Edge Micro Gateway (2.1.1) configuration issues.

Not applicable

I am having trouble configuring my microgateway instance to proxy requests on to a simple api co-located on my machine.

I am using the tutorials as a starting point, however, I am encountering the following in my attempts to get the setup working:

- The gateway reports 'warning: no products found in org' when started but the proxies are downloaded correctly. Should the product names be also prefixed with edgemicro_ (even then they are not downloaded) See attached file for output.

- I am forced to present an API key even after explicitly disabling security as per guides. The metrics are submitted to Edge and I can see that edgemicro-oauth is being invoked. Should this be the case?

- Is functionality restricted based on the type of Apigee account?

I am hoping someone can point me in the right direction.

The attached file has a log of the output from several commands run during my experimentation.

David

output-messages.txt

0 33 1,313
33 REPLIES 33

Former Community Member
Not applicable

@David Silcott

From the text file everything appears to be fine. The default configuration contains:

oauth:

  allowNoAuthorization: false

  allowInvalidAuthorization: false

I see from the text file you have:

{"error":"missing_authorization","error_description":"Missing Authorization header"}

Since the default is to require OAuth, your calls are failing. To get an OAuth token, you need to create an API Product and a Developer App. The API Product need not follow any naming convention. If you want to test without API Products, then set the two values above to "true".

@Srinandan Sridhar

Thank you. Your suggestion helped me verify I can call through to the backend service via the micro gateway.

However, after resetting the two values to "false" and restarting my gateway I am still unable to use my apki key to hit the backend service.

I've created an API Product and Developer App. I've also associated both edgemicro-oauth and edgemicro_sample proxies with the product.

The following error with a 403 HTTP status code is returned when I attempt to hit the endpoint.

{"error":"access_denied"}

I followed instructions at:

http://docs.apigee.com/microgateway/latest/edge-microgateway-tutorial#part4secureedgemicrogateway-se...

David

@David Silcott have you get any solution for above problem, as i also facing same issue

@bharat no I have not. I was unable to do much over the past 2 days. Hoping I'll be more successful over the next few days.

Hey @David Silcott,

What resources are included in the API Product that you created? Did you explicit list all of your resources or did you use /**? If you used /** then microgateway should allow all of your requests to go through.

Hi @swilliams

I just had a look at my product configuration and I only have / listed. It seems as if I managed to omit /** when recreating the product after multiple failed attempts to get the gateway to download it

I'll have a go at changing to /** and let you know if that did it.

@swilliams

Using /** does not change the behaviour of the gateway, I still get {"error":"access_denied"} . The problem has to be with the fact that the micro gateway reports the following when the it starts up

info: products download from https://mycompany-test.apigee.net/edgemicro-auth/products returned 200 OK 
info: jwt_public_key download from https://mycompany-test.apigee.net/edgemicro-auth/publicKey returned 200 OK 
info: config download from https://edgemicroservices-us-east-1.apigee.net/edgemicro/bootstrap/organization/mycompany/environmen... returned 200 OK 
downloaded proxies [ { apiProxyName: 'edgemicro_sample',
    revision: '1',
    proxyEndpoint: { name: 'default', basePath: '/sample-api' },
    targetEndpoint: { name: 'default', url: 'http://172.20.0.156:5000' } } ]
warning: no products found in org
downloaded jwt_public_key '-----BEGIN CERTIFICATE-----***-----END CERTIFICATE-----'

Note the line, warning: no products found in org

Based on what I am being told it seems as if the gateway should simply download any product associated with proxies prefixed with edgemicro_?

Are my assumptions correct?

Former Community Member
Not applicable

@David Silcott, EM should download all products (regardless of which the proxies contained within them are named). Since no products are being downloaded, I suspect perhaps you don't have access to products.

What do you get when you try this?

curl -v -X GET https://{org}-{env}.apigee.net/edgemicro-auth/products

Actually all of your products should be downloaded. If you get the message that "no products are found," then I wonder if something went wrong during the initialization.

Also, check to make sure that the product you created was defined in the same environment that you are using the start Edgemicro. When you create a product you have to select the environment.

So if you are trying to start edgemicro for the test environment

i.e.

edgemicro start -o orgname -e test -k key -s secret

Then view the product that you are using and make sure that test is selected as the environment.

@swilliams @Srinandan Sridhar

I have verified that both the proxy and the product are defined in the test environment. And all my attempts were with the edgemicro start -o orgname -e test -k key -s secret command.

I am using edgemicro 2.1.1 (installed from an npm package) and nodejs v6.6.0

What does your environment look like?

I'm using a Mac with Node.js v 6.1.0 with Edgemicro v2.1.1 installed via NPM.

I also have an Oracle Virtual Box VM with Centos 7 and Node LTS 4.x with Edgemicro v2.1.1 installed via NPM running it as well. (https://github.com/swilliams11/edgemicro)

It sounds like you have everything configured correctly. The other thing that I could recommend is deleting the Edgemicro OAuth proxy in your cloud org and deleting your ~/.edgemicro folder and running edgemicro init again and then try starting it again.

