Upgrading external Elasticsearch in API Gateway

Edit online

When considering an upgrade to Elasticsearch, it is necessary to ensure compatibility between the webMethods API Gateway and both the current and target versions of external Elasticsearch. This section explains how to perform external Elasticsearch upgrades to ensure both backward and forward compatibility.

Note: It is recommended to maintain two separate external Elasticsearch data stores – one for core data and the other for transactional data for better performace of the application.

Update scenarios

To maintain the security posture of the webMethods API Gateway, it is recommended to perform periodic updates of external Elasticsearch throughout the lifecycle of the webMethods API Gateway version. Regular updates help address newly identified security vulnerabilities and enhance the overall reliability of the system.

webMethods API Gateway uses external Elasticsearch as data store, enabling assets, analytics and log aggregation. With the introduction of version 11.0, it is necessary to ensure zero downtime during upgrades for both the external Elasticsearch and webMethods API Gateway. With each new external Elasticsearch version release, webMethods API Gateway will issue a corresponding fix to provide support for the latest external Elasticsearch version.

You can achieve zero downtime through either an over-install or a blue-green deployment approach. Consider the following scenarios and actions before proceeding with Elasticsearch upgrade.

Fix Scenario Description webMethods API Gateway ​ fix webMethods API Gateway ​ version upgrade Elasticsearch ​ fix Elasticsearch ​version upgrade Action
Elasticsearch IBM has packaged Elasticsearch fix release, which does not require any modifications to the base Elasticsearch version, and there is no corresponding API Gateway release associated with this Elasticsearch update. No No Yes No
  • Use SUM to apply Elasticsearch fix.
  • Rolling upgrade is supported.
webMethods API Gateway Elasticsearch release, for instance, version 8.3, has been made available, but there is no accompanying webMethods API Gateway release associated with it. No No No Yes
  • Install new Elasticsearch and copy data from old to new Elasticsearch through REST endpoint.
  • Rolling upgrade is supported.
webMethods API Gateway and Elasticsearch webMethods API Gateway release, for example, version 11.5 or 12.0, coincides with Elasticsearch release, version 8.4. or version 9.4 respectively. No Yes No Yes
  • Install new Elasticsearch and copy data from old to new Elasticsearch through REST endpoint.
  • Perform rolling upgrade to install the API fix, which includes new features.

Overview of data copy process

The data copy process involves transferring external Elasticsearch data securely from a source to a destination endpoint. This overview outlines the key steps required for a successful and secure data copy operation:
  1. Copy the external Elasticsearch data.
  2. Perform data copy for secured external Elasticsearch.
  3. Check the status of the data copy process.
  4. Verify the configurations.

Step 1. Copy the external Elasticsearch data

When upgrading from one external Elasticsearch version to the next, it is necessary to transfer the core and transcational data from the previous version to the target version. Perform the following steps to copy external Elasticsearch data to the target destination:

  1. Open your REST client.
  2. Provide the details of the external Elasticsearch endpoints for both the core data and the analytics data in the Body section.

    Configure the following parameters in the REST client by providing the required values. These parameters define the target endpoint where the external Elasticsearch data should be copied.

    • targetCoreESEndpointConfig: Specifies the configuration for the target core external Elasticsearch endpoint. By specifying the values for this parameter, only the core external Elasticsearch data is copied to the target endpoint. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the target core external Elasticsearch endpoint. 
      "endpoint":"http://targetendpoint:9200"
      username Specifies the username for authentication. 
      "userName":"abc"
      password Specifies the password for authentication. 
      "password":"xyz"
    • targetEventsAndLogsESEndpointConfig: Specifies the configuration for the target events and logs external Elasticsearch endpoint. By specifying the values for this parameter, only the transactional external Elasticsearch data is copied to the target endpoint. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the target events and logs external Elasticsearch endpoint. 
      "endpoint":"http://targetendpoint:9200"
      username Specifies the username for authentication. 
      "userName":"xyz"
      password Specifies the password for authentication. 
      "password":"abc"
    • targetDashboardConfig: Specifies the configuration for the target Dashboard endpoint external Elasticsearch endpoint. By specifying the values for this parameter, the endpoint is directed to the target external Kibana dashboard, which has the analytics data.To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the target Dashboard endpoint. 
      "endpoint":"http://targetendpoint:5601"
      		 
