deployment to virtual host

Hello Folks,

I have 2 "all-in-one" apigee installations. Let's call them host1 and host2.

  1. I use the UI on host1 to configure/deploy proxies from
  2. I added a host2:9001 as a virtual host host on host1.
  3. I configured a proxy based on these instructions (https://docs.apigee.com/api-platform/get-started/create-proxy) on host1 local VirtHost
  4. local virtual host works using curl
  5. I now promote/deploy the proxy to another env pointing to virt host on host2
  6. deployments goes through without a hitch (no errors)
  7. when I go to the UI on host2 the proxy is not there, what gives? So, other than the virtual host port that's already opened, what other requirents are there in order for me to deploy a local proxy to another env w/ a remote virt host?

Thanks,

Henry

Solved Solved
0 3 683
1 ACCEPTED SOLUTION

I added a host2:9001 as a virtual host host on host1.

I don't understand this.

We are getting a little confused with all the ways we use the term "host". so let's back up a little bit.

Let's say you have two MACHINES. These are servers, maybe virtual, maybe not. On each one you have installed Apigee Edge. These are two distinct Apigee Edge PLANETS. If you have installed Apigee Edge in the "All in one" pattern, on each server, then each server has all it needs to work, and each one is completely independent of the other. COMPLETELY. Whatever you do in the Apigee Edge configuration on MACHiNE1 is not going to ever affect the Apigee Edge configuration on MACHINE2, if you have installed "all in one" on both MACHINE1 and MACHINE2. They are separate.

Now, on one of those servers, MACHINE1, you have configured a virtualhost. A virtual host is a ... way to contact the Apigee Edge router. In Apigee Edge you define the vhost with a hostalias (a DNS name like api.myhost.net) and a combination of the scheme & authority that API clients will use to send API requests in.

Scheme and authority are terms from the definition of URL; think of scheme as "protocol" (either http/https) and authority as the combination of hostname and port.

Supposing you are not using TLS, then your first virtual host has settings like this: {http, 192.168.10.3, 9001} , where 192.168.10.3 is replaced with your own value for the IP address of MACHINE1. Supose you use your hostalias of api.myhost.net.

This means, if the dns name api.myhost.net actually resolves to 192.168.10.3, then api clients can use http://api.myhost.net:9001 to reach your router, and then have requests be routed to the MPs that have proxies deployed. (In an all-in-one, there is one router, one MP, and it's all on the same machine.)

(* DNS resolution can be done on the cheap via appropriate entries in /etc/hosts )

OK, all good?


Now let's get to your questions. You said "I added a host2:9001 as a virtual host host on host1."

That doesn't make sense.

All of the virtualhosts on host1 must all have an IP address that the router listens on. In my example, 192.168.10.3. If MACHINE2 is assigned ip address 192.168.10.15, You cannot use that IP address within a vhost definition on the Apigee Edge planet in MACHINE1.

You may configure one insecure vhost, and multiple secure vhosts. If you have a single router machine (and you do if you use all-in-one) then all of those vhosts must have the same IP address. They will all be handled by the same router.

It will be possible to use multiple distinct vhosts in these cases:

  • if you want to configure an insecure (non-TLS) vhost and a secure (TLS) vhost.
    In this case these vhosts can use the same hostalias but must use different ports.
  • if you want more than one secure vhost.
    In this case, they all must use distinct hostaliases.

In all cases the hostaliases that you use (api1.myhost.net, api2.myhost.net, etc) must all resolve to the same IP address; they will all be handled by the router. This is 192.168.10.3 in my example.


when I go to the UI on host2 the proxy is not there, what gives?

MACHINE2 is running a distinct, completely separate installation of Apigee Edge. Whatever you do on MACHiNE1 is not going to ever affect MACHINE2, if you have installed "all in one" on both MACHINE1 and MACHINE2.

If you want to manage a cluster of servers under one planet, you don't want to use All-in-one.

If you do configure more than one server in your Apigee Edge planet, you will still use only one management UI to configure all of them. You wont "go to the other host" to use the UI. The cluster (planet), whether 1 server, 2 servers or 25 servers (this is not unusual), is managed by a single central administrative UI.


I think you want a cluster of routers and MPs - multiple servers handling traffic. The install documentation describes that scenario and what you need to do on each machine to make that happen. Even so, if you install a cluster of 2 machines running Apigee Edge, you now have 2 distinct routers... For API clients, how will they be able to select one or the other? I mean... if a vhost is configured with address 192.168.10.3, and that points to... exactly one of those routers.... then?? how will traffic ever be served by the other machine?

Good question. To handle this case you need a load-balancer, some people call it a "virtual IP". Basically it is a separate layer that spreads requests around. You can do this in software (with nginx or etc) or hardware (F5 or Netscaler or etc), or you can use a round-robin DNS-resolution thing, so that each time a client looks up the name api.myhost.com it gets one of the various router addresses. There are pros and cons to each, and you can combine them. But this stuff is outside the scope of the Apigee Edge OPDK installation.

