Pushing provider organization data

Use the AMU to push the provider organization data to the Management server.

About this task

Pushing the provider organization data uploads the ported OAuth Providers, draft APIs, draft products, configured gateway services, and published products to the Management server.

Procedure

  1. Log in to the API Manager user interface as an Owner or Administrator of the provider organization that you want to migrate.

    If you want to login using an OIDC user registry, see Logging in to a management server with an OIDC registry.

    Important: You cannot migrate a provider organization while you are logged in with the Cloud Manager admin organization. You must be logged in as the Owner or Administrator of the provider organization whose data you will push.
    Syntax:
    ./apicm login --server <api-manager-ui-endpoint> --realm provider/<identity_provider> --username <org_username> --password <org_password>
    Example for a standalone deployment:
    ./apicm login --server api-manager-ui.dev.apic10-stack.example.test --realm provider/default-idp-2 --username org_username@example.com --password myorgpassword
    Example for Cloud Pak for Integration:
    ./apicm login --server cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod --realm provider/default-idp-2 --username org_username@ex
    Table 1. login parameters for Provider organizations
    Parameters Description
    <api-manager-ui-endpoint> Required. The API Manager URL endpoint on the Management server for communication with the API Manager user interface.
    Standalone deployment

    Example:

    api-manager-ui.dev.apic10-stack.example.test
    The endpoint was specified when the Management subsystem was installed. To verify your endpoint setting, do one of the following:
    • View the apiconnect-apim-ui definition in the apiconnect-up.yml file in the API Connect installation project directory.
    • In the Cloud Manager UI, select Settings > Endpoints and view API Manager URL.
    Cloud Pak for Integration
    Syntax:
    cpd-<APIC_namespace>.<your-company.domain.com>/integration/apis/<APIC_namespace>/<APIC_instance>

    Example:

    cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod

    where e2e is <APIC_namespace> and prod is <APIC_instance>.

    Note: How to obtain the server URL on Cloud Pak for Integration

    Use the Platform Navigator UI to determine the parameter. Note that you cannot get the endpoint by using oc get routes because Zen modifies the route internally.

    1. Locate the Platform UI panel with entries for the deployment. Identify the row that has a Type column entry with the description API management
    2. To display the endpoint, hover over the corresponding prod entry in the Name column for that row. The URL displays at the bottom of the panel.
      Name                   Type
      
      prod                       API management administration
      prod                          API management
      
      
      cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod/manage
    3. Remove the trailing /manage from the endpoint:
      cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod
    --realm provider/identity_provider Required.
    The default identity_provider is default-idp-2.You can determine which identity provider to use in the --realm parameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
    apic identity-providers:list --scope provider --server mgmt_endpoint_url --fields title,realm
    For example,
    apic identity-providers:list --scope provider --server myserver.com --fields title,realm 
    total_results: 2
    results:
      - title: Cloud Manager User Registry
        realm: provider/default-idp-2
      - title: Corporate LDAP user registry
        realm: provider/corporate-ldap
    The title value indicates which identity provider to use; copy the corresponding --realm parameter directly from the displayed realm value. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default API Manager Local User Registry for login as a member of a provider organization is default-idp-2
    .
    --username <org_username> Required. A user with permissions to modify the provider organization; typically this is the owner or administrator of the organization.
    --password <org_password> Required. The organization owner or administrator password.
  2. Push the data for the provider organization.

    In the same directory where you ran the archive:unpack-v10 command, run the following command to push the ported data to your API Manager. See the parameters in Table 2 as well as the usage notes that follow the table.

    Syntax:
    ./apicm archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name> [optional flags]
    
    Example for standalone deployment (optional flags are omitted):
    ./apicm archive:push-v10 api-manager-ui.mgmt.dev.apic10-stack.example.test cloud-v10/provider-orgs/production_Org 
      
    Example for Cloud Pak for Integration (optional flags are omitted):
    ./apicm archive:push-v10 cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod cloud-v10/provider-orgs/production_Org 
      
    Table 2. archive:push-v10 parameters for provider organizations
    Parameters Description
    <api-manager-ui-endpoint> Required. The API Manager URL endpoint on the Management server for communication with the API Manager user interface.
    Standalone deployment

    Example:

    api-manager-ui.dev.apic10-stack.example.test
    The endpoint was specified when the Management subsystem was installed. To verify your endpoint setting, do one of the following:
    • View the apiconnect-apim-ui definition in the apiconnect-up.yml file in the API Connect installation project directory.
    • In the Cloud Manager UI, select Settings > Endpoints and view API Manager URL.
    Cloud Pak for Integration
    Syntax:
    cpd-<APIC_namespace>.<your-company.domain.com>/integration/apis/<APIC_namespace>/<APIC_instance>

    Example:

    cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod

    where e2e is <APIC_namespace> and prod is <APIC_instance>.

    Note: How to obtain the server URL on Cloud Pak for Integration

    Use the Platform Navigator UI to determine the parameter. Note that you cannot get the endpoint by using oc get routes because Zen modifies the route internally.

