Apigee

TM

ApigeeEdgeforPrivateCloud

v4.16.05
May31,2016

Installand
ConfigurationGuide
ConfidentialandProprietaryinformationofApigee,Inc.NottobedisclosedexceptunderNonDisclosureAgreement.
ApigeeEdgeInstallandConfigurationGuidePage2

Copyright(c)2016ApigeeCorporation.Allrightsreserved.
(TM)
Apigee andtheApigeelogoaretrademarksorregisteredtrademarksofApigeeCorp.oritssubsidiaries.All
othertrademarksarethepropertyoftheirrespectiveowners.Allspecificationsaresubjecttochangewithout
notice.
THECONTENTSOFTHISPUBLICATIONAREPROVIDED"ASIS"WITHOUTWARRANTYOFANYKIND,
EITHEREXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOF
MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEORNONINFRINGEMENTOF
INTELLECTUALPROPERTY.
APIGEECORPORATIONSHALLNOTUNDERANYCIRCUMSTANCESBELIABLETOANYPERSONFOR
ANYSPECIAL,INCIDENTAL,INDIRECTORCONSEQUENTIALDAMAGES,INCLUDINGWITHOUT
LIMITATION,DAMAGESRESULTINGFROMTHEUSEOFORRELIANCEONTHEINFORMATIONINTHIS
PUBLICATION,LOSSOFPROFITS,REVENUEORDATA,EVENIFAPIGEECORPORATIONHASBEEN
PREVIOUSLYADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.

ContactInformation

INDIA USA UK
No.17/2,2BCross,7thMain,2&3 10AlmadenBoulevard, 3SheldonSquare
Floor,Off80FeetRoad,3rdBlock 16thFloor,SanJose LondonW26HY
Koramangala,Bangalore560034 CA95113 Call:+44(0)7501232390
Call+918067696800 Call+1(408)3437300 www.apigee.com/
www.apigee.com www.apigee.com

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage3

Contents
Overview
WhatsNew
AccesstheApigeeCommunity
ArchitecturalOverview
ApigeeEdgeforPrivateCloud
ApigeeEdgeGateway
SoftwareComponents
ApigeeEdgeAnalytics
SoftwareComponents
ApigeeAPIBaaS
APIBaaSFeatures
SoftwareComponents
ApigeeEdgeDeveloperChannel
ApigeeEdgeMonetizationServices
MonetizationServicesFeatures
SoftwareComponents
OnPremisesDeployment
InstallationTopologiesandSystemRequirements
Installationtopologies
InstallationRequirements
HardwareRequirements
OperatingSystemandthirdpartysoftwarerequirements
Creatingtheapigeeuser
Installationdirectory
Java
NetworkSetting
Cassandra

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage4

PostgreSQLdatabase
jsvc
NetworkSecurityServices(NSS)
AWSAMI
Tools
FirewallsandVirtualHosts
Edgeportrequirements
APIBaaSportrequirements
Licensing
InstallationChecklist
InstallationConsiderations
Installationprocess
Handlinganinstallationfailure
Whocanperformtheinstall
SilentinstallationofEdgecomponents
InternetornonInternetinstallation
Settingupavirtualhost
OptionswhenyoudonothaveaDNSentryforthevirtualhost
ConfiguringEdgecomponentspostinstallation
InvokingcommandsonEdgecomponents
Accessinglogfiles
CommonYumcommands
FileSystemStructure
LogFiles
Data
InstalltheEdgeapigeesetuputility
Creatingasymlinkfrom/opt/apigee
Prerequisite:DisableSELinux

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage5

InstallEdgeapigeesetuputilityonanodewithanexternalinternetconnection
InstallEdgeapigeesetuputilityonanodewithnoexternalInternetconnection
CreatealocalApigeerepository
Installapigeesetuponaremotenodefromthelocalrepo
Installfromthe.tarfile:
InstallfromtherepousingtheNginxwebserver:
UpdatealocalApigeerepository
CleanalocalApigeerepo
AddorupdateEdge4.16.01ina4.16.05repo
InstallEdgecomponentsonanode
Installationconsiderations
SettingupPostgresmasterstandbyreplication
EnablingCassandraauthentication
BindingtheRoutertoaprotectedport
Specifyingthecomponentstoinstall
Creatingaconfigurationfile
Exampleconfigurationfile
Orderofcomponentinstallation
Installationlogfiles
Iftheuserdoesnothaveaccessto/tmp,thesetup.shutilityfails.
AllinoneInstallation
2hoststandaloneinstallation
5hostclusteredinstallation
9hostclusteredinstallation
13hostclusteredinstallation
12hostclusteredinstallation
Testtheinstall
Runthevalidationtests

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage6

Verifypodinstallation
Onboardanorganization
Silentconfigurationfileforonboarding
Onboarding
OnboardingVerification
EnableCassandraauthentication
EnableCassandraauthenticationduringinstallation
ToenableCassandraauthenticationpostinstallation
SetupMasterStandbyReplicationforPostgres
ToconfigureMasterStandbyReplicationatinstalltime
ToconfigureMasterStandbyReplicationafterinstallation
TestMasterStandbyReplication
InstallSmartDocs
7hostand10hostAPIBaaSInstallation
UsingaLoadBalancer
ConnectingtoCassandra
Datesynchronization
Tomcatsecurity
Installationoverview
Creatingasilentconfigurationfile
OptionalInstallCassandra:Machine8,9,and10
SetupCassandracronjob
InstallElasticSearch:Machine1,2,and3
InstallAPIBaaSStack:Machine4,5,and6
InstallAPIBaaSPortal:Machine7
Onboardinganeworganization
AccessingtheAPIBaaSRESTAPI
InstallingMonetizationServices

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage7

Monetizationrequirements
Installationoverview
CreatingasilentconfigurationfileforMonetization
IntegrateMonetizationServiceswithallManagementServers
IntegrateMonetizationServiceswithallMessageProcessors
MonetizationOnboarding
AdditionalOnboardingtoenableMonetizationforanorganization
ConfiguretheDeveloperServicesportal
AddingaManagementServernodetoaMonetizationInstallation
Additionalconfiguration
ProvideBillingDocumentsasPDFFiles
ConfigureOrganizationSettings
UpdatingApigeeEdgeto4.16.05
WhichEdgeversionscanyouupdateto4.16.05
Whocanperformtheupdate
RequiredupgradetoJavaJDKVersion8
Diskspacerequirementsforupdate
Automaticpropagationofpropertysettingsfrom4.16.01.x
Updatingtheapigeevalidateutility
Updateprerequisites
Handlingafailedupdate
Loggingupdateinformation
Zerodowntimeupdate
MakingaRouterandMessageProcessorunreachable
Usingasilentconfigurationfile
Procedureforupdatingto4.16.05onanodewithanexternalinternetconnection
Procedureforupdatingto4.16.05fromalocalrepo
Orderofmachineupdate

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage8

Fora1hoststandaloneinstallation
Fora2hoststandaloneinstallation
Fora5hostclusteredinstallation
Fora9hostclusteredinstallation
Fora13hostclusteredinstallation
Fora12hostclusteredinstallation
Fora7hostAPIBaaSinstallation
Fora10hostAPIBaaSinstallation
Foranonstandardinstallation
RollbackProcess
Whocanperformtherollback
Whichcomponentscanberolledback
Torollback4.16.05

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage9

Overview
ThisdocumentprovidesanoverviewoftheApigeeEdgeforPrivateCloudinstallation.Thefulldocumentis
primarilydividedintotwoparts:
ArchitecturalOverview thesystemarchitectureandanoverviewoftheinstallationprocessand
requirements.
Installation
outlineofthestepsneededtoinstallandinitiallyconfigureacustomdeploymentof
ApigeeEdgeforPrivateCloud.
Thisversionofthisdocumenthasdetailsspecificto
version4.16.05
.Anyreferencesthatarespecificto
previousversionsareoversightsandshouldbereportedasbugs.

