEM_OPTS="-Xms<%=@jvmxms%> -Xmx<%=@jvmxmx%>" 302 | if [ "$java_version" \< "1.8" ]; then 303 | JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=<%=@jvmxmx%>" 304 | fi 305 | fi 306 | echo "Using Java memory options: $JVM_MEM_OPTS" 307 | 308 | #To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. 309 | # -Djava.rmi.server.hostname="your.IP.goes.here" 310 | 311 | JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED " 312 | 313 | if [ $java_version_formatted -ge 1700 ]; then 314 | JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED" 315 | fi 316 | 317 | # start diagnostic tool in background in diagnostic-tool/bin/diagnostic 318 | "$CARBON_HOME"/diagnostics-tool/bin/diagnostics.sh & 319 | diagnostic_tool_pid=$! 320 | 321 | # trap signals so we can shutdown the diagnostic tool 322 | cleanup() { 323 | kill "$diagnostic_tool_pid" 324 | } 325 | trap 'cleanup' EXIT INT 326 | 327 | while [ "$status" = "$START_EXIT_STATUS" ] 328 | do 329 | $JAVACMD \ 330 | -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ 331 | $JVM_MEM_OPTS \ 332 | -XX:+HeapDumpOnOutOfMemoryError \ 333 | -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ 334 | $JAVA_OPTS \ 335 | -Dcom.sun.management.jmxremote \ 336 | -classpath "$CARBON_CLASSPATH" \ 337 | $JAVA_VER_BASED_OPTS \ 338 | -Djava.io.tmpdir="$CARBON_HOME/tmp" \ 339 | -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ 340 | -Dwso2.server.standalone=true \ 341 | -Dcarbon.registry.root=/ \ 342 | -Djava.command="$JAVACMD" \ 343 | -Dcarbon.home="$CARBON_HOME" \ 344 | -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ 345 | -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ 346 | -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ 347 | -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ 348 | -Dconf.location="$CARBON_HOME/repository/conf"\ 349 | -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ 350 | -Dcom.atomikos.icatch.hide_init_file_path=true \ 351 | -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ 352 | -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ 353 | -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ 354 | -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ 355 | -Dorg.terracotta.quartz.skipUpdateCheck=true \ 356 | -Djava.security.egd=file:/dev/./urandom \ 357 | -Dfile.encoding=UTF8 \ 358 | -Djava.net.preferIPv4Stack=true \ 359 | -Dcom.ibm.cacheLocalHost=true \ 360 | -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \ 361 | -Dhttpclient.hostnameVerifier=AllowAll \ 362 | -DworkerNode=false \ 363 | -DenableCorrelationLogs=false \ 364 | -Dcarbon.new.config.dir.path="$CARBON_HOME/repository/resources/conf" \ 365 | -Djavax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom=net.sf.saxon.xpath.XPathFactoryImpl \ 366 | -Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector \ 367 | -Dorg.ops4j.pax.logging.logReaderEnabled=false \ 368 | -Dorg.ops4j.pax.logging.eventAdminEnabled=false \ 369 | -Djdk.util.zip.disableZip64ExtraFieldValidation=true \ 370 | -Djdk.nio.zipfs.allowDotZipEntry=true \ 371 | org.wso2.carbon.bootstrap.Bootstrap $* 372 | status=$? 373 | done 374 | -------------------------------------------------------------------------------- /modules/apim_control_plane/templates/carbon-home/repository/conf/deployment.toml.erb: -------------------------------------------------------------------------------- 1 | [server] 2 | hostname = "<%= @hostname %>" 3 | base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" 4 | #discard_empty_caches = false 5 | server_role = "control-plane" 6 | offset = "<%= @ports_offset %>" 7 | 8 | [super_admin] 9 | username = "<%= @admin_username %>" 10 | password = "<%= @admin_password %>" 11 | create_admin_account = true 12 | 13 | [user_store] 14 | type = "database_unique_id" 15 | 16 | [database.apim_db] 17 | type = "<%= @wso2am_db_type %>" 18 | url = "<%= @wso2am_db_url %>" 19 | username = "<%= @wso2am_db_username %>" 20 | password = "<%= @wso2am_db_password %>" 21 | 22 | [database.apim_db.pool_options] 23 | validationQuery = "<%= @wso2am_db_validation_query %>" 24 | 25 | [database.shared_db] 26 | type = "<%= @wso2shared_db_type %>" 27 | url = "<%= @wso2shared_db_url %>" 28 | username = "<%= @wso2shared_db_username %>" 29 | password = "<%= @wso2shared_db_password %>" 30 | 31 | [database.shared_db.pool_options] 32 | validationQuery = "<%= @wso2shared_db_validation_query %>" 33 | 34 | [keystore.tls] 35 | file_name = "<%= @key_store_location %>" 36 | type = "JKS" 37 | password = "<%= @key_store_password %>" 38 | alias = "<%= @key_store_key_alias %>" 39 | key_password = "<%= @key_store_key_password %>" 40 | 41 | #[keystore.primary] 42 | #file_name = "wso2carbon.jks" 43 | #type = "JKS" 44 | #password = "wso2carbon" 45 | #alias = "wso2carbon" 46 | #key_password = "wso2carbon" 47 | 48 | #[keystore.internal] 49 | #file_name = "wso2carbon.jks" 50 | #type = "JKS" 51 | #password = "wso2carbon" 52 | #alias = "wso2carbon" 53 | #key_password = "wso2carbon" 54 | 55 | <% @gateway_environments.each do |environment| %> 56 | [[apim.gateway.environment]] 57 | name = "<%= environment['name'] %>" 58 | type = "<%= environment['type'] %>" 59 | gateway_type = "<%= environment['gateway_type'] %>" 60 | provider = "<%= environment['provider'] %>" 61 | display_in_api_console = true 62 | description = "<%= environment['description'] %>" 63 | show_as_token_endpoint_url = true 64 | service_url = "<%= environment['server_url'] %>" 65 | username= "${admin.username}" 66 | password= "${admin.password}" 67 | ws_endpoint = "<%= environment['ws_endpoint'] %>" 68 | wss_endpoint = "<%= environment['wss_endpoint'] %>" 69 | http_endpoint = "<%= environment['http_endpoint'] %>" 70 | https_endpoint = "<%= environment['https_endpoint'] %>" 71 | websub_event_receiver_http_endpoint = "<%= environment['websub_event_receiver_http_endpoint'] %>" 72 | websub_event_receiver_https_endpoint = "<%= environment['websub_event_receiver_https_endpoint'] %>" 73 | <% end %> 74 | 75 | 76 | #[apim.cache.gateway_token] 77 | #enable = true 78 | #expiry_time = "900s" 79 | 80 | #[apim.cache.resource] 81 | #enable = true 82 | #expiry_time = "900s" 83 | 84 | #[apim.cache.km_token] 85 | #enable = false 86 | #expiry_time = "15m" 87 | 88 | #[apim.cache.recent_apis] 89 | #enable = false 90 | 91 | #[apim.cache.scopes] 92 | #enable = true 93 | 94 | #[apim.cache.publisher_roles] 95 | #enable = true 96 | 97 | #[apim.cache.jwt_claim] 98 | #enable = true 99 | #expiry_time = "15m" 100 | 101 | #[apim.cache.tags] 102 | #expiry_time = "2m" 103 | 104 | [apim.ai] 105 | enable = <%= @ai_enabled %> 106 | token = <%= @ai_token %> 107 | endpoint = <%= @ai_endpoint %> 108 | 109 | #[apim.key_manager] 110 | #service_url = "https://localhost:${mgt.transport.https.port}/services/" 111 | #username = "$ref{super_admin.username}" 112 | #password = "$ref{super_admin.password}" 113 | #pool.init_idle_capacity = 50 114 | #pool.max_idle = 100 115 | #key_validation_handler_type = "default" 116 | #key_validation_handler_type = "custom" 117 | #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" 118 | 119 | #[apim.oauth_config] 120 | #enable_outbound_auth_header = false 121 | #auth_header = "Authorization" 122 | #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" 123 | #enable_token_encryption = false 124 | #enable_token_hashing = false 125 | 126 | #[apim.devportal] 127 | #url = "https://localhost:${mgt.transport.https.port}/devportal" 128 | #enable_application_sharing = false 129 | #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl 130 | #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api 131 | #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" 132 | #display_multiple_versions = false 133 | #display_deprecated_apis = false 134 | #enable_comments = true 135 | #enable_ratings = true 136 | #enable_forum = true 137 | #enable_anonymous_mode=true 138 | #enable_cross_tenant_subscriptions = true 139 | #default_reserved_username = "apim_reserved_user" 140 | 141 | [apim.cors] 142 | allow_origins = "*" 143 | allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] 144 | allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] 145 | allow_credentials = false 146 | 147 | [apim.throttling] 148 | service_url = "<%= @throttle_service_url %>" 149 | #enable_data_publishing = true 150 | #enable_policy_deploy = true 151 | #enable_blacklist_condition = true 152 | #enable_persistence = true 153 | throttle_decision_endpoints = [ <%= @throttle_decision_endpoints %> ] 154 | 155 | <% @throttling_url_group.each do |url_group| %> 156 | [[apim.throttling.url_group]] 157 | traffic_manager_urls=[<%= url_group['traffic_manager_urls'] %>] 158 | traffic_manager_auth_urls=[<%= url_group['traffic_manager_auth_urls'] %>] 159 | type = "loadbalance" 160 | <% end %> 161 | 162 | #[apim.workflow] 163 | #enable = false 164 | #service_url = "https://localhost:9445/bpmn" 165 | #username = "$ref{super_admin.username}" 166 | #password = "$ref{super_admin.password}" 167 | #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" 168 | #token_endpoint = "https://localhost:${https.nio.port}/token" 169 | #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" 170 | #client_registration_username = "$ref{super_admin.username}" 171 | #client_registration_password = "$ref{super_admin.password}" 172 | 173 | #data bridge config 174 | #[transport.receiver] 175 | #type = "binary" 176 | #worker_threads = 10 177 | #session_timeout = "30m" 178 | #keystore.file_name = "$ref{keystore.tls.file_name}" 179 | #keystore.password = "$ref{keystore.tls.password}" 180 | #tcp_port = 9611 181 | #ssl_port = 9711 182 | #ssl_receiver_thread_pool_size = 100 183 | #tcp_receiver_thread_pool_size = 100 184 | #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] 185 | #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] 186 | 187 | #[apim.notification] 188 | #from_address = "APIM.com" 189 | #username = "APIM" 190 | #password = "APIM+123" 191 | #hostname = "localhost" 192 | #port = 3025 193 | #enable_start_tls = false 194 | #enable_authentication = true 195 | 196 | #[apim.token.revocation] 197 | #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" 198 | #enable_realtime_notifier = true 199 | #realtime_notifier.ttl = 5000 200 | #enable_persistent_notifier = true 201 | #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" 202 | #persistent_notifier.ttl = 5000 203 | #persistent_notifier.username = "root" 204 | #persistent_notifier.password = "root" 205 | 206 | [[event_handler]] 207 | name="userPostSelfRegistration" 208 | subscriptions=["POST_ADD_USER"] 209 | 210 | [service_provider] 211 | sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" 212 | 213 | [database.local] 214 | url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" 215 | 216 | [[event_listener]] 217 | id = "token_revocation" 218 | type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" 219 | name = "org.wso2.is.notification.ApimOauthEventInterceptor" 220 | order = 1 221 | [event_listener.properties] 222 | notification_endpoint = "<%= @event_listener_notification_endpoint %>" 223 | username = "${admin.username}" 224 | password = "${admin.password}" 225 | 'header.X-WSO2-KEY-MANAGER' = "default" 226 | -------------------------------------------------------------------------------- /modules/apim_gateway/files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_gateway/files/.gitkeep -------------------------------------------------------------------------------- /modules/apim_gateway/manifests/custom.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2018 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_gateway::custom 18 | # This class is reserved to run custom user code before starting the server. 19 | class apim_gateway::custom { 20 | # resources 21 | } 22 | -------------------------------------------------------------------------------- /modules/apim_gateway/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_gateway 18 | # Init class of API Manager gateway profile 19 | class apim_gateway inherits apim_gateway::params { 20 | 21 | include apim_common 22 | 23 | # Optimize for profile 24 | exec { "optimize-profile": 25 | command => "/bin/sh ${carbon_home}/bin/profileSetup.sh -Dprofile=gateway-worker", 26 | } 27 | 28 | # Copy configuration changes to the installed directory 29 | $template_list.each |String $template| { 30 | file { "${carbon_home}/${template}": 31 | ensure => file, 32 | mode => '0644', 33 | content => template("${module_name}/carbon-home/${template}.erb"), 34 | notify => Service["${wso2_service_name}"], 35 | require => Class["apim_common"] 36 | } 37 | } 38 | 39 | # Copy files to carbon home directory 40 | $file_list.each | String $file | { 41 | file { "${carbon_home}/${file}": 42 | ensure => present, 43 | owner => $user, 44 | recurse => remote, 45 | group => $user_group, 46 | mode => '0755', 47 | source => "puppet:///modules/${module_name}/${file}", 48 | notify => Service["${wso2_service_name}"], 49 | require => Class["apim_common"] 50 | } 51 | } 52 | 53 | # Delete files to carbon home directory 54 | $file_removelist.each | String $removefile | { 55 | file { "${carbon_home}/${removefile}": 56 | ensure => absent, 57 | owner => $user, 58 | group => $user_group, 59 | notify => Service["${wso2_service_name}"], 60 | require => Class["apim_common"] 61 | } 62 | } 63 | 64 | # Copy api-manager.sh to installed directory 65 | file { "${carbon_home}/${start_script_template}": 66 | ensure => file, 67 | owner => $user, 68 | group => $user_group, 69 | mode => '0754', 70 | content => template("${module_name}/carbon-home/${start_script_template}.erb"), 71 | notify => Service["${wso2_service_name}"], 72 | require => Class["apim_common"] 73 | } 74 | 75 | /* 76 | Following script can be used to copy file to a given location. 77 | This will copy some_file to install_path -> repository. 78 | Note: Ensure that file is available in modules -> apim_gateway -> files 79 | */ 80 | # file { "${install_path}/repository/some_file": 81 | # owner => $user, 82 | # group => $user_group, 83 | # mode => '0644', 84 | # source => "puppet:///modules/${module_name}/some_file", 85 | # } 86 | } 87 | -------------------------------------------------------------------------------- /modules/apim_gateway/manifests/params.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class apim_gateway::params 18 | # This class includes all the necessary parameters. 19 | class apim_gateway::params inherits apim_common::params { 20 | 21 | $start_script_template = 'bin/api-manager.sh' 22 | $jvmxms = '256m' 23 | $jvmxmx = '1024m' 24 | 25 | $template_list = [ 26 | 'repository/conf/deployment.toml', 27 | ] 28 | 29 | # Define file list 30 | $file_list = [] 31 | 32 | # Define remove file list 33 | $file_removelist = [] 34 | 35 | # ----- Carbon.xml config params ----- 36 | $ports_offset = 0 37 | /* 38 | Host name or IP address of the machine hosting this server 39 | e.g. www.wso2.org, 192.168.1.10 40 | This is will become part of the End Point Reference of the 41 | services deployed on this server instance. 