Back to Details

set-up-wso2-open-banking

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Setting up WSO2 Open Banking

WSO2开放银行搭建

Set up WSO2 Open Banking Accelerator on:
  • WSO2 Identity Server (IS)
  • WSO2 API Manager (APIM) (required for OB3, optional for OB4)
  • Optional WSO2 Streaming Integrator (SI) (OB3 data publishing only)
Rules:
  • Collect all inputs first.
  • Run steps in order.
  • Stop on first failed check/command.
  • Use skip logic for optional components.
  • Use idempotent checks before destructive actions.
在以下产品上部署WSO2开放银行加速器
  • WSO2 Identity Server (IS)
  • WSO2 API Manager (APIM)(OB3版本必需,OB4版本可选)
  • 可选 WSO2 Streaming Integrator (SI)(仅OB3版本数据发布功能需要)
操作规则:
  • 首先收集所有输入参数
  • 按顺序执行所有步骤
  • 首次遇到检查/命令失败时立即停止
  • 对可选组件使用跳过逻辑
  • 在执行破坏性操作前先做幂等性检查

Guardrails

防护规则

  • Confirm before destructive actions (scripts, keystores/truststores, overwriting configs).
  • Do not ask the user to paste secrets.
  • Change only the files listed in this workflow.
  • Run commands one by one (do not combine all commands into one script).
  • 执行破坏性操作(脚本操作、密钥库/信任库修改、配置覆盖)前需确认
  • 不要要求用户粘贴密钥信息
  • 仅修改本工作流中列出的文件
  • 逐个执行命令(不要将所有命令合并成一个脚本运行)

Execution contract

执行约定

  1. Do not execute any command until all required non-secret inputs are collected.
  2. During input collection, ask one question at a time.
  3. For secret values, require environment variables only (never ask to paste raw secrets).
  4. When a pre-check fails, stop immediately and report the exact failed check.
  5. For optional components (APIM/SI), skip all related steps explicitly and log the skip reason.
  6. Always print resolved paths before running commands there.
  1. 收集完所有必需的非密钥输入参数前,不要执行任何命令
  2. 收集输入参数时,每次仅询问一个问题
  3. 密钥值仅支持通过环境变量传入(绝对不要要求用户粘贴明文密钥)
  4. 预检查失败时立即停止,并上报具体失败的检查项
  5. 对于可选组件(APIM/SI),明确跳过所有相关步骤并记录跳过原因
  6. 执行目录下的命令前,始终打印解析后的路径

Input contract (collect first)

输入约定(优先收集)

If missing, use defaults.
  • OB_VERSION
    : 
    OB3
    or 
    OB4
    (default: 
    OB4
    )
参数缺失时使用默认值
  • OB_VERSION
    : 
    OB3
    OB4
    (默认值:
    OB4

Version-specific inputs

版本专属输入项

  • If 
    OB_VERSION=OB3
    , use OB3 inputs.
  • If 
    OB_VERSION=OB4
    , use OB4 inputs.
  • OB_VERSION=OB3
    ,使用 OB3 输入项
  • OB_VERSION=OB4
    ,使用 OB4 输入项

Host inputs

主机输入项

  • IS_HOST
    : default 
    https://localhost:9446
  • APIM_HOST
    : default 
    https://localhost:9443
    (required only when APIM is selected)
  • SI_HOST
    : default 
    https://localhost:9444
    (required only when SI is selected)
  • IS_HOST
    : 默认值 
    https://localhost:9446
  • APIM_HOST
    : 默认值 
    https://localhost:9443
    (仅选中APIM时需要)
  • SI_HOST
    : 默认值 
    https://localhost:9444
    (仅选中SI时需要)

Database host inputs

数据库主机输入项

  • DB_HOST
    : default 
    localhost
  • DB_PORT
    : default 
    3306
  • DB_HOST
    : 默认值 
    localhost
  • DB_PORT
    : 默认值 
    3306

Workspace input

工作空间输入项

  • WORK_DIR
    : absolute path used to create the setup directory (default: 
    $pwd
    )
  • WORK_DIR
    : 用于创搭建目录的绝对路径(默认值:
    $pwd

Required environment variables (secrets)

必需环境变量(密钥类)