    1. Locate the Platform UI panel with entries for the deployment. Identify the row that has a Type column entry with the description API management
    2. To display the endpoint, hover over the corresponding prod entry in the Name column for that row. The URL displays at the bottom of the panel.
      Name                   Type
      
      prod                       API management administration
      prod                          API management
      
      
      cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod/manage
    3. Remove the trailing /manage from the endpoint:
      cpd-e2e.apps.test1.cp.example.com/integration/apis/e2e/prod
    cloud-v10/provider-orgs/<pOrg_name> Required. The location of your provider org within the /cloud-v10 file hierarchy you created when you ran unpacked the data archive; for example:
    cloud-v10/provider-orgs/production_Org
    --catalogs=<list_of_names> Optional. Push data for only the specified catalogs if you don't want to push the entire provider organization. Use this parameter to specify the names of the catalogs you want to push (to specify multiple catalogs, use a comma-separated list):
    ./apicm archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name>
     --catalogs=<catalog_name1,catalog_name2,catalog_name3>
    --spaces=<list_of_names> Optional. Push data for only the specified spaces if you don't want to push the entire provider organization. The --catalogs parameter must also be specified, and exactly one catalog must be specified. Use this parameter to specify the names of the spaces you want to push (to specify multiple spaces, use a comma-separated list). For example:
    ./apicm  archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name> 
                  --catalogs=<catalog_name>
                  --spaces=<space_name1>,<space_name2>,<space_name3>
    --products=<list_of_name:version_pairs> Optional. Push data for only the specified products if you don't want to push the entire provider organization. The --catalogs parameter must also be specified, and exactly one catalog must be specified. If spaces are enabled on the catalog, then the --spaces parameter must also be specified, and exactly one space must be specified. Use this parameter to specify the names and versions of the products that you want to push (to specify multiple products, use a comma-separated list of name:version pairs as shown in the following examples.

    Example: catalog with spaces

    ./apicm archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name>
                  --catalogs=<catalog_name> --spaces=<space_name>
                  --products=<prod_name1>:<prod_version1>,<prod_name2>:<prod_version2>,<prod_name3>:<prod_version3>

    Example: catalog without spaces:

    ./apicm archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name>
                  --catalogs=<catalog_name>
                  --products=<prod_name1>:<prod_version1>,<prod_name2>:<prod_version2>,<prod_name3>:<prod_version3>
    --dry-run Optional. Perform a dry run to test the Admin org migration output.

    This option creates a project directory similar to cloud-v10, but titled .workdir-<api-manager-ui-endpoint> where you can view how the data will be loaded into your new system. The option also displays the objects that will fail due to existing already or missing dependencies. Use this option to view the resolved URLs for where the data will be loaded, without creating resources on the new system. See Migration troubleshooting.

    ./apicm archive:push-v10 <api-manager-ui-endpoint> cloud-v10/provider-orgs/<pOrg_name>
     --dry-run
    
    --no-drafts Optional. Do not push any draft APIs or products (draft objects are objects that have not been published).
    ./apicm archive:push-v10 <api-manager-ui-endpoint> <path_to_provider_org>
     --no-drafts
    

    This option can be used with or without the --catalogs parameter.

    --drafts-only Optional. Only push ported draft APIs and products, and do not push any published APIs or products (draft objects are objects that have not been published).
    ./apicm archive:push-v10 <api-manager-ui-endpoint> <path_to_provider_org>
     --drafts-only
    

    This option cannot be used with the --catalogs or --no-drafts parameters.

    --overwrite Optional. Overwrite any existing draft products, draft APIs, published products and their APIs, and OAuth Providers that are already on the deployment. If you set this parameter to false, these artifacts will be left intact.
    --move-subscriptions Optional. When this option is used, the subscriptions associated with v5-compatible-API-based products that were ported to API DataPower Gateway-based products and successfully pushed to the API Connect deployment will have their subscriptions moved to the new products, and the original v5-compatible-API-based products will be retired. This option can also be used on subsequent archive:push-v10 commands to move the subscriptions even after the migrated products are published. Using the --catalogs, --spaces, and --products parameters with the --move-subscriptions parameters lets you narrow the set of products to have their subscriptions moved.
    Usage notes:
    • On Windows: open a command window with Administrator privileges, and omit the "./" from the command.

    • Run the archive:push-v10 command in the same directory where you ran the archive:unpack-v10 command, and always push the ported data back to the same deployment where you extracted the data.

    • The login command obtains a token that expires after 8 hours.

      If the token expires while the archive:push-v10 command is running, the AMU generates errors. In this case, log in again and re-run the push command. The token is refreshed every time you log in. For more information, see migration_troubleshooting.html#migration_troubleshooting__token_expire.

    • The archive:push-v10 command only pushes only the following ported objects: OAuth Providers, draft APIs, draft products, configured gateway services, and published products.

    • An alternative method of viewing endpoints is to run the kubectl get ingress and get the values from the output. For example, see the values in bold in the following sample output:
      r7c221d8a33-apic-portal-director api.portal.dev.apic10-stack.example.test 80, 443 21h 
      r7c221d8a33-apic-portal-web portal.dev.apic10-stack.example.test 80, 443 21h 
      re314d70920-apiconnect-api platform.mgmt.dev.apic10-stack.example.test 80, 443 22h 
      re314d70920-apiconnect-apim-ui apim.mgmt.dev.apic10-stack.example.test 80, 443 22h 
      re314d70920-apiconnect-cm-ui cloud.mgmt.dev.apic10-stack.example.test 80, 443 22h 
      re314d70920-apiconnect-consumer-api consumer.mgmt.dev.apic10-stack.example.test 80, 443 22h 
      rfe867a858b-dynamic-gateway-service service.gw.dev.apic10-stack.example.test 80, 443 21h 
      rfe867a858b-dynamic-gateway-service-gw api.gw.dev.apic10-stack.example.test 80, 443 21h 
      rfff5043330-analytics-client ac.dev.apic10-stack.example.test 80, 443 21h 
      rfff5043330-analytics-ingestion ai.dev.apic10-stack.example.test
  3. Test your newly ported products and APIs to make sure they are working as expected.

    If necessary make changes and push the updates to your API Connect deployment.