Apigee Edge Private Cloud Install Config Guide V3
User Manual:
Open the PDF directly: View PDF .
Page Count: 120 [warning: Documents this large are best viewed by clicking the View PDF Link!]
Apigee
TM
ApigeeEdgeforPrivateCloud
v4.16.05
May31,2016
Installand
ConfigurationGuide
ConfidentialandProprietaryinformationofApigee,Inc.NottobedisclosedexceptunderNonDisclosureAgreement.
ApigeeEdgeInstallandConfigurationGuidePage2
Copyright(c)2016ApigeeCorporation.Allrightsreserved.
Apigee
(TM)
andtheApigeelogoaretrademarksorregisteredtrademarksofApigeeCorp.oritssubsidiaries.All
othertrademarksarethepropertyoftheirrespectiveowners.Allspecificationsaresubjecttochangewithout
notice.
THECONTENTSOFTHISPUBLICATIONAREPROVIDED"ASIS"WITHOUTWARRANTYOFANYKIND,
EITHEREXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOF
MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEORNONINFRINGEMENTOF
INTELLECTUALPROPERTY.
APIGEECORPORATIONSHALLNOTUNDERANYCIRCUMSTANCESBELIABLETOANYPERSONFOR
ANYSPECIAL,INCIDENTAL,INDIRECTORCONSEQUENTIALDAMAGES,INCLUDINGWITHOUT
LIMITATION,DAMAGESRESULTINGFROMTHEUSEOFORRELIANCEONTHEINFORMATIONINTHIS
PUBLICATION,LOSSOFPROFITS,REVENUEORDATA,EVENIFAPIGEECORPORATIONHASBEEN
PREVIOUSLYADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.
ContactInformation
INDIA
No.17/2,2BCross,7thMain,2&3
Floor,Off80FeetRoad,3rdBlock
Koramangala,Bangalore560034
Call+918067696800
www.apigee.com
USA
10AlmadenBoulevard,
16thFloor,SanJose
CA95113
Call+1(408)3437300
www.apigee.com
UK
3SheldonSquare
LondonW26HY
Call:+44(0)7501232390
www.apigee.com/
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage3
Contents
Overview
What’sNew
AccesstheApigeeCommunity
ArchitecturalOverview
ApigeeEdgeforPrivateCloud
ApigeeEdgeGateway
SoftwareComponents
ApigeeEdgeAnalytics
SoftwareComponents
ApigeeAPIBaaS
APIBaaSFeatures
SoftwareComponents
ApigeeEdgeDeveloperChannel
ApigeeEdgeMonetizationServices
MonetizationServicesFeatures
SoftwareComponents
OnPremisesDeployment
InstallationTopologiesandSystemRequirements
Installationtopologies
InstallationRequirements
HardwareRequirements
OperatingSystemandthirdpartysoftwarerequirements
Creatingtheapigeeuser
Installationdirectory
Java
NetworkSetting
Cassandra
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage4
PostgreSQLdatabase
jsvc
NetworkSecurityServices(NSS)
AWSAMI
Tools
FirewallsandVirtualHosts
Edgeportrequirements
APIBaaSportrequirements
Licensing
InstallationChecklist
InstallationConsiderations
Installationprocess
Handlinganinstallationfailure
Whocanperformtheinstall
SilentinstallationofEdgecomponents
InternetornonInternetinstallation
Settingupavirtualhost
OptionswhenyoudonothaveaDNSentryforthevirtualhost
ConfiguringEdgecomponentspostinstallation
InvokingcommandsonEdgecomponents
Accessinglogfiles
CommonYumcommands
FileSystemStructure
LogFiles
Data
InstalltheEdgeapigeesetuputility
Creatingasymlinkfrom/opt/apigee
Prerequisite:DisableSELinux
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage5
InstallEdgeapigeesetuputilityonanodewithanexternalinternetconnection
InstallEdgeapigeesetuputilityonanodewithnoexternalInternetconnection
CreatealocalApigeerepository
Installapigeesetuponaremotenodefromthelocalrepo
Installfromthe.tarfile:
InstallfromtherepousingtheNginxwebserver:
UpdatealocalApigeerepository
CleanalocalApigeerepo
AddorupdateEdge4.16.01ina4.16.05repo
InstallEdgecomponentsonanode
Installationconsiderations
SettingupPostgresmasterstandbyreplication
EnablingCassandraauthentication
BindingtheRoutertoaprotectedport
Specifyingthecomponentstoinstall
Creatingaconfigurationfile
Exampleconfigurationfile
Orderofcomponentinstallation
Installationlogfiles
Iftheuserdoesnothaveaccessto/tmp,thesetup.shutilityfails.
AllinoneInstallation
2hoststandaloneinstallation
5hostclusteredinstallation
9hostclusteredinstallation
13hostclusteredinstallation
12hostclusteredinstallation
Testtheinstall
Runthevalidationtests
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage6
Verifypodinstallation
Onboardanorganization
Silentconfigurationfileforonboarding
Onboarding
OnboardingVerification
EnableCassandraauthentication
EnableCassandraauthenticationduringinstallation
ToenableCassandraauthenticationpostinstallation
SetupMasterStandbyReplicationforPostgres
ToconfigureMasterStandbyReplicationatinstalltime
ToconfigureMasterStandbyReplicationafterinstallation
TestMasterStandbyReplication
InstallSmartDocs
7hostand10hostAPIBaaSInstallation
UsingaLoadBalancer
ConnectingtoCassandra
Datesynchronization
Tomcatsecurity
Installationoverview
Creatingasilentconfigurationfile
OptionalInstallCassandra:Machine8,9,and10
SetupCassandracronjob
InstallElasticSearch:Machine1,2,and3
InstallAPIBaaSStack:Machine4,5,and6
InstallAPIBaaSPortal:Machine7
Onboardinganeworganization
AccessingtheAPIBaaSRESTAPI
InstallingMonetizationServices
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage7
Monetizationrequirements
Installationoverview
CreatingasilentconfigurationfileforMonetization
IntegrateMonetizationServiceswithallManagementServers
IntegrateMonetizationServiceswithallMessageProcessors
MonetizationOnboarding
AdditionalOnboardingtoenableMonetizationforanorganization
ConfiguretheDeveloperServicesportal
AddingaManagementServernodetoaMonetizationInstallation
Additionalconfiguration
ProvideBillingDocumentsasPDFFiles
ConfigureOrganizationSettings
UpdatingApigeeEdgeto4.16.05
WhichEdgeversionscanyouupdateto4.16.05
Whocanperformtheupdate
RequiredupgradetoJavaJDKVersion8
Diskspacerequirementsforupdate
Automaticpropagationofpropertysettingsfrom4.16.01.x
Updatingtheapigeevalidateutility
Updateprerequisites
Handlingafailedupdate
Loggingupdateinformation
Zerodowntimeupdate
MakingaRouterandMessageProcessorunreachable
Usingasilentconfigurationfile
Procedureforupdatingto4.16.05onanodewithanexternalinternetconnection
Procedureforupdatingto4.16.05fromalocalrepo
Orderofmachineupdate
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage8
Fora1hoststandaloneinstallation
Fora2hoststandaloneinstallation
Fora5hostclusteredinstallation
Fora9hostclusteredinstallation
Fora13hostclusteredinstallation
Fora12hostclusteredinstallation
Fora7hostAPIBaaSinstallation
Fora10hostAPIBaaSinstallation
Foranonstandardinstallation
RollbackProcess
Whocanperformtherollback
Whichcomponentscanberolledback
Torollback4.16.05
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage9
Overview
ThisdocumentprovidesanoverviewoftheApigeeEdgeforPrivateCloudinstallation.Thefulldocumentis
primarilydividedintotwoparts:
●ArchitecturalOverview
—thesystemarchitectureandanoverviewoftheinstallationprocessand
requirements.
●Installation
—outlineofthestepsneededtoinstallandinitiallyconfigureacustomdeploymentof
ApigeeEdgeforPrivateCloud.
Thisversionofthisdocumenthasdetailsspecifictoversion4.16.05.Anyreferencesthatarespecificto
previousversionsareoversightsandshouldbereportedasbugs.
What’sNew
SeetheApigeeEdgeforPrivateCloudreleasenotesforthisproductversion:
http://apigee.com/docs/releasenotes/content/apigeeedgereleasenotes
AccesstheApigeeCommunity
TheApigeeCommunityisafreeresourcewhereyoucancontactApigeeaswellasotherApigeecustomers
withquestions,tips,andotherissues.Beforepostingtothecommunity,besuretofirstsearchexistingpoststo
seeifyourquestionhasalreadybeenanswered.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage10
ArchitecturalOverview
BeforeinstallingApigeeEdgeforPrivateCloud,youshouldbefamiliarwiththeoverallorganizationofEdge
modulesandsoftwarecomponents.
ApigeeEdgeforPrivateCloud
ApigeeEdgeforPrivateCloudconsistsofthefollowingmodules:
●ApigeeEdgeGateway(akaAPIServices)
●ApigeeEdgeAnalytics
●ApigeeAPIBaaS
●ApigeeEdgeDeveloperChannel
●ApigeeEdgeMonetizationServices(akaDeveloperServicesMonetization)
Note:ApigeeEdgeDeveloperChannelisnotavailableforinstallationbytheEdgeforPrivateCloudinstaller.
DeveloperChannelisavailableforonpremisesinstallationbyaseparatescript.Ifyouwanttoinstall
DeveloperChannel,contactApigeeSupport.
Figure1:ApigeeEdgeforPrivateCloudArchitecture
ApigeeEdgeGateway
EdgeGatewayisthecoremoduleofApigeeEdgeandisthemaintoolformanagingyourAPIs.TheGateway
UIprovidestoolsforaddingandconfiguringyourAPIs,settingupbundlesofresources,andmanaging
developersandapps.TheGatewayoffloadsmanycommonmanagementconcernsfromyourbackendAPI.
WhenyouaddanAPI,youcanapplypoliciesforsecurity,ratelimiting,mediation,caching,andothercontrols.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage11
YoucanalsocustomizethebehaviorofyourAPIbyapplyingcustomscripts,makingcalloutstothirdparty
APIs,andsoon.
SoftwareComponents
EdgeGatewayisbuiltfromthefollowingprimarycomponents:
● EdgeManagementServer
● ApacheZooKeeper
● ApacheCassandra
● EdgeRouter
● EdgeMessageProcessor
● OpenLDAP
● EdgeUI
● PlayFramework
EdgeGatewayisdesignedsothatthesemaybeallinstalledonasinglehostordistributedamongseveral
hosts.
ApigeeEdgeAnalytics
EdgeAnalyticshaspowerfulAPIanalyticstoseelongtermusagetrends.Youcansegmentyouraudienceby
topdevelopersandapps,learnaboutusagebyAPImethodtoknowwheretoinvest,andcreatecustom
reportsonbusinesslevelinformation.
AsdatapassesthroughApigeeEdge,severaldefaulttypesofinformationarecollectedincludingURL,IP,user
IDforAPIcallinformation,latency,anderrordata.Youcanusepoliciestoaddotherinformation,suchas
headers,queryparameters,andportionsofarequestorresponseextractedfromXMLorJSON.
AlldataispushedtoEdgeAnalyticswhereitismaintainedbytheanalyticsserverinthebackground.Data
aggregationtoolscanbeusedtocompilevariousbuiltinorcustomreports.
SoftwareComponents
EdgeAnalyticscomprisesthefollowing:
● Qpid,whichconsistsofthefollowing
● ApacheQpidmessagingsystem
● ApigeeQpidServerserviceAJavaservicefromApigeeusedtomanageApacheQpid
● Postgres,whichconsistsofthefollowing:
● PostgreSQLdatabase
● ApigeePostgresServerserviceAJavaservicefromApigeeusedtomanagethePostgreSQL
database
ApigeeAPIBaaS
APIBaaSisacompletebackendasaservice(BaaS)forpoweringmobileandWebappsthatyouinstallasan
additiontoEdge.APIBaaSgivesappdevelopersaccesstoaflexibledatastoreandkeydifferentiating
featuressuchassocialgraphs,geolocation,usermanagement,pushnotifications,performancemonitoring,
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage12
andmore.APIBaaSmakesthesefeaturesavailablewithSDKsforiOS,Android,JavaScript,andothers,
lettingappdevelopersfocusoncreatingtherichfeaturesanduserexperiencethattrulydifferentiateaclient
appratherthanburningtimeimplementingcorebackendservicesandinfrastructure.
APIBaaSFeatures
TheApigeedocumentationsitehasextensiveinformationonAPIBaaSfeatures.See
http://apigee.com/docs/appservices/content/appservicesfeatures(or
http://apigee.com/docs/content/documentationarchivestofindthedocsthatcorrespondtoearlierversionsof
theproduct)
ThefollowingdiagramillustrateshowAPIBaaScomponentsinteract.
Figure2:APIBaaSOverviewandArchitecture
SoftwareComponents
APIBaaSisbuiltfromthefollowingprimarycomponents:
● APIBaaSStackdeployedintheTomcatwebserver
● APIBaaSPortalUIdeployedintheNginxwebserver
● ElasticSearchdistributedfulltextsearchengine.ElasticSearchcanbeinstalledonthesamenodeas
APIBaaSStack,oronitsownnode.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage13
YoucanscaletheAPIBaaSRESTAPIcapabilityhorizontallybyaddingTomcatserversandusingaLoad
Balancertoroutewebrequeststoallofyouractiveservers.
FormoreinformationongettingstartedwithAPIBaaS,seehttp://apigee.com/docs/content/buildappshome
(orhttp://apigee.com/docs/content/documentationarchivestofindthedocsthatcorrespondtoearlierversions
oftheproduct).
ApigeeEdgeDeveloperChannel
EdgeDeveloperChannelisatemplateportalforcontentandcommunitymanagement.Itisbasedontheopen
sourceDrupal(http://www.drupal.org)project.ThedefaultsetupallowscreatingandmanagingAPI
documentation,forums,andblogs.AbuiltintestconsoleallowstestingofAPIsinrealtimefromwithinthe
portal.
Apartfromcontentmanagement,DeveloperChannelhasvariousfeaturesforcommunitymanagementsuch
asmanual/automaticuserregistrationandmoderatingusercomments.RoleBasedAccessControl(RBAC)
modelcontrolstheaccesstofeaturesontheDeveloperChannel.Forexample,youcanenablecontrolsto
allowregisteredusertocreateforumposts,usetestconsoles,andsoon.
TheApigeeEdgeforPrivateClouddeploymentscriptdoesnotincludeDeveloperChanneldeployment.
DeveloperChanneldeploymentonpremisesissupportedbyitsowninstallationscript.Ifyouwanttoinstall
andconfigureDeveloperChannel,contactApigeeSupport.
ApigeeEdgeMonetizationServices
EdgeMonetizationServicesisanewpowerfulextensiontoApigeeEdgeforPrivateCloud.AsanAPIprovider,
youneedaneasytouseandflexiblewaytomonetizeyourAPIssothatyoucangeneraterevenuefortheuse
ofthoseAPIs.MonetizationServicessolvesthoserequirements.UsingMonetizationServices,youcancreate
avarietyofrateplansthatchargedevelopersfortheuseofyourAPIsbundledintopackages.Thesolution
offersanextensivedegreeofflexibility:youcancreateprepaidplans,postpaidplans,fixedfeeplans,
variablerateplans,“freemium”plans,planstailoredtospecificdevelopers,planscoveringgroupsof
developers,andmore.
Inaddition,MonetizationServicesincludesreportingandbillingfacilities.Forexample,asanAPIprovider,you
cangetsummaryordetailedreportsontraffictoyourAPIpackagesforwhichdeveloperspurchasedarate
plan.Youcanalsomakeadjustmentstotheserecordsasnecessary.Andyoucancreatebillingdocuments
(whichincludeapplicabletaxes)fortheuseofyourAPIpackagesandpublishthosedocumentstodevelopers.
YoucanalsosetlimitstohelpcontrolandmonitortheperformanceofyourAPIpackagesandallowyouto
reactaccordingly,andyoucansetupautomaticnotificationsforwhenthoselimitsareapproachedorreached.
Note:ThecoreApigeeEdge(GatewayandAnalytics)isaprerequisiteforusingMonetizationServices.
MonetizationServicesFeatures
ThekeyfeaturesofEdgeMonetizationServicesinclude:
● FullyintegratedwiththeAPIplatformmeansrealtimeinteraction
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage14
● Supportallbusinessmodels“outofthebox”fromsimplefeebasedplanstothemostcomplex
charging/revenueshareplans(easytocreateandmodifyplans)
● Ratetransactionsonvolumeor“customattributes”withineachtransaction.Transactioncanbemade
upofAPIsfromGatewayPLUSothersystems(externaltoApigeeEdge)
● Automatedtoolssuchaslimitsandnotificationstomonitorperformanceandmanagetheprocess
● Integrateddeveloper/partnerworkflowandcontrolstomanagepurchasethroughthebilling/payment
● Fullyselfserviceforbusinessusersanddevelopers/partners,sononeedforcostlytechnical
intervention
● Integratedwithanybackendsales,accountingandERPsystem
Figure3:EdgeMonetizationServicesOverview
SoftwareComponents
EdgeMonetizationServicesisbuiltontopofthefollowingprimarycomponents:
● EdgeManagementServer
● EdgeMessageProcessor
FormoreinformationongettingstartedwithMonetizationServicesusingEdgeUI,see
http://apigee.com/docs/monetizationservices/content/getstartedusingmonetizationservices(or
http://apigee.com/docs/content/documentationarchivestofindthedocsthatcorrespondtoearlierversionsof
theproduct).
IfyouwishtoinstallEdgeMonetizationServices,seeInstallingMonetizationServices.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage15
OnPremisesDeployment
AnonpremisesinstallationofcoreApigeeEdgeforPrivateCloud(GatewayandAnalytics)providesthe
infrastructurerequiredtorunAPItrafficonbehalfoftheonpremisesclient’scustomers.
ThecomponentsprovidedbytheonpremisesinstallationofEdgeGatewayinclude(butarenotlimitedto):
● ARouterhandlesallincomingAPItrafficfromaloadbalancer,determinestheorganizationand
environmentsfortheAPIproxythathandlestherequest,balancesrequestsacrossavailableMessage
Processors,andthendispatchestherequest.TheRouterterminatestheHTTPrequest,handlesthe
SSLtraffic,andusesthevirtualhostname,port,andURItosteerrequeststotheappropriateMessage
Processor.
● AMessageProcessorprocessesAPIrequests.TheMessageProcessorevaluatesanincoming
request,executesanyApigeepolicies,andcallsthebackendsystemsandothersystemstoretrieve
data.Oncethoseresponseshavebeenreceived,theMessageProcessorformatsaresponseand
returnsittotheclient.
● AnApacheCassandraistheruntimedatarepositorythatstoresapplicationconfigurations,distributed
quotacounters,APIkeys,andOAuthtokensforapplicationsrunningonthegateway.
● AnApacheZooKeepercontainsconfigurationdataaboutthelocationandconfigurationofthevarious
Apigeecomponents,andnotifiesthedifferentserversofconfigurationchanges.
● AnOpenLDAP(LDAP)tomanagesystemandorganizationuserandroles.
● AManagementServertoholdthesepiecestogether.TheManagementServeristheendpointfor
EdgeManagementAPIrequests.ItalsointeractswiththeEdgeUI.
● AUIprovidesbrowserbasedtoolingthatletsyouperformmostofthetasksnecessarytocreate,
configure,andmanageAPIproxies,APIproducts,apps,andusers.
ThecomponentsprovidedbytheonpremisesinstallationofEdgeAnalyticsinclude:
● AQpidServermanagesqueuingsystemforanalyticsdata.
● APostgresServermanagesthePostgreSQLanalyticsdatabase.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage16
ThefollowingdiagramillustrateshowApigeeEdgecomponentsinteract.
Figure4:ConceptualComponentInteractions
InstallationTopologiesandSystemRequirements
ThissectiondescribestheEdgeinstallationtopologiesandsystemrequirements.
Installationtopologies
TheInstallationGuidecoversthefollowingbasic,onpremisesinstallationscenarios.Inadditiontothese,you
haveoptionstochooseotherscenariosbycustomizingthesebasicscenariosthatbestmeettherequirements
ofyourbusiness.
1) AllinoneInstallation:AsinglehostrunsallEdgecomponents.Notethatthisconfigurationisonlyto
beusedforgettingstartedwithEdgeorforinitialprototyping.Itisnottobeusedasadeploymentor
productionenvironment.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage17
Figure5:AllinoneSetup
2) Standaloneinstallation(2host,SASAX):Inthisscenario,asinglehostrunsGatewaystandalone
serversandassociatedcomponents—ApigeeManagementServer,ApacheZooKeeper,Apache
Cassandra,OpenLDAP,EdgeUI,ApigeeRouter,andApigeeMessageProcessor.Theotherhostruns
Analyticsstandalonecomponents—QpidServerandPostgresServer.
Figure6:StandaloneSetup
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage18
3) 5hostclusteredinstallation(MINHA2SAX):Inthisscenario,threehostsrunZooKeeperand
Cassandraclusters.OneofthosethreehostsalsorunstheApigeeManagementServer,OpenLDAP,
andEdgeUI.TwoofthosethreehostsalsorunApigeeRouter+MessageProcessor.Twohostsrun
ApigeeAnalytics.
Note:ThisscenariocombinesclusterandGatewaycomponentstoreducethenumberofserversused.
Toachieveoptimalperformance,theclustercanalsobedeployedonthreedifferentservers.
ThisscenarioalsointroducesamasterstandbyreplicationbetweentwoPostgresnodesif
analyticsstatisticsaremissioncritical.
Figure7:FivehostClusteredSetup
4) 9hostclusteredinstallation(PerformanceHASetup):Thisscenarioissimilartofivehostclustered
installationbuthasdifferentAnalyticscomponentssetuptoachieveperformancehighavailability.
Note:ThisscenariointroducesamasterstandbyreplicationbetweentwoPostgresnodesifAnalytics
statisticsaremissioncritical.
Figure8:NinehostClusteredSetup
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage19
5) 13hostclusteredinstallation(PerformanceHAwithseparatedatazone):Thisscenarioisan
enhancementofninehostclusteredinstallationcoveringseparatedatazonesfordataandApigee
serversinonedatacentersetup.HereLDAPisinstalledasanindependentseparatenode.
Note:ThisscenariousesmastermasterOpenLDAPreplicationandmasterstandbyPostgres
replicationinonedatacentersetup.