42 | */ 43 | $hostname = 'localhost' 44 | 45 | # ----- api-manager.xml config params ----- 46 | $jms_conn_factory = 'amqp://${admin.username}:${admin.password}@clientid/carbon?brokerlist=\'tcp://${carbon.local.ip}:${jms.port}\'' 47 | } 48 | -------------------------------------------------------------------------------- /modules/apim_gateway/templates/carbon-home/bin/api-manager.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2005-2021 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # ---------------------------------------------------------------------------- 18 | # Main Script for the WSO2 Carbon Server 19 | # 20 | # Environment Variable Prerequisites 21 | # 22 | # CARBON_HOME Home of WSO2 Carbon installation. If not set I will try 23 | # to figure it out. 24 | # 25 | # JAVA_HOME Must point at your Java Development Kit installation. 26 | # 27 | # JAVA_OPTS (Optional) Java runtime options used when the commands 28 | # is executed. 29 | # 30 | # NOTE: Borrowed generously from Apache Tomcat startup scripts. 31 | # ----------------------------------------------------------------------------- 32 | 33 | # OS specific support. $var _must_ be set to either true or false. 34 | #ulimit -n 100000 35 | 36 | export JAVA_HOME="<%= @java_symlink %>" 37 | cygwin=false; 38 | darwin=false; 39 | os400=false; 40 | mingw=false; 41 | case "`uname`" in 42 | CYGWIN*) cygwin=true;; 43 | MINGW*) mingw=true;; 44 | OS400*) os400=true;; 45 | Darwin*) darwin=true 46 | if [ -z "$JAVA_VERSION" ] ; then 47 | JAVA_VERSION="CurrentJDK" 48 | else 49 | echo "Using Java version: $JAVA_VERSION" 50 | fi 51 | if [ -z "$JAVA_HOME" ] ; then 52 | JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home 53 | fi 54 | ;; 55 | esac 56 | 57 | # resolve links - $0 may be a softlink 58 | PRG="$0" 59 | 60 | while [ -h "$PRG" ]; do 61 | ls=`ls -ld "$PRG"` 62 | link=`expr "$ls" : '.*-> \(.*\)$'` 63 | if expr "$link" : '.*/.*' > /dev/null; then 64 | PRG="$link" 65 | else 66 | PRG=`dirname "$PRG"`/"$link" 67 | fi 68 | done 69 | 70 | # Get standard environment variables 71 | PRGDIR=`dirname "$PRG"` 72 | 73 | # Only set CARBON_HOME if not already set 74 | [ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` 75 | 76 | # Set AXIS2_HOME. Needed for One Click JAR Download 77 | AXIS2_HOME="$CARBON_HOME" 78 | 79 | # For Cygwin, ensure paths are in UNIX format before anything is touched 80 | if $cygwin; then 81 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 82 | [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 83 | [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 84 | fi 85 | 86 | # For OS400 87 | if $os400; then 88 | # Set job priority to standard for interactive (interactive - 6) by using 89 | # the interactive priority - 6, the helper threads that respond to requests 90 | # will be running at the same priority as interactive jobs. 91 | COMMAND='chgjob job('$JOBNAME') runpty(6)' 92 | system $COMMAND 93 | 94 | # Enable multi threading 95 | QIBM_MULTI_THREADED=Y 96 | export QIBM_MULTI_THREADED 97 | fi 98 | 99 | # For Migwn, ensure paths are in UNIX format before anything is touched 100 | if $mingw ; then 101 | [ -n "$CARBON_HOME" ] && 102 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 103 | [ -n "$JAVA_HOME" ] && 104 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 105 | [ -n "$AXIS2_HOME" ] && 106 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 107 | # TODO classpath? 108 | fi 109 | 110 | if [ -z "$JAVACMD" ] ; then 111 | if [ -n "$JAVA_HOME" ] ; then 112 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 113 | # IBM's JDK on AIX uses strange locations for the executables 114 | JAVACMD="$JAVA_HOME/jre/sh/java" 115 | else 116 | JAVACMD="$JAVA_HOME/bin/java" 117 | fi 118 | else 119 | JAVACMD=java 120 | fi 121 | fi 122 | 123 | if [ ! -x "$JAVACMD" ] ; then 124 | echo "Error: JAVA_HOME is not defined correctly." 125 | echo " CARBON cannot execute $JAVACMD" 126 | exit 1 127 | fi 128 | 129 | # if JAVA_HOME is not set we're not happy 130 | if [ -z "$JAVA_HOME" ]; then 131 | echo "You must set the JAVA_HOME variable before running CARBON." 132 | exit 1 133 | fi 134 | 135 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 136 | PID=`cat "$CARBON_HOME"/wso2carbon.pid` 137 | fi 138 | 139 | # ----- Process the input command ---------------------------------------------- 140 | args="" 141 | for c in $* 142 | do 143 | if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then 144 | CMD="--debug" 145 | continue 146 | elif [ "$CMD" = "--debug" ]; then 147 | if [ -z "$PORT" ]; then 148 | PORT=$c 149 | fi 150 | elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then 151 | CMD="stop" 152 | elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then 153 | CMD="start" 154 | elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then 155 | CMD="version" 156 | elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then 157 | CMD="restart" 158 | elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then 159 | CMD="test" 160 | elif [ "$c" = "--optimize" ] || [ "$c" = "-optimize" ] || [ "$c" = "optimize" ]; then 161 | for option in $*; do 162 | if [ "$option" = "--skipConfigOptimization" ] || [ "$option" = "-skipConfigOptimization" ] || 163 | [ "$option" = "skipConfigOptimization" ]; then 164 | passedSkipConfigOptimizationOption=true 165 | echo "Passed skipConfigOptimization Option: $passedSkipConfigOptimizationOption" 166 | fi 167 | done 168 | 169 | for profile in $*; do 170 | case "$profile" in 171 | *Dprofile=*) 172 | cd $(dirname "$0") 173 | if [ "$passedSkipConfigOptimizationOption" = true ]; then 174 | sh profileSetup.sh $profile --skipConfigOptimization 175 | else 176 | sh profileSetup.sh $profile 177 | fi 178 | echo "Starting the server..." 179 | ;; 180 | esac 181 | done 182 | else 183 | args="$args $c" 184 | fi 185 | done 186 | 187 | if [ "$CMD" = "--debug" ]; then 188 | if [ "$PORT" = "" ]; then 189 | echo " Please specify the debug port after the --debug option" 190 | exit 1 191 | fi 192 | if [ -n "$JAVA_OPTS" ]; then 193 | echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." 194 | fi 195 | CMD="RUN" 196 | JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" 197 | echo "Please start the remote debugging client to continue..." 198 | elif [ "$CMD" = "start" ]; then 199 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 200 | if ps -p $PID > /dev/null ; then 201 | echo "Process is already running" 202 | exit 0 203 | fi 204 | fi 205 | export CARBON_HOME="$CARBON_HOME" 206 | # using nohup sh to avoid erros in solaris OS.TODO 207 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 208 | exit 0 209 | elif [ "$CMD" = "stop" ]; then 210 | export CARBON_HOME="$CARBON_HOME" 211 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 212 | exit 0 213 | elif [ "$CMD" = "restart" ]; then 214 | export CARBON_HOME="$CARBON_HOME" 215 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 216 | process_status=0 217 | pid=`cat "$CARBON_HOME"/wso2carbon.pid` 218 | while [ "$process_status" -eq "0" ] 219 | do 220 | sleep 1; 221 | ps -p$pid 2>&1 > /dev/null 222 | process_status=$? 