WhatsNew
SeetheApigeeEdgeforPrivateCloudreleasenotesforthisproductversion:
http://apigee.com/docs/releasenotes/content/apigeeedgereleasenotes

AccesstheApigeeCommunity
TheApigeeCommunity isafreeresourcewhereyoucancontactApigeeaswellasotherApigeecustomers
withquestions,tips,andotherissues.Beforepostingtothecommunity,besuretofirstsearchexistingpoststo
seeifyourquestionhasalreadybeenanswered.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage10

ArchitecturalOverview
BeforeinstallingApigeeEdgeforPrivateCloud,youshouldbefamiliarwiththeoverallorganizationofEdge
modulesandsoftwarecomponents.

ApigeeEdgeforPrivateCloud
ApigeeEdgeforPrivateCloudconsistsofthefollowingmodules:

ApigeeEdgeGateway(akaAPIServices)
ApigeeEdgeAnalytics
ApigeeAPIBaaS
ApigeeEdgeDeveloperChannel

ApigeeEdgeMonetizationServices(akaDeveloperServicesMonetization)
Note:
ApigeeEdgeDeveloperChannelisnotavailableforinstallationbytheEdgeforPrivateCloudinstaller.
DeveloperChannelisavailableforonpremisesinstallationbyaseparatescript.Ifyouwanttoinstall
DeveloperChannel,contact
ApigeeSupport .

Figure1:
ApigeeEdgeforPrivateCloudArchitecture

ApigeeEdgeGateway
EdgeGatewayisthecoremoduleofApigeeEdgeandisthemaintoolformanagingyourAPIs.TheGateway
UIprovidestoolsforaddingandconfiguringyourAPIs,settingupbundlesofresources,andmanaging
developersandapps.TheGatewayoffloadsmanycommonmanagementconcernsfromyourbackendAPI.
WhenyouaddanAPI,youcanapplypoliciesforsecurity,ratelimiting,mediation,caching,andothercontrols.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage11

YoucanalsocustomizethebehaviorofyourAPIbyapplyingcustomscripts,makingcalloutstothirdparty
APIs,andsoon.

SoftwareComponents
EdgeGatewayisbuiltfromthefollowingprimarycomponents:
EdgeManagementServer
ApacheZooKeeper
ApacheCassandra
EdgeRouter
EdgeMessageProcessor
OpenLDAP
EdgeUI
PlayFramework
EdgeGatewayisdesignedsothatthesemaybeallinstalledonasinglehostordistributedamongseveral
hosts.

ApigeeEdgeAnalytics
EdgeAnalyticshaspowerfulAPIanalyticstoseelongtermusagetrends.Youcansegmentyouraudienceby
topdevelopersandapps,learnaboutusagebyAPImethodtoknowwheretoinvest,andcreatecustom
reportsonbusinesslevelinformation.
AsdatapassesthroughApigeeEdge,severaldefaulttypesofinformationarecollectedincludingURL,IP,user
IDforAPIcallinformation,latency,anderrordata.Youcanusepoliciestoaddotherinformation,suchas
headers,queryparameters,andportionsofarequestorresponseextractedfromXMLorJSON.
AlldataispushedtoEdgeAnalyticswhereitismaintainedbytheanalyticsserverinthebackground.Data
aggregationtoolscanbeusedtocompilevariousbuiltinorcustomreports.

SoftwareComponents
EdgeAnalyticscomprisesthefollowing:
Qpid,whichconsistsofthefollowing
ApacheQpidmessagingsystem
ApigeeQpidServerserviceAJavaservicefromApigeeusedtomanageApacheQpid
Postgres,whichconsistsofthefollowing:
PostgreSQLdatabase
ApigeePostgresServerserviceAJavaservicefromApigeeusedtomanagethePostgreSQL
database

ApigeeAPIBaaS
APIBaaSisacompletebackendasaservice(BaaS)forpoweringmobileandWebappsthatyouinstallasan
additiontoEdge.APIBaaSgivesappdevelopersaccesstoaflexibledatastoreandkeydifferentiating
featuressuchassocialgraphs,geolocation,usermanagement,pushnotifications,performancemonitoring,

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage12

andmore.APIBaaSmakesthesefeaturesavailablewithSDKsforiOS,Android,JavaScript,andothers,
lettingappdevelopersfocusoncreatingtherichfeaturesanduserexperiencethattrulydifferentiateaclient
appratherthanburningtimeimplementingcorebackendservicesandinfrastructure.

APIBaaSFeatures
TheApigeedocumentationsitehasextensiveinformationonAPIBaaSfeatures.See
http://apigee.com/docs/appservices/content/appservicesfeatures (or
http://apigee.com/docs/content/documentationarchivestofindthedocsthatcorrespondtoearlierversionsof
theproduct)
ThefollowingdiagramillustrateshowAPIBaaScomponentsinteract.

Figure2:APIBaaSOverviewandArchitecture

SoftwareComponents
APIBaaSisbuiltfromthefollowingprimarycomponents:
APIBaaSStackdeployedintheTomcatwebserver
APIBaaSPortalUIdeployedintheNginxwebserver
ElasticSearchdistributedfulltextsearchengine.ElasticSearchcanbeinstalledonthesamenodeas
APIBaaSStack,oronitsownnode.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage13

YoucanscaletheAPIBaaSRESTAPIcapabilityhorizontallybyaddingTomcatserversandusingaLoad
Balancertoroutewebrequeststoallofyouractiveservers.
FormoreinformationongettingstartedwithAPIBaaS,see
http://apigee.com/docs/content/buildappshome
(or
http://apigee.com/docs/content/documentationarchivestofindthedocsthatcorrespondtoearlierversions
oftheproduct).

ApigeeEdgeDeveloperChannel
EdgeDeveloperChannelisatemplateportalforcontentandcommunitymanagement.Itisbasedontheopen
sourceDrupal(
http://www.drupal.org
)project.ThedefaultsetupallowscreatingandmanagingAPI
documentation,forums,andblogs.AbuiltintestconsoleallowstestingofAPIsinrealtimefromwithinthe
portal.
Apartfromcontentmanagement,DeveloperChannelhasvariousfeaturesforcommunitymanagementsuch
asmanual/automaticuserregistrationandmoderatingusercomments.RoleBasedAccessControl(RBAC)
modelcontrolstheaccesstofeaturesontheDeveloperChannel.Forexample,youcanenablecontrolsto
allowregisteredusertocreateforumposts,usetestconsoles,andsoon.
TheApigeeEdgeforPrivateClouddeploymentscriptdoesnotincludeDeveloperChanneldeployment.
DeveloperChanneldeploymentonpremisesissupportedbyitsowninstallationscript.Ifyouwanttoinstall
andconfigureDeveloperChannel,contact
ApigeeSupport.