Figure9:13hostClusteredSetup
6) 12hostclusteredinstallation(MINAPItrafficDR/AXHA):Thisscenariocoversdisasterrecovery
andanalyticshighavailabilityacrosstwodatacentersusingAPIDNsupport.Formoreinformationon
APIDN,seeAppendixB:APIDNSupport.
Note:ThisscenariousesmastermasterOpenLDAPreplicationandmasterstandbyPostgres
replication(acrosstwodatacenters).
Figure10:12hostClusteredSetup
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage20
7) 7hostand10hostAPIBaaSInstallation:Inthisscenario,youinstallAPIBaaSon10hosts.The
CassandranodescanbededicatedtoAPIBaaS,orcanbesharedwithEdge.
Figure11:10hostClusteredSetup
8) 7hostand10hostAPIBaaSInstallation:Inthisscenario,threehostsruntheAPIBaaSStackand
ElasticSearch.
Figure12:7hostClusteredSetup
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage21
9) InstallingMonetizationServices:MonetizationServicesrunswithinanyexistingApigeeEdgesetup.In
thisscenario,youinstallMonetizationServicestheApigeeManagementServerandMessage
Processor.ToinstallMonetizationonEdgewheretheEdgeinstallationhasmultiplePostgresnodes,
thePostgresnodesmustbeconfiguredinMaster/Standbymode.YoucannotinstallMonetizationon
EdgeifyouhavemultiplePostgresmasternodes.
InstallationRequirements
ThissectionexplainstherequirementsforApigeeEdgeforPrivateCloudinstallation.
HardwareRequirements
Youmustmeetthebasichardwareconfigurationsthatsupportthebasichostinstallation.Forallinstallation
scenariosdescribedabove,thefollowingtableslisttheminimumhardwarerequirementsfortheinstallation
components.
Inthesetablestheharddiskrequirementsareinadditiontotheharddiskspacerequiredbytheoperating
system.Dependingonyourapplicationsandnetworktraffic,yourinstallationmightrequiremoreorfewer
resourcesthanlistedbelow.
InstallationComponent
RAM
CPU
Minimumharddisk
Cassandra
16GB
8core
250GBlocalstoragewithSSDorfastHDD
supporting2000IOPS
MessageProcessor/Routeron
samemachine
8/16GB
4/8core
100GB
AnalyticsPostgres/Qpidon
sameserver(notrecommended
forproduction)
16GB*
8core*
500GB1TB**localstoragewithSSDor
fastHDD.
Forinstallationsgreaterthan250TPS
(transactionspersecond),HDDwith1000
IOPSisrecommended.
AnalyticsPostgresstandalone
16GB*
8core*
500GB1TB**localstoragewithSSDor
fastHDDsupporting2000IOPS
AnalyticsQpidstandalone
8GB
4core
20GB500GBlocalstoragewithSSDor
fastHDD
Forinstallationsgreaterthan250TPS,
HDDwithlocalstoragesupporting1000
IOPSisrecommended.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage22
Other(OpenLDAP,UI,
ManagementServer)
4GB
2core
60GB
*AdjustPostgressystemrequirementsbasedonthroughput:
● Lessthan250TPS:8GB,4corecanbeconsideredwithlocalstoragesupporting1000IOPS
● Greaterthan250TPS:16GB,8core,localstoragesupporting1000IOPS
● Greaterthan1000TPS:16GB,8core,localstoragesupporting2000IOPS
● Greaterthan2000TPS:32GB,16core,localstoragesupporting2000IOPS
● Greaterthan4000TPS:64GB,32core,localstoragesupporting4000IOPS
**ThePostgresharddiskvalueisbasedontheoutoftheboxanalyticscapturedbyEdge.Ifyouaddcustomvalues
totheanalyticsdata,thenthesevaluesshouldbeincreasedaccordingly.Usethefollowingformulatoestimatethe
requiredstorage:
(#bytes/request)*(requestspersecond)*(secondsperhour)*(hoursofpeakusageperday)*(dayspermonth)*
(monthsofdataretention)=bytesofstorageneeded
Forexample:
(500bytesofanalyticsdataperrequest)*100req/sec*3600secs/hr*18hourspeakusageperday*30
days/month*3monthsretention=291,600,000,000bytesor292GB.
Inaddition,thefollowingliststhehardwarerequirementsifyouwishtoinstalltheMonetizationServices:
ComponentwithMonetization
RAM
CPU
Harddisk
ManagementServer(with
MonetizationServices)
8GB
4core
60GB
AnalyticsPostgres/Qpidonsame
server
16G
B
8core
500GB1TBwithSSDorFast
HDD,orusetherulefromthetable
above
AnalyticsPostgresstandalone
16G
B
8core
500GB1TBwithSSDorFast
HDD,orusetherulefromthetable
above
AnalyticsQpidstandalone
8GB
4core
40GB
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage23
ThefollowingliststhehardwarerequirementsifyouwishtoinstallAPIBaaS:
APIBaaSComponent
RAM
CPU
Harddisk
ElasticSearch*
8GB
4core
6080GB
APIBaaSStack*
8GB
4core
6080GB
APIBaaSPortal
1GB
2core
20GB
Cassandra(Optional—typicallyyou
usethesameCassandraclusterfor
bothEdgeandAPIBaaSServices)
16G
B
8core
250GBlocalstoragewithSSDor
fastHDDsupporting2000IOPS
*YoucaninstallElasticSearchandAPIBaaSStackonthesamenode.Ifyoudo,configure
ElasticSearchtouse4GBofmemory(default).IfElasticSearchisinstalledonitsownnode,
thenconfigureittouse6GBofmemory.
Note:
●Iftherootfilesystemisnotlargeenoughfortheinstallation,itisrecommendedtoplacethedataontoa
largerdisk.
●IfanolderversionofApigeeEdgeforPrivateCloudwasinstalledonthemachine,ensurethatyou
deletethefolder/tmp/javabeforeanewinstallation.
● Thesystemwidetemporaryfolder/tmpneedsexecutepermissionsinordertostartCassandra.
●Ifuser“apigee”wascreatedpriortotheinstallation,ensurethat“/home/apigee”existsashome
directoryandisownedby“apigee:apigee”.
OperatingSystemandthirdpartysoftwarerequirements
Theseinstallationinstructionsandthesuppliedinstallationfileshavebeentestedontheoperatingsystems
andthirdpartysoftwarelistedhere:https://apigee.com/docs/apiservices/reference/supportedsoftware
Creatingtheapigeeuser
TheinstallationprocedurecreatesaUnixsystemusernamed'apigee'.Edgedirectoriesandfilesareownedby
'apigee',asareEdgeprocesses.ThatmeansEdgecomponentsrunasthe'apigee'user.ifnecessary,youcan
runcomponentsasadifferentuser.SeeBindingtheRoutertoaprotectedportforanexample.
Installationdirectory
Bydefault,theinstallerwritesallfilestothe/opt/apigeedirectory.Youcannotchangethisdirectory
location.
Note:Whileyoucannotchangethisdirectory,youcancreateasymlinktomap/opt/apigeetoanotherlocation.
SeeCreatingasymlinkfrom/opt/apigeeformoreinformation.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage24
Intheinstructionsinthisguide,theinstallationdirectoryisnotedas/<inst_root>/apigee,where
/<inst_root>is/optbydefault.
Java
YouneedasupportedversionofJava1.8installedoneachmachinepriortotheinstallation.SupportedJDKs
arelistedhere:
https://apigee.com/docs/apiservices/reference/supportedsoftware
EnsurethatJAVA_HOMEpointstotherootoftheJDKfortheuserperformingtheinstallation.
NetworkSetting
Itisrecommendedtocheckthenetworksettingpriortotheinstallation.Theinstallerexpectsthatallmachines
havefixedIPaddresses.Usethefollowingcommandstovalidatethesetting:
●hostnamereturnsthenameofthemachine
●hostnameireturnstheIPaddressforthehostnamethatcanbeaddressedfromothermachines.
Dependingonyouroperatingsystemtypeandversion,youmighthavetoedit/etc/hostsand
/etc/sysconfig/networkifthehostnameisnotsetcorrectly.Seethedocumentationforyourspecific
operatingsystemformoreinformation.
Cassandra
AllCassandranodeshavetobeconnectedtoaring.
CassandraautomaticallyadjustsitsJavaheapsizebasedontheavailablememory.Formore,seeTuning
Javaresources.Intheeventofaperformancedegradationorhighmemoryconsumption.
AfterinstallingtheEdgeforPrivateCloud,youcancheckthatCassandraisconfiguredcorrectlybyexaminingthe
/<inst_root>/apigee/apigeecassandra/conf/cassandra.yamlfile.Forexample,ensurethat
theEdgeforPrivateCloudinstallationscriptsetthefollowingproperties:
●cluster_name
●initial_token
●partitioner
●seeds
●listen_address
●rpc_address
●snitch
Warning:Donoteditthisfile.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage25
PostgreSQLdatabase
AfteryouinstallEdge,youcanadjustthefollowingPostgreSQLdatabasesettingsbasedontheamountof
RAMavailableonyoursystem:
conf_postgresql_shared_buffers=35%ofRAM#min128kB
conf_postgresql_effective_cache_size=45%ofRAM
conf_postgresql_work_mem=512MB#min64kB
Note:ThesesettingsassumethatthePostgreSQLdatabaseisonlyusedforEdgeanalytics,andnotforany
otherpurpose.
Tosetthesevalues:
1. Editpostgresql.properties:
>vi/<inst_root>/apigee/customer/application/postgresql.properties
Ifthefiledoesnotexist,createit.
2. Setthepropertieslistedabove.
3. Saveyouredits.
4. RestartthePostgreSQLdatabase:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceapigeepostgresqlrestart
jsvc
“jsvc”isaprerequisiteforusingAPIBaaS.Version1.0.15devisinstalledwhenyouinstalltheAPIBaaS.
NetworkSecurityServices(NSS)
NetworkSecurityServices(NSS)isasetoflibrariesthatsupportsdevelopmentofsecurityenabledclientand
serverapplications.YoushouldensurethatyouhaveinstalledNSSv3.19,orlater.
Tocheckyourcurrentversion:
>yuminfonss
ToupdateNSS:
>yumupdatenss
SeethisarticlefromRedHatformoreinformation.
AWSAMI
IfyouareinstallingEdgeonanAWSAmazonMachineImage(AMI)forRedHatEnterpriseLinux7.x,you
mustfirstrunthefollowingcommand:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage26
>yumconfigmanagerenablerhuiREGIONrhelserverextras
rhuiREGIONrhelserveroptional
Tools
TheinstallerusesthefollowingUNIXtoolsinthestandardversionasprovidedbyEL5orEL6.
awk
dirname
ls
rpm
unzip
basename
echo
perl
rpm2cpio
useradd
bash
expr
pgrep(fromprocps)
sed
wc
bc
grep
ps
tar
yum
curl
hostname
pwd
tr
chkconfig
date
id
python
uname
sudo
Note:
●Theexecutableforthetool‘useradd’islocatedin/usr/sbinandforchkconfigin/sbin.
● Withsudoaccessyoucangainaccessovertheenvironmentofthecallinguser,forexample,usually
onewouldcall“sudo<command>”or“sudoPATH=$PATH:/usr/sbin:/sbin<command>”.
● Ensurethatyouhave“patch”toolinstalledpriortoaservicepack(patch)installation.
ntpdate–Itisrecommendedtohavetheserverstimesynchronized.Ifnotalreadyconfigured,‘ntpdate’utility
couldservethispurpose,whichverifieswhetherserversaretimesynchronized.Youcanuse“yuminstall
ntp”toinstalltheutility.ThisisparticularlyusefulforreplicatingOpenLDAPsetups.Notethatyousetup
servertimezoneinUTC.
openldap2.4–TheonpremisesinstallationrequiresOpenLDAP2.4.IfyourserverhasanInternet
connection,thentheEdgeinstallscriptdownloadsandinstallsOpenLDAP.Ifyourserverdoesnothavean
Internetconnection,youmustensurethatOpenLDAPisalreadyinstalledbeforerunningtheEdgeinstallscript.
OnRHEL/CentOS,youcanrun"yuminstallopenldapclientsopenldapservers"toinstallthe
OpenLDAP.
For13hostinstallations,and12hostinstallationswithtwoDataCenters,yourequireOpenLDAPreplication
becausetherearemultiplenodeshostingOpenLDAP.
FirewallsandVirtualHosts
Theterm“virtual”commonlygetsoverloadedintheITarena,andsoitiswithanApigeeEdgeforPrivateCloud
deploymentandvirtualhosts
.Toclarify,therearetwoprimaryusesoftheterm“virtual”:
●Virtualmachines(VM):Not
required,butsomedeploymentuseVMtechnologytocreateisolated
serversfortheirApigeecomponents.VMhosts,likephysicalhosts,canhavenetworkinterfacesand
firewalls.TheseinstallationinstructionsdonotspecificallysupportVMinstallations.
●Virtualhosts:Webendpoints,analogoustoanApachevirtualhost
.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage27
ArouterinaVMcanexposemultiplevirtualhosts(aslongastheydifferfromoneanotherintheirhostalias
or
intheirinterfaceport
).
Justasanamingexample,asinglephysicalserver“A”mightberunningtwoVMs,named“VM1”and“VM2”.
Let’sassumeVM1exposesavirtualEthernetinterface,whichgetsnamedeth0insidetheVM,andwhichis
assignedIPaddress111.111.111.111bythevirtualizationmachineryoranetworkDHCPserver;andthen
assumeVM2exposesavirtualEthernetinterfacealsonamedeth0anditgetsassignedanIPaddress
111.111.111.222.
WemighthaveanApigeerouterrunningineachofthetwoVMs.Theroutersexposevirtualhostendpointsas
inthishypotheticalexample:
TheApigeerouterinVM1exposesthreevirtualhostsonitseth0interface(whichhassomespecificIP
address),api.mycompany.com:80,api.mycompany.com:443,andtest.mycompany.com:80.
TherouterinVM2exposesapi.mycompany.com:80(samenameandportasexposedbyVM1).
Thephysicalhost’soperatingsystemmighthaveanetworkfirewall;ifso,thatfirewallmustbeconfiguredto
passTCPtrafficboundfortheportsbeingexposedonthevirtualizedinterfaces(111.111.111.111:{80,443}
and111.111.111.222:80).Inaddition,eachVM’soperatingsystemmayprovideitsownfirewallonitseth0
interfaceandthesetoomustallowports80and443traffictoconnect.
Thebasepath
isthethirdcomponentinvolvedinroutingAPIcallstodifferentAPIproxiesthatyoumayhave
deployed.APIproxybundlescanshareanendpointiftheyhavedifferentbasepaths.Forexample,one
basepathcanbedefinedashttp://api.mycompany.com:80/andanotherdefinedas
http://api.mycompany.com:80/salesdemo.
Inthiscase,youneedaloadbalancerortrafficdirectorofsomekindsplittingthe
http://api.mycompany.com:80/trafficbetweenthetwoIPaddresses(111.111.111.111onVM1and
111.111.111.222onVM2).Thisfunctionisspecifictoyourparticularinstallation,andisconfiguredbyyour
localnetworkinggroup.
ThebasepathissetwhenyoudeployanAPI.Fromtheaboveexample,youcandeploytwoAPIs,mycompany
andtestmycompany,fortheorganizationmycompanyorgwiththevirtualhostthathasthehostaliasof
api.mycompany.comandtheportsetto80.Ifyoudonotdeclareabasepathinthedeployment,thentherouter
doesnotknowwhichAPItosendincomingrequeststo.
However,ifyoudeploytheAPItestmycompanywiththebaseURLof/salesdemo,thenusersaccessthatAPI
usinghttp://api.mycompany.com:80/salesdemo.IfyoudeployyourAPImycompanywiththebaseURLof/
thenyourusersaccesstheAPIbytheURLhttp://api.mycompany.com:80/.
Edgeportrequirements
Theneedtomanagethefirewallgoesbeyondjustthevirtualhosts;bothVMandphysicalhostfirewallsmust
allowtrafficfortheportsrequiredbythecomponentstocommunicatewitheachother.
ThefollowingimageshowstheportsrequirementsforeachEdgecomponent:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage28
Notesonthisdiagram:
● *Port8082ontheMessageProcessoronlyhastobeopenforaccessbytheRouterwhenyou
configureTLS/SSLbetweentheRouterandMessageProcessor.IfyoudonotconfigureTLS/SSL
betweentheRouterandMessageProcessor,thedefaultconfiguration,port8082stillmustbeopenon
theMessageProcessortomanagethecomponent,buttheRouterdoesnotrequireaccesstoit.
● Theportsprefixedby"M"areportsusedtomanagethecomponentandmustbeopenonthe
component.
● Thefollowingcomponentsrequireaccesstoport8080ontheManagementServer:Router,Message
Processor,UI,Postgres,andQpid.
● AMessageProcessormustopenport4528asitsmanagementport.IfyouhavemultipleMessage
Processors,theymustallbeabletoaccesseachotheroverport4528(indicatedbythelooparrowin
thediagramaboveforport4528ontheMessageProcessor).IfyouhavemultipleDataCenters,the
portmustbeaccessiblefromallMessageProcessorsinallDataCenters.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage29
● Whileitisnotrequired,youcanopenport4527ontheRouterforaccessbyanyMessageProcessor.
Otherwise,youmightseeerrormessagesintheMessageProcessorlogfiles.
● ARoutermustopenport4527asitsmanagementport.IfyouhavemultipleRouters,theymustallbe
abletoaccesseachotheroverport4527(indicatedbythelooparrowinthediagramaboveforport
4527ontheRouter).
● AccesstoJMXportscanbeconfiguredtorequireausername/password.See
http://docs.apigee.com/apiservices/latest/howmonitorformoreinformation.
● YoucanoptionallyconfigureSSLaccessforcertainconnections,whichcanusedifferentports.See
SSLintheApigeeonlinedocumentationformore.
● Youcanoptionallyopenportsonindividualnodestoallowsshaccess.
● YoucanconfiguretheManagementServertosendemailsthroughanexternalSMTPserver.Ifyoudo,
youmustensurethattheManagementServercanaccessthenecessaryportontheSMTPserver.See
http://docs.apigee.com/apiservices/latest/howmonitorformoreinformation.
Thetablebelowshowstheportsneedtobeopenedinfirewalls,byEdgecomponent:
Component
Port
Description
StandardHTTP
ports
80,443
HTTPplusanyotherportsyouuseforvirtualhosts
Management
Server
8080
PortforEdgemanagementAPIcalls.Thesecomponents
requireaccesstoport8080ontheManagementServer:
Router,MessageProcessor,UI,Postgres,andQpid.
1099
JMXport
4526
Fordistributedcacheandmanagementcalls
ManagementUI
9000
PortforbrowseraccesstomanagementUI
Message
Processor
8998
MessageProcessorportforcommunicationsfromRouter
8082
DefaultmanagementportforMessageProcessor.
IfyouconfigureTLS/SSLbetweentheRouterandMessage
Processor,usedbytheRoutertomakehealthchecksonthe
MessageProcessor.
1101
JMXport
4528
Fordistributedcacheandmanagementcalls
Router
8081
DefaultmanagementportforRouter
4527
Fordistributedcacheandmanagementcalls
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage30
ZooKeeper
2181
UsedbyothercomponentslikeManagementServer,Router,
MessageProcessorandsoon
2888,
3888
UsedinternallybyZooKeeperforZooKeepercluster(known
asZooKeeperensemble)communication
Cassandra
7000,
9042,
9160
ApacheCassandraportsforcommunicationbetween
Cassandranodes
7199
JMXport
Qpid
5672
UsedforcommunicationsfromtheRouterandMessage
ProcessortoQpidserver
8083
DefaultmanagementportonQpidserver
1102
JMXport
4529
Fordistributedcacheandmanagementcalls
Postgres
5432
UsedforcommunicationfromQpid/ManagementServerto
Postgres
8084
DefaultmanagementportonPostgresserver
1103
JMXport
4530
Fordistributedcacheandmanagementcalls
LDAP
10389
OpenLDAP
SmartDocs
59002
TheportontheEdgerouterwhereSmartDocspage
requestsaresent.
Note:Inaddition,youmayneedtoopenportsinthefirewallsfortesting.Forexample,59001,
andsoon.
Thenexttableshowsthesameports,listednumerically,withthesourceanddestinationcomponents:
Port
Number
Purpose
Source
Component
DestinationComponent
<virtual
hostport#>
HTTPplusanyotherports
youuseforvirtualhostAPI
calltraffic.Ports80and443
aremostcommonlyused;
theMessageRoutercan
terminateSSLconnections.
Externalclient(or
loadbalancer)
ListeneronMessage
Router
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage31
1099
through
1103
JMXManagement
JMXClient
ManagementServer
(1099)
MessageProcessor(1101)
QpidServer(1102)
PostgresServer(1103)
2181
Zookeeperclient
communication
ManagementServer
Router
MessageProcessor
QpidServer
PostgresServer
Zookeeper
2888and
3888
Zookeeperinternode
management
Zookeeper
Zookeeper
4526
through
4530
RPCManagementports
usedfordistributedcache
andcallsfromthe
ManagementServerstothe
othercomponents
ManagementServer
ManagementServer
(4526)
Router(4527)
MessageProcessor(4528)
QpidServer(4529)
PostgresServer(4530)
4528
Fordistributedcachecalls
Router
MessageProcessor
MessageProcessor
5432
Postgresclient
QpidServer
Postgres
5672
Usedforsendinganalytics
fromRouterandMessage
ProcessortoQpid
Router
MessageProcessor
Qpiddaemon
7000
Cassandrainternode
communications
Cassandra
OtherCassandranode
7199
JMXmanagement
JMXclient
Cassandra
8080
ManagementAPIport
ManagementAPI
clients
ManagementServer
8081
through
8084
ComponentAPIports,used
forissuingAPIrequests
directlytoindividual
components.Each
ManagementAPI
clients
Router(8081)
MessageProcessor(8082)
QpidServer(8083)
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage32
componentopensadifferent
port;theexactportused
dependsonthe
configuration
PostgresServer(8084)
8998
Communicationbetween
routerandmessage
processor
Router
MessageProcessor
9000
DefaultEdgemanagement
UIport
Browser
ManagementUIServer
9042
CQLnativetransport
Router
MessageProcessor
ManagementServer
Cassandra
9160
Cassandrathriftclient
Router
MessageProcessor
ManagementServer
Cassandra
10389
LDAPport
ManagementServer
ApcheDS/OpenLDAP
59002
Therouterportwhere
SmartDocspagerequests
aresent
SmartDocs
Router
AMessageProcessorkeepsadedicatedconnectionpoolopentoCassandra,whichisconfiguredtonever
timeout.WhenafirewallisbetweenamessageprocessorandCassandraserver,thefirewallcantimeoutthe
connection.However,themessageprocessorisnotdesignedtoreestablishconnectionstoCassandra.