223 | done 224 | 225 | # using nohup sh to avoid erros in solaris OS.TODO 226 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 227 | exit 0 228 | elif [ "$CMD" = "test" ]; then 229 | JAVACMD="exec "$JAVACMD"" 230 | elif [ "$CMD" = "version" ]; then 231 | cat "$CARBON_HOME"/bin/version.txt 232 | cat "$CARBON_HOME"/bin/wso2carbon-version.txt 233 | exit 0 234 | fi 235 | 236 | # ---------- Handle the SSL Issue with proper JDK version -------------------- 237 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 238 | java_version_formatted=$(echo "$java_version" | awk -F. '{printf("%02d%02d",$1,$2);}') 239 | if [ $java_version_formatted -lt 1100 ] || [ $java_version_formatted -gt 2100 ]; then 240 | echo " Starting WSO2 Carbon (in unsupported JDK)" 241 | echo " [ERROR] CARBON is supported only between JDK 11 and JDK 21" 242 | fi 243 | 244 | CARBON_XBOOTCLASSPATH="" 245 | for f in "$CARBON_HOME"/lib/xboot/*.jar 246 | do 247 | if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then 248 | CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f 249 | fi 250 | done 251 | 252 | 253 | CARBON_CLASSPATH="" 254 | if [ -e "$JAVA_HOME/lib/tools.jar" ]; then 255 | CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" 256 | fi 257 | for f in "$CARBON_HOME"/bin/*.jar 258 | do 259 | if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then 260 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$f 261 | fi 262 | done 263 | for t in "$CARBON_HOME"/lib/*.jar 264 | do 265 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 266 | done 267 | for t in "$CARBON_HOME"/lib/endorsed/*.jar 268 | do 269 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 270 | done 271 | 272 | 273 | 274 | # For Cygwin, switch paths to Windows format before running java 275 | if $cygwin; then 276 | JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` 277 | CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 278 | AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 279 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 280 | CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` 281 | CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` 282 | fi 283 | 284 | # ----- Execute The Requested Command ----------------------------------------- 285 | 286 | echo JAVA_HOME environment variable is set to $JAVA_HOME 287 | echo CARBON_HOME environment variable is set to "$CARBON_HOME" 288 | 289 | cd "$CARBON_HOME" 290 | 291 | TMP_DIR="$CARBON_HOME"/tmp 292 | if [ -d "$TMP_DIR" ]; then 293 | rm -rf "$TMP_DIR"/* 294 | fi 295 | 296 | START_EXIT_STATUS=121 297 | status=$START_EXIT_STATUS 298 | 299 | if [ -z "$JVM_MEM_OPTS" ]; then 300 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 301 | JVM_MEM_OPTS="-Xms<%=@jvmxms%> -Xmx<%=@jvmxmx%>" 302 | if [ "$java_version" \< "1.8" ]; then 303 | JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=<%=@jvmxmx%>" 304 | fi 305 | fi 306 | echo "Using Java memory options: $JVM_MEM_OPTS" 307 | 308 | #To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. 309 | # -Djava.rmi.server.hostname="your.IP.goes.here" 310 | 311 | JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED " 312 | 313 | if [ $java_version_formatted -ge 1700 ]; then 314 | JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED" 315 | fi 316 | 317 | # start diagnostic tool in background in diagnostic-tool/bin/diagnostic 318 | "$CARBON_HOME"/diagnostics-tool/bin/diagnostics.sh & 319 | diagnostic_tool_pid=$! 320 | 321 | # trap signals so we can shutdown the diagnostic tool 322 | cleanup() { 323 | kill "$diagnostic_tool_pid" 324 | } 325 | trap 'cleanup' EXIT INT 326 | 327 | while [ "$status" = "$START_EXIT_STATUS" ] 328 | do 329 | $JAVACMD \ 330 | -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ 331 | $JVM_MEM_OPTS \ 332 | -XX:+HeapDumpOnOutOfMemoryError \ 333 | -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ 334 | $JAVA_OPTS \ 335 | -Dcom.sun.management.jmxremote \ 336 | -classpath "$CARBON_CLASSPATH" \ 337 | $JAVA_VER_BASED_OPTS \ 338 | -Djava.io.tmpdir="$CARBON_HOME/tmp" \ 339 | -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ 340 | -Dwso2.server.standalone=true \ 341 | -Dcarbon.registry.root=/ \ 342 | -Djava.command="$JAVACMD" \ 343 | -Dcarbon.home="$CARBON_HOME" \ 344 | -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ 345 | -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ 346 | -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ 347 | -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ 348 | -Dconf.location="$CARBON_HOME/repository/conf"\ 349 | -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ 350 | -Dcom.atomikos.icatch.hide_init_file_path=true \ 351 | -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ 352 | -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ 353 | -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ 354 | -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ 355 | -Dorg.terracotta.quartz.skipUpdateCheck=true \ 356 | -Djava.security.egd=file:/dev/./urandom \ 357 | -Dfile.encoding=UTF8 \ 358 | -Djava.net.preferIPv4Stack=true \ 359 | -Dcom.ibm.cacheLocalHost=true \ 360 | -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \ 361 | -Dhttpclient.hostnameVerifier=AllowAll \ 362 | -DworkerNode=false \ 363 | -DenableCorrelationLogs=false \ 364 | -Dcarbon.new.config.dir.path="$CARBON_HOME/repository/resources/conf" \ 365 | -Djavax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom=net.sf.saxon.xpath.XPathFactoryImpl \ 366 | -Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector \ 367 | -Dorg.ops4j.pax.logging.logReaderEnabled=false \ 368 | -Dorg.ops4j.pax.logging.eventAdminEnabled=false \ 369 | -Djdk.util.zip.disableZip64ExtraFieldValidation=true \ 370 | -Djdk.nio.zipfs.allowDotZipEntry=true \ 371 | org.wso2.carbon.bootstrap.Bootstrap $* 372 | status=$? 373 | done 374 | -------------------------------------------------------------------------------- /modules/apim_gateway/templates/carbon-home/repository/conf/deployment.toml.erb: -------------------------------------------------------------------------------- 1 | [server] 2 | hostname = "<%= @hostname %>" 3 | server_role = "gateway-worker" 4 | offset = "<%= @ports_offset %>" 5 | 6 | [user_store] 7 | type = "database_unique_id" 8 | 9 | [super_admin] 10 | username = "<%= @admin_username %>" 11 | password = "<%= @admin_password %>" 12 | create_admin_account = true 13 | 14 | [database.shared_db] 15 | type = "<%= @wso2shared_db_type %>" 16 | url = "<%= @wso2shared_db_url %>" 17 | username = "<%= @wso2shared_db_username %>" 18 | password = "<%= @wso2shared_db_password %>" 19 | 20 | [database.shared_db.pool_options] 21 | validationQuery = "<%= @wso2shared_db_validation_query %>" 22 | 23 | [keystore.tls] 24 | file_name = "<%= @key_store_location %>" 25 | type = "JKS" 26 | password = "<%= @key_store_password %>" 27 | alias = "<%= @key_store_key_alias %>" 28 | key_password = "<%= @key_store_key_password %>" 29 | 30 | [truststore] 31 | file_name = "<%= @trust_store_location %>" 32 | type = "JKS" 33 | password = "<%= @trust_store_password %>" 34 | 35 | [apim.sync_runtime_artifacts.gateway] 36 | gateway_labels = <%= @gateway_labels %> 37 | 38 | # key manager implementation 39 | [apim.key_manager] 40 | service_url = "<%= @key_manager_server_url %>" 41 | username= "$ref{super_admin.username}" 42 | password= "$ref{super_admin.password}" 43 | 44 | # JWT Generation 45 | [apim.jwt] 46 | enable = true 47 | encoding = "base64" # base64,base64url 48 | #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" 49 | claim_dialect = "http://wso2.org/claims" 50 | header = "X-JWT-Assertion" 51 | signing_algorithm = "SHA256withRSA" 52 | #enable_user_claims = true 53 | #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" 54 | 55 | # Traffic Manager configurations 56 | [apim.throttling] 57 | username= "$ref{super_admin.username}" 58 | password= "$ref{super_admin.password}" 59 | service_url = "<%= @throttle_service_url %>" 60 | throttle_decision_endpoints = [<%= @throttle_decision_endpoints %>] 61 | #enable_unlimited_tier = true 62 | #enable_header_based_throttling = false 63 | #enable_jwt_claim_based_throttling = false 64 | #enable_query_param_based_throttling = false 65 | 66 | <% @throttling_url_group.each do |url_group| %> 67 | [[apim.throttling.url_group]] 68 | traffic_manager_urls=[<%= url_group['traffic_manager_urls'] %>] 69 | traffic_manager_auth_urls=[<%= url_group['traffic_manager_auth_urls'] %>] 70 | <% end %> 71 | 72 | [apim.analytics] 73 | enable = <%= @analytics_enabled %> 74 | config_endpoint = "<%= @analytics_config_endpoint %>" 75 | auth_token = "<%= @analytics_auth_token %>" 76 | 77 | [apim.ai] 78 | enable = <%= @ai_enabled %> 79 | token = <%= @ai_token %> 80 | endpoint = <%= @ai_endpoint %> 81 | 82 | # Caches 83 | [apim.cache.gateway_token] 84 | enable = true 85 | expiry_time = 15 86 | 87 | [apim.cache.resource] 88 | enable = true 89 | 90 | [apim.cache.jwt_claim] 91 | enable = true 92 | expiry_time = 900 93 | 94 | [apim.oauth_config] 95 | remove_outbound_auth_header = true 96 | auth_header = "Authorization" 97 | 98 | [apim.cors] 99 | allow_origins = "*" 100 | allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] 101 | allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] 102 | allow_credentials = false 103 | -------------------------------------------------------------------------------- /modules/apim_tm/files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wso2/puppet-apim/88dc12d3f70240f5807df09470ee062da7c7f4c1/modules/apim_tm/files/.gitkeep -------------------------------------------------------------------------------- /modules/apim_tm/manifests/custom.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2018 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_tm::custom 18 | # This class is reserved to run custom user code before starting the server. 19 | class apim_tm::custom { 20 | # resources 21 | } 22 | -------------------------------------------------------------------------------- /modules/apim_tm/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Class: apim_tm 18 | # Init class of API Manager - Traffic Manager profile 19 | class apim_tm inherits apim_tm::params { 20 | 21 | include apim_common 22 | 23 | # Optimize for profile 24 | exec { "optimize-profile": 25 | command => "/bin/sh ${carbon_home}/bin/profileSetup.sh -Dprofile=traffic-manager", 26 | } 27 | 28 | # Copy configuration changes to the installed directory 29 | $template_list.each |String $template| { 30 | file { "${carbon_home}/${template}": 31 | ensure => file, 32 | mode => '0644', 33 | content => template("${module_name}/carbon-home/${template}.erb"), 34 | notify => Service["${wso2_service_name}"], 35 | require => Class["apim_common"] 36 | } 37 | } 38 | 39 | # Copy files to carbon home directory 40 | $file_list.each | String $file | { 41 | file { "${carbon_home}/${file}": 42 | ensure => present, 43 | owner => $user, 44 | recurse => remote, 45 | group => $user_group, 46 | mode => '0755', 47 | source => "puppet:///modules/${module_name}/${file}", 48 | notify => Service["${wso2_service_name}"], 49 | require => Class["apim_common"] 50 | } 51 | } 52 | 53 | # Delete files to carbon home directory 54 | $file_removelist.each | String $removefile | { 55 | file { "${carbon_home}/${removefile}": 56 | ensure => absent, 57 | owner => $user, 58 | group => $user_group, 59 | notify => Service["${wso2_service_name}"], 60 | require => Class["apim_common"] 61 | } 62 | } 63 | 64 | # Copy api-manager.sh to installed directory 65 | file { "${carbon_home}/${start_script_template}": 66 | ensure => file, 67 | owner => $user, 68 | group => $user_group, 69 | mode => '0754', 70 | content => template("${module_name}/carbon-home/${start_script_template}.erb"), 71 | notify => Service["${wso2_service_name}"], 72 | require => Class["apim_common"] 73 | } 74 | 75 | /* 76 | Following script can be used to copy file to a given location. 77 | This will copy some_file to install_path -> repository. 78 | Note: Ensure that file is available in modules -> apim_tm -> files 79 | */ 80 | # file { "${install_path}/repository/some_file": 81 | # owner => $user, 82 | # group => $user_group, 83 | # mode => '0644', 84 | # source => "puppet:///modules/${module_name}/some_file", 85 | # } 86 | } 87 | -------------------------------------------------------------------------------- /modules/apim_tm/manifests/params.pp: -------------------------------------------------------------------------------- 1 | # ---------------------------------------------------------------------------- 2 | # Copyright (c) 2021 WSO2, Inc. http://www.wso2.org 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ---------------------------------------------------------------------------- 16 | 17 | # Claas apim_tm::params 18 | # This class includes all the necessary parameters. 19 | class apim_tm::params inherits apim_common::params { 20 | 21 | $start_script_template = 'bin/api-manager.sh' 22 | $jvmxms = '256m' 23 | $jvmxmx = '1024m' 24 | 25 | $template_list = [ 26 | 'repository/conf/deployment.toml', 27 | ] 28 | 29 | # Define file list 30 | $file_list = [] 31 | 32 | # Define remove file list 33 | $file_removelist = [] 34 | 35 | # ----- Carbon.xml config params ----- 36 | $ports_offset = 0 37 | /* 38 | Host name or IP address of the machine hosting this server 39 | e.g. www.wso2.org, 192.168.1.10 40 | This is will become part of the End Point Reference of the 41 | services deployed on this server instance. 42 | */ 43 | $hostname = 'localhost' 44 | } 45 | -------------------------------------------------------------------------------- /modules/apim_tm/templates/carbon-home/bin/api-manager.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Copyright 2005-2021 WSO2, Inc. http://www.wso2.org 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # ---------------------------------------------------------------------------- 18 | # Main Script for the WSO2 Carbon Server 19 | # 20 | # Environment Variable Prerequisites 21 | # 22 | # CARBON_HOME Home of WSO2 Carbon installation. If not set I will try 23 | # to figure it out. 24 | # 25 | # JAVA_HOME Must point at your Java Development Kit installation. 26 | # 27 | # JAVA_OPTS (Optional) Java runtime options used when the commands 28 | # is executed. 29 | # 30 | # NOTE: Borrowed generously from Apache Tomcat startup scripts. 31 | # ----------------------------------------------------------------------------- 32 | 33 | # OS specific support. $var _must_ be set to either true or false. 34 | #ulimit -n 100000 35 | 36 | export JAVA_HOME="<%= @java_symlink %>" 37 | cygwin=false; 38 | darwin=false; 39 | os400=false; 40 | mingw=false; 41 | case "`uname`" in 42 | CYGWIN*) cygwin=true;; 43 | MINGW*) mingw=true;; 44 | OS400*) os400=true;; 45 | Darwin*) darwin=true 46 | if [ -z "$JAVA_VERSION" ] ; then 47 | JAVA_VERSION="CurrentJDK" 48 | else 49 | echo "Using Java version: $JAVA_VERSION" 50 | fi 51 | if [ -z "$JAVA_HOME" ] ; then 52 | JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home 53 | fi 54 | ;; 55 | esac 56 | 57 | # resolve links - $0 may be a softlink 58 | PRG="$0" 59 | 60 | while [ -h "$PRG" ]; do 61 | ls=`ls -ld "$PRG"` 62 | link=`expr "$ls" : '.*-> \(.*\)$'` 63 | if expr "$link" : '.*/.