ApigeeEdgeMonetizationServices
EdgeMonetizationServicesisanewpowerfulextensiontoApigeeEdgeforPrivateCloud.AsanAPIprovider,
youneedaneasytouseandflexiblewaytomonetizeyourAPIssothatyoucangeneraterevenuefortheuse
ofthoseAPIs.MonetizationServicessolvesthoserequirements.UsingMonetizationServices,youcancreate
avarietyofrateplansthatchargedevelopersfortheuseofyourAPIsbundledintopackages.Thesolution
offersanextensivedegreeofflexibility:youcancreateprepaidplans,postpaidplans,fixedfeeplans,
variablerateplans,freemiumplans,planstailoredtospecificdevelopers,planscoveringgroupsof
developers,andmore.
Inaddition,MonetizationServicesincludesreportingandbillingfacilities.Forexample,asanAPIprovider,you
cangetsummaryordetailedreportsontraffictoyourAPIpackagesforwhichdeveloperspurchasedarate
plan.Youcanalsomakeadjustmentstotheserecordsasnecessary.Andyoucancreatebillingdocuments
(whichincludeapplicabletaxes)fortheuseofyourAPIpackagesandpublishthosedocumentstodevelopers.
YoucanalsosetlimitstohelpcontrolandmonitortheperformanceofyourAPIpackagesandallowyouto
reactaccordingly,andyoucansetupautomaticnotificationsforwhenthoselimitsareapproachedorreached.
Note:
ThecoreApigeeEdge(GatewayandAnalytics)isaprerequisiteforusingMonetizationServices.

MonetizationServicesFeatures
ThekeyfeaturesofEdgeMonetizationServicesinclude:
FullyintegratedwiththeAPIplatformmeansrealtimeinteraction

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage14

Supportallbusinessmodelsoutoftheboxfromsimplefeebasedplanstothemostcomplex
charging/revenueshareplans(easytocreateandmodifyplans)
Ratetransactionsonvolumeorcustomattributeswithineachtransaction.Transactioncanbemade
upofAPIsfromGatewayPLUSothersystems(externaltoApigeeEdge)
Automatedtoolssuchaslimitsandnotificationstomonitorperformanceandmanagetheprocess
Integrateddeveloper/partnerworkflowandcontrolstomanagepurchasethroughthebilling/payment
Fullyselfserviceforbusinessusersanddevelopers/partners,sononeedforcostlytechnical
intervention
Integratedwithanybackendsales,accountingandERPsystem

Figure3:
EdgeMonetizationServicesOverview

SoftwareComponents
EdgeMonetizationServicesisbuiltontopofthefollowingprimarycomponents:
EdgeManagementServer
EdgeMessageProcessor
FormoreinformationongettingstartedwithMonetizationServicesusingEdgeUI,see
http://apigee.com/docs/monetizationservices/content/getstartedusingmonetizationservices (or
http://apigee.com/docs/content/documentationarchives tofindthedocsthatcorrespondtoearlierversionsof
theproduct).
IfyouwishtoinstallEdgeMonetizationServices,see
InstallingMonetizationServices
.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage15

OnPremisesDeployment
AnonpremisesinstallationofcoreApigeeEdgeforPrivateCloud(GatewayandAnalytics)providesthe
infrastructurerequiredtorunAPItrafficonbehalfoftheonpremisesclientscustomers.
ThecomponentsprovidedbytheonpremisesinstallationofEdgeGatewayinclude(butarenotlimitedto):
A
Router handlesallincomingAPItrafficfromaloadbalancer,determinestheorganizationand
environmentsfortheAPIproxythathandlestherequest,balancesrequestsacrossavailableMessage
Processors,andthendispatchestherequest.TheRouterterminatestheHTTPrequest,handlesthe
SSLtraffic,andusesthevirtualhostname,port,andURItosteerrequeststotheappropriateMessage
Processor.
A
MessageProcessor processesAPIrequests.TheMessageProcessorevaluatesanincoming
request,executesanyApigeepolicies,andcallsthebackendsystemsandothersystemstoretrieve
data.Oncethoseresponseshavebeenreceived,theMessageProcessorformatsaresponseand
returnsittotheclient.
An
ApacheCassandra istheruntimedatarepositorythatstoresapplicationconfigurations,distributed
quotacounters,APIkeys,andOAuthtokensforapplicationsrunningonthegateway.
An
ApacheZooKeeper containsconfigurationdataaboutthelocationandconfigurationofthevarious
Apigeecomponents,andnotifiesthedifferentserversofconfigurationchanges.
An
OpenLDAP
(LDAP)tomanagesystemandorganizationuserandroles.
A
ManagementServer
toholdthesepiecestogether.TheManagementServeristheendpointfor
EdgeManagementAPIrequests.ItalsointeractswiththeEdgeUI.
A
UI
providesbrowserbasedtoolingthatletsyouperformmostofthetasksnecessarytocreate,
configure,andmanageAPIproxies,APIproducts,apps,andusers.
ThecomponentsprovidedbytheonpremisesinstallationofEdgeAnalyticsinclude:
A
QpidServer
managesqueuingsystemforanalyticsdata.
A
PostgresServer
managesthePostgreSQLanalyticsdatabase.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage16

ThefollowingdiagramillustrateshowApigeeEdgecomponentsinteract.

Figure4:
ConceptualComponentInteractions

InstallationTopologiesandSystemRequirements
ThissectiondescribestheEdgeinstallationtopologiesandsystemrequirements.

Installationtopologies
TheInstallationGuidecoversthefollowingbasic,onpremisesinstallationscenarios.Inadditiontothese,you
haveoptionstochooseotherscenariosbycustomizingthesebasicscenariosthatbestmeettherequirements
ofyourbusiness.
1) AllinoneInstallation:
AsinglehostrunsallEdgecomponents.Notethatthisconfigurationisonlyto
beusedforgettingstartedwithEdgeorforinitialprototyping.Itisnottobeusedasadeploymentor
productionenvironment.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage17

Figure5
:AllinoneSetup

:
2) Standaloneinstallation(2host,SASAX)Inthisscenario,asinglehostrunsGatewaystandalone
serversandassociatedcomponentsApigeeManagementServer,ApacheZooKeeper,Apache
Cassandra,OpenLDAP,EdgeUI,ApigeeRouter,andApigeeMessageProcessor.Theotherhostruns
AnalyticsstandalonecomponentsQpidServerandPostgresServer.

Figure6:
StandaloneSetup

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage18

3) 5hostclusteredinstallation(MINHA2SAX) :
Inthisscenario,threehostsrunZooKeeperand
Cassandraclusters.OneofthosethreehostsalsorunstheApigeeManagementServer,OpenLDAP,
andEdgeUI.TwoofthosethreehostsalsorunApigeeRouter+MessageProcessor.Twohostsrun
ApigeeAnalytics.
Note:
ThisscenariocombinesclusterandGatewaycomponentstoreducethenumberofserversused.
Toachieveoptimalperformance,theclustercanalsobedeployedonthreedifferentservers.
ThisscenarioalsointroducesamasterstandbyreplicationbetweentwoPostgresnodesif
analyticsstatisticsaremissioncritical.

Figure7:
FivehostClusteredSetup
4) 9hostclusteredinstallation(PerformanceHASetup) :

Thisscenarioissimilartofivehostclustered
installationbuthasdifferentAnalyticscomponentssetuptoachieveperformancehighavailability.
Note:
ThisscenariointroducesamasterstandbyreplicationbetweentwoPostgresnodesifAnalytics
statisticsaremissioncritical.

Figure8:
NinehostClusteredSetup

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage19

5) 13hostclusteredinstallation(PerformanceHAwithseparatedatazone) :

Thisscenarioisan
enhancementofninehostclusteredinstallationcoveringseparatedatazonesfordataandApigee
serversinonedatacentersetup.HereLDAPisinstalledasanindependentseparatenode.
Note:
ThisscenariousesmastermasterOpenLDAPreplicationandmasterstandbyPostgres
replicationinonedatacentersetup.