Topreventthissituation,ApigeerecommendsthattheCassandraserver,messageprocessor,androutersbe
inthesamesubnetsothatafirewallisnotinvolvedinthedeploymentofthesecomponents.
Ifafirewallisbetweentherouterandmessageprocessors,andhasanidletcptimeoutset,our
recommendationsisto:
1. Setnet.ipv4.tcp_keepalive_time=1800insysctlsettingsonLinuxOS,where1800should
belowerthanthefirewallidletcptimeout.Thissettingshouldkeeptheconnectioninanestablished
statesothatthefirewalldoesnotdisconnecttheconnection.
2. OnallMessageProcessors,edit
/<inst_root>/apigee/customer/application/messageprocessor.propertiestoadd
thefollowingproperty.Ifthefiledoesnotexist,createit.
conf_system_casssandra.maxconnecttimeinmillis=1
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage33
3. RestarttheMessageProcessor:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgemessageprocessor
restart
4. OnallRouters,edit/<inst_root>/apigee/customer/application/router.propertiesto
addthefollowingproperty.Ifthefiledoesnotexist,createit.
conf_system_casssandra.maxconnecttimeinmillis=1
5. RestarttheRouter:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
Ifyouinstallthe12hostclusteredconfigurationwithtwoDataCenters,ensurethatthenodesinthetwoData
Centerscancommunicateovertheportsshownbelow:
Note:AllMessageProcessorsinallDataCentersmustallbeabletoaccesseachotheroverport4528.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage34
APIBaaSportrequirements
IfyouopttoinstalltheAPIBaaS,youaddtheAPIBaaSStackandAPIBaaSPortalcomponents.These
componentsusetheportsshowninthefigurebelow:
TheCassandranodescanbededicatedtoAPIBaaS,orcanbesharedwithEdge.
AproductioninstallationofAPIBaaSusesaloadbalancerbetweentheAPIBaaSPortalnodeandAPIBaaS
Stacknodes.WhenconfiguringthePortal,andwhenmakingBaaSAPIcalls,youspecifytheIPaddressor
DNSnameoftheloadbalancer,notoftheStacknodes.
Thetablebelowshowsthedefaultportsthatneedtobeopenedinfirewalls,bycomponent:
Component
Port
Description
APIBaaSPortal
9000
PortfortheAPIBaaSUI
APIBaaSStack
8080
PortwhereAPIrequestarereceived
ElasticSearch
9200to
9400
ForcommunicatingwithAPIBaaSStackandfor
communicatingbetweenElasticSearchnodes
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage35
Licensing
EachinstallationofEdgerequiresauniquelicensefilethatyouobtainfromApigee.Youwillneedtoprovide
thepathtothelicensefilewheninstallingthemanagementserver,forexample/tmp/license.txt.
Theinstallercopiesthelicensefileto/<inst_root>/apigee/customer/conf/license.txt
Iflicensefileisvalid,themanagementservervalidatestheexpiryandallowedMessageProcessor(MP)count.
Ifanyofthelicensesettingsisexpired,youcanfindthelogsinthefollowinglocation:
/<inst_root>/apigee/var/log/edgemanagementserver/logs.Inthiscaseyoucancontact
ApigeeSupportformigrationdetails.
InstallationChecklist
Note:
● IfanolderversionofApigeeEdgeforPrivateCloudwasinstalledonthemachine,ensurethatyou
deletethefolder/tmp/javabeforeanewinstallation.
● Ifuser“apigee”wascreatedpriortotheinstallation,ensurethat“/home/apigee”existsashome
directoryandisownedby“apigee:apigee”.
Thechecklistcoverstheprecedingprerequisitesandprovidesalistofrequiredfilestoobtainbefore
proceeding.Hereisasummaryoftheprimaryrequirementscoveredthere.
●Installationuser:Theuserperformingthisinstallationmustbetherootuser,orauserwithsudo
privileges.Inmanyofthecommandsbelow,ifyouarenotloggedinasroot,prefixthecommandswith
"sudo".
●Edgesystemadministratorcredentials:Aspartoftheinstallation,youarepromptedtospecifyan
emailaddressandpasswordusedtocreatetheEdgesystemadministratoraccount.Neverusethese
credentialsforanythingotherthanEdgesystemadministration.Youcanlatercreatedifferentusersand
usertypestocreateandmanageAPIproxies,apps,andallotheruserleveltasks.
TochangetheadministratorpassworddonotusetheEdgeUItochangetheadministrator
password.Seehttp://docs.apigee.com/apiservices/latest/resettingpasswordsformoreinformation.
●OS:Foroperatingsystemrequirements,see
https://apigee.com/docs/apiservices/reference/supportedsoftware.
●Java:JavarequirementsarecoveredunderPrerequisitesabove.Referto
https://apigee.com/docs/apiservices/reference/supportedsoftwareproceeding.
EnsurethatJAVA_HOMEpointstotherootoftheJDKfortheuserperformingtheinstallation.
●Firewalls:Firewall/hostrequirementsarecoveredunderPrerequisitesabove.RefertotheFirewalls
andVirtualHostssectionbeforeproceeding.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage36
●TCPWrappers:TCPWrapperscanblockcommunicationofsomeportsandcanaffectOpenLDAP,
Postgres,andCassandrainstallation.Onthosenodes,check/etc/hosts.allowand
/etc/hosts.denytoensurethattherearenoportrestrictionsontherequiredOpenLDAP,Postgres,
andCassandraports.
●SELinux:DependingonyoursettingsforSELinux,Edgecanencounterissueswithinstallingand
startingEdgecomponents.Ifnecessary,youcandisableSELinuxorsetittopermissivemodeduring
installation,andthenreenablingitafterinstallation.SeePrerequisite:DisableSELinuxformore.
●iptables:Validatethattherearenoiptablespoliciespreventingconnectivitybetweennodesonthe
requiredEdgeports.Ifnecessary,youcanstopiptablesduringinstallationusingthecommand:
>sudo/etc/init.d/iptablesstop
OnCentOS7.x:
>systemctlstopfirewalld
●Licensefile:AvalidlicensefilemustbeobtainedtoinstallApigeeEdge.Licensinginformationis
coveredunderPrerequisitesabove.RefertotheLicensingsectionbeforeproceeding.
●Distributionfiles:TheApigeeEdgedistributionfilesareinstalledasasetofRPMsanddependencies.
●Systemlimits:
o OnCassandranodes,setsoftandhardmemlock,nofile,andaddressspace(as)limitsfor
installationuser(defaultis“apigee")in/etc/security/limits.confasshownbelow:
apigeesoftmemlockunlimited
apigeehardmemlockunlimited
apigeesoftnofile32768
apigeehardnofile65536
apigeesoftasunlimited
apigeehardasunlimited
o OnMessageProcessornodes,setthemaximumnumberofopenfiledescriptorsto64Kby
usingthecommand:
>ulimitn65535
Ifnecessary,youcanraisethatlimit.Forexample,ifyouhavealargenumberoftemporaryfiles
openatanyonetime.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage37
InstallationConsiderations
AtypicalEdgeinstallationconsistsofEdgecomponentsdistributedacrossmultiplenodes.Afteryouinstall
Edgeonanode,youtheninstallandconfigureoneormoreEdgecomponentsonthenode.
Installationprocess
InstallingEdgeonanodeisamultistepprocess:
●DisableSELinuxonthenodeorsetittopermissivemode.SeePrerequisite:DisableSELinuxformore.
●SelectyourEdgeconfigurationfromthelistofrecommendedtopologies.Forexample,youcaninstall
Edgeonasinglenodefortesting,oron13nodesforproduction.SeeInstallationtopologiesformore.
●Oneachnodeinyourselectedtopology,installtheEdgeapigeesetuputility:
oDownloadtheEdgebootstrap_4.16.05.shfileto/tmp/bootstrap_4.16.05.sh.
o InstalltheEdgeapigeeserviceutilityanddependencies.
oInstalltheEdgeapigeesetuputilityanddependencies.
SeeInstalltheEdgeapigeesetuputilityformore.
● UsetheapigeesetuputilitytoinstalloneormoreEdgecomponentsoneachnodebasedonyour
selectedtopology.
SeeInstallEdgecomponentsonanode.
●OntheManagementServernode,usetheapigeesetuputilitytoinstallapigeeprovision,the
utilitiesthatyouusetocreateandmanageEdgeorganizations.
SeeOnboardanorganizationformore.
Handlinganinstallationfailure
InthecaseofafailureduringtheinstallationofanEdgecomponent,youcantrytocorrecttheissue,andthen
runtheinstalleragain.Theinstallerisdesignedtoberunrepeatedlyincaseswhereitdetectsafailure,orif
youlaterwanttochangeorupdateacomponentafterinstallation.
Whocanperformtheinstall
TheApigeeEdgedistributionfilesareinstalledasasetofRPMsanddependencies.Toinstall,uninstall,and
updateEdge,theEdgecommandsmustberunbytherootuserorbyauserthathasfullsudoaccess.Forfull
sudoaccess,thatmeanstheuserhassudoaccesstoperformthesameoperationsasroot.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage38
Anyuserwhowantstorunthefollowingcommandsorscriptsmusteitherberoot,orbeauserwithfullsudo
access:
●apigeeserviceutility:
○apigeeservicecommands:install,uninstall,update.
○apigeeallcommands:install,uninstall,update.
●setup.shscripttoinstallEdgecomponents(Unlessyouhavealreadyused"apigeeservice
intall"toinstalltherequiredRPMs.Thenrootorfullsudoaccessifnotrequired.)
●update.shscripttoupdateEdgecomponents
Also,theEdgeinstallercreatesanewuseronyoursystem,named"apigee".ManyEdgecommandsinvoke
sudotorunasthe"apigee"user.
Anyuserwhowantstorunallothercommandsthantheonesshownabovemustbeauserwithfullsudo
accesstothe"apigee"user.Thesecommandsinclude:
●apigeeserviceutilitycommands,including:
○apigeeservicecommandssuchasstart,stop,restart,configure.
○apigeeallcommandssuchasstart,stop,restart,configure.
Toconfigureausertohavefullsudoaccesstothe"apigee"user,editthesudoersfiletoadd:
installUser
ALL=(apigee)NOPASSWD:ALL
whereinstallUser
istheusernameofthepersonworkingwithEdge.
AnyfilesorresourcesusedbytheEdgecommandsmustbeaccessibletothe"apigee"user.Thisincludesthe
Edgelicensefileandanyconfigfiles.
Note:YoucansettheRUN_USERpropertyforanEdgecomponenttospecifyadifferentuserthan"apigee".If
youdo,thenalloftheEdgecommandsforthatcomponentinvokesudotorunasthatuser.Filesorresources
mustthenbeaccessibletothatuser.
Whencreatingaconfigurationfile,youcanchangeitsownerto"apigee:apigee"toensurethatitisaccessible
toEdgecommands:
1. Createthefileinaneditorasanyuser.
2. Chowntheownerofthefileto"apigee:apigee"or,ifyouchangedtheuserrunningtheEdgeservice
fromthe"apigee"user,chownthefiletotheuserwhoisrunningtheEdgeservice.
SilentinstallationofEdgecomponents
YoumustpassaconfigurationfiletotheapigeesetuputilitythatcontainstheinformationabouttheEdge
installation.Theonlyrequirementonsilentinstallationsisthattheconfigurationfilemustbeaccessibleor
readablebythe"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenodeandchownitto
"apigee:apigee".
AllinformationintheconfigurationfileisrequiredexceptfortheEdgesystemadministrator'spassword.Ifyou
omitthepassword,theapigeesetuputilitypromptsyoutoenteritonthecommandline.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage39
SeeCreatingaconfigurationfileformore.
InternetornonInternetinstallation
ToinstallEdgeonanode,thenodemustbeabletoaccesstheApigeerepository:
● NodeswithanexternalInternetconnection
NodeswithanexternalinternetconnectionaccesstheApigeerepositorytoinstalltheEdgeRPMsand
dependencies.
● NodeswithoutanexternalInternetconnection
NodeswithoutanexternalInternetconnectioncanaccessamirroredversionoftheApigeerepository
thatyousetupinternally.ThisrepositorycontainsallEdgeRPMs,butyouhavetoensurethatyou
haveallotherdependenciesavailablefromreposontheinternalnetwork.
Settingupavirtualhost
AvirtualhostonEdgedefinesthedomainsandEdgeRouterportsonwhichanAPIproxyisexposed,and,by
extension,theURLthatappsusetoaccessanAPIproxy.AvirtualhostalsodefineswhethertheAPIproxyis
accessedbyusingtheHTTPprotocol,orbytheencryptedHTTPSprotocol.
AspartoftheEdgeonboardingprocess,youhavetocreateanorganization,environment,andvirtualhost.
Edgeprovidesthesetuporgcommandtomakethisprocesseasierfornewusers.
Whenyoucreatethevirtualhost,youmustspecifythefollowinginformation:
●ThenameofthevirtualhostthatyouusetoreferenceitinyourAPIproxies.
●TheportontheRouterforthevirtualhost.Typicallytheseportsstartat9001andincrementbyonefor
everynewvirtualhost.
●Thehostaliasofthevirtualhost.TypicallytheDNSnameofthevirtualhost.
TheEdgeRoutercomparestheHostheaderoftheincomingrequesttothelistofavailablehostaliasesas
partofdeterminingtheAPIproxythathandlestherequest.Whenmakingarequestthroughavirtualhost,
eitherspecifyadomainnamethatmatchesthehostaliasofavirtualhost,orspecifytheIPaddressofthe
RouterandtheHostheadercontainingthehostalias.
Forexample,ifyoucreatedavirtualhostwithahostaliasofmyapis.apigee.netonport9001,thenacURL
requesttoanAPIthroughthatvirtualhostcoulduseoneofthefollowingforms:
● IfyouhaveaDNSentryformyapis.apigee.net:
curlhttp://myapis.apigee.net:9001/{proxybasepath}/{resourcepath}
● IfyoudonothaveaDNSentryformyapis.apigee.net:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage40
curlhttp://<routerIP>:9001/{proxybasepath}/{resourcepath}
H'Host:myapis.apigee.net'
Inthisform,youspecifytheIPaddressoftheRouter,andpassthehostaliasintheHostheader.
Note:Thecurlcommand,mostbrowsers,andmanyotherutilitiesautomaticallyappendtheHost
headerwiththedomainaspartoftherequest,soyoucanactuallyuseacurlcommandintheform:
curlhttp://<routerIP>:9001/{proxybasepath}/{resourcepath}
OptionswhenyoudonothaveaDNSentryforthevirtualhost
OneoptionwhenyoudonothaveaDNSentryistosetthehostaliastotheIPaddressoftheRouterandport
ofthevirtualhost,as<routerIP>:port.Forexample:
192.168.1.31:9001
Whenyoumakeacurlcommandintheformbelow:
curlhttp://<routerIP>:9001/{proxybasepath}/{resourcepath}
ThisoptionispreferredbecauseitworkswellwiththeEdgeUI.
IfyouhavemultipleRouters,addahostaliasforeachRouter,specifyingtheIPaddressofeachRouterand
portofthevirtualhost.
Alternatively,youcansetthehostaliastoavalue,suchastemp.hostalias.com.Then,youhavetopassthe
Hostheaderoneveryrequest:
curlvhttp://<routerIP>:9001/{proxybasepath}/{resourcepath}
H'host:temp.hostalias.com'
Or,addthehostaliastoyour/etc/hostsfile.Forexample,addthislineto/etc/hosts:
192.168.1.31temp.hostalias.com
ThenyoucanmakearequestasifyouhadaDNSentry:
curlvhttp://myapis.apigee.net:9001/{proxybasepath}/{resourcepath}
ConfiguringEdgecomponentspostinstallation
ToconfigureEdgeafterinstallation,youuseacombinationof.propertiesfilesandEdgeutilities.For
example,toconfigureSSLontheEdgeUI,youedit.propertiesfilestosetthenecessaryproperties.
Changesto.propertiesfilesrequireyoutorestarttheaffectedEdgecomponent.
The.propertiesfilesarelocatedinthe/opt/apigee/customer/applicationdirectory.Each
componenthasitsown.propertiesfileinthatdirectory.Forexample,router.propertiesand
managementserver.properties.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage41
Note:Ifyouhavenotsetanypropertiesforacomponent,the/opt/apigee/customer/application
directorymightnotcontaina.propertiesfileforthecomponent.Inthatcase,createone.
Tosetapropertyforacomponent,editthecorresponding.propertiesfile,andthenrestartthecomponent:
>/opt/apigee/apigeeservice/bin/apigeeservicecomponent
restart
Forexample:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
WhenyouupdateEdge,the.propertiesfilesinthe/opt/apigee/customer/applicationdirectory
areread.Thatmeanstheupdateretainsanypropertiesthatyousetonthecomponent.
Seehttp://docs.apigee.com/apiservices/latest/howconfigureedgeformoreinformationonEdgeconfiguration.
InvokingcommandsonEdgecomponents
Edgeinstallsmanagementutilitiesunder/opt/apigee/apigeeservice/binthatyoucanuseto
manageanEdgeinstallation.Forexample,youcanusetheapigeeallutilitytostart,stop,restart,or
determinethestatusofallEdgecomponentsonthenode:
/opt/apigee/apigeeservice/bin/apigeeallstop|start|restart|status|version
Usetheapigeeserviceutilitytocontrolandconfigureindividualcomponents.Theapigeeservice
utilityhastheform:
/opt/apigee/apigeeservice/bin/apigeeservicecomponent
action
Forexample,torestarttheEdgeRouter:
/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
Youcandeterminethelistofcomponentsinstalledonthenodebyexaminingthe/opt/apigeedirectory.
ThatdirectorycontainsasubdirectoryforeveryEdgecomponentinstalledonthenode.Eachsubdirectoryis
prefixedby:
●apigeeathirdpartycomponentusedbyEdge.Forexample,apigeecassandra.
●edgeanEdgecomponentfromApigee.Forexample,edgemanagementserver.
●edgemintaMonetizationcomponent.Forexampleedgemintmanagementserver.
●baasanAPIBaaScomponent.Forexamplebaasusergrid.
Thecompletelistofactionsforacomponentdependsonthecomponentitself,butallcomponentssupport
thefollowingactions:
●start,stop,restart
●status,version
●backup,restore
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage42
●install,uninstall
Accessinglogfiles
Thelogfilesforeachcomponentarecontainedinthe/opt/apigee/var/logdirectory.Eachcomponent
hasitsownsubdirectory.Forexample,thelogsfortheManagementServerareinthedirectory:
/opt/apigee/var/log/edgemanagementserver
CommonYumcommands
TheEdgeinstallationtoolsforLinuxrelyonYumtoinstallandupdatecomponents.Youmighthavetouse
severalYumcommandstomanageaninstallationonanode.
● CleanallYumcaches:
sudoyumcleanall
● ToupdateanEdgecomponent:
sudoyumupdatecomponentName
Forexample:
sudoyumupdateapigeesetup
sudoyumupdateedgemanagementserver
FileSystemStructure
Edgeinstallsallfilesinthe/opt/apigeedirectory.
Note:Youcannotchangethisdirectorylocation.However,youcancreateasymlinktomapittoadifferent
location.SeeCreatingasymlinkfrom/opt/apigeeformore.
InthisguideandintheEdgeOperationsGuide
,therootinstallationdirectoryisnotedas:
<inst_root>/apigee
TheinstallationusesthefollowingfilesystemstructuretodeployApigeeEdgeforPrivateCloud.
LogFiles
Components
Location
ManagementServer
<inst_root>/apigee/var/log/edgemanagementserver
Router
<inst_root>/apigee/var/log/edgerouter
MessageProcessor
<inst_root>/apigee/var/log/edgemessageprocessor
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage43
ApigeeQpidServer
<inst_root>/apigee/var/log/edgeqpidserver
ApigeePostgresServer
<inst_root>/apigee/var/log/edgepostgresserver
EdgeUI
<inst_root>/apigee/var/log/edgeui
ZooKeeper
<inst_root>/apigee/var/log/apigeezookeeper
OpenLDAP
<inst_root>/apigee/var/log/apigeeopenldap
Cassandra
<inst_root>/apigee/var/log/apigeecassandra
Qpidd
<inst_root>/apigee/var/log/apigeeqpidd
PostgreSQLdatabase
<inst_root>/apigee/var/log/apigeepostgresql
Data
Components
Location
ManagementServer
<data_root>/apigee/data/edgemanagementserver
Router
<data_root>/apigee/data/edgerouter
MessageProcessor
<data_root>/apigee/data/edgemessageprocessor
ApigeeQpidagent
<data_root>/apigee/data/edgeqpidserver
ApigeePostgresagent
<data_root>/apigee/data/edgepostgresserver
ZooKeeper
<data_root>/apigee/data/apigeezookeeper
OpenLDAP
<data_root>/apigee/data/apigeeopenldap
Cassandra
<data_root>/apigee/data/apigeecassandra/data
Qpidd
<data_root>/apigee/data/apigeeqpid/data
PostgreSQLdatabase
<data_root>/apigee/data/apigeepostgres/pgdata
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage44
InstalltheEdgeapigeesetuputility
ToinstallEdgeonanode,youfirstinstalltheEdgeapigeesetuputility.Ifyouareinanenvironmentwhere
yournodesdonothaveanexternalinternetconnection,youmustalsoinstallalocalcopyoftheApigeerepo.
Creatingasymlinkfrom/opt/apigee
Edgeinstallsallfilesinthe/opt/apigeedirectory.Youcannotchangethisdirectory.However,ifdesired,
youcancreateasymlinktomap/opt/apigeetoanotherlocation.
Beforeyoucreatethesymlink,youmustfirstcreateauserandgroupnamed"apigee".Thisisthesamegroup
andusercreatedbytheEdgeinstaller.
Tocreatethesymlink,performthesestepsbeforedownloadingthebootstrap_4.16.05.shfile.Youmust
performallofthesestepsasroot:
1. Createthe"apigee"userandgroup:
>groupaddrapigee
>useraddrgapigeed/opt/apigees/sbin/nologinc"Apigeeplatform
user"apigee
2. Createasymlinkfrom/opt/apigeetoyourdesiredinstallroot:
>lnTs/srv/myInstallDir
/opt/apigee
where/srv/myInstallDir
isthedesiredlocationoftheEdgefiles.