  • OB_AGENT_UPDATE_TOOL_USERNAME
  • OB_AGENT_UPDATE_TOOL_PASSWORD
  • OB_AGENT_DATABASE_USERNAME
  • OB_AGENT_DATABASE_PASSWORD
All four must be set and non-empty before any command; stop and report the exact missing variable if not.
  • OB_AGENT_UPDATE_TOOL_USERNAME
  • OB_AGENT_UPDATE_TOOL_PASSWORD
  • OB_AGENT_DATABASE_USERNAME
  • OB_AGENT_DATABASE_PASSWORD
执行任何命令前必须确保以上四个变量已设置且非空;若有缺失立即停止并上报具体缺失的变量

Primary workflow (do not reorder)

核心工作流(请勿调整顺序)

1. Prerequisites

1. 前置依赖检查

  • Run preflight checks:
bash
java -version
command -v mysql
command -v curl
command -v keytool
command -v unzip
  • Stop if any required tool is missing.
  • 运行预检命令:
bash
java -version
command -v mysql
command -v curl
command -v keytool
command -v unzip
  • 任何必需工具缺失时立即停止

2. Install accelerators into base products

2. 将加速器安装到基础产品中

  • Create 
    <WORK_DIR>/wso2-open-banking-accelerator
    and 
    cd
    into it.
  • Resolve and record canonical paths after extraction:
    • <IS_HOME>
    • <APIM_HOME>
      (if 
      IS+APIM
      )
    • <SI_HOME>
      (if OB3 data publishing requested)
    • <OB_IAM_ACCELERATOR_HOME>
      inside 
      <IS_HOME>
    • <OB_AM_ACCELERATOR_HOME>
      inside 
      <APIM_HOME>
      (if 
      IS+APIM
      )
    • <OB_SI_ACCELERATOR_HOME>
      inside 
      <SI_HOME>
      (if OB3 data publishing)
  • A zip source is a URL if it starts with 
    https://
    ; otherwise treat it as a local path. Download only for URLs.
  • Extract base product zips into the current directory.
  • Unzip accelerators into corresponding base product directories.
  • Path resolution rule:
    • <IS_HOME>
      : extracted dir name starts with 
      wso2is-
      and contains 
      bin
      .
    • <APIM_HOME>
      : extracted dir name starts with 
      wso2am-
      and contains 
      bin
      .
    • <SI_HOME>
      : extracted dir name starts with 
      wso2si-
      and contains 
      bin
      .
    • <OB_IAM_ACCELERATOR_HOME>
      : dir under 
      <IS_HOME>
      containing 
      repository/conf/configure.properties
      .
    • <OB_AM_ACCELERATOR_HOME>
      : dir under 
      <APIM_HOME>
      containing 
      repository/conf/configure.properties
      .
    • <OB_SI_ACCELERATOR_HOME>
      : dir under 
      <SI_HOME>
      containing 
      repository/conf/configure.properties
      .
  • Verify path existence before continuing:
    • <IS_HOME>/bin
    • <OB_IAM_ACCELERATOR_HOME>/bin
    • <APIM_HOME>/bin
      and 
      <OB_AM_ACCELERATOR_HOME>/bin
      only if 
      IS+APIM
  • Version-specific branch:
    • If 
      OB3
      , run set up IS connector.
    • If OB3 data publishing requested, run set up data publishing.
  • 创建
    <WORK_DIR>/wso2-open-banking-accelerator
    目录并进入该目录
  • 解压后解析并记录标准路径:
    • <IS_HOME>
    • <APIM_HOME>
      (若选择
      IS+APIM
      部署模式)
    • <SI_HOME>
      (若需要OB3数据发布功能)
    • <IS_HOME>
      下的
      <OB_IAM_ACCELERATOR_HOME>
    • <APIM_HOME>
      下的
      <OB_AM_ACCELERATOR_HOME>
      (若选择
      IS+APIM
      部署模式)
    • <SI_HOME>
      下的
      <OB_SI_ACCELERATOR_HOME>
      (若使用OB3数据发布功能)
  • 若压缩包源以
    https://
    开头则为URL,否则视为本地路径。仅URL类型需要下载
  • 将基础产品压缩包解压到当前目录
  • 将加速器压缩包解压到对应基础产品的目录中
  • 路径解析规则:
    • <IS_HOME>
      :解压后目录名以
      wso2is-
      开头且包含
      bin
      目录
    • <APIM_HOME>
      :解压后目录名以
      wso2am-
      开头且包含
      bin
      目录
    • <SI_HOME>
      :解压后目录名以
      wso2si-
      开头且包含
      bin
      目录
    • <OB_IAM_ACCELERATOR_HOME>
      <IS_HOME>
      下包含
      repository/conf/configure.properties
      的目录
    • <OB_AM_ACCELERATOR_HOME>
      <APIM_HOME>
      下包含
      repository/conf/configure.properties
      的目录
    • <OB_SI_ACCELERATOR_HOME>
      <SI_HOME>
      下包含
      repository/conf/configure.properties
      的目录
  • 继续操作前验证路径是否存在:
    • <IS_HOME>/bin
    • <OB_IAM_ACCELERATOR_HOME>/bin
    • 仅选择
      IS+APIM
      模式时校验
      <APIM_HOME>/bin
      <OB_AM_ACCELERATOR_HOME>/bin
  • 版本专属分支操作:
    • 若为
      OB3
      ,执行IS连接器搭建
    • 若需要OB3数据发布功能,执行数据发布功能搭建