Figure9:
13hostClusteredSetup

6) 12hostclusteredinstallation(MINAPItrafficDR/AXHA) :

Thisscenariocoversdisasterrecovery
andanalyticshighavailabilityacrosstwodatacentersusingAPIDNsupport.Formoreinformationon
APIDN,seeAppendixB:APIDNSupport .
Note:
ThisscenariousesmastermasterOpenLDAPreplicationandmasterstandbyPostgres
replication(acrosstwodatacenters).

Figure10:
12hostClusteredSetup

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage20

:
7) 7hostand10hostAPIBaaSInstallationInthisscenario,youinstallAPIBaaSon10hosts.The
CassandranodescanbededicatedtoAPIBaaS,orcanbesharedwithEdge.

Figure11:
10hostClusteredSetup

:
8) 7hostand10hostAPIBaaSInstallationInthisscenario,threehostsruntheAPIBaaSStackand
ElasticSearch.

Figure12:
7hostClusteredSetup

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage21

9) InstallingMonetizationServices:
MonetizationServicesrunswithinanyexistingApigeeEdgesetup.In
thisscenario,youinstallMonetizationServicestheApigeeManagementServerandMessage
Processor.ToinstallMonetizationonEdgewheretheEdgeinstallationhasmultiplePostgresnodes,
thePostgresnodesmustbeconfiguredinMaster/Standbymode.YoucannotinstallMonetizationon
EdgeifyouhavemultiplePostgresmasternodes.

InstallationRequirements
ThissectionexplainstherequirementsforApigeeEdgeforPrivateCloudinstallation.

HardwareRequirements
Youmustmeetthebasichardwareconfigurationsthatsupportthebasichostinstallation.Forallinstallation
scenariosdescribedabove,thefollowingtableslisttheminimumhardwarerequirementsfortheinstallation
components.
Inthesetablestheharddiskrequirementsareinadditiontotheharddiskspacerequiredbytheoperating
system.Dependingonyourapplicationsandnetworktraffic,yourinstallationmightrequiremoreorfewer
resourcesthanlistedbelow.

InstallationComponent RAM CPU Minimumharddisk

Cassandra 16GB 8core 250GBlocalstoragewithSSDorfastHDD
supporting2000IOPS
MessageProcessor/Routeron 8/16GB 4/8core 100GB
samemachine
AnalyticsPostgres/Qpidon 16GB* 8core* 500GB1TB**localstoragewithSSDor
sameserver(notrecommended fastHDD.
forproduction)
Forinstallationsgreaterthan250TPS
(transactionspersecond),HDDwith1000
IOPSisrecommended.
AnalyticsPostgresstandalone 16GB* 8core* 500GB1TB**localstoragewithSSDor
fastHDDsupporting2000IOPS
AnalyticsQpidstandalone 8GB 4core 20GB500GBlocalstoragewithSSDor
fastHDD
Forinstallationsgreaterthan250TPS,
HDDwithlocalstoragesupporting1000
IOPSisrecommended.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage22

Other(OpenLDAP,UI, 4GB 2core 60GB

ManagementServer)
*AdjustPostgressystemrequirementsbasedonthroughput:
Lessthan250TPS:8GB,4corecanbeconsideredwithlocalstoragesupporting1000IOPS
Greaterthan250TPS:16GB,8core,localstoragesupporting1000IOPS
Greaterthan1000TPS:16GB,8core,localstoragesupporting2000IOPS
Greaterthan2000TPS:32GB,16core,localstoragesupporting2000IOPS
Greaterthan4000TPS:64GB,32core,localstoragesupporting4000IOPS

**ThePostgresharddiskvalueisbasedontheoutoftheboxanalyticscapturedbyEdge.Ifyouaddcustomvalues
totheanalyticsdata,thenthesevaluesshouldbeincreasedaccordingly.Usethefollowingformulatoestimatethe
requiredstorage:

(#bytes/request)*(requestspersecond)*(secondsperhour)*(hoursofpeakusageperday)*(dayspermonth)*
(monthsofdataretention)=bytesofstorageneeded

Forexample:

(500bytesofanalyticsdataperrequest)*100req/sec*3600secs/hr*18hourspeakusageperday*30
days/month*3monthsretention=291,600,000,000bytesor292GB.

Inaddition,thefollowingliststhehardwarerequirementsifyouwishtoinstalltheMonetizationServices:
ComponentwithMonetization RAM CPU Harddisk
ManagementServer(with 8GB 4core 60GB
MonetizationServices)
AnalyticsPostgres/Qpidonsame 16G 8core 500GB1TBwithSSDorFast
server B HDD,orusetherulefromthetable
above
AnalyticsPostgresstandalone 16G 8core 500GB1TBwithSSDorFast
B HDD,orusetherulefromthetable
above
AnalyticsQpidstandalone 8GB 4core 40GB

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage23

ThefollowingliststhehardwarerequirementsifyouwishtoinstallAPIBaaS:
APIBaaSComponent RAM CPU Harddisk
ElasticSearch* 8GB 4core 6080GB
APIBaaSStack* 8GB 4core 6080GB
APIBaaSPortal 1GB 2core 20GB
Cassandra(Optionaltypicallyyou 16G 8core 250GBlocalstoragewithSSDor
usethesameCassandraclusterfor B fastHDDsupporting2000IOPS
bothEdgeandAPIBaaSServices)
*YoucaninstallElasticSearchandAPIBaaSStackonthesamenode.Ifyoudo,configure
ElasticSearchtouse4GBofmemory(default).IfElasticSearchisinstalledonitsownnode,
thenconfigureittouse6GBofmemory.
Note:
Iftherootfilesystemisnotlargeenoughfortheinstallation,itisrecommendedtoplacethedataontoa
largerdisk.
IfanolderversionofApigeeEdgeforPrivateCloudwasinstalledonthemachine,ensurethatyou
/tmp/java
deletethefolder beforeanewinstallation.
/tmp
Thesystemwidetemporaryfolder needsexecutepermissionsinordertostartCassandra.
Ifuserapigeewascreatedpriortotheinstallation,ensurethat/home/apigeeexistsashome
directoryandisownedbyapigee:apigee.

OperatingSystemandthirdpartysoftwarerequirements
Theseinstallationinstructionsandthesuppliedinstallationfileshavebeentestedontheoperatingsystems
andthirdpartysoftwarelistedhere:
https://apigee.com/docs/apiservices/reference/supportedsoftware

Creatingtheapigeeuser
TheinstallationprocedurecreatesaUnixsystemusernamed'apigee'.Edgedirectoriesandfilesareownedby
'apigee',asareEdgeprocesses.ThatmeansEdgecomponentsrunasthe'apigee'user.ifnecessary,youcan
runcomponentsasadifferentuser.See
BindingtheRoutertoaprotectedportforanexample.

Installationdirectory
/opt/apigee
Bydefault,theinstallerwritesallfilestothe directory.Youcannotchangethisdirectory
location.
Note
:Whileyoucannotchangethisdirectory,youcancreateasymlinktomap/opt/apigeetoanotherlocation.
See
Creatingasymlinkfrom/opt/apigeeformoreinformation.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage24

<inst_root>/apigee
Intheinstructionsinthisguide,theinstallationdirectoryisnotedas/ ,where
<inst_root>
/ /opt
is bydefault.

