Author: Vikas Parikh

Objective

Once MuleSoft RTF (Run Time Fabric) is installed on the underlying infrastructure (AWS/ Azure/ Customer Hosted environment), we need to then deploy APIs to the RTF.

The objective of this document is to Manage the APIs and API configuration to make it functional in the RTF. 

Prerequisite

  • RTF installed on the AWS as per the guide: RTF installation for AWS

Enable the Inbound Traffic

  • By default Inbound Traffic is disabled to prevent consuming unnecessary resources.
  • To allow Mule applications to listen on inbound connections, Inbound Traffic is to be enabled.

Create a JKS with RSA key

  • Create a JKS with RSA key
  • Make sure CN is same as that of  <controller-public-DNS>, so that apps can be deployed and become accessible
  • Use this command: 
keytool -genkey -keyalg RSA -alias <controller-public-dns> -keystore server.jks  

Configure JKS for the Inbound Traffic

  • Sign in to Anypoint platform and navigate to Runtime Manager → Runtime Fabrics → <your_rtf> → Inbound Traffic
  • Enable the toggle as below
  • Keep basic configuration and resource allocation unchanged
  • Under TLS Configuration, upload the JKS and upload JKS created in previous step
  • Enter the keystore pass code
  • Alias that you have configured, should appear once you click – Choose alias
  • Select Ok
  • Enter Key Passcode
  • Click Deploy
  • Status should be “Applying” as shown below
  • Within a minute, configuration should have been Applied as below

Verify Inbound Traffic on Anypoint Dashboard

  • Go back to Runtime Fabrics dashboard under Runtime Manager
  • Inbound Traffic should be enabled against your RTF

Deploy APIs to RTF

Last mile security enabled (preferred approach)
  • Deploy the app to RTF instance as below
  • Make sure checkbox mentioning – Enable Inbound Traffic at https://<controller-public-dns>/<app-name> is checked
  • Make sure checkbox mentioning – Enable Last-Mile Security is enabled
    • This would enable HTTPS traffic between controller and worker 
    • Last mile security (HTTPS traffic till worker) is thus enabled 
  • Make sure to provide correct set of properties before deployment like below:
  • Click on Deploy Application
  • Application should get deployed in few minutes like below:
  • Once application gets deployed, hit the below endpoint from browser:
https://<controller-public-dns>/sum-it/sum/99/1
  • You should expect a JSON Response of 100 as below: 

Application Listener Configuration

  • In order to configure Last mile security, worker should be listening the traffic port 8081 with protocol HTTPS
  • Note that this is different to that of Cloudhub deployment where HTTPS traffic is enabled at 8082
  • In RTF, both – HTTP and HTTPS traffic, workers should be listening at port 8081. If Last Mile security is enabled (preferred) then have HTTPS otherwise have HTTP
  • Here is the relevant application configuration: 
<?xml version="1.0" encoding="UTF-8"?>
<mule .. >
    <http:listener-config name="sum-it-service-httpListenerConfig">
        <http:listener-connection host="0.0.0.0" port="8081" protocol="HTTPS">
			<tls:context>
				<tls:key-store type="jks" path="server.jks" alias="${jks-alias}" keyPassword="${jks-password}" password="${jks-password}" />
			</tls:context>
		</http:listener-connection>
    </http:listener-config>
    <apikit:config name="sum-it-service-config" api="resource::6d77a172-feea-4187-be60-82329d313431:sum-it-service:1.0.2:raml:zip:sum-it-service.raml" outboundHeadersMapName="outboundHeaders" httpStatusVarName="httpStatus" />
    
<flow name="sum-it-service-main">
        <http:listener config-ref="sum-it-service-httpListenerConfig" path="/*">
                        ..
       </flow>
       <flow name="get:\sum\(num_1)\(num_2):sum-it-service-config">
		..
       </flow>   
       </mule>

Last Mile Security Disabled 

  • Deploy the app to RTF instance as below
  • Make sure checkbox mentioning – Enable Inbound Traffic at https://<controller-public-dns>/<app-name> is checked
  • Make sure checkbox mentioning – Enable Last-Mile Security is unchecked
    • This would disable HTTPS traffic between controller and worker 
    • Last mile security (HTTPS traffic till worker) is thus disabled
  • Click – Deploy Application
  • Application should get deployed in few minutes like below:
  • Once application gets deployed, hit the below endpoint from browser:
https://<controller-public-dns>/multiply-it/multiply/5/4
  • You should expect a JSON Response of 20 as below: 

Application Listener Configuration

  • In order to have disabled configuration of Last mile security, worker should be listening the traffic port 8081 with protocol HTTP
  • Here is the relavent application configuration: 
<?xml version="1.0" encoding="UTF-8"?>
<mule .. >
    <http:listener-config name="sum-it-service-httpListenerConfig">
        <http:listener-connection host="0.0.0.0" port="8081" protocol="HTTP">
	 </http:listener-connection>
    </http:listener-config>

    <apikit:config name="multiply-it-service-config" api="resource::6d77a172-feea-4187-be60-82329d313431:multiply-it-service:1.0.2:raml:zip:multiply-it-service.raml" outboundHeadersMapName="outboundHeaders" httpStatusVarName="httpStatus" />

<flow name="sum-it-service-main">
        <http:listener config-ref="sum-it-service-httpListenerConfig" path="/*">
                        ..
       </flow>
       <flow name="get:\multiply\(num_1)\(num_2):multiply-it-service-config">
		..
       </flow>   
       </mule>

Leave a Comment