@swilliams

The same thing happens. I've also observed that after deleting the edgemicro-auth proxy and having the init process recreate it, the historical metrics gathered against the previous instance of the proxy still exist.

If you grant me access to your org, I can try to run it from my machine and I could also review your product/app.

@swilliams

How do I go about granting you access to my org? I've configured a second apigee account, this time for personal use and the same thing is happening. I guess I am missing something quite subtle.

Click the "Admin" menu at the top of the screen, then click "Organization Users".

Click "+ User" and add my Apigee email address. I will receive a notification that I was added to a new org.

Done. Let me know if you have access

@David Silcott Thanks, but I need to be an org administrator to run Edgemicro against it. Can you change my role to Org Admin?

@swilliamsTry again

@David Silcott

The /products resource doesn't appear to work in your org. I just used a different org, an org where I have not used Edgemicro before, and /products correctly displays all the products from this other org. When I run Edgemicro against your org, I have the same problem - /products does not return any products.

Then I created a new org and ran Edgemicro against that org and it did NOT work. Seems to be an issue with new orgs. I think we need to check if this is related to the new cloud release.

@Srinandan Sridhar, @kevinswiber

What do you guys think?


@swilliams Unfortunately, we hit issues with edgemicro-auth now and then. Try undeploying and redeploying the proxy to see if that helps.

@swilliams thanks for that thorough investigation.

@kevinswiber

Is there anything else in addition to un-deploying and redeploying which can be tried? I have done several deployments already. Does a successful re-deployment delete any historical data associated with the proxy? It seems to persist in my case

Hi David Silcott - Was this issue resolved? If so ,any inputs on how it was resolved would help. I am also facing the same issue.( OAuth works but with keys I get a 403-Access denied)

Yes David- OAuth worked for me. My Product definitions were downloaded as seen below;

curl -v -X GET http://XXX/edgemicro-auth/products returns the expected Products and proxies;

"apiResources" : [ "/**", "/" ],
"approvalType" : "auto",
"attributes" : [ {
"name" : "access",
"value" : "public"
} ],
"createdAt" : 1475836569891,
"createdBy" : "dev@xxx.com",
"description" : "First Edge Micro Product",
"displayName" : "EdgeMicroTestProduct",
"environments" : [ "performancetest" ],
"lastModifiedAt" : 1476095348065,
"lastModifiedBy" : "dev@xxx.com",
"name" : "EdgeMicroTestProduct",
"proxies" : [ "edgemicro_httpbin", "edgemicro_hello", "edgemicro-auth" ],
"scopes" : [ "" ]

Also,please note that mine is an on premise ( edge Micro) to on premise ( Edge) set up and I had restarted the Edge Micro once.

Hi @Ranjit

Unfortunately not, I am still working on resolving this. You said you got OAuth working, were your product definitions downloaded?

I get a 403 access denied using both API key and OAuth2 .

@Srinandan Sridhar

The result of running curl -v -X GET https://{org}-{env}.apigee.net/edgemicro-auth/products is as follows

Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 52.21.237.121...
* TCP_NODELAY set
* Connected to mycompany-test.apigee.net (52.21.237.121) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: OU=Domain Control Validated; CN=*.apigee.net
*  start date: Jan 13 17:25:54 2016 GMT
*  expire date: Apr  9 06:37:10 2019 GMT
*  subjectAltName: host "mycompany-test.apigee.net" matched cert's "*.apigee.net"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
> GET /edgemicro-auth/products HTTP/1.1
> Host: mycompany-test.apigee.net
> User-Agent: curl/7.50.3
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 03 Oct 2016 17:57:11 GMT
< Content-Type: text/html
< Content-Length: 2
< Connection: keep-alive
< X-Powered-By: Express
< Server: Apigee Router
< 
* Curl_http_done: called premature == 0
* Connection #0 to host mycompany-test.apigee.net left intact
{}

Another question, does the fact I am using a free account matter? I am still evaluating Apigee

You can use Edgemicro with a free account. I use it to connect successfully to my free cloud org.

Not applicable

After some invaluable help from the community, it turns out that there may be a bug affecting the creation of edgeciro_ proxies for Trial plans. I have been told that bug does not affect paid-for plans and is currently being looked into. And also that it should be resolved soon.

Thanks again @swilliams for your thorough investigation.

Thanks for the transparency!

Looks like i'm running into the same issue. No products found. Any update on when this will be resolved for free / trail accounts?

Thanks

Not applicable

Any news on this topic? Is it a bug, is it resolved?

Former Community Member
Not applicable

Yes. At the moment, the version of Microgateway that works in trial is in beta. We expect the beta flag to be removed next week.

If you had tried configuring Microgateway before, then delete the "EdgeMicro-auth" proxy first.

Install Microgateway:

npm install -g edgemicro@beta

rtalanki
Participant II

Make sure you have /** in the Resource Path in the Product Definition of the edgemicro_hello.