3. Changeownershipoftheinstallrootandsymlinktothe"apigee"user:
>chownhapigee:apigee/srv/apigee/opt/apigee
Prerequisite:DisableSELinux
YoumustdisableSELinux,orsetittopermissivemode,beforeyoucaninstallEdgeapigeesetuputilityor
anyEdgecomponents.Ifnecessary,afterinstallingEdge,youcanreenableSELinux.
Note:ThisstepisnotrequiredonSUSEinstallations.
● TotemporarilysetSELinuxtopermissivemode,executethefollowingcommand:
a. OnaLinux6.xoperatingsystem:
echo0>/selinux/enforce
ToreenableSELinuxafterinstallingEdge:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage45
echo1>/selinux/enforce
b. OnaLinux7.xoperatingsystem:
setenforce0
ToreenableSELinuxafterinstallingEdge:
setenforce1
● TopermanentlydisableSELinuxorsetittopermissivemode:
a) Open/etc/sysconfig/selinuxinaneditor.
b) SetSELINUX=disabledorSELINUX=permissive
c) Saveyouredits.
d) Restartthenode.
e) Ifnecessary,reenableSELinuxafterEdgeinstallationbyrepeatingthisproceduretoset
SELINUX=enabled.
InstallEdgeapigeesetuputilityonanodewithanexternalinternetconnection
ToinstallEdgeonanodewithanexternalInternetconnection:
1. ObtaintheusernameandpasswordfromApigeethatyouusetoaccesstheApigeerepository.Ifyou
haveanexistingusername:passwordfortheApigeeftpsite,youcanusethosecredentials.
2. LogintoyournodeasroottoinstalltheEdgeRPMs
Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.
3. DisableSELinuxasdescribedinPrerequisite:DisableSELinux.
4. DownloadtheEdgebootstrap_4.16.05.shfileto/tmp/bootstrap_4.16.05.sh:
>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
5. InstalltheEdgeapigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap_4.16.05.shapigeeuser=uName
apigeepassword=pWord
whereuName:pWordaretheusernameandpasswordyoureceivedfromApigee.IfyouomitpWord,
youwillbepromptedtoenterit.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage46
Bydefault,theinstallercheckstoseethatyouhaveJava1.8installed.Ifyoudonot,itinstallsitforyou.
UsetheJAVA_FIXoptiontospecifyhowtohandleJavainstallation.JAVA_FIXtakesthefollowing
values:
I=InstallOpenJDK1.8(default)
C=ContinuewithoutinstallingJava
Q=Quit.Forthisoption,youhavetoinstallJavayourself.
Theinstallationoftheapigeeserviceutilitycreatesthe/etc/yum.repos.d/apigee.repofile
thatdefinestheApigeerepository.Toviewthedefinitionfile,usethecommand:
>cat/etc/yum.repos.d/apigee.repo
Toviewtherepocontents,usethecommand:
>sudoyumvrepolist'apigee*'
6. Useapigeeservicetoinstalltheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
7. UseapigeesetuptoinstallandconfigureEdgecomponentsonthenode.SeeInstallEdge
componentsonanodeformore.
InstallEdgeapigeesetuputilityonanodewithnoexternalInternetconnection
IfyourEdgenodesarebehindafirewall,orinsomeotherwayareprohibitedfromaccessingtheApigee
repositoryovertheInternet,thenyoumustcreatealocalrepository,ormirror
,oftheApigeerepo.Thatmirror
mustthenbeaccessibletoallnodes.Oncecreated,nodescanthenaccessthatlocalmirrortoinstallEdge.
AfteryoucreatealocalEdgerepository,youmightlaterhavetoupdateitwiththelatestEdgereleasefiles.
Thefollowingsectionsdescribehowtocreatealocalrepository,andhowtoupdateit.
CreatealocalApigeerepository
TocreatealocalApigeerepo:
1. ObtaintheusernameandpasswordfromApigeethatyouusetoaccesstheApigeerepository.Ifyou
haveanexistingusername:passwordfortheApigeeftpsite,youcanusethosecredentials.
2. LogintoyourRedHatorCentOSnodeasroottoinstalltheEdgeRPMs.
Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage47
3. Makesureyouhavethelatestversionofyumutils:
>sudoyumupdateyumutils
4. DisableSELinuxasdescribedinPrerequisite:DisableSELinux.
5. DownloadtheEdgebootstrap_4.16.05.shfileto/tmp/bootstrap_4.16.05.sh:
>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
6. InstalltheEdgeapigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap_4.16.05.shapigeeuser=uName
apigeepassword=pWord
whereuName:pWordaretheusernameandpasswordyoureceivedfromApigee.IfyouomitpWord,
youwillbepromptedtoenterit.
7. Installtheapigeemirrorutilityonthenode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorinstall
8. UsetheapigeemirrorutilitytosynctheApigeerepotothe
/opt/apigee/data/apigeemirror/repos/directory.
Tominimizethesizeoftherepo,includetheonlynewrpmstodownloadjustthelatestRPMs.
Youneedapproximately800MBofdiskspaceforthedownload:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
onlynewrpms
Ifyouwanttoentirerepo,includingolderRPMs,omitonlynewrpms.Youneedapproximately6
GBofdiskspaceforthefulldownload:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
YounowhavealocalcopyoftheApigeerepo.ThenextsectiondescribeshowtoinstalltheEdge
apigeesetuputilityfromthelocalrepo.
9. (Optional)IfyouwanttoinstallEdgefromthelocalrepoontothesamenodethathoststhelocalrepo,
thenyouneedtofirstrunthefollowingcommands:
a) Runbootstrap_4.16.05.shfromthelocalrepotoinstalltheapigeeserviceutility:
>sudobash/opt/apigee/data/apigeemirror/repos/bootstrap_4.16.05.sh
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage48
apigeeprotocol="file://"
apigeerepobasepath=/opt/apigee/data/apigeemirror/repos
b) Useapigeeservicetoinstalltheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
c) UseapigeesetuptoinstallandconfigureEdgecomponentsonthenode.SeeInstallEdge
componentsonanodeformore.
Installapigeesetuponaremotenodefromthelocalrepo
YouhavetwooptionsforinstallingEdgefromthelocalrepo.Youcaneither:
● Createa.tarfileoftherepo,copythe.tarfiletoanode,andtheninstallEdgefromthe.tarfile.
● Installawebserveronthenodewiththelocalreposothatothernodescanaccessit.Apigeeprovides
theNginxwebserverforyoutouse,oryoucanuseyourownwebserver.
Installfromthe.tarfile:
1. Onthenodewiththelocalrepo,usethefollowingcommandtopackagethelocalrepointoasingle.tar
filenamed/opt/apigee/data/apigeemirror/apigee4.16.05.tar.gz:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage
2. Copythe.tarfiletothenodewhereyouwanttoinstallEdge.Forexample,copyittothe/tmpdirectory
onthenewnode.
3. Onthenewnode,disableSELinuxasdescribedinPrerequisite:DisableSELinux.
4. Onthenewnode,untarthefiletothe/tmpdirectory:
>tarxzfapigee4.16.05.tar.gz
Thiscommandcreatesanewdirectory,namedrepos,inthedirectorycontainingthe.tarfile.For
example/tmp/repos.
5. InstalltheEdgeapigeeserviceutilityanddependenciesfrom/tmp/repos:
>sudobash/tmp/repos/bootstrap_4.16.05.shapigeeprotocol="file://"
apigeerepobasepath=/tmp/repos
Noticethatyouincludethepathtothereposdirectoryinthiscommand.
6. Useapigeeservicetoinstalltheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage49
7. UseapigeesetuptoinstallandconfigureEdgecomponentsonthenode.SeeInstallEdge
componentsonanodeformore.
InstallfromtherepousingtheNginxwebserver:
1. InstalltheNginxwebserveronthereponode:
/>opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrornginxconfig
2. Bydefault,Nginxisconfiguredtouselocalhostastheservernameandport3939.Tochangethese
values
a. Open/opt/apigee/customer/application/mirror.propertiesinaneditor.Create
thefileifitdoesnotexist.
b. Setthefollowingvaluesasnecessary:
conf_apigee_mirror_listen_port=3939
conf_apigee_mirror_server_name=localhost
c. RestartNginx:
>/opt/nginx/scripts/apigeenginxrestart
3. Bydefault,thereporequiresausername:passwordofadmin:admin.Tochangethesecredentials,set
thefollowingenvironmentvariables:
MIRROR_USERNAME=uName
MIRROR_PASSWORD=pWord
4. Onthenewnode,disableSELinuxasdescribedinPrerequisite:DisableSELinux.
5. Ontheremotenode,downloadtheEdgebootstrap_4.16.05.shfileto
/tmp/bootstrap_4.16.05.sh:
>/usr/bin/curlhttp://uName:pWord
@
remoteRepo
:3939/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
whereuName:pWordaretheusernameandpasswordyousetabovefortherepo,andremoteRepo
is
theIPaddressorDNSnameofthereponode.
6. Ontheremotenode,installtheEdgeapigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap_4.16.05.shapigeerepohost=remoteRepo
:3939
apigeeuser=uName
apigeepassword=pWord
apigeeprotocol=http://
whereuName:pWordaretherepousernameandpassword.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage50
7. Ontheremotenode,useapigeeservicetoinstalltheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
8. UseapigeesetuptoinstallandconfigureEdgecomponentsontheremotenode.SeeInstallEdge
componentsonanodeformore.
UpdatealocalApigeerepository
Toupdatetherepo,youmustdownloadthelatestbootstrap_4.16.05.shfile,thenperformanewsysnc:
1. DownloadtheEdgebootstrap_4.16.05.shfileto/tmp/bootstrap_4.16.05.sh:
>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
2. Performthesync:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
onlynewrpms
Ifyouwanttoentirerepo:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
CleanalocalApigeerepo
Cleaningthelocalrepodeletes/opt/apigee/data/apigeemirrorand/var/tmp/yumapigee*.
Tocleanthelocalrepo,use:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorclean
AddorupdateEdge4.16.01ina4.16.05repo
IfyouhavetomaintaininstallationsforbothEdge4.16.05and4.16.01,youcanmaintainarepothatcontains
bothversions.Fromthatrepo,youcantheninstalleitherEdge4.16.05and4.16.01.
Toadd4.16.01toan4.15.05repo:
1. Ensurethatyouhaveinstalledthe4.16.05versionoftheapigeemirrorutility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorversion
Youshouldseearesultintheformbelow,wherexyz
isthebuildnumber:
apigeemirror4.16.050.0.xyz
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage51
2. UsetheapigeemirrorutilitytodownloadEdge4.16.01toyourrepo.Noticehowyouprefixthe
commandwithapigeereleasever=4.16.01:
>apigeereleasever=4.16.01/opt/apigee/apigeeservice/bin/apigeeservice
apigeemirrorsynconlynewrpms
Usethissamecommandtolaterupdatethe4.16.01repo.
3. Examinethe/opt/apigee/data/apigeemirror/reposdirectorytoseethefilestructure:
>ls/opt/apigee/data/apigeemirror/repos
Youshouldseethefollowingfilesanddirectories:
apigeeapigeerepo1.06.x86_64.rpmbootstrap_4.16.01.sh
bootstrap_4.16.05.shthirdparty
NoticehowyouhaveabootstrapfileforbothversionsofEdge.Theapigeedirectoryalsocontains
separatedirectoriesforeachversionofEdge.
4. Topackagetherepointoa.tarfile,usethefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage
Thiscommandpackagesboththe4.16.05and4.16.01reposintothesame.tarfile.Youcannot
packageonlypartoftherepo.
ToinstallEdgefromthelocalrepoor.tarfile,justmakesuretorunthecorrectbootstrapfilebyusingoneof
thefollowingcommands:
● Ifinstallingfroma.tarfile,runthecorrectbootstrapfilefromtherepo:
>sudobash/tmp/repos/bootstrap_4.16.0X.shapigeeprotocol="file://"
apigeerepobasepath=/tmp/repos
Tocompletetheinstallation,followtheremainingstepsfromInstallfromthe.tarfile:.
● IfinstallingusingtheNginxwebserver,downloadandthenrunthecorrectbootstrapfilefromtherepo:
>/usr/bin/curlhttp://uName:pWord
@
remoteRepo
:3939/bootstrap_4.16.0X.sho
/tmp/bootstrap_4.16.0X.sh
>sudobash/tmp/bootstrap_4.16.0X.shapigeerepohost=remoteRepo
:3939
apigeeuser=uName
apigeepassword=pWord
apigeeprotocol=http://
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage52
Tocompletetheinstallation,followtheremainingstepsfromInstallfromtherepousingtheNginx
webserver:.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage53
InstallEdgecomponentsonanode
AfteryouinstalltheEdgeapigeesetuputilityonanode,usetheapigeesetuputilitytoinstalloneor
moreEdgecomponentsonthenode.
Note:SeeInstalltheEdgeapigeesetuputilityformoreoninstallingtheEdgeapigeesetuputility.
Theapigeesetuputilityusesacommandintheform:
>/opt/apigee/apigeesetup/bin/setup.shpcomponent
fconfigFile
wherecomponent
istheEdgecomponenttoinstall,andconfigFile
isthesilentconfigurationfilecontaining
theinstallationinformation.Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.For
example,putthefileinthe/tmpdirectoryonthenode.
Forexample,toinstalltheEdgeManagementServer:
>/opt/apigee/apigeesetup/bin/setup.shpmsf/tmp/myConfig
Installationconsiderations
Asyouwriteyourconfigfile,takeintoconsiderationthefollowingoptions.
SettingupPostgresmasterstandbyreplication
Bydefault,EdgeinstallsallPostgresnodesinmastermode.However,inmostproductionsystems,you
configurethemtousemasterstandbyreplicationsothatifthemasternodefails,thestandbynodecan
continuetoservertraffic.
Youcanenableandconfiguremasterstandbyreplicationatinstalltimebyusingpropertiesinthesilentconfig
file.Or,youcanenablemasterstandbyreplicationafterinstallation.Formore,seeSetupMasterStandby
ReplicationforPostgres.
EnablingCassandraauthentication
Bydefault,Cassandrainstallswithoutauthenticationenabled.ThatmeansanyonecanaccessCassandra.You
canenableauthenticationafterinstallingEdge,oraspartoftheinstallationprocess.
YoucanenableCassandraauthenticationasinstalltimebyusingpropertiesinthesilentconfigfile.Or,you
canenableitafterinstallation.
Note:WhileyoucanenableauthenticationwhenyouinstallCassandra,youcannotchangethedefault
usernameandpassword.YouhavetoperformthatstepmanuallyafterinstallationofCassandracompletes.
Formore,seeEnableCassandraauthentication.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage54
BindingtheRoutertoaprotectedport
IfyouwanttobindtheRoutertoaprotectedport,suchasportnumberslessthan1000,thenyouhaveto
configuretheRoutertorunasauserwithaccesstothoseports.Bydefault,theRouterrunsastheuser
"apigee"whichdoesnothaveaccesstoprivilegedports.
ToruntheRouterasadifferentuser:
1. Asroot,createthefile/opt/apigee/etc/edgerouter.d/RUN_USER.sh.
2. Addthefollowingentrytothefile:
RUN_USER=root
IfyoudonotwanttoruntheRouterasroot,specifyauserwithaccesstotheport.
3. Savethefile.
4. Ifyouspecifiedauserotherthanroot,changetheownerofthefiletothatuser:
>chownUSER
:USER
/opt/apigee/etc/edgerouter.d/RUN_USER.sh
5. Restartrouter:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
Specifyingthecomponentstoinstall
Thefollowingtableliststheoptionsyoupasstothepoptionoftheapigeeserviceutilitytospecifywhich
componentstoinstallonthenode:
Componen
t
Description
c
InstallCassandraonly.
ld
InstallOpenLDAPonly.
ms
InstallEdgeManagementServer,whichalsoinstallstheEdgeUIandOpenLDAP.
IfyousetUSE_LDAP_REMOTE_HOST=yintheconfigfile,thenOpenLDAP
installationisskippedandtheManagementServerusesOpenLDAPinstalledona
differentnode.
r
InstallEdgeRouteronly.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage55
mp
InstallEdgeMessageProcessoronly.
rmp
InstallEdgeRouterandMessageProcessor.
qs
InstallQpidServeronly.
ps
InstallPostgresServeronly.
mo
InstallMonetization.
ds
InstallZooKeeperandCassandra.
ui
InstalltheEdgeUI.
sa
InstallEdgestandalone,meaningCassandra,ZooKeeper,ManagementServer,
OpenLDAP,EdgeUI,Router,andMessageProcessor.ThisoptionomitstheEdge
analyticscomponents:QpidandPostgres.
Usethisoptionfordevelopmentandtestingonly,notforproduction.
sax
Installanalyticscomponents,meaningQpidandPostgres.
Usethisoptionfordevelopmentandtestingonly,notforproduction.
aio
Installallcomponentsonasinglenode.
Usethisoptionfordevelopmentandtestingonly,notforproduction.
Creatingaconfigurationfile
TheconfigurationfilecontainsalltheinformationnecessarytoinstallEdge.Youcanoftenusethesame
configurationfiletoinstallallcomponentsinanEdgeinstallation.
However,youwillhavetousedifferentconfigurationfiles,ormodifyyourconfigurationfile,if:
● YouareinstallingmultipleOpenLDAPserversandneedtoconfigurereplicationaspartofa13node
installation.EachfilerequiresdifferentvaluesforLDAP_SIDandLDAP_PEER.
● Youarecreatingmultipledatacentersaspartofa12nodeinstallation.Eachdatacenterrequires
differentsettingsforpropertiessuchasZK_CLIENT_HOSTSandCASS_HOSTS.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage56
Exampleconfigurationfile
Shownbelowisanexampleofacompletesilentconfigurationfilefora9nodeEdgeinstallation.Editthisfileas
necessaryforyourconfiguration.Usethefoptiontosetup.shtoincludethisfile.Alsoshownbeloware
exampleconfigurationfilesforeachEdgetopology.
Note:ThedefinitionoftheIP#variablesfortheRouter,MessageProcessor,Qpid,andPostgresnodesarefor
illustratingthenodeconfiguration;theyarenotactuallyused.
#IPaddressorDNSnameofnodes.
IP1=192.168.1.1#ManagementServer,OpenLDAP,UI,ZooKeeper,Cassandra
IP2=192.168.1.2#ZooKeeper,Cassandra
IP3=192.168.1.3#ZooKeeper,Cassandra
IP4=192.168.1.4#Router,MessageProcessor
IP5=192.168.1.5#Router,MessageProcessor
IP6=192.168.1.6#Qpid
IP7=192.168.1.7#Qpid
IP8=192.168.1.8#Postgres
IP9=192.168.1.9#Postgres
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1or
localhost.
HOSTIP=$(hostnamei)
#SetEdgesysadmincredentials.
ADMIN_EMAIL=your@email.com
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
#LocationofEdgelicensefile.
LICENSE_FILE=/tmp/license.txt
#ManagementServerinformation.
MSIP=$IP1 #IPorDNSnameofManagementServernode.
#SpecifytheporttheManagementServerlistensonforAPIcalls.
#APIGEE_PORT_HTTP_MS=8080 #Defaultis8080.
#
#OpenLDAPinformation.
#
#SettoyifyouareconnectingtoaremoteLDAPserver.
#Ifn,EdgeinstallsOpenLDAPwhenitinstallstheManagementServer.
USE_LDAP_REMOTE_HOST=n
#IfconnectingtoremoteOpenLDAPserver,specifytheIP/DNSnameandport.
#LDAP_HOST=$IP1 #IPorDNSnameofOpenLDAPnode.
#LDAP_PORT=10389 #Defaultis10389.
APIGEE_LDAPPW=yourLdapPassword
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage57
#SpecifyOpenLDAPwithoutreplication,1,orwithreplication,2.
LDAP_TYPE=1
#Setonlyifusingreplication.
#LDAP_SID=1 #UniqueIDforthisLDAPserver.
#LDAP_PEER= #IPorDNSnameofLDAPpeer.
BIND_ON_ALL_INTERFACES=y
#TheMessageProcessorandRouterpod.
MP_POD=gateway
#Thenameoftheregion,correspondingtothedatacentername.
REGION=dc1 #Usedc1unlessinstallingina
#multidatacenterenvironment.
#ZooKeeperinformation.
#Seetablebelowifinstallinginamultidatacenterenvironment.
ZK_HOSTS="$IP1$IP2$IP3" #IP/DNSnamesofallZooKeepernodes.
ZK_CLIENT_HOSTS="$IP1$IP2$IP3" #IP/DNSnamesofallZooKeepernodes.
#Cassandrainformation.
CASS_CLUSTERNAME=Apigee #DefaultnameisApigee.
#IPorDNSnamesoftheCassandrahostsseparatedbyspaces.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
#SettoenableCassandraauthentication.
#CASS_AUTH=y #Thedefaultvalueisn.
#Cassandrauname/pwordrequiredifyouenabledCassandraauthentication.
#CASS_USERNAME=
#CASS_PASSWORD=
#OptionallyusetoenablePostgresmasterstandbyreplication.
#PG_MASTER=IPorDNSofNewMaster
#PG_STANDBY=IPorDNSofOldMaster
#SMTPinformation.
SKIP_SMTP=n #Skipnowandconfigurelaterbyspecifying"y".
SMTPHOST=smtp.gmail.com
SMTPUSER=your@email.com
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y
SMTPPORT=465 #IfnoSSL,useadifferentport,suchas25.
Thefollowingtablecontainsadditionalinformationabouttheseproperties:
Property
Note
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage58
IP/DNSnames
Donotuseahostnamemappingto127.0.0.1oranIPaddress
of127.0.0.1whenspecifyingtheIPaddressofanode.
ADMIN_EMAIL
APIGEE_ADMINPW
Thesystemadministrator'spasswordmustbeatleast8
characterslongandcontainoneuppercaseletter,onelowercase
letter,onedigitoronespecialcharacter.Ifyouomitthe
password,youwillbepromptedforit.
LICENSE_FILE
Thelocationofthelicensefile,whichmustbeaccessibletothe
"apigee"user.Forexample,storeitinthe/tmpdirectoryand
chmod777onthefile.ThefileiscopiedtotheEdgeinstallation
directory.
USE_LDAP_REMOTE_HOST
LDAP_HOST
LDAP_PORT
IfUSE_LDAP_REMOTE_HOSTisn,Edgeautomaticallyinstalls
OpenLDAPwhenitinstallstheManagementServer.
