Axway API Gateway
Last updated
Last updated
Axway support is provided by the following three products, all defined within the API Management product catalog
Component
Description
Apache Cassandra Database
Choosing this option will support the creation of Cassandra database instances, including multiple node clusters. Apache Cassandra support has been implemented to support API Gateway environments, however it is also possible to create standalone Cassandra DB environments.
Axway API Gateway Manager
Single administrative gateway instance in an API Manager configuration.
Axway API Gateway Server
A single API Gateway instance. This product is required when using the API Gateway Manager product, and is also used to define core configuration properties for the API Gateway product as a whole.
The implementation of Axway support assumes the use of certificate configuration. All properties required by products within MyST Studio must be specified explicitly. It is not currently possible to establish a cassandra database without all certificate/keystore parameters defined and the related items pre-existing on the hosts.
A single MyST blueprint and model can be used to create an Axway API Gateway environment including an API Manager node, multiple API Gateway nodes, and a Cassandra database cluster. For each product being used, a single compute group should be defined to control the targeting of specific products.
Note that the compute node targeted for Cassandra DB use has 2 nodes in the above image to support a 2 node cluster.
Required product configuration parameters are detailed below. Once a model has been fully configured for all required products, performing a Provision within MyST Studio will deliver everything required to create an environment across all nodes through automation.
This section provides an example configuration for each supported product, listing all required properties for configuration.
Name
Example Value
Explanation
api-manager-hosts
ip-192-168-146-224.us-west-2.compute.internal
Comma-separated list of fully-qualified domain names for hosts where API Manager will be configured
certificate-cer-file
/u01/communal/certificates/NonProd/Internal/Servers/esidev/esidev.cer
Certificate file used in LDAP configuration
certificate-folder
/u01/communal/certificates/NonProd/Internal/Servers/esidev
Directory to find certificate files in
license-path
/home/oracle/Axway.lic
Full path to license file on each node configured for API Gateway. This property is also used by API Gateway Manager.
os-group
oinstall
OS group to use when creating product installation
os-user
oracle
OS user to use when creating product installation
python-path
/usr/local/bin/python2.7
Full path to Python 2.7 (or above) binary on each node configured for API Gateway. This property is also used by API Gateway Manager, and in a model containing both API Gateway Server and Cassandra DB, can be used by Cassandra DB.
service-pack-file
APIGateway_7.5.3_SP6_Core_linux-x86-64_BN2018032339.tar.gz
Name of Axway API Gateway service pack file to install as part of patching product installation. This file will be found under the directory indicated by the install.dir MyST global variable.
Global Variables
Name
Example Value
Explanation
base.log.dir
/u01/app/logs
Root directory under which Axway log files are created
<node-id>.group=<Group Name>
Internal
See section below titled Multiple Axway Gateway Server Groups
<node-id>.private=<Private Address>
hostname1-priv
See section below titled Private Listen or Host Addresses
Multiple Axway Gateway Server Groups
To specify the respective Gateway group for each node in a configuration with Axway Gateway Server targeted to it, specify a global variable with the following syntax:
<node-id>.group=<Group Name>
For example:
rxr.infra.Compute-1.group=Internal
Each server with an Axway Gateway requires this parameter to be set. Currently MyST Studio will also auto-generate a recommended parameter for each relevant server using the IP address of the server. This variable will not be used during configuration, but should be set to the same group name. This duplication will be removed in the next release of MyST Studio.
Private Listen or Host Addresses
An optional 'private' global variable for node indicating private address.
<node-id>.private=<Private Address>
For example:
rxr.infra.Compute-1.private=ip-192-168-146-231.us-west-2.compute.internal-priv
Name
Example Value
Explanation
admin-host
192.168.146.222
IP address/host API Manager is configured on
admin-password
welcome1
Password used to authenticate for administration functions
admin-port
8090
Port used for administration traffic
certificate-folder
/u01/communal/certificates/NonProd/Internal/Servers/esiadmin
Directory to find certificate files in
certificate-cer-file
<full path to file>
Certificate file for admin gateway to use in certificate store (.cer file)
certificate-issuing-file
<full path to file>
Issuing authority certificate to use as part of certificate store (.cer file)
certificate-root-file
<full path to file>
Root certificate to use as part of certificate store (.cer file)
groups
Internal,External
Comma-separated list of all defined groups in API Manager instance
ldap-url
ldaps://hostname.domain:636
URL to locate LDAP server used by Gateway Manager
management-address
192.186.146.222
IP address/host used for management traffic
os-group
oinstall
OS group to use when creating product installation
os-user
oracle
OS user to use when creating product installation
process-account
SJRB\procdev_oag_internal
LDAP username used by process
process-account-password
welcome1
LDAP password used by process
| site-port | 8095 | Port to use for gateway traffic |
Given the length of values for Cassandra Database parameters, explanations are not provided in the table below.
Name
Example Value
cluster-addresses
192.168.146.150,192.168.146.171
cqlrshrc-cert-file
/u01/share/dev.pem
cqlrshrc-key-file
/u01/share/dev.key
datacenter-name
GatewayDatacenter (default value)
listen-port
9042 (default value)
python-path
/usr/local/bin/python2.7
rack-name
GatewayRack (default value)
replication-factor
2
require-client-auth
true (default value)
ssl-algorithm
SunX509 (default value)
ssl-cipher-suites
TLS_RAS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA... (default value)
ssl-enabled
true (default value)
ssl-internode-encryption
all (default value)
ssl-keystore-file
/u01/share/dev.jks
ssl-protocol
TLS (default value)
ssl-store-type
JKS (default value)
ssl-truststore-file
/u01/share/truststore.jks
ssl-truststore-password
welcome1
user
oracle
Provisioning Axway environments can be complicated, particularly when determining why provisioning might have failed, in a configuration that can span multiple nodes. To assist with troubleshooting, especially in the early stages of the lifecycle of Axway support within MyST, a number of log files are created capturing output from particular steps in provisioning. These files exist in the temporary workspaces created by the MyST agent, and should be captured in a generated support artifact.
File
Information
configure-admin.log
Contains output from installation, patching and configuration of an Axway Admin Gateway node. Created by the Python script configure-axway-admin-python.py
configure-axway.log
Contains output from installation, patching and configuration of an Axway Gateway node. Created by the Python script configure-axway-python.py
kill-Internal.log
Contains output from killing any running Gateway process prior to a new installation of Axway software. Created by the Python script kill-process-matching-and-wait.py
kill-Node.log
Contains output from killing any running node manager process prior to a new installation of Axway software. Created by the Python script kill-process-matching-and-wait.py
Upcoming MyST releases will provide support for the following:
Currently when configuring a Cassandra cluster a number of actions are performed on the second node of a cluster that repeat configuration already performed on the first node of a cluster. These redundant actions will be removed in future Cassandra DB support.
The current mandatory certificate configuration performed for an API Gateway environment will become optional in future API Gateway support, allowing for a larger range of usage scenarios.