3. Update base products and accelerators

3. 更新基础产品和加速器

  • Select relevant update binary by OS:
    • macOS: 
      wso2update_darwin
    • Linux: 
      wso2update_linux
    • Windows: 
      wso2update_windows.exe
  • Verify the OS-specific update tool exists in each directory below.
    • <IS_HOME>/bin
    • <OB_IAM_ACCELERATOR_HOME>/bin
    • <APIM_HOME>/bin
      (if 
      IS+APIM
      )
    • <OB_AM_ACCELERATOR_HOME>/bin
      (if 
      IS+APIM
      )
    • <SI_HOME>/bin
      (if OB3 data publishing)
    • <OB_SI_ACCELERATOR_HOME>/bin
      (if OB3 data publishing)
  • If missing, stop and tell the user their WSO2 subscription is likely missing. Ask them to contact WSO2 Online Support System to download the product or skip updates.
  • Run the update tool in each directory:
bash
./<WSO2UPDATE_BINARY> --username "$OB_AGENT_UPDATE_TOOL_USERNAME" --password "$OB_AGENT_UPDATE_TOOL_PASSWORD"
  • 根据操作系统选择对应的更新二进制文件:
    • macOS: 
      wso2update_darwin
    • Linux: 
      wso2update_linux
    • Windows: 
      wso2update_windows.exe
  • 验证以下每个目录中是否存在对应操作系统的更新工具
    • <IS_HOME>/bin
    • <OB_IAM_ACCELERATOR_HOME>/bin
    • <APIM_HOME>/bin
      (若选择
      IS+APIM
      模式)
    • <OB_AM_ACCELERATOR_HOME>/bin
      (若选择
      IS+APIM
      模式)
    • <SI_HOME>/bin
      (若使用OB3数据发布功能)
    • <OB_SI_ACCELERATOR_HOME>/bin
      (若使用OB3数据发布功能)
  • 若工具缺失,立即停止并告知用户大概率缺少WSO2订阅,引导用户联系WSO2在线支持系统下载产品或跳过更新步骤
  • 在每个目录中运行更新工具:
bash
./<WSO2UPDATE_BINARY> --username "$OB_AGENT_UPDATE_TOOL_USERNAME" --password "$OB_AGENT_UPDATE_TOOL_PASSWORD"