      {
    "targetCoreESEndpointConfig": {
        "endpoint": "http://targetendpoint:9200",
        "userName": "xyz",
        "password": "abz",
    },
    "targetEventsAndLogsESEndpointConfig": {
        "endpoint": "http://targetenpoint:9200",
        "userName": "xyz",
        "password": "abc",
    },
    "targetDashboardConfig": {
        "endpoint":"http://targetendpoint:5601"
    }
}
    • Copy the core data individually by configuring and providing the values for the 'targetCoreESEndpointConfig' parameter in the REST client and making a POST call to the follwing URL:
      POST/rest/apigateway/migrate/datacopy/core
      Similarly, copy the events and logs data individually by configuring and providing the values for the 'targetEventsAndLogsESEndpointConfig' and 'targetDashboardConfig' parameters in the REST client and making a POST call to following URL:
      POST/rest/apigateway/migrate/datacopy/eventsandlogs

Step 2. Perform data copy for secured external Elasticsearch

Note: This step is only applicable if you are using a secured external Elasticsearch. Proceed with Step 3 if you are not using a secured external Elasticsearch.

  1. To communicate with a secured external Elasticsearch using Keystore and Truststore, configure the following parameters in the REST client by providing the required values:

    • keystoreConfig: Specifies the configuration for the target Keystore endpoint. By specifying the values for this parameter, the target external Elasticsearch server validates the client certificate and key stored in the Keystore. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      filepath Specifies the file path of the target core/events and logs Keystore endpoint. 
      "filePath": "c:/keystorefiles/coreelasticks.jks"

      or

      "filePath": "c:/keystorefiles/eventelastic.jks"
      alias Specifies the alias for authentication. 
      "alias":"abc"
      password Specifies the password for authentication. 
      "password":"xyz"
    • truststoreConfig: Specifies the configuration for the target Truststore endpoint. The Truststore validates the target external Elasticsearch server certificate. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      filepath Specifies the file path of the target core/events and logs Truststore endpoint. 
      "filePath": "c:/truststorefiles/coreelasticts.jks"

      or

      "filePath": "c:/truststorefiles/eventelasticts.jks"
      password Specifies the password for authentication. 
      "password":"xyz"
      For example,
      {
    "targetCoreESEndpointConfig": {
        "endpoint": "https://targetendpoint:9200",
        "userName": "xyz",
        "password": "abz",
        "keystoreConfig": {
            "filePath": "c:/keystorefiles/coreelasticks.jks",
            "alias": "hello",
            "password": "abcd"
        },
        "truststoreConfig": {
            "filePath": "c:/truststorefiles/coreelasticts.jks",
            "password": "abcd"
        }
    },
    "targetEventsAndLogsESEndpointConfig": {
        "endpoint": "https://targetendpoint:9200",
        "userName": "xyz",
        "password": "abc",
        "keystoreConfig": {
            "filePath": "c:/keystorefiles/eventelastic.jks",
            "alias": "helloa",
            "password": "abcc"
        },
        "truststoreConfig": {
            "filePath": "c:/truststorefiles/eventelasticts.jks",
            "password": "abcc"
        }
    },
    "targetDashboardConfig": {
        "endpoint":"https://targetendpoint:5601"
    }
}
  2. Make a call to the following URL, with the IP address of the system where webMethods API Gateway is installed and press Enter:
    POST/rest/apigateway/migrate/datacopy

    The data copy process will start.

Step 3. Check the status of the data copy process

Throughout the upgrade process, you can retrieve the status, which can be valuable for troubleshooting any potential issues.

You can use one of the following ways to get the status of the external Elasticsearch data copy.
  1. Using GET call to get the status
    1. Open your REST client.
    2. Provide the details of the external Elasticsearch endpoints for both the core data and the analytics data in the Body section.
    3. Make a call to the following URL, with the IP address of the system where API Gateway is installed and press Enter:
      GET/rest/apigateway/migrate/datacopy/status

      Invoke the URL at regular intevals to get the latest status.

  2. Using webhook to get the status

    You can use webhook to automate the status delivery using an application. For example, you can use Microsoft Teams to get the timely status of the data copy process whenever webMethods API Gateway undergoes a change. Perform the following tasks to use webhook to get the updates:

    1. Open your REST client.
    2. Provide the details of the external Elasticsearch endpoints for both the core data and the analytics data in the Body section.