SetUSE_LDAP_REMOTE_HOSTtoyifyouareconnectingtoa
remoteLDAPserver.OpenLDAPisnotinstalledwiththe
ManagementServer.
IfyouareconnectingtoaremoteOpenLDAPserver,use
LDAP_HOST
andLDAP_PORTtospecifytheIPaddressorDNSnameandport
numberofthehost.
LDAP_TYPE
LDAP_SID
LDAP_PEER
SetLDAP_TYPE=1forOpenLDAPwithnoreplication.
LDAP_TYPE=2correspondstoOpenLDAPwithreplication.
IfyourEdgetopologyusesasingleOpenLDAPserver,specify1.
IfyourEdgeinstallationusesmultipleOpenLDAPnodes,suchas
ina13nodeproductioninstallation,specify2.
Ifyouenablereplication,setthefollowingproperties:
●LDAP_SID=1UniqueIDforthisLDAPserver.Each
LDAPnodeusesadifferentID.Forexample,setto2for
LDAPpeer.
●LDAP_PEER=10.0.0.1IPorDNSnameofLDAP
peer.
BIND_ON_ALL_INTERFACES
Ifsetto"y"thentheRouter/MessageProcessorbind(listen)on
allinterfaces(IPs).Ifsetto“n”thentheRouter/Message
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage59
Processorbind(listen)onaspecificinterface,theIPreturnedby
the"hostnamei"command).
MP_POD
SpecifythenameoftheMessageProcessorandRouterpod.By
default,thenameisgateway.
REGION
Regionname.Byconvention,namesaretypicallyintheform
dc#where#correspondstoanintegervalue.Forexample,dc1,
dc2,etc.Youcanusedc1unlessinstallinginamultidata
centerenvironment.
Inamultipledatacenterinstallation,thevalueisdc1,ordc2,
etc.dependingonwhichdatacenteryouareinstalling.However,
youarenotrestrictedtousingonlynamesintheformdc#.You
canuseanynamefortheregion.
ZK_HOSTS
TheIPaddressesorDNSnamesoftheZooKeepernodes.The
IPaddressesorDNSnamesmustbelistedinthesameorderon
allZooKeepernodes.
Inamultidatacenterenvironment,listallZooKeepernodesfrom
bothdatacenters.
Specifythe“:observer”modifieronZooKeepernodesonlywhen
creatingmultipledatacentersasdescribedina12host
installation.Inasingledatacenterinstallation,omitthatmodifier.
See12hostclusteredinstallationformore.
ZK_CLIENT_HOSTS
TheIPaddressesorDNSnamesoftheZooKeepernodesused
bythisdatacenter.TheIPaddressesorDNSnamesmustbe
listedinthesameorderonallZooKeepernodes.
Inasingledatacenterinstallation,thesearethesamenodesas
specifiedbyZK_HOSTS.
Inamultidatacenterenvironment,listonlytheZooKeepernodes
inthisdatacenter.See12hostclusteredinstallationformore.
CASS_HOSTS
TheIPaddressesorDNSnamesoftheCassandranodes.The
firsttwonodeswillbeusedasseedservers.TheIPaddressesor
DNSnamesmustbelistedinthesameorderonallCassandra
nodes.
Cassandranodescanhaveanoptional“:dc,ra”suffixthat
specifiesthedatacenterandrackoftheCassandranode.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage60
Specifythismodifieronlywhencreatingmultipledatacentersas
describedina12hostinstallation.Inasingledatacenter
installation,omitthatmodifier.
Forexample'192.168.124.201:1,1=datacenter1and
rack/availabilityzone1,and'192.168.124.204:2,1=datacenter2
andrack/availabilityzone1.
Inamultidatacenterenvironment,toovercomefirewallissues,
CASS_HOSTShavetobeorderedinamanner(asshownin
aboveexample)suchthatthenodesofthecurrentdatacenter
areplacedatthebeginning.See12hostclusteredinstallationfor
more.
CASS_AUTH
CASS_USERNAME
CASS_PASSWORD
IfyouenableCassandraauthentication,CASS_AUTH=y,youcan
passtheCassandrausernameandpasswordbyusingthese
properties.
PG_MASTER
PG_STANDBY
SettoenablePostgresmasterstandbyreplication,intheform:
PG_MASTER=IPorDNSofNewMaster
PG_STANDBY=IPorDNSofOldMaster
SKIP_SMTP
SMTPHOST
SMTPUSER
SMTPPASSWORD
SMTPSSL
SMTPPORT
ConfigureSMTPsoEdgecansendemailsforlostpasswords
andothernotifications.
IfSMTPusercredentialsarenotrequired,omitSMTPUSERand
SMTPPASSWORD.
Orderofcomponentinstallation
Theorderofcomponentinstallationisbasedonyourdesiredtopology.
Alloftheinstallationexampleshownbelowassumethatyouareinstalling:
● WithCassandraauthenticationdisabled(default).SeeEnableCassandraauthenticationformore.
● WithPostgresmasterstandbyreplicationdisabled(default).SeeSetupMasterStandbyReplicationfor
Postgresformore.
Note:YoumustdisableSELinuxorsetittopermissivemodebeforeyouinstallEdgecomponents.See
Prerequisite:DisableSELinuxformore.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage61
Note:TheInstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.
Installationlogfiles
Bydefault,thesetup.shutilitywritesloginformationabouttheinstallationto:
/opt/apigee/var/log/apigeesetup/setup.log
Iftheuserrunningthesetup.shutilitydoesnothaveaccesstothatdirectory,itwritesthelogtothe/tmp
directoryasafilenamedsetup_username
.log.
Iftheuserdoesnothaveaccessto/tmp,thesetup.shutilityfails.
AllinoneInstallation
Note:SeeavideoofanEdgeallinoneinstallhere.
1. Installallcomponentsonasinglenodeusingthecommand:
>/opt/apigee/apigeesetup/bin/setup.shpaiofconfigFile
2. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
4. TesttheinstallationasdescribedatTesttheinstall.
5. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IP1=IPorDNSnameOfNode
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1"
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage62
ZK_CLIENT_HOSTS="$IP1"
CASS_HOSTS="$IP1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
2hoststandaloneinstallation
1. InstallStandaloneGatewayandnode1
>/opt/apigee/apigeesetup/bin/setup.shpsafconfigFile
2. Onnode1:
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
3. InstallAnalyticsonnode2:
>/opt/apigee/apigeesetup/bin/setup.shpsaxfconfigFile
4. TesttheinstallationasdescribedatTesttheinstall.
5. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IP1=IPorDNSnameOfNode1
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.tx
t
MSIP=$IP1
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage63
REGION=dc1
ZK_HOSTS="$IP1"
ZK_CLIENT_HOSTS="$IP1"
CASS_HOSTS="$IP1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
5hostclusteredinstallation
1. InstallDatastoreclusteronnodes1,2and3:
>/opt/apigee/apigeesetup/bin/setup.shpdsfconfigFile
2. InstallManagementServeronnode1:
>/opt/apigee/apigeesetup/bin/setup.shpmsfconfigFile
3. Onnodes2and3:
a. InstallRouterandMessageProcessor:
>/opt/apigee/apigeesetup/bin/setup.shprmpfconfigFile
b. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
4. InstallAnalyticsonnode4and5:
>/opt/apigee/apigeesetup/bin/setup.shpsaxfconfigFile
5. TesttheinstallationasdescribedatTesttheinstall.
6. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage64
IP3=IPorDNSnameOfNode3
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2
$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
9hostclusteredinstallation
1. InstallDatastoreClusterNodeonnode1,2and3:
>/opt/apigee/apigeesetup/bin/setup.shpdsfconfigFile
2. InstallApigeeManagementServeronnode1:
>/opt/apigee/apigeesetup/bin/setup.shpmsfconfigFile
3. Onnodes4and5:
a. InstallRouterandMessageProcessor:
>/opt/apigee/apigeesetup/bin/setup.shprmpfconfigFile
b. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage65
4. InstallApigeeAnalyticsQpidServeronnode6and7:
>/opt/apigee/apigeesetup/bin/setup.shpqsfconfigFile
5. InstallApigeeAnalyticsPostgresServeronnode8and9:
>/opt/apigee/apigeesetup/bin/setup.shppsfconfigFile
6. TesttheinstallationasdescribedatTesttheinstall.
7. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
IP3=IPorDNSnameOfNode3
IP8=IPorDNSnameOfNode3
IP9=IPorDNSnameOfNode3
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2
$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
SKIP_SMTP=n
#PG_MASTER=$IP8
#PG_STANDBY=$IP9
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage66
13hostclusteredinstallation
1. InstallDatastoreClusterNodeonnode1,2and3:
>/opt/apigee/apigeesetup/bin/setup.shpdsfconfigFile
2. InstallOpenLDAPonnode4and5:
>/opt/apigee/apigeesetup/bin/setup.shpldfconfigFile
3. InstallApigeeManagementServeronnode6and7:
>/opt/apigee/apigeesetup/bin/setup.shpmsfconfigFile
4.InstallApigeeAnalyticsPostgresServeronnode8and9:
>/opt/apigee/apigeesetup/bin/setup.shppsfconfigFile
5. Onnodes10and11:
a. InstallRouterandMessageProcessor:
>/opt/apigee/apigeesetup/bin/setup.shprmpfconfigFile
b. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. InstallApigeeAnalyticsQpidServeronnode12and13:
>/opt/apigee/apigeesetup/bin/setup.shpqsfconfigFile
7. TesttheinstallationasdescribedatTesttheinstall.
8. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology:
#Forallcomponentsexcept
OpenLDAP
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
IP3=IPorDNSnameOfNode3
IP4=IPorDNSnameOfNode4
IP5=IPorDNSnameOfNode5
#ForOpenLDAPonIP4andIP5
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
IP3=IPorDNSnameOfNode3
IP4=IPorDNSnameOfNode4
IP5=IPorDNSnameOfNode5
IP6=IPorDNSnameOfNode6
IP7=IPorDNSnameOfNode7
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage67
IP6=IPorDNSnameOfNode6
IP7=IPorDNSnameOfNode7
IP8=IPorDNSnameOfNode8
IP9=IPorDNSnameOfNode9
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
#FirstManagementServeronIP6
MSIP=$IP6
MSUM=1
USE_LDAP_REMOTE_HOST=y
LDAP_HOST=$IP4
LDAP_PORT=10389
#SecondManagementServeronIP7
#MSIP=$IP7
#USE_LDAP_REMOTE_HOST=y
#LDAP_HOST=$IP5
#LDAP_PORT=10389
#SamepasswordforbothOpenLDAPs.
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
#PG_MASTER=$IP8
#PG_STANDBY=$IP9
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
IP8=IPorDNSnameOfNode8
IP9=IPorDNSnameOfNode9
HOSTIP=$(hostnamei)
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
#FirstOpenLDAPServeronIP4
MSIP=$IP6
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=2
LDAP_SID=1
LDAP_PEER=$IP5
#SecondOpenLDAPServeronIP5
#MSIP=$IP17
#USE_LDAP_REMOTE_HOST=n
#LDAP_TYPE=2
#LDAP_SID=2
#LDAP_PEER=$IP4
#Setsamepasswordforboth
OpenLDAPs.
APIGEE_LDAPPW=secret
12hostclusteredinstallation
BeforeyouinstallEdgeona12hostclusteredtopology(twodatacenters),youmustunderstandhowtosetthe
ZooKeeperandCassandrapropertiesinthesilentconfigfile.
Note:Shownbelowisacompleteconfigfileforbothdatacenters.
● ZooKeeper
FortheZK_HOSTSpropertyforbothdatacenters,specifytheIPaddressesorDNSnamesofall
ZooKeepernodesfrombothdatacenters,inthesameorder,andmarkanynodeswiththewith
“:observer”modifier.Nodeswithoutthe“:observer”modifierarecalled"voters".Youmusthaveanodd
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage68
numberof"voters"inyourconfiguration.
Inthistopology,theZooKeeperhostonhost9istheobserver:
FortheZK_CLIENT_HOSTSpropertyforeachdatacenter,specifytheIPaddressesorDNSnamesof
onlytheZooKeepernodesinthedatacenter,inthesameorder,forallZooKeepernodesinthedata
center.Intheexampleconfigurationfileshownbelow,node9istaggedwiththe“:observer”modifierso
thatyouhavefivevoters:Nodes1,2,3,7,and8.
● Cassandra
AlldatacentersmusttohavethesamenumberofCassandranodes.
ForCASS_HOSTSforeachdatacenter,ensurethatyouspecifyallCassandraIPaddressesorDNS
namesforbothdatacenters.Fordatacenter1,listtheCassandranodesinthatdatacenterfirst.For
datacenter2,listtheCassandranodesinthatdatacenterfirst.ListtheCassandranodesinthesame
orderforallCassandranodesinthedatacenter.
AllCassandranodesmusthaveasuffix':<d>,<r>',forexample'<ip>:1,1=datacenter1and
rack/availabilityzone1and'<ip>:2,1=datacenter2andrack/availabilityzone1.
Forexample,"192.168.124.201:1,1192.168.124.202:1,1192.168.124.203:1,1192.168.124.204:2,1
192.168.124.205:2,1192.168.124.206:2,1"
Thefirstnodeinrack/availabilityzone1ofeachdatacenterwillbeusedastheseedserver.
Inthisdeploymentmodel,Cassandrasetupwilllooklikethis:
1. InstallDatastoreClusterNodeonnode1,2,3,7,8,and9:
>/opt/apigee/apigeesetup/bin/setup.shpdsfconfigFile
2. InstallApigeeManagementServerwithOpenLDAPreplicationonnode1and7:
>/opt/apigee/apigeesetup/bin/setup.shpmsfconfigFile
3. Onnodes2,3,8,and9:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage69
1. InstallRouterandMessageProcessor:
>/opt/apigee/apigeesetup/bin/setup.shprmpfconfigFile
2. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
4. InstallApigeeAnalyticsQpidServeronnode4,5,10,and11:
>/opt/apigee/apigeesetup/bin/setup.shpqsfconfigFile
5. InstallApigeeAnalyticsPostgresServeronnode6and12:
>/opt/apigee/apigeesetup/bin/setup.shppsfconfigFile
6. TesttheinstallationasdescribedatTesttheinstall.
7. OnboardyourorganizationasdescribedatOnboardanorganization.
Shownbelowisasilentconfigurationfileforthistopology.Noticethatthisconfigfile:
● ConfiguresOpenLDAPwithreplicationacrosstwoOpenLDAPnodes.
● Specifiesthe“:observer”modifierononeZooKeepernode.Inasingledatacenterinstallation,omitthat
modifier.
#Datacenter1
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
IP3=IPorDNSnameOfNode3
IP7=IPorDNSnameOfNode7
IP8=IPorDNSnameOfNode8
IP9=IPorDNSnameOfNode9
HOSTIP=$(hostnamei)
MSIP=$IP1
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=2
LDAP_SID=1
LDAP_PEER=$IP7
#Datacenter2
IP1=IPorDNSnameOfNode1
IP2=IPorDNSnameOfNode2
IP3=IPorDNSnameOfNode3
IP7=IPorDNSnameOfNode7
IP8=IPorDNSnameOfNode8
IP9=IPorDNSnameOfNode9
HOSTIP=$(hostnamei)
MSIP=$IP7
ADMIN_EMAIL=opdk@apigee.com
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=2
LDAP_SID=2
LDAP_PEER=$IP1
APIGEE_LDAPPW=secret
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage70
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway1
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3$IP7$IP8
$IP9:observer"
ZK_CLIENT_HOSTS="$IP1$IP2$IP3"
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1
$IP7:2,1$IP8:2,1$IP9:2,1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway2
REGION=dc2
ZK_HOSTS="$IP1$IP2$IP3$IP7$IP8
$IP9:observer"
ZK_CLIENT_HOSTS="$IP7$IP8$IP9"
CASS_HOSTS="$IP7:2,1$IP8:2,1$IP9:2,1
$IP1:1,1$IP2:1,1$IP3:1,1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
SMTPUSER=smtp@example.com
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage71
Testtheinstall
Apigeeprovidestestscriptsthatyoucanusetovalidateyourinstallation.
Runthevalidationtests
EachstepofthevalidationtestingprocessreturnsanHTTP20Xresponsecodeforasuccessfultest.
Torunthetestscripts:
1. InstallapigeevalidateonaManagementServernode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall
2. RunthesetupcommandonaManagementServernodetoinvokethetestscripts:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatesetupf
configFile
TheconfigFile
filemustcontainthefollowingproperty:
APIGEE_ADMINPW=sysAdminPword
Ifomitted,youwillbepromptedforthepassword.
Bydefault,theapigeevalidateutilitycreatesavirtualhostontheRouterthatusesport59001.If
thatportisnotopenontheRouter,youcanoptionallyincludetheVHOST_PORTpropertyintheconfig
filetosettheport.Forexample:
VHOST_PORT=9000
3. Thescriptthendoesthefollowing:
a. Createsanorganizationandassociatesitwiththepod.
b. CreatesanenvironmentandassociatestheMessageProcessorwiththeenvironment.
c. Createsavirtualhost.
d. Importsasimplehealthcheckproxyanddeploystheapplicationtothe“test”environment.
e. ImporttheSmartDocsproxy.
f. Executesthetesttomakesureeverythingisworkingasexpected.
Asuccessfultestreturnsthe20XHTTPresponse.
Toremovetheorganization,environmentandotherartifactscreatedbythetestscripts:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage72
1. Runthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatecleanf
configFile
whereconfigFile
isthesamefileyouusedtorunthetests.
Note:Ifyougeterrorsfromthetestingandthetroubleshootingmethodology,contactApigeeSupport
andprovidetheerrorlog.
Verifypodinstallation
NowthatyouhaveinstalledtheApigeeAnalytics,itisrecommendedthatyouperformfollowingbasicbut
importantvalidation:
1. VerifythattheManagementServerisinthecentralPOD.OnManagementServer,runthefollowing
CURLcommand:
curlusysAdminEmail:password
http://localhost:8080/v1/servers?pod=central
Youshouldseeoutputintheform:
[{
"internalIP":"192.168.1.11",
"isUp":true,
"pod":"central",
"reachable":true,
"region":"dc1",
"tags":{
"property":[]
},
"type":["applicationdatastore","schedulerdatastore",
"managementserver","authdatastore","apimodeldatastore",
"usersettingsdatastore","auditdatastore"],
"uUID":"d4bc87c62baf457598aa88c37b260469"
},{
"externalHostName":"localhost",
"externalIP":"192.168.1.11",
"internalHostName":"localhost",
"internalIP":"192.168.1.11",
"isUp":true,
"pod":"central",
"reachable":true,
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage73
"region":"dc1",
"tags":{
"property":[{
"name":"started.at",
"value":"1454691312854"
},...]
},
"type":["qpidserver"],
"uUID":"9681202c8c6e4da1b59b23e3ef092f34"
}]
2. VerifythattheRouterandMessageProcessorareingatewayPOD.OnManagementServer,runthe
followingCURLcommand:
curlusysAdminEmail:password
http://localhost:8080/v1/servers?pod=gateway
YouseeoutputsimilartothecentralpodbutfortheRouterandMessageProcessor.
3. VerifythatPostgresisintheanalyticsPOD.OnManagementServer,runthefollowingCURL
command:
curlusysAdminEmail:password
http://localhost:8080/v1/servers?pod=analytics
YouseeoutputsimilartothecentralpodbutforPostgres.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage74
Onboardanorganization
Usethesetuporgcommandtoperformtheonboardingprocess.Youmustrunthecommandonthe
ManagementServernode.
Aspartoftheonboardingprocess,thescript:
● Optionallycreatesanewusertofunctionastheorganizationadministrator.
● Createstheorganization.
● Addsthespecifieduserastheorgadmin.Theusermustalreadyexist;otherwisethescriptissuesan
error.
● Associatestheorganizationwithapod,bydefaultisassociatesitwiththe"gateway"pod.
● Createanenvironment.
● Createavirtualhostfortheenvironment.
● AssociatetheenvironmentwithallMessageProcessor(s).
● Enablesanalytics.
Note:Youcannotcreatetwoorganizationswiththesamename.Inthatcase,thesecondcreatewillfail
Silentconfigurationfileforonboarding
Passaconfigurationfiletothesetuporgcommand.Invokethesetuporgcommandandspecifythef
option,includingthepathtothesilentconfigurationfile:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisionsetuporgf
/tmp/configFile
Theonlyrequirementonsilentinstallationsisthattheconfigurationfilemustbeaccessibleorreadablebythe
"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenode.
Shownbelowisanexamplesilentconfigurationfile.Edititasnecessaryforyourrequirements:
IP1=192.168.1.1
#SpecifytheIPorDNSnameoftheManagementServer.
MSIP="$IP1"
#SpecifytheEdgeadmincredentials.
ADMIN_EMAIL="admin@email.com"
APIGEE_ADMINPW=adminPassword #Ifomitted,youarepromptedforit.
#Specifyorganizationnameandadministrator.
ORG_NAME=myorg#lowercaseonly,nospaces,underscores,orperiods.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage75
#
#Settheorganizationadministrator.
#Donotusesysadminasorganizationadministrator.
#
#Createanewuserfortheorganizationadministrator.
NEW_USER="y"
#NewuserinformationifNEW_USER="y".
USER_NAME=new@user.com
FIRST_NAME=new
LAST_NAME=user
USER_PWD="newUserPword"
ORG_ADMIN=new@user.com
#Specifyanexistinguserastheorganizationadmin,
#omitUSER_NAME,FIRST_NAME,LAST_NAME,USER_PWD.
#NEW_USER="n"
#ORG_ADMIN=existing@user.com
#Specifyenvironmentname.
ENV_NAME=prod
#Specifyvirtualhostinformation.
VHOST_PORT=9001
VHOST_NAME=default
#IfyouhaveaDNSentryforthevirtualhost.
VHOST_ALIAS=myorgtest.apigee.net
#IfyoudonothaveaDNSentryforthevirtualhost,
#specifytheIPandportofeachrouterasaspaceseparatedlist:
#VHOST_ALIAS="firstRouterIP:9001secondRouterIP:9001"
#OptionallyconfigureSSLforvirtualhost.
#VHOST_SSL=y#Setto"y"toenableSSLonthevirtualhost.
#KEYSTORE_JAR=#JARfilecontainingthecertandprivatekey.
#KEYSTORE_NAME=#Nameofthekeystore.
#KEYSTORE_ALIAS=#Thekeyalias.
#KEY_PASSWORD=#Thekeypassword,ifithasone.
#Specifytheanalyticsgroup.