4. Configure MySQL database

4. 配置MySQL数据库

  • Verify MySQL >= 8.0 available, stop if not.
  • DB users already exist. Credentials are provided via environment variables.
  • Verify DB credentials by connecting to the DB. Stop if invalid.
MySQL check example:
bash
MYSQL_PWD="$OB_AGENT_DATABASE_PASSWORD" mysql -h "$DB_HOST" -P "$DB_PORT" -u "$OB_AGENT_DATABASE_USERNAME" -e "SELECT 1;"
  • Download compatible JDBC driver (MySQL 8 example):
bash
curl -L "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/9.6.0/mysql-connector-j-9.6.0.jar" -o mysql-connector-j-9.6.0.jar
  • Place the JDBC driver JAR:
    • IS: copy the driver JAR into 
      <IS_HOME>/repository/components/lib
    • APIM: copy the driver JAR into 
      <APIM_HOME>/repository/components/lib
    • SI: copy the driver JAR into 
      <SI_HOME>/lib
      (if OB3 data publishing requires DB connectivity there)
  • Set and verify 
    DB_USER
    and 
    DB_PASS
    in 
    <OB_IAM_ACCELERATOR_HOME>/repository/conf/configure.properties
    match the environment variables. Do not print the values, report only 
    MATCH
    or 
    MISMATCH
    per property. Stop on any 
    MISMATCH
    :
    bash
    grep -q "^DB_USER=$OB_AGENT_DATABASE_USERNAME$" repository/conf/configure.properties && echo "DB_USER: MATCH" || echo "DB_USER: MISMATCH"
Note: Use 
Select-String
on Windows.
  • Update the following in 
    <OB_IAM_ACCELERATOR_HOME>/repository/conf/configure.properties
    :
    • DB connection properties
    • Change DB name pattern from current value to 
      <DATE_PREFIX>_*
    • Hostnames for IS/APIM/SI
    • IS_PRODUCT=wso2is-<IS_VERSION>
    • PRODUCT_CONF_PATH=repository/resources/wso2is-<IS_VERSION>-deployment.toml
<DATE_PREFIX>
uses today's date in 
YYYYMMDD
.
  • Run IAM Accelerator scripts:
bash
cd <OB_IAM_ACCELERATOR_HOME>/bin
./merge.sh
./configure.sh
  • If 
    IS+APIM
    , repeat equivalent configuration + scripts in:
    • <OB_AM_ACCELERATOR_HOME>/repository/conf/configure.properties
    • <OB_AM_ACCELERATOR_HOME>/bin
      (
      merge.sh
      , 
      configure.sh
      )
  • If OB3 data publishing is requested, repeat equivalent configuration + scripts in:
    • <OB_SI_ACCELERATOR_HOME>/repository/conf/configure.properties
    • <OB_SI_ACCELERATOR_HOME>/bin
      (
      merge.sh
      , 
      configure.sh
      )
  • Create event-notification tables (OB4 only):
    • Check if target tables already exist; skip if present.
    • Run 
      mysql.sql
      from 
      <IS_HOME>/dbscripts/financial-services/event-notifications
      against the consent DB.
    • Default consent DB name: 
      <DATE_PREFIX>_*consentdb
  • 验证MySQL版本 >= 8.0,不满足则停止
  • 数据库用户已预先创建,凭证通过环境变量提供
  • 通过连接数据库验证凭证有效性,无效则停止
MySQL检查示例:
bash
MYSQL_PWD="$OB_AGENT_DATABASE_PASSWORD" mysql -h "$DB_HOST" -P "$DB_PORT" -u "$OB_AGENT_DATABASE_USERNAME" -e "SELECT 1;"
  • 下载兼容的JDBC驱动(以MySQL 8为例):
bash
curl -L "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/9.6.0/mysql-connector-j-9.6.0.jar" -o mysql-connector-j-9.6.0.jar
  • 放置JDBC驱动JAR包:
    • IS: 将驱动JAR包复制到
      <IS_HOME>/repository/components/lib
    • APIM: 将驱动JAR包复制到
      <APIM_HOME>/repository/components/lib
    • SI: 将驱动JAR包复制到
      <SI_HOME>/lib
      (若OB3数据发布功能需要数据库连接)
  • 设置并校验
    <OB_IAM_ACCELERATOR_HOME>/repository/conf/configure.properties
    中的
    DB_USER
    DB_PASS
    是否与环境变量匹配。不要打印数值,仅上报每个属性是
    MATCH
    (匹配)还是
    MISMATCH
    (不匹配)。出现任何
    MISMATCH
    则停止:
    bash
    grep -q "^DB_USER=$OB_AGENT_DATABASE_USERNAME$" repository/conf/configure.properties && echo "DB_USER: MATCH" || echo "DB_USER: MISMATCH"
注意:Windows系统请使用
Select-String
命令
  • 更新
    <OB_IAM_ACCELERATOR_HOME>/repository/conf/configure.properties
    中的以下配置:
    • 数据库连接属性
    • 将数据库名称模式从当前值修改为
      <DATE_PREFIX>_*
    • IS/APIM/SI的主机地址
    • IS_PRODUCT=wso2is-<IS_VERSION>
    • PRODUCT_CONF_PATH=repository/resources/wso2is-<IS_VERSION>-deployment.toml
<DATE_PREFIX>
使用当天日期,格式为
YYYYMMDD
  • 运行IAM加速器脚本:
bash
cd <OB_IAM_ACCELERATOR_HOME>/bin
./merge.sh
./configure.sh
  • 若选择
    IS+APIM
    模式,在以下路径重复相同的配置+脚本执行操作:
    • <OB_AM_ACCELERATOR_HOME>/repository/conf/configure.properties
    • <OB_AM_ACCELERATOR_HOME>/bin
      merge.sh
      configure.sh
  • 若需要OB3数据发布功能,在以下路径重复相同的配置+脚本执行操作:
    • <OB_SI_ACCELERATOR_HOME>/repository/conf/configure.properties
    • <OB_SI_ACCELERATOR_HOME>/bin
      merge.sh
      configure.sh
  • 创建事件通知表(仅OB4版本需要):
    • 检查目标表是否已存在,存在则跳过
    • 针对同意库执行
      <IS_HOME>/dbscripts/financial-services/event-notifications
      下的
      mysql.sql
      脚本
    • 默认同意库名称:
      <DATE_PREFIX>_*consentdb