Java
YouneedasupportedversionofJava1.8installedoneachmachinepriortotheinstallation.SupportedJDKs
arelistedhere:
https://apigee.com/docs/apiservices/reference/supportedsoftware
Ensurethat pointstotherootoftheJDKfortheuserperformingtheinstallation.
JAVA_HOME

NetworkSetting

Itisrecommendedtocheckthenetworksettingpriortotheinstallation.Theinstallerexpectsthatallmachines
havefixedIPaddresses.Usethefollowingcommandstovalidatethesetting:
hostname
returnsthenameofthemachine
hostname

i
returnstheIPaddressforthehostnamethatcanbeaddressedfromothermachines.
Dependingonyouroperatingsystemtypeandversion,youmighthavetoedit /etc/hosts and
/etc/sysconfig/network ifthehostnameisnotsetcorrectly.Seethedocumentationforyourspecific
operatingsystemformoreinformation.

Cassandra
AllCassandranodeshavetobeconnectedtoaring.
CassandraautomaticallyadjustsitsJavaheapsizebasedontheavailablememory.Formore,see
Tuning
Javaresources
.Intheeventofaperformancedegradationorhighmemoryconsumption.
EdgeforPrivateCloud
Afterinstallingthe examiningthe
,youcancheckthatCassandraisconfiguredcorrectlyby
/<inst_root>/apigee/apigeecassandra/conf/cassandra.yaml file.Forexample,ensurethat
theEdgeforPrivateCloudinstallationscriptsetthefollowingproperties:
cluster_name
initial_token
partitioner
seeds
listen_address
rpc_address
snitch

Warning
:Donoteditthisfile.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage25

PostgreSQLdatabase
AfteryouinstallEdge,youcanadjustthefollowingPostgreSQLdatabasesettingsbasedontheamountof
RAMavailableonyoursystem:
conf_postgresql_shared_buffers=35%ofRAM#min128kB
conf_postgresql_effective_cache_size=45%ofRAM
conf_postgresql_work_mem=512MB#min64kB

Note:ThesesettingsassumethatthePostgreSQLdatabaseisonlyusedforEdgeanalytics,andnotforany
otherpurpose.
Tosetthesevalues:
postgresql.properties
1. Edit :
>vi/<inst_root>/apigee/customer/application/postgresql.properties

Ifthefiledoesnotexist,createit.
2. Setthepropertieslistedabove.
3. Saveyouredits.
4. RestartthePostgreSQLdatabase:
>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceapigeepostgresqlrestart

jsvc
jsvcisaprerequisiteforusingAPIBaaS.Version1.0.15devisinstalledwhenyouinstalltheAPIBaaS.

NetworkSecurityServices(NSS)
NetworkSecurityServices(NSS)isasetoflibrariesthatsupportsdevelopmentofsecurityenabledclientand
serverapplications.YoushouldensurethatyouhaveinstalledNSSv3.19,orlater.
Tocheckyourcurrentversion:
>yuminfonss
ToupdateNSS:
>yumupdatenss
See
thisarticle
fromRedHatformoreinformation.

AWSAMI
IfyouareinstallingEdgeonanAWSAmazonMachineImage(AMI)forRedHatEnterpriseLinux7.x,you
mustfirstrunthefollowingcommand:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage26

>yumconfigmanagerenablerhuiREGIONrhelserverextras
rhuiREGIONrhelserveroptional

Tools
TheinstallerusesthefollowingUNIXtoolsinthestandardversionasprovidedbyEL5orEL6.

awk dirname ls rpm unzip

basename echo perl rpm2cpio useradd
bash expr pgrep(fromprocps) sed wc
bc grep ps tar yum
curl hostname pwd tr chkconfig
date id python uname sudo
Note:
/usr/sbin
Theexecutableforthetooluseraddislocatedin /sbin
andforchkconfigin .
Withsudoaccessyoucangainaccessovertheenvironmentofthecallinguser,forexample,usually
sudo<command
onewouldcall sudoPATH=$PATH:/usr/sbin:/sbin<command
>or >.
Ensurethatyouhavepatchtoolinstalledpriortoaservicepack(patch)installation.
ntpdate Itisrecommendedtohavetheserverstimesynchronized.Ifnotalreadyconfigured,ntpdateutility
couldservethispurpose,whichverifieswhetherserversaretimesynchronized.Youcanuse yuminstall
ntptoinstalltheutility.ThisisparticularlyusefulforreplicatingOpenLDAPsetups.Notethatyousetup
servertimezoneinUTC.
openldap2.4 TheonpremisesinstallationrequiresOpenLDAP2.4.IfyourserverhasanInternet
connection,thentheEdgeinstallscriptdownloadsandinstallsOpenLDAP.Ifyourserverdoesnothavean
Internetconnection,youmustensurethatOpenLDAPisalreadyinstalledbeforerunningtheEdgeinstallscript.
OnRHEL/CentOS,youcanrun" yuminstallopenldapclientsopenldapservers "toinstallthe
OpenLDAP.
For13hostinstallations,and12hostinstallationswithtwoDataCenters,yourequireOpenLDAPreplication
becausetherearemultiplenodeshostingOpenLDAP.

FirewallsandVirtualHosts
ThetermvirtualcommonlygetsoverloadedintheITarena,andsoitiswithanApigeeEdgeforPrivateCloud
deploymentand virtualhosts
.Toclarify,therearetwoprimaryusesofthetermvirtual:
Virtualmachines(VM): Not
required,butsomedeploymentuseVMtechnologytocreateisolated
serversfortheirApigeecomponents.VMhosts,likephysicalhosts,canhavenetworkinterfacesand
firewalls.TheseinstallationinstructionsdonotspecificallysupportVMinstallations.
Virtualhosts: virtualhost.
Webendpoints,analogoustoanApache

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage27

hostalias
ArouterinaVMcanexposemultiplevirtualhosts(aslongastheydifferfromoneanotherintheir or
port
intheirinterface ).
Justasanamingexample,asinglephysicalserverAmightberunningtwoVMs,namedVM1andVM2.
LetsassumeVM1exposesavirtualEthernetinterface,whichgetsnamed eth0insidetheVM,andwhichis
assignedIPaddress
111.111.111.111 bythevirtualizationmachineryoranetworkDHCPserverandthen
assumeVM2exposesavirtualEthernetinterfacealsonamed eth0anditgetsassignedanIPaddress
111.111.111.222 .
WemighthaveanApigeerouterrunningineachofthetwoVMs.Theroutersexposevirtualhostendpointsas
inthishypotheticalexample:
TheApigeerouterinVM1exposesthreevirtualhostsonits
eth0interface(whichhassomespecificIP
address),
api.mycompany.com:80,
api.mycompany.com:443 ,and
test.mycompany.com:80 .
TherouterinVM2exposes (samenameandportasexposedbyVM1).
api.mycompany.com:80