#AXGROUP=axgroup001 #Defaultnameisaxgroup001.
Notes:
● ForVHOST_ALIAS,ifyoualreadyhaveaDNSrecordthatyouwillusetoaccesstothevirtualhost,
specifythehostaliasandoptionallytheport,forexample,“myapi.example.com”.
IfyoudonotyethaveaDNSrecord,seeSettingupavirtualhostformoreinformation.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage76
● ForSSLconfiguration,seeKeystoresandTruststoresandConfiguringSSLaccesstoanAPIforthe
PrivateCloudformoreinformationoncreatingtheJARfile,andotheraspectsofconfiguringSSL.
Onboarding
1. InstallapigeeprovisionontheManagementServernode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisioninstall
2. RunthecommandontheManagementServernode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisionsetuporg
fconfigFile
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
OnboardingVerification
Oncompletionofonboarding,verifythestatusofthesystembyissuingthefollowingCURLcommandsonthe
ManagementServernode.
1. CheckforuserandorganizationstatusontheManagementServerbyissuingthefollowingCURL
commands:
>curlu<adminEmail>:<adminpasswd>http://localhost:8080/v1/users
>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations
>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations/<orgname>/deployments
2. Ifyouenabledanalytics,thenusethiscommand:
>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations/<orgname>/environments/<envname>/pr
ovisioning/axstatus
3. YoucanalsocheckthePostgreSQLdatabasestatusbyrunningthefollowingcommandonMachine2
tostartpsql:
>psqlh/opt/apigee/var/run/apigeepostgresqlUapigeeapigee
Atthecommandprompt,enterthefollowingcommandtoviewtheanalyticstableforyourorganization:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage77
apigee=#:\danalytics."<orgname>.prod.fact"
Usethefollowingcommandtoexitpsql:
apigee=#\q
4. AccesstheApigeeEdgeuserinterfaceusingawebbrowser.Rememberthatyoualreadynotedthe
managementconsoleURLattheendoftheinstallation.
a. LaunchyourpreferredbrowserandentertheURLoftheEdgeUI.Itlookssimilartothe
following,wheretheIPaddressisforMachine1,orforwhichevermachineyouinstalledtheUI
onforalternativeconfigurations:
http://192.168.56.111:9000/login
9000istheportnumberusedbytheUI.Ifyouarestartingthebrowserdirectlyontheserver
hostingtheEdgeUI,thenyoucanuseaURLintheform:
http://localhost:9000/login
Note:Ensurethatport9000isopen.
b. Ontheconsoleloginpage,specifytheApigeesystemadminusername/password.
Note:Thisistheglobalsystemadministratorpasswordthatyouhavesetduringtheinstallation.
Alternately,youcan:
Signinastheorganizationadministratorthatyoucreatedabovewhencreatingtheorganization.
SignupforanewApigeeuseraccountandusethenewusercredentialtologin.
c. ClickSignIn,thebrowserredirectsto:
http://192.168.56.111:9000/platform/#/<orgname>/
andopensadashboardwhichallowsyoutoconfiguretheorganizationcreatedbefore(iflogged
inusingApigeeadmincredentials).
d. IfyouarenewtoEdge,youcannowcreateyourfirstAPIproxy.Formoreinformation,seethe
followingtutorials:
CreateyourAPI
CreateyourAPIinXML
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage78
EnableCassandraauthentication
Bydefault,Cassandrainstallswithoutauthenticationenabled.ThatmeansanyonecanaccessCassandra.You
canenableauthenticationafterinstallingEdge,oraspartoftheinstallationprocess.
IfyoudecidetoenableauthenticationonCassandra,itusesthefollowingdefaultcredentials:
● username='cassandra'
● password='cassandra'
Youcanusethisaccount,setadifferentpasswordforthisaccount,orcreateanewCassandrauser.Add,
remove,andmodifyusersbyusingtheCassandraCREATE/ALTER/DROPUSERstatements.
Formoreinformation,see
http://www.datastax.com/documentation/cql/3.0/cql/cql_reference/cqlCommandsTOC.html.
EnableCassandraauthenticationduringinstallation
YoucanenableCassandraauthenticationasinstalltime.However,whileyoucanenableauthenticationwhen
youinstallCassandra,youcannotchangethedefaultusernameandpassword.Youhavetoperformthatstep
manuallyafterinstallationofCassandracompletes.
Note:UsethisprocedurewheninstallingCassandrabyusingthe"pc","pds","psa",or"paio"options.
ToenableCassandraauthenticationatinstalltime,includetheCASS_AUTHpropertyintheconfigurationfilefor
allCassandranodes:
CASS_AUTH=y #Thedefaultvalueisn.
ThefollowingEdgecomponentsaccessCassandra:
● ManagementServer
● MessageProcessors
● Routers
● Qpidservers
● Postgresservers
Therefore,whenyouinstallthesecomponents,youmustsetthefollowingpropertiesintheconfigurationfileto
specifytheCassandracredentials:
CASS_USERNAME=cassandra
CASS_PASSWORD=cassandra
TochangetheCassandracredentialsafterinstallingCassandra:
1. LogintoCassandrausingthecqlshtoolandthedefaultcredentials:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage79
>/opt/apigee/apigeecassandra/bin/cqlshcassIPcassPortucassandrap
cassandra
Where:
a. cassIPistheIPaddressoftheCassandranode.
b. cassPortistheCassandraport,whichbydefaultis9160.
c. Thedefaultuseriscassandra.
d. Thedefaultpasswordiscassandra.Ifyouchangedthepasswordpreviously,usethecurrent
password.
2. Runthefollowingcommandasthecqlsh>prompttoupdatethepassword:
cqlsh>ALTERUSERcassandraWITHPASSWORD'NEW_PASSWORD
';
3. Exitthecqlshtool:
cqlsh>exit
4. RepeatonallCassandranodes,ensuringthatyouusethesamepasswordonallnodes.
5. WheninstallingtheManagementServer,MessageProcessors,Routers,Qpidservers,andPostgres
servers,setthefollowingpropertiesintheconfigfile:
CASS_USERNAME=cassandra
CASS_PASSWORD=NEW_PASSWORD
ToenableCassandraauthenticationpostinstallation
Toenableauthentication:
● UpdateallEdgecomponentsthatconnecttoCassandrawiththeCassandrausernameandpassword.
● OnallCassandranodes,enableauthenticationandsettheusernameandpassword.
UsetheapigeeserviceutilitytoupdateallEdgecomponentsthatcommunicatewithCassandra:
1. OntheManagementServernode,runthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
store_cassandra_credentialsuCASS_USERNAME
pCASS_PASSWORD
Optionally,youcanpassafiletothecommandcontainingthenewusernameandpassword:
>apigeeserviceedgemanagementserverstore_cassandra_credentialsf
configFile
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage80
WheretheconfigFilecontainsthefollowing:
conf_credentials_cassandra.user=cassandra
conf_credentials_cassandra.password=CASS_PASSWROD
ThiscommandautomaticallyrestartstheManagementServer.
2. Repeatthisprocessonthe:
● AllMessageProcessors
● AllRouters
● AllQpidservers(edgeqpidserver)
● Postgresservers(edgepostgresserver)
OnallCassandranodes,enableauthenticationandsettheusernameandpassword:
1. LogintothefirstCassandranode.
2. Runthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeecassandra
enable_cassandra_authenticationey
ThiscommandenablesauthenticationandrestartsCassandra.
3. LogintoCassandrausingthecqlshtoolandthedefaultcredentials:
>/opt/apigee/apigeecassandra/bin/cqlshcassIPcassPortucassandrap
cassandra
Where
a. cassIPistheIPaddressoftheCassandranode.
b. cassPortistheCassandraport,whichbydefaultis9160.
c. Thedefaultuseriscassandra.
d. Thedefaultpasswordiscassandra.Ifyouchangedthepasswordpreviously,usethecurrent
password.
4. Runthefollowingcommandasthecqlsh>prompttoupdatethepassword:
cqlsh>ALTERUSERcassandraWITHPASSWORD'NEW_PASSWORD
';
5. Exitthecqlshtool:
cqlsh>exit
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage81
6.RepeatonallCassandranodes,ensuringthatyouusethesamepasswordonallnodes:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceapigeecassandra
restart
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage82
SetupMasterStandbyReplicationforPostgres
Bydefault,EdgeinstallsallPostgresnodesinmastermode.However,inmostproductionsystems,you
configurethemtousemasterstandbyreplicationsothatifthemasternodefails,thestandbynodecan
continuetoservertraffic.
Ifthemasternodeeverfails,youcanpromotethestandbyservertothemaster.Seethesection"Handlinga
PostgresSQLDatabaseFailover"intheEdgeOperationsGuide
formoreinformation.
ToconfigureMasterStandbyReplicationatinstalltime
Youcanconfiguremasterstandbyreplicationatinstalltimebyincludingthefollowingpropertiesintheconfig
fileforthetwoPostgresnodes:
PG_MASTER=IPorDNSofNewMaster
PG_STANDBY=IPorDNSofOldMaster
TheinstallerautomaticallyconfiguresthetwoPostgresnodetofunctionasmasterstandbywithreplication.
ToconfigureMasterStandbyReplicationafterinstallation
Youcanconfiguremasterstandbyreplicationafterinstallationbybyusingthefollowingprocedure:
1. IdentifywhichPostgrenodewillbethemasterandwhichwillbethestandbyserver.
2. Onthemasternode,edittheconfigfiletoset:
PG_MASTER=IPorDNSofNewMaster
PG_STANDBY=IPorDNSofOldMaster
3. Enablereplicationonthenewmaster:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
setupreplicationonmasterfconfigFIle
4. Onthestandbynode,edittheconfigfiletoset:
PG_MASTER=IPorDNSofNewMaster
PG_STANDBY=IPorDNSofOldMaster
5. Stopthestandbynode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresqlstop
6. Onthestandbynode,deleteanyexistingPostgresdata:
>rmrf/opt/apigee/data/apigeepostgresql/
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage83
Note:Ifnecessary,youcanbackupthisdatabeforedeletingit.
7. Configurethestandbynode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
setupreplicationonstandbyfconfigFile
TestMasterStandbyReplication
Oncompletionofreplication,verifythereplicationstatusbyissuingthefollowingscriptsonbothservers.The
systemshoulddisplayidenticalresultsonbothserverstoensureasuccessfulreplication:
1. Onthemasternode,run:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
postgrescheckmaster
Validatethatitsaysitisthemaster.
2. Onthestandbynode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
postgrescheckstandby
Validatethatitsaysitisthestandby.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage84
InstallSmartDocs
SmartDocsisinstalledautomaticallywhenyouinstallandruntheinstallationtestscriptsdescribedinTestthe
install.Aspartofrunningthetestscripts,yourunthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatesetup
ThiscommandinstallsSmartDocsaspartofrunningthetests.
TotestthatSmartDocsisinstalled,confirmthatthesmartdocs.zipfileislocatedinthefollowingdirectory:
/opt/apigee/apigeevalidate/bundles/
OrrunthefollowingAPIcallontheManagementServernode:
>curlvuadminEmail:adminPword
0:8080/v1/o/VALIDATE/apis
ThiscommandshouldreturnthefollowingifSmartDocsisinstalled:
["smartdocs","passthrough"]
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage85
7hostand10hostAPIBaaSInstallation
Note:TheInstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.
UsingaLoadBalancer
AproductioninstallationofAPIBaaSusesaloadbalancerbetweentheAPIBaaSPortalnodeandAPIBaaS
Stacknodes.WhenconfiguringthePortal,youspecifytheIPaddressorDNSnameoftheloadbalancer,not
oftheStacknodes.
Asanalternativetoaloadbalancer,youcoulduseroundrobinDNS.Inthisscenario,youcreateaDNSentry
withmultipleArecordscorrespondingtoBaaSstackIPaddresses.DuringaDNSlookup,theDNSserver
automaticallyreturnsArecordvaluesinaroundrobinfashion.
Note:APIBaaStestinganddevelopmentenvironmentscaninstallallcomponentsonasinglenode,orwitha
singleAPIBaaSStacknode.IfyourinstallationusesasingleAPIBaaSStacknode,theloadbalancerisnot
requiredandyoucanspecifytheIPaddressorDNSnameoftheAPIBaaSStackwhenconfiguringthePortal.
ConnectingtoCassandra
WhileyoucanconnectAPIBaaSandEdgetothesameCassandracluster,Apigeerecommendsthatyouuse
separateclusters.SeparateclustersmaximizeperformanceifyouareexperiencinghightrafficloadsonAPI
BaaS.
Datesynchronization
Youmusthavethedate/timeonallserverssynchronized.Ifnotalreadyconfigured,‘ntpdate’utilitycouldserve
thispurpose,whichverifieswhetherserversaretimesynchronized.Youcanuse“yuminstallntp”to
installtheutility.
Tomcatsecurity
TheAPIBaaSinstalleralsoinstallstheApacheTomcatserveronallAPIBaaSStacknodes,includingthe
TomcatadministratorUI.Theinstallerleavesthedefaultadministratorcredentialsunchangedfrom
admin:admin.
Ifnecessary,youcanchangethesecredentialsaspartofsecuringTomcat.Formoreinformation,see:
●https://tomcat.apache.org/tomcat7.0doc/managerhowto.html
●https://www.owasp.org/index.php/Securing_tomcat
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage86
Installationoverview
AfteryouinstalltheEdgetheapigeesetuputilityonanode,usethatutilitytoinstalloneormoreBaaS
componentsonthenode.Theapigeesetuputilityhastheform:
>sudo/opt/apigee/apigeesetup/bin/setup.shpcomponent
fconfigFile
Passaconfigurationfiletotheapigeesetuputilitythatcontainstheinformationabouttheinstallation.Ifthe
configurationfileismissinganyrequiredinformation,theapigeesetuputilitypromptsyoutoenteritonthe
commandline.
Theonlyrequirementisthattheconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.For
example,putthefileinthe/tmpdirectoryonthenode.
Forexample,usethefollowingcommandtoinstalltheAPIBaaSStack:
>sudo/opt/apigee/apigeesetup/bin/setup.shpbfmyConfig
TheApigeesetup.shutilitysupportsseveraloptionsforinstallingAPIBaaScomponents.Theinstructions
belowusethestandaloneoptions(c,e,b,andp)butyoucanusedifferentoptionsbasedonyournode
configuration:
Optio
n
Description
e
InstallElasticSearchonly.
b
InstallAPIBaaSStackonly,whichalsoinstallsTomcat.
p
InstallAPIBaaSPortalonly,whichalsoinstallstheNginxroutertobeusedasaweb
server.
c
InstallCassandraonly.
eb
InstallElasticSearch,APIBaaSStack,andTomcatonthenode.
ebp
InstallElasticSearch,APIBaaSPortal,APIBaaSStack,andTomcat.Theportalisso
lightweightnoadditionalresourcesneededforthis.
asa
InstallallAPIcomponentsonasinglenode(Cassandra,Elasticsearch,APIBaaSStack,
andAPIBaaSPortal).Usethisoptionfordevelopmentandtestingonly,notfor
production.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage87
Creatingasilentconfigurationfile
Shownbelowisanexamplesilentconfigurationfilefora10nodeAPIBaaSinstallation.Editthisfileas
necessaryforyourconfiguration.Usethefoptiontosetup.shtoincludethisfile.
#SpecifyIPaddressorDNSnameofnode.
IP1=192.168.1.1#ElasticSearch
IP2=192.168.1.2#ElasticSearch
IP3=192.168.1.3#ElasticSearch
IP4=192.168.1.4#APIBaaSStack
IP5=192.168.1.5#APIBaaSStack
IP6=192.168.1.6#APIBaaSStack
IP7=192.168.1.7#APIBaaSPortal
IP8=192.168.1.8#Cassandra(sharedwithEdgeorstandalone)
IP9=192.168.1.9#Cassandra(sharedwithEdgeorstandalone)
IP10=192.168.1.10#Cassandra(sharedwithEdgeorstandalone)
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1orlocalhost.
HOSTIP=$(hostnamei)
#DefinetheAPIBaaSadministratoraccount.
AS_ADMIN="superuser" #Usernamedefaultis"superuser".
AS_ADMIN_EMAIL=stackAdmin@email.com
AS_PASSWD=stackAdminPWrod
#OnlyifyouareinstallingCassandra.
#SpecifyCassandraconfigurationinformation.
#CASS_HOSTS="$IP8:1,1$IP9:1,1$IP10:1,1"
#IfconnectingtoexistingCassandranodes,
#specifyCassandraIPs.
CASS_HOSTS="$IP8$IP9$IP10"
#Cassandrauname/pword.
#EvenifCassandraauthenticationisdisabled,
#youmuststillpassvaluesfortheseproperties.
CASS_USERNAME=cassandra #Defaultvalue
CASS_PASSWORD=cassandra #Defaultvalue
#SpecifyBaaSCassandraconnectioninformation.
#Specifythedatacentername.
BAAS_CASS_LOCALDC=dc1 #Defaultisdc1.
#Replicationisintheform"dataCenterName:#CassandraNodes".
#Forexample,fordc1withthreeCassandranodes,itisdc1:3.
BAAS_CASS_REPLICATION=dc1:3
#ElasticSearchIPsorDNSnames,separatedbyspaces.
ES_HOSTS="$IP1$IP2$IP3"
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage88
#APIBaaSStackinformation.
#Defaultclusternameis"apigee_baas"
BAAS_USERGRID_CLUSTERNAME="apigee_baas"
#URLandportoftheloadbalancerfortheAPIBaaSStacknodes,
#orIP/DNSandport8080ofasingleStacknodewithnoloadbalancer.
BAAS_USERGRID_URL=http://myloadbalancer:8443
#APIBaaSPortalinformation.
#URLandportnumberofloadbalancer,ifthereisoneinfrontofthePortal,
#ortheURLandportofthePortalnode.
BAAS_PORTAL_URL="http://$IP7:9000"
#Portalport.Defaultvalueis9000.
BAAS_PORTAL_LISTEN_PORT=9000
#SMTPinformation.BaaSrequiresanSMTPserver.
SMTPHOST=smtp.gmail.com
SMTPPORT=465
SMTPUSER=your@email.com
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y
Thefollowingtablecontainsadditionalinformationabouttheseproperties:
Property
Note
CASS_HOSTS
IfyouareinstallingCassandra,specifytheCassandranodeIPsand
includethe“:dc,ra”modifierthatspecifythedatacenterandrackof
theCassandranode.
Forexample'192.168.124.201:1,1=datacenter1and
rack/availabilityzone1,and'192.168.124.204:2,1=datacenter2and
rack/availabilityzone1.
CASS_USERNAME
CASS_PASSWORD
Cassandrausernameandpassword.
IfCassandraauthenticationisdisabled,youstillhavetopassthese
values.However,thevaluesareignored.
BAAS_CASS_LOCALDC
Theregionnamesmustbeintheformdc#where#correspondsto
anintegervalue.
Forexample,dc1,dc2,etc.IfyouareconnectingtoaCassandra
clusterinstalledwithEdge,youcanasktheEdgesystem
administratorforthisvalue.InanEdgesingledatacenterinstallation,
thedefaultvalueisdc1.
IfyouinstalledCassandraaspartofinstallingtheAPIBaaS,then
duringCassandrainstallationyouaddedthe“:dc,ra”modifiertothe
CassandraIPaddresses.Thefirstvalue"dc"isthedatacenter
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage89
number.Thedatacenternameisthestring"dc"withthedatacenter
numberasasuffix.
BAAS_CASS_REPLICATION
Theformatis"dataCenterName:#CassandraNodes".For
example,fordc1withthreeCassandranodes,itisdc1:3.
BAAS_USERGRID_URL
Inaproductionenvironment,thisistheURLandportoftheload
balancerthatisinfrontoftheAPIBaaSStacknodes,intheform:
http://myStackLoadBalancer:port
Inatestingordevelopmentenvironment,whereyouonlyhavea
singleAPIBaaSStacknode,thiscanbetheURLandportnumberof
anAPIBaaSStacknode,intheform:
http://stackIPorDNS:8080
TheportnumberfortheAPIBaaSStackserveris8080.
BAAS_PORTAL_URL
TheURLandportnumberoftheloadbalancer,ifthereisoneinfront
ofthePortal,intheform:
http://myPortalLoadBalancer:port
Ifthereisnoloadbalancer,theURLandportnumberofthePortal
node,intheform:
http://portalIPorDNS:9000
Bydefault,theportnumberfortheAPIBaaSPortalis9000.
BAAS_PORTAL_LISTEN_PORT
TheportnumberfortheAPIBaaSPortalserveris9000.Ifthisportis
notavailable,specifyadifferentport.
IfyouaresettingBAAS_PORTAL_URLtotheURLofthePortalnode,
theportnumbersmustbethesameforbothproperties.
OptionalInstallCassandra:Machine8,9,and10
WhileyoucanconnectAPIBaaStothesameCassandraclusterasusedbyEdge,Apigeerecommendsthat
youuseseparateclusters.
TheCassandraclustercanuseauthentication,orCassandraauthenticationcanbedisabled.SeeEnable
Cassandraauthenticationformore.
1. InstalltheEdgeapigeesetuputilityonthenodeusingtheinternetornoninternetprocedure.See
InstalltheEdgeapigeesetuputilityformore.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage90
2. Atthecommandprompt,runthesetupscript:
>/opt/apigee/apigeesetup/bin/setup.shpcfconfigFile
The“pc”optionspecifiestoinstallCassandra.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
Theconfigurationsuccessfullycompletesthedatastoresetuponthenode.
NotethatJMXisenabledbydefaultforCassandra.TheJMXremoteaccesstoCassandradoesnotrequirea
password.YoucanconfigureCassandratouseauthenticationforJMX.Formore,see
http://docs.apigee.com/apiservices/latest/howmonitor.
SetupCassandracronjob
SetupacronjobthatusesnodetooltoflushforlockstoruneveryhouroneveryCassandranode.
Note:Thisstepisrequired.YoumustsetupthiscronjobonCassandranodesevenifyouareconnectingto
CassandranodesonanEdgeinstallation.
IfyouhavemultipleCassandranodes,offsetthecronjoboneachserverbyfiveminutessothatallnodesdo
notflushatthesametime.
Thecronjobmustexecutethefollowingcommand:
/opt/apigee/apigeecassandra/bin/nodetoolhIP_address
flushApigee_Baas_Locks
whereIP_address
istheIPaddressoftheCassandranode.
InstallElasticSearch:Machine1,2,and3
Note:IfyouareinstallingElasticSearchandtheAPIBaaSStackonthesamenode,youcanusethe"peb"
optiontothesetuputilitytoinstallthembothatthesametime.