5. Exchange Certificates

5. 交换证书

  • Follow the exchange certificates guide.
  • 遵循证书交换指南操作

6. Start servers and verify basic health

6. 启动服务并验证基础健康状态

Start order:
  1. IS: run the OS-specific startup script in 
    <IS_HOME>/bin
bash
./wso2server.(sh|bat) start
  1. APIM (optional): run the OS-specific startup script in 
    <APIM_HOME>/bin
bash
./api-manager.(sh|bat) start
  1. SI (optional): run the OS-specific startup script in 
    <SI_HOME>/bin
bash
./server.(sh|bat) start
Verification checklist:
  • IS, APIM, and SI hosts and ports are reachable
  • No critical errors in selected components logs: 
    • <IS_HOME>/repository/logs/wso2carbon.log
    • <APIM_HOME>/repository/logs/wso2carbon.log
      (if APIM selected)
    • <SI_HOME>/wso2/server/logs/carbon.log
      (if SI selected)
启动顺序:
  1. IS:在
    <IS_HOME>/bin
    中运行对应操作系统的启动脚本
bash
./wso2server.(sh|bat) start
  1. APIM(可选):在
    <APIM_HOME>/bin
    中运行对应操作系统的启动脚本
bash
./api-manager.(sh|bat) start
  1. SI(可选):在
    <SI_HOME>/bin
    中运行对应操作系统的启动脚本
bash
./server.(sh|bat) start
校验清单:
  • IS、APIM和SI的主机和端口可访问
  • 选中组件的日志中无严重错误: 
    • <IS_HOME>/repository/logs/wso2carbon.log
    • <APIM_HOME>/repository/logs/wso2carbon.log
      (若选中APIM)
    • <SI_HOME>/wso2/server/logs/carbon.log
      (若选中SI)

Completion criteria (must satisfy all applicable)

完成标准(必须满足所有适用项)

  • All selected components start successfully.
  • Health/port checks pass for selected components only.
  • No startup-blocking or critical errors in logs after 30 seconds (e.g., ERROR|FATAL).
  • Accelerator configs and DB scripts are applied for selected components.
  • Certificate exchange is complete for selected components.
  • 所有选中的组件启动成功
  • 仅选中的组件通过健康/端口检查
  • 30秒后日志中无阻塞启动或严重错误(如ERROR|FATAL)
  • 选中组件已应用加速器配置和数据库脚本
  • 选中组件已完成证书交换

Failure handling

错误处理

  • On any failed command:
    1. Stop immediately.
    2. Report the exact command, exit code, and path.
    3. Do not continue until user confirms remediation.
  • 任何命令执行失败时:
    1. 立即停止
    2. 上报具体失败命令、退出码和执行路径
    3. 用户确认修复前不要继续操作