*' > /dev/null; then 64 | PRG="$link" 65 | else 66 | PRG=`dirname "$PRG"`/"$link" 67 | fi 68 | done 69 | 70 | # Get standard environment variables 71 | PRGDIR=`dirname "$PRG"` 72 | 73 | # Only set CARBON_HOME if not already set 74 | [ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` 75 | 76 | # Set AXIS2_HOME. Needed for One Click JAR Download 77 | AXIS2_HOME="$CARBON_HOME" 78 | 79 | # For Cygwin, ensure paths are in UNIX format before anything is touched 80 | if $cygwin; then 81 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 82 | [ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 83 | [ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"` 84 | fi 85 | 86 | # For OS400 87 | if $os400; then 88 | # Set job priority to standard for interactive (interactive - 6) by using 89 | # the interactive priority - 6, the helper threads that respond to requests 90 | # will be running at the same priority as interactive jobs. 91 | COMMAND='chgjob job('$JOBNAME') runpty(6)' 92 | system $COMMAND 93 | 94 | # Enable multi threading 95 | QIBM_MULTI_THREADED=Y 96 | export QIBM_MULTI_THREADED 97 | fi 98 | 99 | # For Migwn, ensure paths are in UNIX format before anything is touched 100 | if $mingw ; then 101 | [ -n "$CARBON_HOME" ] && 102 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 103 | [ -n "$JAVA_HOME" ] && 104 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 105 | [ -n "$AXIS2_HOME" ] && 106 | CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`" 107 | # TODO classpath? 108 | fi 109 | 110 | if [ -z "$JAVACMD" ] ; then 111 | if [ -n "$JAVA_HOME" ] ; then 112 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 113 | # IBM's JDK on AIX uses strange locations for the executables 114 | JAVACMD="$JAVA_HOME/jre/sh/java" 115 | else 116 | JAVACMD="$JAVA_HOME/bin/java" 117 | fi 118 | else 119 | JAVACMD=java 120 | fi 121 | fi 122 | 123 | if [ ! -x "$JAVACMD" ] ; then 124 | echo "Error: JAVA_HOME is not defined correctly." 125 | echo " CARBON cannot execute $JAVACMD" 126 | exit 1 127 | fi 128 | 129 | # if JAVA_HOME is not set we're not happy 130 | if [ -z "$JAVA_HOME" ]; then 131 | echo "You must set the JAVA_HOME variable before running CARBON." 132 | exit 1 133 | fi 134 | 135 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 136 | PID=`cat "$CARBON_HOME"/wso2carbon.pid` 137 | fi 138 | 139 | # ----- Process the input command ---------------------------------------------- 140 | args="" 141 | for c in $* 142 | do 143 | if [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then 144 | CMD="--debug" 145 | continue 146 | elif [ "$CMD" = "--debug" ]; then 147 | if [ -z "$PORT" ]; then 148 | PORT=$c 149 | fi 150 | elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then 151 | CMD="stop" 152 | elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then 153 | CMD="start" 154 | elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then 155 | CMD="version" 156 | elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then 157 | CMD="restart" 158 | elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then 159 | CMD="test" 160 | elif [ "$c" = "--optimize" ] || [ "$c" = "-optimize" ] || [ "$c" = "optimize" ]; then 161 | for option in $*; do 162 | if [ "$option" = "--skipConfigOptimization" ] || [ "$option" = "-skipConfigOptimization" ] || 163 | [ "$option" = "skipConfigOptimization" ]; then 164 | passedSkipConfigOptimizationOption=true 165 | echo "Passed skipConfigOptimization Option: $passedSkipConfigOptimizationOption" 166 | fi 167 | done 168 | 169 | for profile in $*; do 170 | case "$profile" in 171 | *Dprofile=*) 172 | cd $(dirname "$0") 173 | if [ "$passedSkipConfigOptimizationOption" = true ]; then 174 | sh profileSetup.sh $profile --skipConfigOptimization 175 | else 176 | sh profileSetup.sh $profile 177 | fi 178 | echo "Starting the server..." 179 | ;; 180 | esac 181 | done 182 | else 183 | args="$args $c" 184 | fi 185 | done 186 | 187 | if [ "$CMD" = "--debug" ]; then 188 | if [ "$PORT" = "" ]; then 189 | echo " Please specify the debug port after the --debug option" 190 | exit 1 191 | fi 192 | if [ -n "$JAVA_OPTS" ]; then 193 | echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option." 194 | fi 195 | CMD="RUN" 196 | JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT" 197 | echo "Please start the remote debugging client to continue..." 198 | elif [ "$CMD" = "start" ]; then 199 | if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then 200 | if ps -p $PID > /dev/null ; then 201 | echo "Process is already running" 202 | exit 0 203 | fi 204 | fi 205 | export CARBON_HOME="$CARBON_HOME" 206 | # using nohup sh to avoid erros in solaris OS.TODO 207 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 208 | exit 0 209 | elif [ "$CMD" = "stop" ]; then 210 | export CARBON_HOME="$CARBON_HOME" 211 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 212 | exit 0 213 | elif [ "$CMD" = "restart" ]; then 214 | export CARBON_HOME="$CARBON_HOME" 215 | kill -term `cat "$CARBON_HOME"/wso2carbon.pid` 216 | process_status=0 217 | pid=`cat "$CARBON_HOME"/wso2carbon.pid` 218 | while [ "$process_status" -eq "0" ] 219 | do 220 | sleep 1; 221 | ps -p$pid 2>&1 > /dev/null 222 | process_status=$? 223 | done 224 | 225 | # using nohup sh to avoid erros in solaris OS.TODO 226 | nohup sh "$CARBON_HOME"/bin/api-manager.sh $args > /dev/null 2>&1 & 227 | exit 0 228 | elif [ "$CMD" = "test" ]; then 229 | JAVACMD="exec "$JAVACMD"" 230 | elif [ "$CMD" = "version" ]; then 231 | cat "$CARBON_HOME"/bin/version.txt 232 | cat "$CARBON_HOME"/bin/wso2carbon-version.txt 233 | exit 0 234 | fi 235 | 236 | # ---------- Handle the SSL Issue with proper JDK version -------------------- 237 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 238 | java_version_formatted=$(echo "$java_version" | awk -F. '{printf("%02d%02d",$1,$2);}') 239 | if [ $java_version_formatted -lt 1100 ] || [ $java_version_formatted -gt 2100 ]; then 240 | echo " Starting WSO2 Carbon (in unsupported JDK)" 241 | echo " [ERROR] CARBON is supported only between JDK 11 and JDK 21" 242 | fi 243 | 244 | CARBON_XBOOTCLASSPATH="" 245 | for f in "$CARBON_HOME"/lib/xboot/*.jar 246 | do 247 | if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then 248 | CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f 249 | fi 250 | done 251 | 252 | 253 | CARBON_CLASSPATH="" 254 | if [ -e "$JAVA_HOME/lib/tools.jar" ]; then 255 | CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar" 256 | fi 257 | for f in "$CARBON_HOME"/bin/*.jar 258 | do 259 | if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then 260 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$f 261 | fi 262 | done 263 | for t in "$CARBON_HOME"/lib/*.jar 264 | do 265 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 266 | done 267 | for t in "$CARBON_HOME"/lib/endorsed/*.jar 268 | do 269 | CARBON_CLASSPATH="$CARBON_CLASSPATH":$t 270 | done 271 | 272 | 273 | 274 | # For Cygwin, switch paths to Windows format before running java 275 | if $cygwin; then 276 | JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` 277 | CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 278 | AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"` 279 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 280 | CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"` 281 | CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"` 282 | fi 283 | 284 | # ----- Execute The Requested Command ----------------------------------------- 285 | 286 | echo JAVA_HOME environment variable is set to $JAVA_HOME 287 | echo CARBON_HOME environment variable is set to "$CARBON_HOME" 288 | 289 | cd "$CARBON_HOME" 290 | 291 | TMP_DIR="$CARBON_HOME"/tmp 292 | if [ -d "$TMP_DIR" ]; then 293 | rm -rf "$TMP_DIR"/* 294 | fi 295 | 296 | START_EXIT_STATUS=121 297 | status=$START_EXIT_STATUS 298 | 299 | if [ -z "$JVM_MEM_OPTS" ]; then 300 | java_version=$("$JAVACMD" -version 2>&1 | awk -F '"' '/version/ {print $2}') 301 | JVM_MEM_OPTS="-Xms<%=@jvmxms%> -Xmx<%=@jvmxmx%>" 302 | if [ "$java_version" \< "1.8" ]; then 303 | JVM_MEM_OPTS="$JVM_MEM_OPTS -XX:MaxPermSize=<%=@jvmxmx%>" 304 | fi 305 | fi 306 | echo "Using Java memory options: $JVM_MEM_OPTS" 307 | 308 | #To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property. 