ToinstalltheElasticSearch:
1. InstalltheEdgeapigeesetuputilityonthenodeusingtheinternetornoninternetprocedure.See
InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:
>/opt/apigee/apigeesetup/bin/setup.shpefconfigFile
The“pe”optionspecifiestoinstallElasticSearch.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage91
3. (Optional)IfyouinstallElasticSearchonastandalonenode,meaningitisnotinstalledwithAPIBaaS
Stack,thenadjustthedefaultmemoryoptiontoincreasethememoryallocatedforElasticSearchfrom
4GBto6GB:
a. Open/opt/apigee/customer/application/elasticsearch.propertiesinan
editor.Ifthisfiledoesnotexist,createit.
b. Setthesetenv_elasticsearch_max_mem_sizepropertyto6g(thedefaultis4g):
setenv_elasticsearch_max_mem_size=6g
c. Savethefile.
d. Runthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeelasticsearch
restart
Theconfigurationsuccessfullycompletesthesetuponthenode.
InstallAPIBaaSStack:Machine4,5,and6
Note:IfyouareinstallingElasticSearchandtheAPIBaaSStackonthesamenode,youcanusethe"peb"
optiontothesetuputilitytoinstallthembothatthesametime.
ToinstalltheAPIBaaSStack:
1. InstalltheEdgeapigeesetuputilityonthenodeusingtheinternetornoninternetprocedure.See
InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:
>/opt/apigee/apigeesetup/bin/setup.shpbfconfigFile
The“pb”optionspecifiestoinstallAPIBaaSStack.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
Aftertheinstallerfetchesthecorrectadmincredentials,itinstallsTomcat,createsAPIBaaSkeyspaces,and
setsuptheAPIBaaSStackontheserver.SMTPisalsoconfiguredtoallowtheUItosendpassword
confirmationemails.
InstallAPIBaaSPortal:Machine7
ToinstalltheAPIBaaSPortal:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage92
1. InstalltheEdgeapigeesetuputilityonthenodeusingtheinternetornoninternetprocedure.See
InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:
>/opt/apigee/setup/bin/setup.shppfconfigFile
The“pp”optionspecifiestoinstallAPIBaaSPortal.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
TheinstallerstartstheNginxwebserverandthenfinishestheAPIBaaSPortalconfiguration.
MakeanoteoftheAPIBaaSPortalURL.ThisistheURLyouenterintoabrowsertoaccesstheAPIBaaS
Portaluserinterface.
Onboardinganeworganization
Onboardingistheprocessofcreatinganorganizationandorganizationadministrator.Aftercreatingthe
organizationandorganizationadministrator,youcanlogintotheAPIBaaSPortalUIandmakerequeststothe
APIBaaSRESTAPI.
Whenyoucreateanorganization,theorganizatadministrator'semailaddress:
● Mustbedifferentfromthesystemadministrator'semailaddress.
● Mustbeuniqueamongallotherorganizations.Thatis,youcannotcreatetwoorganizationswiththe
sameemailaddressfortheorganizationadministrator.However,aftercreatingtheorganization,you
canaddadditionaladministratorsthatcanbeduplicatedacrossmultipleorganizations.
Toperformonboarding,usethecreate_org_and_user.pyPythonscript.Invokingthisscriptwithno
commandlineargumentscausesittopromptyouforallinformation:
>pythoncreate_org_and_user.py
Alternatively,youcanpassanyoralloptionsascommandlineargument.Youarepromptedforany
informationthatyouomitfromthecommandline:
>pythoncreate_org_and_user.pyo'<orgname>'
>pythoncreate_org_and_user.pyo'<orgname>'a'<newadminemail>'p'<new
adminpassword>'
Tocreateanorganization:
1. Changedirectoryto/opt/apigee/baasusergrid/bin.
2. Invokethecreate_org_and_user.pyPythonscript.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage93
YouarepromptedfortheBaaSsystemadministratorusernameandpasswordsothatonlyasysadmin
canrunit.
3. LogintotheAPIBaaSPortalinawebbrowserusingtheURLyounotedattheendoftheAPIBaaS
PortalURLinstallation.
Toaccesstheportal,entertheAPIBaaSPortalURLintheform:
http://{portalExternalIP}:9000/
Note:TheIPistheexternalIPaddress/hostnameofPortalmachine.Ensurethatportisopen.
4. Whentheportalloginscreenappears,youcaneither:
a. Loginusingtheorganizationadministrator'susernameandpassword.
b. Loginusingthesystemadministratorsadministrator'susernameandpassword.
AccessingtheAPIBaaSRESTAPI
ToaccesstheAPIBaaSRESTAPI,useaURLintheform:
https://{loadBalancerIP}:8080/{yourorg}/{yourapp}
Inadevelopmentenvironment,youcaninstallallAPIBaaScomponentsonasinglenode,meaningyouhave
asingleAPIBaaSStack.Or,youmighthaveasmallenvironmentwithasingleAPIBaaSStacknodeandno
loadbalancer.Inthesetypesofenvironments,youcanmakeAPIcallsdirectlytotheAPIBaaSStacknode:
curlv"http://portalExternalIP:8080/status"
FormoreinformationongettingstartedwithAPIBaaSPortal,seetheApigeedocumentationat:
http://apigee.com/docs/content/buildappshome.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage94
InstallingMonetizationServices
Note:TheInstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.
MonetizationServicesisanextensiontoApigeeEdge,henceitdoesnotrunasastandaloneprocess.Itruns
withinanyexistingApigeeEdgesetup.
Monetizationrequirements
● IfyouareinstallingMonetizationonanEdgetopologythatusemultipleManagementServernodes,
suchasa13nodeinstallation,thenyoumustinstallbothEdgeManagementServernodesbefore
installingMonetization.
● ToinstallMonetizationonEdgewheretheEdgeinstallationhasmultiplePostgresnodes,thePostgres
nodesmustbeconfiguredinMaster/Standbymode.YoucannotinstallMonetizationonEdgeifyou
havemultiplePostgresmasternodes.Formore,seeSetupMasterStandbyReplicationforPostgres.
Installationoverview
ThefollowingstepsillustratehowtoaddMonetizationServicesonanexistingApigeeEdgeinstallation:
● UsetheapigeesetuputilitytoupdatetheApigeeManagementServernodetoenablethe
MonetizationServices,forexample,catalogmanagement,limitsandnotificationsconfiguration,billing
andreporting.
IfyouhavemultipleManagementServernodes,suchasa13nodeinstallation,thenyoumustinstall
bothEdgeManagementServernodesbeforeinstallingMonetization.
● UsetheapigeesetuputilitytoupdatetheApigeeMessageProcessortoenabletheruntime
componentsoftheMonetizationServices,forexample,transactionrecordingpolicyandlimit
enforcement.IfyouhavemultipleMessageProcessors,installMonetizationonallofthem.
● PerformtheMonetizationonboardingprocessforyourEdgeorganizations.
● ConfiguretheDeveloperServicesportaltosupportmonetization.Formoreinformation,see
http://apigee.com/docs/monetization/content/configuremonetizationdeveloperportal.
CreatingasilentconfigurationfileforMonetization
ShownbelowisanexamplesilentconfigurationfileforaMonetizationinstallation.Editthisfileasnecessaryfor
yourconfiguration.Usethefoptiontosetup.shtoincludethisfile.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage95
Note:Typically,youaddthesepropertiestothesameconfigurationfilethatyouusedtoinstallEdge,asshown
inCreatingaconfigurationfile.
#Edgeconfigurationproperties
#SpecifyIPaddressorDNSnameofnode.
IP1=192.168.1.1#ManagementServer,OpenLDAP,UI,ZooKeeper,Cassandra
IP2=192.168.1.2#ZooKeeper,Cassandra
IP3=192.168.1.3#ZooKeeper,Cassandra
IP4=192.168.1.4#Router,MessageProcessor
IP5=192.168.1.5#Router,MessageProcessor
IP6=192.168.1.6#Qpid
IP7=192.168.1.7#Qpid
IP8=192.168.1.8#Postgres
IP9=192.168.1.9#Postgres
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1orlocalhost.
HOSTIP=$(hostnamei)
#Edgesysadmincredentials
ADMIN_EMAIL=your@email.com
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
#
#Monetizationconfigurationproperties.
#
#PostgrescredentialsfromEdgeinstallation.
PG_USER=apigee #DefaultfromEdgeinstallation
PG_PWD=postgres #DefaultfromEdgeinstallation
#SpecifyPostgresserver.
MO_PG_HOST="$IP8" #OnlyspecifyonePostgresnode.
#CreateaPostgresuserforMonetization.
MO_PG_USER=postgre#Defaultusernameis"postgre"
MO_PG_PASSWD=moUserPWord
#SpecifyoneZooKeeperhost.
#EnsurethisisaZooKeeperleadernodeinamultidatacenterenvironment.
ZK_HOSTS="$IP2"
#SpecifyCassandrainformation.
#EnsureCASS_HOSTSissettothesamevalueaswhenyouinstalledEdge.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
CASS_CLUSTERNAME=Apigee #Defaultis"Apigee",unlessit
#waschangedduringEdgeinstall.
#Cassandrauname/pwordrequiredonlyifyouenabledCassandraauthentication.
#CASS_USERNAME=
#CASS_PASSWORD=
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage96
#Specifytheregion.
#Defaultisdc1unlessyouareinamultidatacenterenvironment.
REGION=dc1
#IfyourEdgeconfigfiledidnotspecifySMTPinformation,addit.
#MonetizationrequiresanSMTPserver.
SMTPHOST=smtp.gmail.com
SMTPPORT=465
SMTPUSER=your@email.com
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y
Notes:
● IfyourEdgeconfigfiledidnotspecifySMTPinformation,addit.MonetizationrequiresanSMTPserver.
● Inasingledatacenterinstallation,allZooKeepernodesarebydefaultconfiguresasleaders.Whenyou
areinstallingEdgeacrossmultipledatacenters,someZooKeepernodeswillbeconfiguredas
observers.EnsurethattheZK_HOSTSpropertyabovespecifiesaleadernodeinamultipledatacenter
installation.
● IfyouenableCassandraauthentication,youcanpasstheCassandrausernameandpasswordby
usingthefollowingproperties:
oCASS_USERNAME
oCASS_PASSWORD
IntegrateMonetizationServiceswithallManagementServers
UsethefollowingproceduretointegratemonetizationonManagementServernodes.
1. IfyouareinstallingMonetizationonanEdgetopologythatusesmultipleManagementServernodes,
suchasa13nodeinstallation,thenensurethatyouinstalledbothManagementServernodesbefore
installingMonetization.
2. OntheManagementServernode,runthesetupscript:
>/opt/apigee/apigeesetup/bin/setup.shpmofconfigFile
The“pmo”optionspecifiestointegrateMonetization.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
3. IfyouareinstallingMonetizationonmultipleManagementServernodes,repeatstep2onthesecond
ManagementServernode.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage97
Onsuccessfulconfiguration,anRDBMSschemaforMonetizationServicesiscreatedinthePostgreSQL
database.ThiscompletestheintegrationofMonetizationServicesanditsassociatedcomponentswith
PostgresServer.
IntegrateMonetizationServiceswithallMessageProcessors
UsethefollowingproceduretointegratemonetizationonallMessageProcessornodes.
1. OnthefirstMessageProcessornode,atthecommandprompt,runthesetupscript:
>/opt/apigee/apigeesetup/bin/setup.shpmofconfigFile
The“pmo”optionspecifiestointegrateMonetization.
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
2. RepeatthisprocedureonallMessageProcessornodes.
Onsuccessfulconfiguration,theMessageProcessorisupdatedwithMonetizationServices.Thiscompletes
theintegrationofMonetizationServicesanditsassociatedcomponentswiththeMessageProcessors.
MonetizationOnboarding
Tocreateaneworganizationwithmonetizationenabled,youfirstcreatetheorganizationasyouwouldforany
neworganization.Formoreinformation,seeOnboardanorganization.
AdditionalOnboardingtoenableMonetizationforanorganization
Tocompletemonetizationonboardingofanorganization,youhaveto:
1. Createthemonetizationgroup:mxgroup.
2. AddQpidtothegroup.
3. Enablemonetizationfortheorganization.
4. Enablenotificationsettingsfortheorganization.
5. RepeatthisprocessforallorganizationswhereyouwanttoenableMonetization.
Usetheenablemonetizationcommandtoperformallofthesetasks.Thisscripttakesaconfigurationfile
containingthefollowingproperties:
MSIP=IPorDNSofManagementServer
APIGEE_PORT_HTTP_MS=8080 #Defaultis8080.
ADMIN_EMAIL=your@email.com
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
QPID_HOST="$IP6$IP7" #SpaceseparatedlistIP/DNSnamesof
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage98
#allQPidnodes.
QPID_PORT=8083 #Defaultis8083.
REGION=dc1
ORG_NAME=myorg #TheEdgeorgwhereyouwanttoenablemonetization.
MX_GROUP=mxgroup #DefaultMonetizationgroup.
Notes:
● SetCASS_HOSTSandREGIONtothesamevaluesasyouusedwheninstallingMonetization.
Torunthescript:
1. Invokethescript:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovision
enablemonetizationfconfigFile
Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.
Thisscriptreplicatestheorganization,products,developersandapplicationsfromCassandradatabase
toMonetizationPostgreSQLdatabase.AftersuccessfulinstallationofMonetizationServicesthedatais
synchronizedautomatically.
WhenyounextlogintotheEdgeUI,youseetheMonetizationentryinthetoplevelmenufortheorganization:
ConfiguretheDeveloperServicesportal
ToconfiguretheDeveloperServicesportaltosupportmonetization,see
http://apigee.com/docs/monetization/content/configuremonetizationdeveloperportal.
AddingaManagementServernodetoaMonetizationInstallation
IfyouaddaManagementServertoanexistingEdgeinstallation,youmustensurethatyouaddMonetization
servicestothenewManagementServerandconfigureallManagementServerssotheycancommunicate.
ToaddaManagementServer:
1. InstallthenewManagementServer.
2. InstallMonetizationonthenewManagementServer.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage99
3. OntheoriginalManagementServer,callthefollowing:
>/opt/apigee/apigeeservice/bin/apigeeservice
edgemintmanagementservermintconfiguremgmtcluster
4. RestarttheoriginalManagementServer:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
restart
5. OnthenewManagementServer,callthefollowing:
>/opt/apigee/apigeeservice/bin/apigeeservice
edgemintmanagementservermintconfiguremgmtcluster
6. RestartthenewManagementServer:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
restart
Additionalconfiguration
ProvideBillingDocumentsasPDFFiles
MonetizationdisplaysbillingdocumentstoendusersinHTMLformat.ToprovidebillingdocumentsasPDF
files,youcanintegrateMonetizationwithabillingsystemthatprovidesPDFgenerationorlicenseasupported
thirdpartyPDFlibrary.
ConfigureOrganizationSettings
● Backendsettings:Thefollowingtable(Table3:Organizationlevelattributes)liststheorganizationlevel
attributesthatareavailabletoconfigureamintorganization.YoucanuseaPUTcalltoadd/update
theseattributesas.
curlu${ADMIN_EMAIL}:${ADMINPW}v
http://<managementip>:8080/v1/organizations/{orgId}d’{orgobjectwith
attributes}’XPUT
Forexample,theoutputoftheaboveCURLcommandwilllooksomethinglikethis:
{
...
"displayName":"Orgnizationname",
"name":"org4",
"properties":{
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage100
"property":[
...
{
"name":"MINT_CURRENCY",
"value":"USD"
},
{
"name":"MINT_COUNTRY",
"value":"US"
},
{
"name":"MINT_TIMEZONE",
"value":"GMT"
}
]
}
}
Table3:Organizationlevelattributes
Attributes
Description
MINT_TAX_MODEL
AcceptedvaluesareDISCLOSED,
UNDISCLOSED,HYBRID(defaultisnull)
MINT_CURRENCY
ISOcurrencycode(defaultisnull)
MINT_TAX_NEXUS
Taxnexus(defaultisnull)
MINT_DEFAULT_PROD_TAX_CATEGORY
Defaultproducttaxcategory(defaultisnull)
MINT_IS_GROUP_ORG
ISgrouporganization(defaultisfalse)
MINT_HAS_BROKER
Hasbroken(defaultisfalse)
MINT_TIMEZONE
Timezone(defaultisnull)
MINT_TAX_ENGINE_EXTERNAL_ID
TaxengineID(defaultisnull)
MINT_COUNTRY
Organization'scountry(defaultisnull)
MINT_REG_NO
Organization'sregistrationnumber,United
KingdomgivesdifferentnumberthantaxID
(defaultisnull)
MINT_BILLING_CYCLE_TYPE
PRORATED,CALENDAR_MONTH(defaultis
CALENDAR_MONTH)
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage101
MINT_SUPPORTED_BILLING_TYPE
PREPAID/POSTPAID/BOTH(defaultis
PREPAID)
MINT_IS_SEPARATE_INV_FOR_FEES
Indicateswhetheraseparatefeeinvoiceshould
begenerated(defaultisfalse)
MINT_ISSUE_NETTING_STMT
Indicateswhethernettingstatementshouldbe
issued(defaultisfalse)
MINT_NETTING_STMT_PER_CURRENCY
Indicateswhethernettingstatementshouldbe
generatedpercurrency(defaultisfalse)
MINT_HAS_SELF_BILLING
Indicateswhethertheorganizationhasselfbilling
(defaultisfalse)
MINT_SELF_BILLING_FOR_ALL_DEV
Indicateswhethertheorganizationhasselfbilling
foralldevelopers(defaultisfalse)
MINT_HAS_SEPARATE_INV_FOR_PROD
Indicateswhethertheorganizationhasseparate
invoiceperproduct(defaultisfalse)
MINT_HAS_BILLING_ADJUSTMENT
Indicateswhethertheorganizationsupportsbilling
adjustments(defaultisfalse)
features.isMonetizationEnabled
UsedbythemanagementUItodisplay
monetizationspecificmenu(defaultisfalse)
ui.config.isOperator
UsedbymanagementUItodisplayprovideras
OperatorversesOrganization
(defaultistrue)
● ForconfiguringbusinessorganizationsettingsusingthemanagementUI,see
http://apigee.com/docs/monetizationservices/content/getstartedusingmonetizationservices.
Note:IfyouareusingMonetizationServicesLimitsandNotificationsfeatures,pleaseinstructyourdevelopers
toattachaLimitPolicyintheproxyflowaftertheaccesstokenvalidationpolicy.
LimitPolicyisanexplicitpolicydesignedtoblockanAPIcallifcertainlimithasbeenreached.Thepolicy
checksbusinesslimitsandraisesafaultifthereareanylimitsexceedingtheconfiguredvalue.Thisisan
extensionofraisefaultpolicybuttheconditionsarederivedfrombusinessvariables.
AnUItemplateisavailableinthemanagementUIforproxydevelopers.Proxydevelopershouldattachmint
policyinthemessageflow.Uponexecutionofthispolicythefaultwillberaisedwiththefaultresponseasper
policy.IfContinueOnErrorissettotruethenthefaultwillnotberaisedandflowvariables
"mint.limitsViolated","mint.isDeveloperSuspended"and"mint.limitsPolicyError"
variableswillbesetwhichcouldbeusedforfurtherexceptionhandlingifrequired.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage102
UpdatingApigeeEdgeto4.16.05
ThissectionexplainstheupdateandrollbackprocessesfromoneversionofApigeeEdgetoanotherversion.
WhichEdgeversionscanyouupdateto4.16.05
YoucanonlyupdateApigeeEdgeversion4.16.01.xto4.16.05.
IfyouhaveaversionofEdgeprevioustoversion4.16.01.x,thenyoumustfirstmigratetoversion4.16.01.x
andthenupdatetoversion4.16.05.
Whocanperformtheupdate
TheuserrunningtheupdateshouldbethesameastheuserwhooriginallyinstalledEdge,orauserrunning
asroot.
AfteryouinstalltheEdgeRPMs,anyusercanconfigurethem.
RequiredupgradetoJavaJDKVersion8
ThisreleaseofEdgerequiresthatyouhaveinstalledJavaJDKversion8onallEdgeprocessingnodes.You
caninstalltheOracleJDK8orOpenJDK8.IfJavaJDK8isnotinstalledalready,theupdatescriptcaninstallit
foryou.
AspartoftheupdatetoJava8,someTLSciphersarenolongeravailableinOracleJDK1.8.Forthecomplete
list,seethesection"DefaultDisabledCipherSuites"
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html.
Warning:ThisreleaseofEdgedoesnotsupportJDK7.IfyouarecurrentlyusingJDK7,youmustupgradeto
JDK8.IfyourollbacktheEdge4.16.05installation,youcanoptionallyreconfigureEdgetouseJavaJDK7.
Diskspacerequirementsforupdate
Ensurethatyouhaveatleast1GBytesoffreediskspacebeforeyouperformtheupdate.
Automaticpropagationofpropertysettingsfrom4.16.01.x
Ifyouhavesetanypropertiesbyediting.propertiesfilesin/opt/apigee/customer/application
thenthesevaluesareretainedbytheupdate.
Updatingtheapigeevalidateutility
In4.16.01,youinstalledandrantheapigeevalidateutilityonaMessageProcessornode.In4.16.05,
theapigeevalidateutilityhasbeenupdatedtorunontheManagementServernode.
Whenyouupdateto4.16.05,youhavetwooptionsonhowyouupdatetheapigeevalidateutility:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage103
1. ApigeerecommendedInstallandruntheapigeevalidateutilityontheManagementServer
node.
YoucanoptionallyuninstalltheapigeevalidateutilitythefromtheMessageProcessornodes.If
youleaveitontheMessageProcessornode,youmustupdateitto4.16.05.
2. Alternatively,updatetheapigeevalidateutilityontheMessageProcessornode,andrunitfrom
there.However,ApigeerecommendsthatyouinstallandrunitfromtheManagementServer.
Updateprerequisites
TakecareoffollowingprerequisitesbeforeupgradingApigeeEdge:
●Backupallnodes
Beforeyouupdate,itisrecommendedtoperformacompletebackupofallnodesforsafetyreasons.
UsetheprocedureforyourcurrentversionofEdgetoperformthebackup.
Thisallowsyoutohaveabackupplan,incasetheupdatetoanewversiondoesn’tfunctionproperly.
Formoreinformationonbackup,seehttp://docs.apigee.com/apiservices/latest/backupandrestore.