For more information on clusters and all-in-one, read the installation documentation for Apigee Edge.

View solution in original post

3 REPLIES 3

I added a host2:9001 as a virtual host host on host1.

I don't understand this.

We are getting a little confused with all the ways we use the term "host". so let's back up a little bit.

Let's say you have two MACHINES. These are servers, maybe virtual, maybe not. On each one you have installed Apigee Edge. These are two distinct Apigee Edge PLANETS. If you have installed Apigee Edge in the "All in one" pattern, on each server, then each server has all it needs to work, and each one is completely independent of the other. COMPLETELY. Whatever you do in the Apigee Edge configuration on MACHiNE1 is not going to ever affect the Apigee Edge configuration on MACHINE2, if you have installed "all in one" on both MACHINE1 and MACHINE2. They are separate.

Now, on one of those servers, MACHINE1, you have configured a virtualhost. A virtual host is a ... way to contact the Apigee Edge router. In Apigee Edge you define the vhost with a hostalias (a DNS name like api.myhost.net) and a combination of the scheme & authority that API clients will use to send API requests in.

Scheme and authority are terms from the definition of URL; think of scheme as "protocol" (either http/https) and authority as the combination of hostname and port.

Supposing you are not using TLS, then your first virtual host has settings like this: {http, 192.168.10.3, 9001} , where 192.168.10.3 is replaced with your own value for the IP address of MACHINE1. Supose you use your hostalias of api.myhost.net.

This means, if the dns name api.myhost.net actually resolves to 192.168.10.3, then api clients can use http://api.myhost.net:9001 to reach your router, and then have requests be routed to the MPs that have proxies deployed. (In an all-in-one, there is one router, one MP, and it's all on the same machine.)

(* DNS resolution can be done on the cheap via appropriate entries in /etc/hosts )

OK, all good?


Now let's get to your questions. You said "I added a host2:9001 as a virtual host host on host1."

That doesn't make sense.

All of the virtualhosts on host1 must all have an IP address that the router listens on. In my example, 192.168.10.3. If MACHINE2 is assigned ip address 192.168.10.15, You cannot use that IP address within a vhost definition on the Apigee Edge planet in MACHINE1.

You may configure one insecure vhost, and multiple secure vhosts. If you have a single router machine (and you do if you use all-in-one) then all of those vhosts must have the same IP address. They will all be handled by the same router.

It will be possible to use multiple distinct vhosts in these cases:

  • if you want to configure an insecure (non-TLS) vhost and a secure (TLS) vhost.
    In this case these vhosts can use the same hostalias but must use different ports.
  • if you want more than one secure vhost.
    In this case, they all must use distinct hostaliases.

In all cases the hostaliases that you use (api1.myhost.net, api2.myhost.net, etc) must all resolve to the same IP address; they will all be handled by the router. This is 192.168.10.3 in my example.


when I go to the UI on host2 the proxy is not there, what gives?

MACHINE2 is running a distinct, completely separate installation of Apigee Edge. Whatever you do on MACHiNE1 is not going to ever affect MACHINE2, if you have installed "all in one" on both MACHINE1 and MACHINE2.

If you want to manage a cluster of servers under one planet, you don't want to use All-in-one.

If you do configure more than one server in your Apigee Edge planet, you will still use only one management UI to configure all of them. You wont "go to the other host" to use the UI. The cluster (planet), whether 1 server, 2 servers or 25 servers (this is not unusual), is managed by a single central administrative UI.


I think you want a cluster of routers and MPs - multiple servers handling traffic. The install documentation describes that scenario and what you need to do on each machine to make that happen. Even so, if you install a cluster of 2 machines running Apigee Edge, you now have 2 distinct routers... For API clients, how will they be able to select one or the other? I mean... if a vhost is configured with address 192.168.10.3, and that points to... exactly one of those routers.... then?? how will traffic ever be served by the other machine?

Good question. To handle this case you need a load-balancer, some people call it a "virtual IP". Basically it is a separate layer that spreads requests around. You can do this in software (with nginx or etc) or hardware (F5 or Netscaler or etc), or you can use a round-robin DNS-resolution thing, so that each time a client looks up the name api.myhost.com it gets one of the various router addresses. There are pros and cons to each, and you can combine them. But this stuff is outside the scope of the Apigee Edge OPDK installation.

For more information on clusters and all-in-one, read the installation documentation for Apigee Edge.

Hey Dino-at-Google, thanks for a very thorough answer. Makes sense. Say, I want to stay within the all-in-one install for the time being. what's the way to go if I want to separate environments w/ distinct endpoints? i.e, Say I create a proxy in dev and then I want to promote it to higher environments. Do I just create separate environments w/ distinct ports? Thanks.

Yes. This is covered in the OPDK doc.

You can check this out:

https://docs.apigee.com/private-cloud/v4.19.01/about-planets-regions-pods-organizations-environments...

There is a section on environments that explains this.