HomeTyk Multi Datacenter BridgePrepare Tyk for MDCB

Prepare Tyk for MDCB

1. Prepare your organisation for MDCB

Before a slave node can connect to MDCB, it is important to enable the organisation that owns all the APis to be distributed to be allowed to utilize Tyk MDCB, to do this, the organisation record needs to be modified with a few new flags using the Tyk Dashboard Admin API.

First, get a copy of the record:

GET /admin/organisations/{org-id}

{
    "_id" : "55780af69b23c30001000049",
    "owner_slug" : "portal-test",
    "developer_quota" : 500,
    "hybrid_enabled" : false,
    "ui" : {
        "uptime" : {},
        "portal_section" : {},
        "designer" : {},
        "dont_show_admin_sockets" : false,
        "dont_allow_license_management" : false,
        "dont_allow_license_management_view" : false,
        "login_page" : {},
        "nav" : {}
    },
    "owner_name" : "Portal Test",
    "cname_enabled" : true,
    "cname" : "api.test.com",
    "apis" : [ 
        {
            "api_human_name" : "HttpBin (again)",
            "api_id" : "2fdd8512a856434a61f080da67a88851"
        }
    ],
    "developer_count" : 1,
    "event_options" : {}
}

Now modify this object so that it has MDCB enabled by setting hybrid_enabled: true amd also to enable key sharing across instances by setting the relevant “event_options”:

PUT /admin/organisations/54b53d3aeba6db5c35000002

{
    "_id" : "55780af69b23c30001000049",
    "owner_slug" : "portal-test",
    "developer_quota" : 500,
    "hybrid_enabled" : true,
    "ui" : {
        "uptime" : {},
        "portal_section" : {},
        "designer" : {},
        "dont_show_admin_sockets" : false,
        "dont_allow_license_management" : false,
        "dont_allow_license_management_view" : false,
        "login_page" : {},
        "nav" : {}
    },
    "owner_name" : "Portal Test",
    "cname_enabled" : true,
    "cname" : "api.test.com",
    "apis" : [ 
        {
            "api_human_name" : "HttpBin (again)",
            "api_id" : "2fdd8512a856434a61f080da67a88851"
        }
    ],
    "developer_count" : 1,
    "event_options" : {
        "key_event" : {
            "webhook" : "",
            "email" : "",
            "redis" : true
        }
    },
}

The first setting allows a slave to login as an organisation member into MDCB, while the second setting under event_options, enables key events such as updates an deletes, to be propagated to the various instance zones. API Definitions and Policies will be propagated by default.

2. Configure a Tyk Gateway for MDCB access

The last thing that needs to be done is to actually configure a slaved Tyk gateway to connect and respect the slaved settings, this means updating sections in tyk.conf, some of these may be new:

First, we need to ensure that we are optimising for speed:

"optimisations_use_async_session_write": true,

Next, we need to set the group that the node will belong to using API sharding, or API tagging, these settings will ensure that only APIs tagged as “ny-1-qa” are loaded by this gateway, you can of course change this tag to be an identifier for whichever environment you want.

"db_app_conf_options": {
    "node_is_segmented": true,
    "tags": ["ny-1-qa"]
}

Next, we need to ensure that the policy loader and analytics purger use the RPC driver:

"policies": {
  "policy_source": "rpc",
  "policy_record_name": "tyk_policies"
},

"analytics_config": {
    "type": "rpc",
    ... // remains the same
},

Lastly, we add the sections that enforce the RPC Slave mechanism:

"slave_options": {
    "use_rpc": true,
    "rpc_key": "{ORGID}",
    "api_key": "{APIKEY}",
    "connection_string": "{your-mdcb-instance-domain:9090}",
    "enable_rpc_cache": true,
    "bind_to_slugs": true,
    "group-id": "ny"
},

"auth_override": {
    "force_auth_provider": true,
    "auth_provider": {
        "name": "",
        "storage_engine": "rpc",
        "meta": {}
    }
}

The most important elements here are:

  • group-id: This is the “zone” that his instance inhabits, e.g. the DC it lives in
  • "tags": ["ny-1-qa"]: This is the tag that the instance will use to download API definitions, Tyk will download all definitions that match each tag set.
  • "connection_string": The MDCB instance or load balancer

Once this is complete, you can start the Tyk MDCB instance and start having Tyk Slave instances connect to it.

Was this article helpful to you? Yes No