●EnsureEdgeisrunning
EnsurethatEdgeisupandrunningduringupdateprocessbyusingthecommand:
>/<inst_root>/apigee/apigeeservice/bin/apigeeallstatus
Handlingafailedupdate
Inthecaseofanupdatefailure,youcantrytocorrecttheissue,andthenrunupdate.shagain.Youcanrun
theupdatemultipletimesanditcontinuestheupdatefromwhereitlastleftoff.
Ifthefailurerequiresthatyourollbacktheupdatetoyourpreviousversion,seeRollbackProcessformore.
Loggingupdateinformation
Bydefault,theupdate.shutilitywritesloginformationto:
/opt/apigee/var/log/apigeesetup/update.log
Iftheuserrunningtheupdate.shutilitydoesnothaveaccesstothatdirectory,itwritesthelogtothe/tmp
directoryasafilenamedupdate_username
.log.
Iftheuserdoesnothaveaccessto/tmp,theupdate.shutilityfails.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage104
Zerodowntimeupdate
Azerodowntimeupdate,orrollingupdate,letsyouupdateyourEdgeinstallationwithoutbringingdownEdge.
Note:Zerodowntimeupdateisonlypossiblewitha5nodeconfigurationandlarger.
ThekeytozerodowntimeupgradingistoremoveeachRouter,oneatatime,fromtheloadbalancer.Youthen
updatetheRouterandanyothercomponentsonthesamemachineastheRouter,andthenaddtheRouter
backtotheloadbalancer.
1. UpdatethemachinesinthecorrectorderforyourinstallationasdescribedinOrderofmachineupdate.
2. WhenitistimetoupdatetheRouters,selectanyoneRouterandmakeitunreachable,asdescribed
belowinMakingaRouterandMessageProcessorunreachable.
3. UpdatetheselectedRouterandallotherEdgecomponentsonthesamemachineastheRouter.All
EdgeconfigurationsshowaRouterandMessageProcessoronthesamenode.
4. MaketheRouterreachableagain.
5. Repeatsteps2through4fortheremainingRouters.
6. Continuetheupdateforanyremainingmachinesinyourinstallation.
MakingaRouterandMessageProcessorunreachable
Inaproductionsetup,youwillhavemultipleRoutersandMessageProcessorstoachieveoptimalperformance
andyoumustenable/disablereachabilityoftheseRoutersandMessageProcessorsbefore/afterupdate.
ThefollowingAPIcallconfiguresanodeasreachableorunreachable:
>curluadminEmail:pWord
XPOST"http://<ms_IP
>:8080/v1/servers/UUID
"d
"reachable=true|false
"
whereUUID
istheUUIDoftheMessageProcessororRouter,andreachableissettoeithertrueorfalse.
IfyouneedtodeterminetheUUIDoftheRouter,usethefollowingcURLcommand:
>curlhttp://<routerIP>:8081/v1/servers/self
IfyouneedtodeterminetheUUIDoftheMessageProcessor,usethefollowingcURLcommand:
>curlhttp://<mpIP>:8082/v1/servers/self
Takecareofthefollowingbefore/afterupdate:
● OncombinedRouterandMessageProcessornode:
o Beforeupdate–performthefollowing:
i. MaketheRouterunreachablebyusingtheAPIcallshownabove.
ii. MaketheMessageProcessorunreachable.
o Afterupdateperformthefollowing:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage105
I. MaketheMessageProcessorreachable.
II. MaketheRouterreachable.
● OnsingleRouternode:
o Beforeupdate,maketheRouterreachable.
o Afterupdate,maketheRouterreachable.
● OnsingleMessageProcessornode:
o Beforeupdate,maketheMessageProcessorunreachable.
o Afterupdate,maketheMessageProcessorreachable.
Usingasilentconfigurationfile
Youmustpassasilentconfigurationfiletotheupdatecommand.Thesilentconfigurationfileshouldbethe
sameoneyouusedtoinstalEdge4.16.01.
Procedureforupdatingto4.16.05onanodewithanexternalinternet
connection
UsethefollowingproceduretoupdatetheEdgecomponentsonanode:
1. Ifpresent,disableanyCRONjobsconfiguredtoperformarepairoperationonCassandrauntilafterthe
updatecompletes.
2. LogintoyournodeasroottoinstalltheEdgeRPMs
Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.
3. DisableSELinuxasdescribedinPrerequisite:DisableSELinux.
4. DownloadtheEdge4.16.05bootstrap_4.16.05.shfileto/tmp/bootstrap_4.16.05.sh:
>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
5. InstalltheEdge4.16.05apigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap_4.16.05.shapigeeuser=uName
apigeepassword=pWord
whereuName:pWordaretheusernameandpasswordyoureceivedfromApigee.IfyouomitpWord,
youwillbepromptedtoenterit.
Bydefault,theinstallercheckstoseethatyouhaveJava1.8installed.Ifyoudonot,itinstallsitforyou.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage106
UsetheJAVA_FIXoptiontospecifyhowtohandleJavainstallation.JAVA_FIXtakesthefollowing
values:
I=InstallOpenJDK1.8(default)
C=ContinuewithoutinstallingJava
Q=Quit.Forthisoption,youhavetoinstallJavayourself.
6. Useapigeeservicetoupdatetheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupupdate
Thisupdatetoapigeeserviceinstallstheupdate.shutilityin
<inst_dir>/apigee/apigeesetup/bin.
7. InstalltheapigeevalidateutilityontheManagementServer:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall
Note:IfyouhaveinstalledtheapigeevalidateutilityonaMessageProcessornode,youcan
updateitbyusingthefollowingcommandonthatnode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateupdate
However,for4.16.05,Apigeerecommendsthatyouinstallandruntheapigeevalidateutilityon
theManagementServer.
8. Edittheconfigfilepassedtotheapigeevalidateutility.
InthepreviousEdgerelease,theconfigfileusedbyapigeevalidaterequiredthefollowing
properties:
APIGEE_ADMINPW=sysAdminPword
MP_POD=gateway
REGION=dc1
Inthisrelease,theconfigfileonlyrequirestheAPIGEE_ADMINPWproperty.
9. RuntheupdateutilityonyournodesintheorderdescribedbelowinOrderofmachineupdate:
>/opt/apigee/apigeesetup/bin/update.shccomponent
fconfigFile
Usethe“c”optiontospecifythecomponenttoupdate.Thelistofpossiblecomponentsincludes:
ldap=OpenLDAP
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage107
cs=Cassandra
zk=Zookeeper
qpid=qpidd
ps=postgresql
edge=AllEdgecomponentsexceptEdgeUI:ManagementServer,MessageProcessor,Router,QPID
Server,PostgresServer
ui=EdgeUI
all=updateallcomponentsonmachine(onlyuseforanEdgeaioinstallationprofileoranAPIBaaS
asainstallationprofile)
e=ElasticSearch
b=APIBaaSStack
p=APIBaaSPortal
ebp=ElasticSearch,APIBaaSStack,andAPIBaaSPortalonthesamenode
Theonlyrequirementontheconfigfileisthattheconfigurationfilemustbeaccessibleorreadableby
the"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenode.
10. TesttheupdatebyrunningtheapigeevalidateutilityontheManagementServer,asdescribedin
Testtheinstall.
Tolaterrollbacktheupdate,usetheproceduredescribedinRollbackProcess.
Procedureforupdatingto4.16.05fromalocalrepo
IfyourEdgenodesarebehindafirewall,orinsomeotherwayareprohibitedfromaccessingtheApigee
repositoryovertheInternet,thenyoucanperformtheupdatefromalocalrepository,ormirror
,oftheApigee
repo.
AfteryoucreatealocalEdgerepository,youhavetwooptionsforupdatingEdgefromthelocalrepo:
● Createa.tarfileoftherepo,copythe.tarfiletoanode,andthenupdateEdgefromthe.tarfile.
● Installawebserveronthenodewiththelocalreposothatothernodescanaccessit.Apigeeprovides
theNginxwebserverforyoutouse,oryoucanuseyourownwebserver.
Toupdatefromalocal4.16.05repo:
1. Createalocal4.16.05repoasdescribedinCreatealocalApigeerepository.
Note:Ifyoualreadyhaveanexisting4.16.01repo,youcanaddthe4.16.05repotoit.
2. Toinstallapigeeservicefroma.tarfile:
a. Onthenodewiththelocalrepo,usethefollowingcommandtopackagethelocalrepointoa
single.tarfilenamed/opt/apigee/data/apigeemirror/apigee4.16.05.tar.gz:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage108
b. Copythe.tarfiletothenodewhereyouwanttoupdateEdge.Forexample,copyittothe/tmp
directoryonthenewnode.
c. Onthenewnode,untarthefiletothe/tmpdirectory:
>tarxzfapigee4.16.05.tar.gz
Thiscommandcreatesanewdirectory,namedrepos,inthedirectorycontainingthe.tarfile.
Forexample/tmp/repos.
d. InstalltheEdgeapigeeserviceutilityanddependenciesfrom/tmp/repos:
>sudobash/tmp/repos/bootstrap_4.16.05.shapigeeprotocol="file://"
apigeerepobasepath=/tmp/repos
Noticethatyouincludethepathtothereposdirectoryinthiscommand.
3. ToinstallapigeeserviceusingtheNginxwebserver:
a. ConfiguretheNginxwebserverasdescribedinInstallfromtherepousingtheNginxwebserver:
b. Ontheremotenode,downloadtheEdgebootstrap_4.16.05.shfileto
/tmp/bootstrap_4.16.05.sh:
>/usr/bin/curl
http://uName:pWord@
remoteRepo
:3939/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
whereuName:pWordaretheusernameandpasswordyousetabovefortherepo,and
remoteRepo
istheIPaddressorDNSnameofthereponode.
c. Ontheremotenode,installtheEdgeapigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap_4.16.05.shapigeerepohost=remoteRepo
:3939
apigeeuser=uName
apigeepassword=pWord
apigeeprotocol=http://
whereuName:pWordaretherepousernameandpassword.
4. Useapigeeservicetoupdatetheapigeesetuputility:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupupdate
Thisupdatetoapigeeserviceinstallstheupdate.shutilityin
<inst_dir>/apigee/apigeesetup/bin.
5. InstalltheapigeevalidateutilityontheManagementServer:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage109
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall
Note:IfyouhaveinstalledtheapigeevalidateutilityonaMessageProcessornode,youcan
updateitbyusingthefollowingcommandonthatnode:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateupdate
However,for4.16.05,Apigeerecommendsthatyouinstallandruntheapigeevalidateutilityon
theManagementServer.
6. Edittheconfigfilepassedtotheapigeevalidateutility.
InthepreviousEdgerelease,theconfigfileusedbyapigeevalidaterequiredthefollowing
properties:
APIGEE_ADMINPW=sysAdminPword
MP_POD=gateway
REGION=dc1
Inthisrelease,theconfigfileonlyrequirestheAPIGEE_ADMINPWproperty.
7. RuntheupdateutilityonyournodesintheorderdescribedbelowinOrderofmachineupdate:
>/opt/apigee/apigeesetup/bin/update.shccomponent
fconfigFile
Usethe“c”optiontospecifythecomponenttoupdate.Thelistofpossiblecomponentsincludes:
ldap=OpenLDAP
cs=Cassandra
zk=Zookeeper
qpid=qpidd
ps=postgresql
edge=AllEdgecomponentsexceptEdgeUI:ManagementServer,MessageProcessor,Router,QPID
Server,PostgresServer
ui=EdgeUI
all=updateallcomponentsonmachine(onlyuseforanEdgeaioinstallationprofileoranAPIBaaS
asainstallationprofile)
e=ElasticSearch
b=APIBaaSStack
p=APIBaaSPortal
ebp=ElasticSearch,APIBaaSStack,andAPIBaaSPortalonthesamenode
Theonlyrequirementontheconfigfileisthattheconfigurationfilemustbeaccessibleorreadableby
the"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenode.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage110
8. TesttheupdatebyrunningtheapigeevalidateutilityontheManagementServer,asdescribedin
Testtheinstall.
Tolaterrollbacktheupdate,usetheproceduredescribedinRollbackProcess.
Orderofmachineupdate
TheorderthatyouupdatethemachinesinanEdgeinstallationisimportant.Themostimportant
considerationstoanupdateare:
o YoumustupdateallCassandraandZooKeepernodesbeforeyouupdateanyothernodes.
o YoumustupdateallqpiddandpostgresqlnodesbeforeyouupdateanyRouterandMessage
Processornodes.
o ForanymachinewithmultipleEdgecomponents(ManagementServer,MessageProcessor,Router,
QPIDServer,PostgresServer),usethe"cedge"optiontoupdatethemallatthesametime.
o Ifastepspecifiesthatitshouldbeperformedonmultiplemachines,performitinthespecifiedmachine
order.
o ThereisnoseparatesteptoupdateMonetization.Itisupdatedwhenyouspecifythe"cedge"option.
o AfteryouupdateaRouternode,youmustremoveallfilesfromthe/opt/nginx/conf.ddirectory,
andthenrestarttheRouter.
Fora1hoststandaloneinstallation
1. Updatemachine1:
>/opt/apigee/apigeesetup/bin/update.shcallfconfigFile
2. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
Fora2hoststandaloneinstallation
1. UpdateCassandraandZooKeeperonmachine1:
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
2. Updateqpiddandpostgresqlonmachine2:
>/opt/apigee/apigeesetup/bin/update.shcqpid,psfconfigFile
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage111
3. UpdateLDAPonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
4. UpdateEdgecomponentsonmachine2andmachine1:
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
5. Onnode1:
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. UpdateUIonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
Fora5hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
2. Updateqpiddandpostgresqlonmachine4and5:
>/opt/apigee/apigeesetup/bin/update.shcqpid,psfconfigFile
3. UpdateLDAPonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
4. UpdateEdgecomponentsonmachine4,5,1,2,3:
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
5. Onnodes2and3:
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage112
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. UpdateUIonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
Fora9hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
2. Updateqpiddonmachine6and7:
>/opt/apigee/apigeesetup/bin/update.shcqpidfconfigFile
3. Updatepostgresqlonmachine8and9:
>/opt/apigee/apigeesetup/bin/update.shcpsfconfigFile
4. UpdateLDAPonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
5. UpdateEdgecomponentsonmachine6,7,8,9,1,4,and5inthatorder:
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
6. Onnodes4and5:
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
7. UpdateUIonmachine1:
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
Fora13hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage113
2. Updateqpiddonmachine12and13:
>/opt/apigee/apigeesetup/bin/update.shcqpidfconfigFile
3. Updatepostgresqlonmachine8and9:
>/opt/apigee/apigeesetup/bin/update.shcpsfconfigFile
4. UpdateLDAPonmachine4and5:
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
5. UpdateEdgecomponentsonmachine12,13,8,9,6,7,10,and11inthatorder:
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
6. Onnodes10and11:
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
7. UpdateUIonmachine6and7:
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
Fora12hostclusteredinstallation
1. UpdateCassandraandZooKeeper:
a. Onmachines1,2and3inDataCenter1:
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
b.Onmachines7,8,and9inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shccs,zkfconfigFile
2. Updateqpidd:
a. Machines4,5inDataCenter1
>/opt/apigee/apigeesetup/bin/update.shcqpidfconfigFile
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage114
b. Machines10,11inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shcqpidfconfigFile
3. Updatepostgresql:
a. Machines6inDataCenter1
>/opt/apigee/apigeesetup/bin/update.shcpsfconfigFile
b. Machines12inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shcpsfconfigFile
4.UpdateLDAP:
a. Machines1inDataCenter1
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
b. Machines7inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shcldapfconfigFile
5.UpdateEdgecomponents:
a. Machines4,5,6,1,2,3inDataCenter1
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
b. Machines10,11,12,7,8,9inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shcedgefconfigFile
c. Onnodes2,3,8and9:
i. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
ii. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeservice
edgerouterrestart
6.UpdateUI:
a. Machine1inDataCenter1
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage115
b. Machine7inDataCenter2
>/opt/apigee/apigeesetup/bin/update.shcuifconfigFile
Fora7hostAPIBaaSinstallation
1. UpdateCassandraonmachine5,6,and7:
>/opt/apigee/apigeesetup/bin/update.shccsfconfigFile
2. UpdateElasticSearchandAPIBaaSStackonmachine1,2,and3:
>/opt/apigee/apigeesetup/bin/update.shce,bfconfigFile
3. UpdateAPIBaaSPortalonmachine4:
>/opt/apigee/apigeesetup/bin/update.shcpfconfigFile
Fora10hostAPIBaaSinstallation
1. UpdateCassandraonmachine8,9,and10:
>/opt/apigee/apigeesetup/bin/update.shccsfconfigFile
2. UpdateElasticSearchonmachine1,2,and3:
>/opt/apigee/apigeesetup/bin/update.shcefconfigFile
3. UpdateAPIBaaSStackonmachine4,5,and6:
>/opt/apigee/apigeesetup/bin/update.shcbfconfigFile
4. UpdateAPIBaaSPortalonmachine7:
>/opt/apigee/apigeesetup/bin/update.shcpfconfigFile
Foranonstandardinstallation
Ifyouhaveanonstandardinstallation,thenupdateEdgecomponentsinthefollowingorder:
1. ZooKeeper
2. Cassandra
3. qpidd
4. postgresql
5. LDAP
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage116
6. Edge,meaningthe"cedge"profileonallnodesintheorder:Qpid,Postgres,ManagementServer,
MessageProcessor,Router.
7. OnallRouternodes
a. Deleteanyfilesin/opt/nginx/conf.d:
>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
8. UI
RollbackProcess
Therearetwoscenarioswhereyoumightwanttoperformarollback:
1. Rollbacktoanolderrelease.Forexamplefrom4.16.05to4.16.01.
2. Rollbacktoanolderversioninthesamerelease.
Usetheprocedurebelowtoperformarollbackforbothscenarios.
Whocanperformtherollback
TheuserperformingtherollbackshouldbethesameastheuserwhooriginallyupdatedEdge,orauser
runningasroot.
Bydefault,Edgecomponentsrunastheuser"apigee".Insomecases,youmightberunningEdge
componentsasdifferentusers.Forexample,iftheRouterhastoaccessprivilegedports,suchasthosebelow
1000,thenyouhavetoruntheRouterasrootorasauserwithaccesstothoseports.Or,youmightrunone
componentasoneuser,andanothercomponentasanotheruser.
Whichcomponentscanberolledback
Youshouldbeawareofthefollowingconditionswhenperformingarollback:
● Torollbackanyoneofthefollowingfivecomponentsonanode,youmustrollbackanyofthefive
installedonthenode.Forexample,ifyouhavetheManagementServer,Route,andMessage
Processorinstalledonthenode,torollbackanyoneofthemyoumustrollbackallthree.
Thefivecomponentsare:
○ ManagementServer
○ Router
○ MessageProcessor
○ QpidServer
○ PostgresServer
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage117
● DonotrollbackCassandra.ThisreleaseofEdgecontainsanupdatedversionofCassandra.Ifyou
rollbackanycomponents,leaveCassandraatthe4.16.05version.
● Thisreleasedoesnotcontainanewversionofpostgresqlorqpidd.Therefore,youdonothavetoroll
themback.
Torollback4.16.05
TorollbackApigeeEdge,performthefollowingrollbacksteps:
Note:Ifyouaretryingtorollbackonaproductionsystem,contactApigeeSupportformoreinformation.
1. Stopthecomponenttorollback:
a. Ifyouarerollingbackanyoneofthefollowingcomponents,youmuststopthemall:
ManagementServer,Router,MessageProcessor,QpidServer,orPostgresServer:
>apigeeserviceedgemanagementserverstop
>apigeeserviceedgerouterstop
>apigeeserviceedgemessageprocessorstop
>apigeeserviceedgeqpidserverstop
>apigeeserviceedgepostgresserverstop
b. Ifyouarerollingbackanyothercomponent,stopjustthatcomponent:
>apigeeservicecomp
stop
2. IfyouarerollingbackMonetization,uninstallit:
>apigeeserviceedgemintgatewayuninstall
3. Uninstallthecomponenttorollback:
a. Ifyouarerollingbackanyofthefollowingcomponents,thenuninstallthemall:
ManagementServer,Router,MessageProcessor,QpidServer,orPostgresServer:
>apigeeserviceedgegatewayuninstall
b. Ifyouarerollingbackanyothercomponent,uninstalljustthatcomponent
>apigeeservicecomp
uninstall
4. IfyouarerollingbacktheRouter,thenyouhavetodeletethecontentsof/opt/nginx/conf.d:
>cd/opt/nginx/conf.d
>rmrf*
5. Torollbackthecomponenttothe4.16.01release:
a. Uninstallthe4.16.05versionofapigeesetup:
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage118
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetup
uninstall
b. Downloadbootstrap.shforthe4.16.01release:
>curlhttps://software.apigee.com/bootstrap.sho/tmp/bootstrap.sh
uuName
:pWord
whereuName:pWord
aretheusernameandpasswordyoureceivedfromApigee.Ifyouomit
pWord
,youwillbepromptedtoenterit.
c. Installthe4.16.01Edgeapigeeserviceutilityanddependencies:
>sudobash/tmp/bootstrap.shapigeeuser=uName
apigeepassword=pWord
whereuName
andpWord
aretheusernameandpasswordyoureceivedfromApigee.Ifyou
omitpWord
,youwillbepromptedtoenterit.
d. Installthe4.16.01versionofapigeesetup:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
e. Installthe4.16.01versionofthecomponent:
>/<instal_dir>/apigee/apigeesetup/bin/setup.shpcomp
f
configFile
wherecomp
isthecomponenttoinstallandconfigFile
isyour4.16.01configurationfile.
6. Torollbackthecomponenttoaspecificversionofthe4.16.05release:
a. Downloadthespecificcomponentversion:
>/<instal_dir>/apigee/apigeeservice/bin/apigeeservicecompversion
install
wherecompversion
isthecomponentandversiontoinstall.Forexample:
>/<instal_dir>/apigee/apigeeservice/bin/apigeeservice
edgeui4.16.050.0.3649install
IfyouareusingtheApigeeonlinerepo,youcandeterminetheavailablecomponentversionsby
usingthefollowingcommand:
>yumshowduplicateslistcomp
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage119
Forexample:
>yumshowduplicateslistedgeui
b. Useapigeesetuptoinstallthecomponent:
>/<install_dir>/apigee/apigeesetup/bin/setup.shpcomp
f
configFile
Forexample:
>/<install_dir>/apigee/apigeesetup/bin/setup.shpui
fconfigFile
Notehowyouonlyspecifythecomponentnamewhenyoudotheinstall.
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage120
ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.