Thephysicalhostsoperatingsystemmighthaveanetworkfirewallifso,thatfirewallmustbeconfiguredto
passTCPtrafficboundfortheportsbeingexposedonthevirtualizedinterfaces( 111.111.111.111:{80,443}
and111.111.111.222:80 ).Inaddition,eachVMsoperatingsystemmayprovideitsownfirewallonitseth0
interfaceandthesetoomustallowports and
80 traffictoconnect.
443

basepath
The isthethirdcomponentinvolvedinroutingAPIcallstodifferentAPIproxiesthatyoumayhave
deployed.APIproxybundlescanshareanendpointiftheyhavedifferentbasepaths.Forexample,one
basepathcanbedefinedas http://api.mycompany.com:80/ andanotherdefinedas
http://api.mycompany.com:80/ salesdemo .
Inthiscase,youneedaloadbalancerortrafficdirectorofsomekindsplittingthe
http://api.mycompany.com:80/ trafficbetweenthetwoIPaddresses( 111.111.111.111 onVM1and
111.111.111.222 onVM2).Thisfunctionisspecifictoyourparticularinstallation,andisconfiguredbyyour
localnetworkinggroup.
ThebasepathissetwhenyoudeployanAPI.Fromtheaboveexample,youcandeploytwoAPIs, mycompany
and
testmycompany ,fortheorganization
mycompanyorg withthevirtualhostthathasthehostaliasof
api.mycompany.com andtheportsetto .Ifyoudonotdeclareabasepathinthedeployment,thentherouter
80
doesnotknowwhichAPItosendincomingrequeststo.
However,ifyoudeploytheAPI
testmycompanywiththebaseURLof /salesdemo,thenusersaccessthatAPI
using
http://api.mycompany.com:80/salesdemo .IfyoudeployyourAPI
mycompany withthebaseURLof
/
thenyourusersaccesstheAPIbytheURL
http://api.mycompany.com:80/ .

Edgeportrequirements
TheneedtomanagethefirewallgoesbeyondjustthevirtualhostsbothVMandphysicalhostfirewallsmust
allowtrafficfortheportsrequiredbythecomponentstocommunicatewitheachother.
ThefollowingimageshowstheportsrequirementsforeachEdgecomponent:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage28

Notesonthisdiagram:
*Port8082ontheMessageProcessoronlyhastobeopenforaccessbytheRouterwhenyou
configureTLS/SSLbetweentheRouterandMessageProcessor.IfyoudonotconfigureTLS/SSL
betweentheRouterandMessageProcessor,thedefaultconfiguration,port8082stillmustbeopenon
theMessageProcessortomanagethecomponent,buttheRouterdoesnotrequireaccesstoit.
Theportsprefixedby"M"areportsusedtomanagethecomponentandmustbeopenonthe
component.
Thefollowingcomponentsrequireaccesstoport8080ontheManagementServer:Router,Message
Processor,UI,Postgres,andQpid.
AMessageProcessormustopenport4528asitsmanagementport.IfyouhavemultipleMessage
Processors,theymustallbeabletoaccesseachotheroverport4528(indicatedbythelooparrowin
thediagramaboveforport4528ontheMessageProcessor).IfyouhavemultipleDataCenters,the
portmustbeaccessiblefromallMessageProcessorsinallDataCenters.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage29

Whileitisnotrequired,youcanopenport4527ontheRouterforaccessbyanyMessageProcessor.
Otherwise,youmightseeerrormessagesintheMessageProcessorlogfiles.
ARoutermustopenport4527asitsmanagementport.IfyouhavemultipleRouters,theymustallbe
abletoaccesseachotheroverport4527(indicatedbythelooparrowinthediagramaboveforport
4527ontheRouter).
AccesstoJMXportscanbeconfiguredtorequireausername/password.See
http://docs.apigee.com/apiservices/latest/howmonitor
formoreinformation.
YoucanoptionallyconfigureSSLaccessforcertainconnections,whichcanusedifferentports.See
SSL
intheApigeeonlinedocumentationformore.
ssh
Youcanoptionallyopenportsonindividualnodestoallow access.
YoucanconfiguretheManagementServertosendemailsthroughanexternalSMTPserver.Ifyoudo,
youmustensurethattheManagementServercanaccessthenecessaryportontheSMTPserver.See
http://docs.apigee.com/apiservices/latest/howmonitor
formoreinformation.

Thetablebelowshowstheportsneedtobeopenedinfirewalls,byEdgecomponent:

Component Port Description

StandardHTTP 80,443 HTTPplusanyotherportsyouuseforvirtualhosts
ports
Management 8080 PortforEdgemanagementAPIcalls.Thesecomponents
Server requireaccesstoport8080ontheManagementServer:
Router,MessageProcessor,UI,Postgres,andQpid.
1099 JMXport
4526 Fordistributedcacheandmanagementcalls
ManagementUI 9000 PortforbrowseraccesstomanagementUI
Message 8998 MessageProcessorportforcommunicationsfromRouter
Processor
8082 DefaultmanagementportforMessageProcessor.
IfyouconfigureTLS/SSLbetweentheRouterandMessage
Processor,usedbytheRoutertomakehealthchecksonthe
MessageProcessor.
1101 JMXport
4528 Fordistributedcacheandmanagementcalls
Router 8081 DefaultmanagementportforRouter
4527 Fordistributedcacheandmanagementcalls

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage30

ZooKeeper 2181 UsedbyothercomponentslikeManagementServer,Router,

MessageProcessorandsoon
2888, UsedinternallybyZooKeeperforZooKeepercluster(known
3888 asZooKeeperensemble)communication
Cassandra 7000, ApacheCassandraportsforcommunicationbetween
9042, Cassandranodes
9160
7199 JMXport
Qpid 5672 UsedforcommunicationsfromtheRouterandMessage
ProcessortoQpidserver
8083 DefaultmanagementportonQpidserver
1102 JMXport
4529 Fordistributedcacheandmanagementcalls
Postgres 5432 UsedforcommunicationfromQpid/ManagementServerto
Postgres
8084 DefaultmanagementportonPostgresserver
1103 JMXport
4530 Fordistributedcacheandmanagementcalls
LDAP 10389 OpenLDAP
SmartDocs 59002 TheportontheEdgerouterwhereSmartDocspage
requestsaresent.
Note:Inaddition,youmayneedtoopenportsinthefirewallsfortesting.Forexample,59001,
andsoon.

Thenexttableshowsthesameports,listednumerically,withthesourceanddestinationcomponents:
Port Purpose Source DestinationComponent
Number Component
<virtual HTTPplusanyotherports Externalclient(or ListeneronMessage
hostport#> youuseforvirtualhostAPI loadbalancer) Router
calltraffic.Ports80and443
aremostcommonlyused
theMessageRoutercan
terminateSSLconnections.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage31

1099 JMXManagement JMXClient ManagementServer

through (1099)
1103
MessageProcessor(1101)
QpidServer(1102)
PostgresServer(1103)
2181 Zookeeperclient ManagementServer Zookeeper
communication
Router
MessageProcessor
QpidServer
PostgresServer
2888and Zookeeperinternode Zookeeper Zookeeper
3888 management
4526 RPCManagementports ManagementServer ManagementServer
through usedfordistributedcache (4526)

4530 andcallsfromthe
Router(4527)
ManagementServerstothe
othercomponents MessageProcessor(4528)

QpidServer(4529)
PostgresServer(4530)
4528 Fordistributedcachecalls Router MessageProcessor
MessageProcessor
5432 Postgresclient QpidServer Postgres
5672 Usedforsendinganalytics Router Qpiddaemon
fromRouterandMessage
MessageProcessor
ProcessortoQpid
7000 Cassandrainternode Cassandra OtherCassandranode
communications
7199 JMXmanagement JMXclient Cassandra
8080 ManagementAPIport ManagementAPI ManagementServer
clients
8081 ComponentAPIports,used ManagementAPI Router(8081)
through forissuingAPIrequests clients
MessageProcessor(8082)
8084 directlytoindividual
components.Each QpidServer(8083)