309 | # -Djava.rmi.server.hostname="your.IP.goes.here" 310 | 311 | JAVA_VER_BASED_OPTS="--add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED " 312 | 313 | if [ $java_version_formatted -ge 1700 ]; then 314 | JAVA_VER_BASED_OPTS="$JAVA_VER_BASED_OPTS --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED" 315 | fi 316 | 317 | # start diagnostic tool in background in diagnostic-tool/bin/diagnostic 318 | "$CARBON_HOME"/diagnostics-tool/bin/diagnostics.sh & 319 | diagnostic_tool_pid=$! 320 | 321 | # trap signals so we can shutdown the diagnostic tool 322 | cleanup() { 323 | kill "$diagnostic_tool_pid" 324 | } 325 | trap 'cleanup' EXIT INT 326 | 327 | while [ "$status" = "$START_EXIT_STATUS" ] 328 | do 329 | $JAVACMD \ 330 | -Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \ 331 | $JVM_MEM_OPTS \ 332 | -XX:+HeapDumpOnOutOfMemoryError \ 333 | -XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \ 334 | $JAVA_OPTS \ 335 | -Dcom.sun.management.jmxremote \ 336 | -classpath "$CARBON_CLASSPATH" \ 337 | $JAVA_VER_BASED_OPTS \ 338 | -Djava.io.tmpdir="$CARBON_HOME/tmp" \ 339 | -Dcatalina.base="$CARBON_HOME/lib/tomcat" \ 340 | -Dwso2.server.standalone=true \ 341 | -Dcarbon.registry.root=/ \ 342 | -Djava.command="$JAVACMD" \ 343 | -Dcarbon.home="$CARBON_HOME" \ 344 | -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ 345 | -Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \ 346 | -Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \ 347 | -Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \ 348 | -Dconf.location="$CARBON_HOME/repository/conf"\ 349 | -Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \ 350 | -Dcom.atomikos.icatch.hide_init_file_path=true \ 351 | -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \ 352 | -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \ 353 | -Dcom.sun.jndi.ldap.connect.pool.authentication=simple \ 354 | -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \ 355 | -Dorg.terracotta.quartz.skipUpdateCheck=true \ 356 | -Djava.security.egd=file:/dev/./urandom \ 357 | -Dfile.encoding=UTF8 \ 358 | -Djava.net.preferIPv4Stack=true \ 359 | -Dcom.ibm.cacheLocalHost=true \ 360 | -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \ 361 | -Dhttpclient.hostnameVerifier=AllowAll \ 362 | -DworkerNode=false \ 363 | -DenableCorrelationLogs=false \ 364 | -Dcarbon.new.config.dir.path="$CARBON_HOME/repository/resources/conf" \ 365 | -Djavax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom=net.sf.saxon.xpath.XPathFactoryImpl \ 366 | -Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector \ 367 | -Dorg.ops4j.pax.logging.logReaderEnabled=false \ 368 | -Dorg.ops4j.pax.logging.eventAdminEnabled=false \ 369 | -Djdk.util.zip.disableZip64ExtraFieldValidation=true \ 370 | -Djdk.nio.zipfs.allowDotZipEntry=true \ 371 | org.wso2.carbon.bootstrap.Bootstrap $* 372 | status=$? 373 | done 374 | -------------------------------------------------------------------------------- /modules/apim_tm/templates/carbon-home/repository/conf/deployment.toml.erb: -------------------------------------------------------------------------------- 1 | [server] 2 | hostname = "<%= @hostname %>" 3 | server_role = "traffic-manager" 4 | offset = "<%= @ports_offset %>" 5 | 6 | [user_store] 7 | type = "database_unique_id" 8 | 9 | [super_admin] 10 | username = "<%= @admin_username %>" 11 | password = "<%= @admin_password %>" 12 | create_admin_account = true 13 | 14 | [database.apim_db] 15 | type = "<%= @wso2am_db_type %>" 16 | url = "<%= @wso2am_db_url %>" 17 | username = "<%= @wso2am_db_username %>" 18 | password = "<%= @wso2am_db_password %>" 19 | 20 | [database.apim_db.pool_options] 21 | validationQuery = "<%= @wso2am_db_validation_query %>" 22 | 23 | [database.shared_db] 24 | type = "<%= @wso2shared_db_type %>" 25 | url = "<%= @wso2shared_db_url %>" 26 | username = "<%= @wso2shared_db_username %>" 27 | password = "<%= @wso2shared_db_password %>" 28 | 29 | [database.shared_db.pool_options] 30 | validationQuery = "<%= @wso2shared_db_validation_query %>" 31 | 32 | [keystore.tls] 33 | file_name = "<%= @key_store_location %>" 34 | type = "JKS" 35 | password = "<%= @key_store_password %>" 36 | alias = "<%= @key_store_key_alias %>" 37 | key_password = "<%= @key_store_key_password %>" 38 | 39 | [truststore] 40 | file_name = "<%= @trust_store_location %>" 41 | type = "JKS" 42 | password = "<%= @trust_store_password %>" 43 | 44 | # key manager implementation 45 | [apim.key_manager] 46 | service_url = "<%= @key_manager_server_url %>" 47 | 48 | [apim.oauth_config] 49 | revoke_endpoint = "<%= @oauth_configs_revoke_api_url %>" 50 | enable_token_encryption = false 51 | enable_token_hashing = false 52 | -------------------------------------------------------------------------------- /pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Purpose 2 | > Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. 3 | 4 | ## Goals 5 | > Describe the solutions that this feature/fix will introduce to resolve the problems described above 6 | 7 | ## Approach 8 | > Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. 9 | 10 | ## User stories 11 | > Summary of user stories addressed by this change> 12 | 13 | ## Release note 14 | > Brief description of the new feature or bug fix as it will appear in the release notes 15 | 16 | ## Documentation 17 | > Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact 18 | 19 | ## Training 20 | > Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable 21 | 22 | ## Certification 23 | > Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why. 24 | 25 | ## Marketing 26 | > Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable 27 | 28 | ## Automation tests 29 | - Unit tests 30 | > Code coverage information 31 | - Integration tests 32 | > Details about the test cases and coverage 33 | 34 | ## Security checks 35 | - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no 36 | - Ran FindSecurityBugs plugin and verified report? yes/no 37 | - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no 38 | 39 | ## Samples 40 | > Provide high-level details about the samples related to this feature 41 | 42 | ## Related PRs 43 | > List any other related PRs 44 | 45 | ## Migrations (if applicable) 46 | > Describe migration steps and platforms on which migration has been tested 47 | 48 | ## Test environment 49 | > List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested 50 | 51 | ## Learning 52 | > Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. -------------------------------------------------------------------------------- /scripts/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ---------------------------------------------------------------------------- 3 | # 4 | # Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 5 | # 6 | # WSO2 Inc. licenses this file to you under the Apache License, 7 | # Version 2.0 (the "License"); you may not use this file except 8 | # in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # 20 | # ---------------------------------------------------------------------------- 21 | 22 | set -e 23 | 24 | # Build artifacts and versions 25 | : ${version:="4.2.0"} 26 | : ${packs_dir:=$(pwd)/../modules/apim_common/files/packs/} 27 | 28 | usage() { echo "Usage: $0 -p " 1>&2; exit 1; } 29 | 30 | unzip_pack() { 31 | if [[ -d ${packs_dir}/${1} ]] 32 | then 33 | echo "The current directory contains a directory ${1}. Please move the directory to another location." 