      In addition to the 'targetCoreESEndpointConfig', 'targetEventsAndLogsESEndpointConfig' and 'targetDashboardConfig', you can configure the following parameter in the REST client by providing the required values.

      webhookConfig

      Specifies the configuration for the webhook notification. To configure this parameter, you can use the following settings by providing the required values:
      Settings Description Example
      endpoint Specifies the URL of the webhook endpoint. 
      "https://abc.webhook.office.com/webhookb2/abcd
      username Specifies the username for authentication (if required). 
      "userName":"xyz"
      password Specifies the password for authentication (if required). 
      "password":"abc"
      template Specifies the JSON template for the message card. 
      "{\"@type\":\"MessageCard\",\"@context\":\"http://schema.org/extensions\",\"themeColor\":\"@@status@@\"}, \"value\":\"@@workflow@@\"}\

      Provide three placeholders - @@status@@, @@workflow@@ and @@log@@.

      Get the status of the core data copy process individually by configuring and providing the values for the targetCoreESEndpointConfig and webhookConfig parameters in the REST client and making a POST call to the follwing URL:
      POST/rest/apigateway/migrate/datacopy/core
      Similarly, get the status of the events and logs data copy process individually by configuring and providing the values for the targetEventsAndLogsESEndpointConfig, targetDashboardConfig and webhookConfig parameters in the REST client and making a POST call to the following URL:
      POST/rest/apigateway/migrate/datacopy/eventsandlogs
    3. Make a call to the following URL, with the IP address of the system where API Gateway is installed and press Enter:
      POST/rest/apigateway/migrate/datacopy/status
Note: You can use the GET call to get updates even if you use webhook to get regular updates.

Step 4. Verify the configurations

Upon successful data copying, the configuration files is automatically reflect the changes by pointing to the new cluster. You can verify the same in the following files:

  • SAGInstaller/msr/Integration Server/packages/WmAPIGateway/config/resources/elasticsearch/config.properties
  • SAGInstaller/msr/Integration Server/packages/WmAPIGateway/config/resources/elasticsearch/analyticsds.properties

Rolling back the the source endpoints

In the event of an unsuccessful upgrade, a rollback option is available. The configuration changes is reverted, and the client is directed back to the source external Elasticsearch cluster. Perform the following steps to initiate the rollback process:

  1. Open your REST client.
  2. Provide information regarding source end points for each external Elasticsearch in the Request section.

    Configure the following parameters in the REST client by providing the required values. These parameters define the target endpoint where the external Elasticsearch data should be copied.

    • targetCoreESEndpointConfig: Specifies the configuration for the source core external Elasticsearch endpoint. By specifying the values for this parameter, only the core external Elasticsearch data is copied to the source endpoint. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the source core external Elasticsearch endpoint. 
      "endpoint":"http://sourceendpoint:9200"
      username Specifies the username for authentication. 
      "userName":"abc"
      password Specifies the password for authentication. 
      "password":"xyz"
    • targetEventsAndLogsESEndpointConfig: Specifies the configuration for the source events and logs external Elasticsearch endpoint. By specifying the values for this parameter, only the transactional external Elasticsearch data is copied to the source endpoint. To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the source events and logs external Elasticsearch endpoint. 
      "endpoint":"http://sourceendpoint:9200"
      username Specifies the username for authentication. 
      "userName":"xyz"
      password Specifies the password for authentication. 
      "password":"abc"
    • targetDashboardConfig: Specifies the configuration for the source Dashboard endpoint external Elasticsearch endpoint. the endpoint is directed to the source external Kibana dashboard, which has the analytics data.To configure this parameter, you can use the following settings by providing the required values.
      Settings Description Example
      endpoint Specifies the URL of the source Dashboard endpoint. 
      "endpoint":"http://sourceendpoint:5601"
      For example,
      {
    "targetCoreESEndpointConfig": {
        "endpoint": "http://sourceendpoint:9200",
        "userName": "xyz",
        "password": "abz",
    },
    "targetEventsAndLogsESEndpointConfig": {
        "endpoint": "http://sourceenpoint:9200",
        "userName": "xyz",
        "password": "abc",
    },
    "targetDashboardConfig": {
        "endpoint":"http://sourceendpoint:5601"
    }
}

    You can provide the source Keystore/Truststore values to get the source data.

  3. Make a call to the following URL, with the IP address of the system where webMethods API Gateway is installed and press Enter:
    POST/rest/apigateway/migrate/datacopy/rollback