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage32

componentopensadifferent
PostgresServer(8084)
porttheexactportused
dependsonthe
configuration
8998 Communicationbetween Router MessageProcessor
routerandmessage
processor
9000 DefaultEdgemanagement Browser ManagementUIServer
UIport
9042 CQLnativetransport Router Cassandra
MessageProcessor
ManagementServer
9160 Cassandrathriftclient Router Cassandra
MessageProcessor
ManagementServer
10389 LDAPport ManagementServer ApcheDS/OpenLDAP
59002 Therouterportwhere SmartDocs Router
SmartDocspagerequests
aresent

AMessageProcessorkeepsadedicatedconnectionpoolopentoCassandra,whichisconfiguredtonever
timeout.WhenafirewallisbetweenamessageprocessorandCassandraserver,thefirewallcantimeoutthe
connection.However,themessageprocessorisnotdesignedtoreestablishconnectionstoCassandra.
Topreventthissituation,ApigeerecommendsthattheCassandraserver,messageprocessor,androutersbe
inthesamesubnetsothatafirewallisnotinvolvedinthedeploymentofthesecomponents.
Ifafirewallisbetweentherouterandmessageprocessors,andhasanidletcptimeoutset,our
recommendationsisto:
net.ipv4.tcp_keepalive_time=1800
1. Set insysctlsettingsonLinuxOS,where1800should
belowerthanthefirewallidletcptimeout.Thissettingshouldkeeptheconnectioninanestablished
statesothatthefirewalldoesnotdisconnecttheconnection.
2. OnallMessageProcessors,edit
/<inst_root>/apigee/customer/application/messageprocessor.properties
toadd
thefollowingproperty.Ifthefiledoesnotexist,createit.

conf_system_casssandra.maxconnecttimeinmillis=1

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage33

3. RestarttheMessageProcessor:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgemessageprocessor
restart

/<inst_root>/apigee/customer/application/router.properties
4. OnallRouters,edit to
addthefollowingproperty.Ifthefiledoesnotexist,createit.

conf_system_casssandra.maxconnecttimeinmillis=1
5. RestarttheRouter:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
Ifyouinstallthe12hostclusteredconfigurationwithtwoDataCenters,ensurethatthenodesinthetwoData
Centerscancommunicateovertheportsshownbelow:

Note:
AllMessageProcessorsinallDataCentersmustallbeabletoaccesseachotheroverport4528.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage34

APIBaaSportrequirements
IfyouopttoinstalltheAPIBaaS,youaddtheAPIBaaSStackandAPIBaaSPortalcomponents.These
componentsusetheportsshowninthefigurebelow:

TheCassandranodescanbededicatedtoAPIBaaS,orcanbesharedwithEdge.
AproductioninstallationofAPIBaaSusesaloadbalancerbetweentheAPIBaaSPortalnodeandAPIBaaS
Stacknodes.WhenconfiguringthePortal,andwhenmakingBaaSAPIcalls,youspecifytheIPaddressor
DNSnameoftheloadbalancer,notoftheStacknodes.
Thetablebelowshowsthedefaultportsthatneedtobeopenedinfirewalls,bycomponent:

Component Port Description

APIBaaSPortal 9000 PortfortheAPIBaaSUI
APIBaaSStack 8080 Port
whereAPIrequestarereceived

ElasticSearch 9200to ForcommunicatingwithAPIBaaSStackandfor

9400 communicatingbetweenElasticSearchnodes

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage35

Licensing
EachinstallationofEdgerequiresauniquelicensefilethatyouobtainfromApigee.Youwillneedtoprovide
thepathtothelicensefilewheninstallingthemanagementserver,forexample/tmp/license.txt .
Theinstallercopiesthelicensefileto/
<inst_root>/apigee/customer/conf/license.txt
Iflicensefileisvalid,themanagementservervalidatestheexpiryandallowedMessageProcessor(MP)count.
Ifanyofthelicensesettingsisexpired,youcanfindthelogsinthefollowinglocation:
<inst_root>/apigee/var/log/edgemanagementserver/logs
/ .Inthiscaseyoucancontact
ApigeeSupport formigrationdetails.

InstallationChecklist
Note:
IfanolderversionofApigeeEdgeforPrivateCloudwasinstalledonthemachine,ensurethatyou
/tmp/java
deletethefolder beforeanewinstallation.
Ifuserapigeewascreatedpriortotheinstallation,ensurethat/home/apigeeexistsashome
directoryandisownedbyapigee:apigee.
Thechecklistcoverstheprecedingprerequisitesandprovidesalistofrequiredfilestoobtainbefore
proceeding.Hereisasummaryoftheprimaryrequirementscoveredthere.
Installationuser:Theuserperformingthisinstallationmustbetherootuser,orauserwithsudo
privileges.Inmanyofthecommandsbelow,ifyouarenotloggedinasroot,prefixthecommandswith
sudo
" ".
Edgesystemadministratorcredentials :Aspartoftheinstallation,youarepromptedtospecifyan
emailaddressandpasswordusedtocreatetheEdgesystemadministratoraccount.Neverusethese
credentialsforanythingotherthanEdgesystemadministration.Youcanlatercreatedifferentusersand
usertypestocreateandmanageAPIproxies,apps,andallotheruserleveltasks.

Tochangetheadministratorpassword donotusetheEdgeUItochangetheadministrator
password.See http://docs.apigee.com/apiservices/latest/resettingpasswords formoreinformation.
OS:Foroperatingsystemrequirements,see
https://apigee.com/docs/apiservices/reference/supportedsoftware
.
Java:JavarequirementsarecoveredunderPrerequisitesabove.Referto
https://apigee.com/docs/apiservices/reference/supportedsoftware proceeding.

EnsurethatJAVA_HOME pointstotherootoftheJDKfortheuserperformingtheinstallation.
Firewalls:
Firewall/hostrequirementsarecoveredunderPrerequisitesabove.Refertothe
Firewalls

andVirtualHostssectionbeforeproceeding.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage36

TCPWrappers :TCPWrapperscanblockcommunicationofsomeportsandcanaffectOpenLDAP,
Postgres,andCassandrainstallation.Onthosenodes,check /etc/hosts.allow and
/etc/hosts.deny toensurethattherearenoportrestrictionsontherequiredOpenLDAP,Postgres,
andCassandraports.
SELinux :DependingonyoursettingsforSELinux,Edgecanencounterissueswithinstallingand
startingEdgecomponents.Ifnecessary,youcandisableSELinuxorsetittopermissivemodeduring
installation,andthenreenablingitafterinstallation.See
Prerequisite:DisableSELinuxformore.
iptables
:Validatethattherearenoiptablespoliciespreventingconnectivitybetweennodesonthe
requiredEdgeports.Ifnecessary,youcanstopiptablesduringinstallationusingthecommand:

>sudo/etc/init.d/iptablesstop

OnCentOS7.x:

>systemctlstopfirewalld
Licensefile:
AvalidlicensefilemustbeobtainedtoinstallApigeeEdge.Licensinginformationis
coveredunderPrerequisitesabove.Refertothe Licensing
sectionbeforeproceeding.
Distributionfiles:
TheApigeeEdgedistributionfilesareinstalledasasetofRPMsanddependencies.
Systemlimits:
o OnCassandranodes,setsoftandhardmemlock,nofile,andaddressspace(as)limitsfor
/etc/security/limits.conf
installationuser(defaultisapigee")in asshownbelow:

apigeesoftmemlockunlimited
apigeehardmemlockunlimited
apigeesoftnofile32768
apigeehardnofile65536
apigeesoftasunlimited
apigeehardasunlimited

o OnMessageProcessornodes,setthemaximumnumberofopenfiledescriptorsto64Kby
usingthecommand:

>ulimitn65535

Ifnecessary,youcanraisethatlimit.Forexample,ifyouhavealargenumberoftemporaryfiles
openatanyonetime.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage37

InstallationConsiderations
AtypicalEdgeinstallationconsistsofEdgecomponentsdistributedacrossmultiplenodes.Afteryouinstall
Edgeonanode,youtheninstallandconfigureoneormoreEdgecomponentsonthenode.

