HA is an advanced topic and deserves a lot of planning. Here, you’ll learn just the basics, as there is much to consider when setting up HA, and there are various options you would need to bear in mind based on cost, SLA, and effort.
To achieve HA in API Connect, the API Manager, Developer Portal, Analytics, and gateway components all require a quorum. A quorum is a minimum of three instances or nodes in a cluster. Both Kubernetes and API Connect components require a quorum to support HA. So, whether you are using a deployment model of API Connect on VMware or API Connect using Kubernetes, the requirement is still the same.
The condition the quorum is trying to prevent is referred to as a split brain. In this scenario, your cluster believes there are two primaries within the HA cluster quorum. Normally, there is one primary synchronizing with secondaries. When the primary goes down, the secondary usually takes over as the primary. However, what if the primary is functioning but the network link goes down?
Well, a secondary could believe the primary has gone down, so it makes itself the primary so that it can continue processing. Sound good? Not really. The original primary believes it is still functioning. So, now we have two primaries, which means database synchronization is running independently. When the network link becomes active, we have two primaries. So, who’s the boss? When you have two primaries, this is called a split-brain scenario. It can lead to data inconsistencies.
Quorums aren’t unique to API Connect. You can find them with databases (such as MySQL and MariaDB) or with Kafka, where ZooKeeper requires a quorum.
In API Connect, the way to calculate the node failure tolerance is N/2+1. So, in our minimal case of three nodes, we require two instances to form a quorum. Some examples are as follows:
- 4 nodes = 4/2+1 = 3 nodes for a quorum
- 5 nodes = 5/2+1 = 3 nodes for a quorum
- 7 nodes = 7/2+1 = 4 nodes for a quorum
So, what split-brain scenario happens to API when a quorum is not achieved? We’ll review by each component:
- Gateway: APIs will continue to run, but API configurations are constrained. Additionally, you will be unable to store or share revoked OAuth refresh tokens and rate limiting in the API Connect Gateway (apigw) service.
Important Note
Rate limiting will continue if you are using the v5c gateway service.
- Manager: API Manager will continue to work but only in read-only mode. You will not be able to publish APIs nor create applications.
- Analytics: You can view existing analytics, but new data from the gateway is stopped.
- Developer Portal: The Developer Portal cannot be accessed. You will not be able to register new consumers nor register new applications.
You now have a good understanding of the various deployment models and how API Connect handles HA. Having this information puts you in the best position to enable you to architect your hybrid cloud infrastructure so that it is highly available, resilient, and performant.
Before beginning to work with API Connect, it is a good time to introduce you to another valuable capability of API Connect. That is the ability to execute many of its features via the command line.
Introduction to the CLI commands
In this section, you will learn how to use the basic CLI commands. The examples shown here have been initiated from a Mac but will be the same for Windows environments.
The CLI commands come with the API Connect toolkit. You can download the toolkit from the web on Fix Central (https://www.ibm.com/support/fixcentral/). Alternatively, if your company has API Connect installed and you have access to API Manager, then you can download it from there. In fact, you are guaranteed to get the correct version if you do it in that manner:
Figure 2.18 – Downloading the toolkit from API Manager
For what reasons would you want to use the CLI? Most of the time, the CLI is incorporated within your DevOps pipeline. However, before you start learning how to call the CLIs, you should try to understand the capabilities that are available within the CLI. One thing you should be aware of is the target of your CLI commands. When executing the commands, the location of the output can be either of the following:
- Local filesystem: This is for creating APIs and products locally. It uses general-purpose commands.
- API management: Here, commands are executed toward managing resources on the API Manager server, including draft APIs.
These distinctions are important because some commands might seem similar but have different implementations. On the one hand, you are generating APIs from the command line, and on the other hand, you are deploying and managing those same APIs against API Manager.
You have been briefly introduced to the development capabilities of API Connect. As a developer, you understand that you start by creating APIs. Then, you package them in a product, stage or publish them to a Catalog, and, finally, maintain a life cycle of revisions and updates. Figure 2.19 shows the flow you could take to create an API and deploy it to API Connect.
The CLI API development flow has a series of steps that are required to promote your locally defined API (or an API that is checked into a source code manager such as Git) and published within API Connect’s management component. These steps are very similar to what you need to introduce into your DevOps pipeline:
- Determine which Identity Provider (IDP) you will be accessing.
- Log in to the API Connect using the login CLI command.
- Identify the Provider organization you will be updating.
- Set a Catalog within the Provider organization as the target for the command.
At this point, you have an established destination for publishing. Next, you can create your API.
5. Create an OpenAPI file using your favorite OpenAPI tool or the create CLI command.
6. Using the draft option in the CLI, create a draft API that moves the API into API Manager.
7. Create a draft product that establishes a relationship between the APIs and the plan(s) that will be contained within the product and moves that into API Manager.
8. Once your draft is ready to promote to a testing environment, you can use the CLI to establish the connection to the environment and publish the product.
The flow you just learned is shown in Figure 2.19:
Figure 2.19 – Development process using the CLI
Your administrators have different tasks to perform. Often, their role is to provision new Provider organizations, update TLS certificates, and configure user registries. They will use other CLI commands to perform those activities. In the new world of automation, you can see these are perfect examples of tasks that can be streamlined for greater agility.
Greater agility leads to greater productivity, which leads to greater success in your digital transformation. You’ll learn more about how the CLI participates in the DevOps process in Chapter 14, Building Pipelines on API Connect. With this background introduced, now is a good time to get you started with some simple CLI commands to whet your appetite.