34 | fi 35 | echo "Unzipping ${1}.zip..." 36 | unzip -q ${packs_dir}/${1}.zip 37 | } 38 | 39 | update_pack() { 40 | if ! [ -x "$(command -v zip)" ]; then 41 | echo 'Error: zip is not installed.' >&2 42 | rm -rf ${packs_dir}/${1} 43 | exit 1 44 | fi 45 | rm ${packs_dir}/${1}.zip 46 | cd ${packs_dir} 47 | echo "Repackaging ${1}..." 48 | zip -qr ${1}.zip ${1} 49 | rm -rf ${1} 50 | } 51 | 52 | print_conflicts() { 53 | conflict_files=$(sed -n '/^Modified/p' ${updates_dir}/output.txt | sed -e 's/.*Conflicts: \[\(.*\)].*/\1/' ) 54 | 55 | if [[ ! -z "$conflict_files" ]] 56 | then 57 | IFS=' ' 58 | read -a strarr <<< "$conflict_files" 59 | for filepath in "${strarr[@]}"; 60 | do 61 | echo ${filepath} 62 | done 63 | 64 | echo "Conflicts are found in the above file(s). Please review the above file(s), resolve conflicts, and save with .final extension. Then re-run the update script." 65 | fi 66 | } 67 | 68 | while getopts ":p:" o; do 69 | case "${o}" in 70 | p) 71 | profile=${OPTARG} 72 | ;; 73 | *) 74 | usage 75 | ;; 76 | esac 77 | done 78 | shift $((OPTIND-1)) 79 | 80 | if [[ -z "${profile}" ]]; then 81 | usage 82 | fi 83 | 84 | # Set variables relevant to each profile 85 | case "${profile}" in 86 | apim) 87 | pack="wso2am-"${version} 88 | updated_modules=("apim" "apim_gateway" "apim_control_plane" "apim_tm") 89 | ;; 90 | apim_gateway) 91 | pack="wso2am-"${version} 92 | updated_modules=("apim" "apim_gateway" "apim_control_plane" "apim_tm") 93 | ;; 94 | apim_control_plane) 95 | pack="wso2am-"${version} 96 | updated_modules=("apim" "apim_gateway" "apim_control_plane" "apim_tm") 97 | ;; 98 | apim_tm) 99 | pack="wso2am-"${version} 100 | updated_modules=("apim" "apim_gateway" "apim_control_plane" "apim_tm") 101 | ;; 102 | *) 103 | echo "Invalid profile. Please provide one of the following profiles: 104 | apim 105 | apim_gateway 106 | apim_control_plane 107 | apim_tm" 108 | exit 1 109 | ;; 110 | esac 111 | 112 | carbon_home=${packs_dir}/${pack} 113 | 114 | # Create updates directory if it doesn't exist 115 | updates_dir=${packs_dir}/updates/${pack} 116 | if [[ ! -d ${updates_dir} ]] 117 | then 118 | mkdir -p ${updates_dir} 119 | fi 120 | 121 | # Getting update status 122 | # 0 - first/last update successful 123 | # 1 - Error occurred in last update 124 | # 2 - Update tool has been updated 125 | # 3 - conflicts encountered in last update 126 | status=0 127 | if [[ -f ${updates_dir}/status ]] 128 | then 129 | status=$(cat ${updates_dir}/status) 130 | fi 131 | 132 | cd ${packs_dir} 133 | 134 | # The pack should not be unzipped if a conflict is being resolved 135 | if [[ ${status} -ne 3 ]] 136 | then 137 | unzip_pack ${pack} 138 | fi 139 | 140 | if [[ ! -f ${carbon_home}/bin/wso2update_linux ]] 141 | then 142 | echo "Update executable not found." 143 | rm -rf ${packs_dir}/${pack} 144 | exit 1 145 | fi 146 | 147 | # Move into binaries directory 148 | cd ${carbon_home}/bin 149 | 150 | # Run update tool 151 | echo "Running WSO2 Update tool" 152 | if [[ ${status} -eq 0 ]] || [[ ${status} -eq 1 ]] || [[ ${status} -eq 2 ]] 153 | then 154 | echo "Validating credentials" 155 | ./wso2update_linux --template "Modified: {{.Modified}}, Conflicts: {{.Conflicts}}" 2>&1 | tee ${updates_dir}/output.txt 156 | update_status=${PIPESTATUS[0]} 157 | elif [[ ${status} -eq 3 ]] 158 | then 159 | echo "Resolving conflicts" 160 | ./wso2update_linux --continue --template "Modified: {{.Modified}}, Conflicts: {{.Conflicts}}" 2>&1 | tee ${updates_dir}/output.txt 161 | update_status=${PIPESTATUS[0]} 162 | 163 | # Handle user running update script without resolving conflicts 164 | if [[ ${update_status} -eq 1 ]] 165 | then 166 | echo "Error occurred while attempting to resolve conflicts." 167 | rm -rf ${packs_dir}/${pack} 168 | exit 1 169 | fi 170 | else 171 | echo "status file is invalid. Please delete or clear file content." 172 | rm -rf ${packs_dir}/${pack} 173 | exit 1 174 | fi 175 | 176 | # Handle the update tool being updated 177 | if [[ ${update_status} -eq 2 ]] 178 | then 179 | echo "Update tool has been updated. Running update again." 180 | ./wso2update_linux --template "Modified: {{.Modified}}, Conflicts: {{.Conflicts}}" 2>&1 | tee ${updates_dir}/output.txt 181 | update_status=${PIPESTATUS[0]} 182 | fi 183 | 184 | # Update status 185 | echo ${update_status} > ${updates_dir}/status 186 | if [[ ${update_status} -eq 0 ]] 187 | then 188 | echo 189 | echo "Update completed successfully." 190 | update_pack ${pack} 191 | elif [[ ${update_status} -eq 3 ]] 192 | then 193 | echo "" 194 | echo "Conflicts encountered. Please resolve conflicts in ${packs_dir}/${pack} and run the update script again." 195 | print_conflicts 196 | else 197 | echo "Update error occurred. Stopped with exit code ${update_status}" 198 | rm -rf ${packs_dir}/${pack} 199 | exit ${update_status} 200 | fi 201 | 202 | # Get list of merged files 203 | if [[ ${update_status} -ne 1 ]] # If update is successful 204 | then 205 | modified_files=$(sed -n '/^Modified/p' ${updates_dir}/output.txt | sed -e 's/.*Modified: \[\(.*\)], Conflicts.*/\1/') 206 | fi 207 | 208 | if [[ ! -z "$modified_files" ]] 209 | then 210 | # Get the list of modified files 211 | IFS=' ' 212 | read -a strarr <<< "$modified_files" 213 | for line in "${strarr[@]}"; 214 | do 215 | filepath=${line##*${pack}/} 216 | 217 | for module in "${updated_modules[@]}" 218 | do 219 | template_file=${packs_dir}/../../../${module}/templates/carbon-home/${filepath}.erb 220 | if [[ -f ${template_file} ]] 221 | then 222 | updated_templates+=("modules/"${template_file##*${packs_dir}/../../../}) 223 | fi 224 | done 225 | done 226 | 227 | # Display template files to be changed 228 | if [[ -n ${updated_templates} ]] 229 | then 230 | DATE=`date +%Y-%m-%d` 231 | update_file_name="update_${DATE}.log" 232 | echo 233 | echo "Update has made changes to the following files. Please update the templates accordingly before running the next update." | tee -a ${updates_dir}/${update_file_name} 234 | printf '%s\n' "${updated_templates[@]}" | tee -a ${updates_dir}/${update_file_name} 235 | fi 236 | fi 237 | -------------------------------------------------------------------------------- /scripts/update_README.md: -------------------------------------------------------------------------------- 1 | # Continuous Update Delivery for WSO2 API Manager 2 | 3 | ### Prerequisites 4 | * Product packs should be included in the `/modules/apim_common/files/packs` directory 5 | 6 | --- 7 | **NOTE** 8 | 9 | Provided U2 updated packs should contain the latest updates for wso2am-4.2.0 10 | 11 | --- 12 | 13 | ### Usage 14 | While executing the update script, provide the profile name. The pack corresponding to the profile will begin updating. 15 | ```bash 16 | ./update.sh -p 17 | ``` 18 | Any of the following profile names can be provided as arguments: 19 | * apim 20 | * apim_gateway 21 | * apim_control_plane 22 | * apim_tm 23 | 24 | If any file that is used as a template is updated, a warning will be displayed. Update the relevant template files accordingly before pushing updates to the nodes. 25 | --------------------------------------------------------------------------------