Installationprocess
InstallingEdgeonanodeisamultistepprocess:
DisableSELinuxonthenodeorsetittopermissivemode.See
Prerequisite:DisableSELinuxformore.
SelectyourEdgeconfigurationfromthelistofrecommendedtopologies.Forexample,youcaninstall
Edgeonasinglenodefortesting,oron13nodesforproduction.See
Installationtopologiesformore.
apigeesetup
Oneachnodeinyourselectedtopology,installtheEdge utility:
o bootstrap_4.16.05.sh
DownloadtheEdge fileto
/tmp/bootstrap_4.16.05.sh.
o Install apigeeservice
theEdge utilityanddependencies.
o InstalltheEdgeapigeesetup utilityanddependencies.

See
InstalltheEdgeapigeesetuputilityformore.
apigeesetup
Usethe utilitytoinstalloneormoreEdgecomponentsoneachnodebasedonyour
selectedtopology.

See
InstallEdgecomponentsonanode .
OntheManagementServernode,usethe apigeesetup apigeeprovision
utilitytoinstall ,the
utilitiesthatyouusetocreateandmanageEdgeorganizations.

See Onboardanorganization
formore.

Handlinganinstallationfailure
InthecaseofafailureduringtheinstallationofanEdgecomponent,youcantrytocorrecttheissue,andthen
runtheinstalleragain.Theinstallerisdesignedtoberunrepeatedlyincaseswhereitdetectsafailure,orif
youlaterwanttochangeorupdateacomponentafterinstallation.

Whocanperformtheinstall
TheApigeeEdgedistributionfilesareinstalledasasetofRPMsanddependencies.Toinstall,uninstall,and
updateEdge,theEdgecommandsmustberunbytherootuserorbyauserthathasfullsudoaccess.Forfull
sudoaccess,thatmeanstheuserhassudoaccesstoperformthesameoperationsasroot.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage38

Anyuserwhowantstorunthefollowingcommandsorscriptsmusteitherberoot,orbeauserwithfullsudo
access:
apigeeservice utility:
apigeeservice install
commands: uninstall
, update
, .
apigeeall commands: install uninstall
, update
, .
setup.sh
scripttoinstallEdgecomponents(Unlessyouhavealreadyused" apigeeservice
intall"toinstalltherequiredRPMs.Thenrootorfullsudoaccessifnotrequired.)
update.shscripttoupdateEdgecomponents
Also,theEdgeinstallercreatesanewuseronyoursystem,named"apigee".ManyEdgecommandsinvoke
sudotorunasthe"apigee"user.
Anyuserwhowantstorunallothercommandsthantheonesshownabovemustbeauserwithfullsudo
accesstothe"apigee"user.Thesecommandsinclude:
apigeeservice
utilitycommands,including:
apigeeservice commandssuchasstart stop
, restart
, configure
, .
apigeeallcommandssuchas start stop
, restart
, configure
, .
Toconfigureausertohavefullsudoaccesstothe"apigee"user,editthesudoersfiletoadd:
installUser
ALL=(apigee)NOPASSWD:ALL
installUser
where istheusernameofthepersonworkingwithEdge.
AnyfilesorresourcesusedbytheEdgecommandsmustbeaccessibletothe"apigee"user.Thisincludesthe
Edgelicensefileandanyconfigfiles.
Note:YoucansettheRUN_USER propertyforanEdgecomponenttospecifyadifferentuserthan"apigee".If
youdo,thenalloftheEdgecommandsforthatcomponentinvokesudotorunasthatuser.Filesorresources
mustthenbeaccessibletothatuser.
Whencreatingaconfigurationfile,youcanchangeitsownerto"apigee:apigee"toensurethatitisaccessible
toEdgecommands:
1. Createthefileinaneditorasanyuser.
2. Chowntheownerofthefileto"apigee:apigee"or,ifyouchangedtheuserrunningtheEdgeservice
fromthe"apigee"user,chownthefiletotheuserwhoisrunningtheEdgeservice.

SilentinstallationofEdgecomponents
Youmustpassaconfigurationfileto apigeesetup
the utility
thatcontainstheinformationabouttheEdge
installation.Theonlyrequirementonsilentinstallationsisthattheconfigurationfilemustbeaccessibleor
readablebythe"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenodeandchownitto
"apigee:apigee".
AllinformationintheconfigurationfileisrequiredexceptfortheEdgesystemadministrator'spassword.Ifyou
omitthepassword, apigeesetup
the utility
promptsyoutoenteritonthecommandline.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage39

See
Creatingaconfigurationfileformore.

InternetornonInternetinstallation
ToinstallEdgeonanode,thenodemustbeabletoaccesstheApigeerepository:
NodeswithanexternalInternetconnection

NodeswithanexternalinternetconnectionaccesstheApigeerepositorytoinstalltheEdgeRPMsand
dependencies.
NodeswithoutanexternalInternetconnection

NodeswithoutanexternalInternetconnectioncanaccessamirroredversionoftheApigeerepository
thatyousetupinternally.ThisrepositorycontainsallEdgeRPMs,butyouhavetoensurethatyou
haveallotherdependenciesavailablefromreposontheinternalnetwork.

Settingupavirtualhost
AvirtualhostonEdgedefinesthedomainsandEdgeRouterportsonwhichanAPIproxyisexposed,and,by
extension,theURLthatappsusetoaccessanAPIproxy.AvirtualhostalsodefineswhethertheAPIproxyis
accessedbyusingtheHTTPprotocol,orbytheencryptedHTTPSprotocol.
AspartoftheEdgeonboardingprocess,youhavetocreateanorganization,environment,andvirtualhost.
Edgeprovidesthesetuporg commandtomakethisprocesseasierfornewusers.
Whenyoucreatethevirtualhost,youmustspecifythefollowinginformation:
Thename
ofthevirtualhostthatyouusetoreferenceitinyourAPIproxies.
Theport
ontheRouterforthevirtualhost.Typicallytheseportsstartat9001andincrementbyonefor
everynewvirtualhost.
Thehostalias
ofthevirtualhost.TypicallytheDNSnameofthevirtualhost.
TheEdgeRoutercomparesthe Host headeroftheincomingrequesttothelistofavailablehostaliasesas
partofdeterminingtheAPIproxythathandlestherequest.Whenmakingarequestthroughavirtualhost,
eitherspecifyadomainnamethatmatchesthehostaliasofavirtualhost,orspecifytheIPaddressofthe
Routerandthe Hostheadercontainingthehostalias.
Forexample,ifyoucreatedavirtualhostwithahostaliasofmyapis.apigee.netonport9001,thenacURL
requesttoanAPIthroughthatvirtualhostcoulduseoneofthefollowingforms:
IfyouhaveaDNSentryfor
myapis.apigee.net
:

curlhttp:// myapis.apigee.net :9001/{proxybasepath}/{resourcepath}
IfyoudonothaveaDNSentryfor
myapis.apigee.net
:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage40

curlhttp ://<routerIP>:9001 /{proxybasepath}/{resourcepath}

H'Host:myapis.apigee.net'

Host
Inthisform,youspecifytheIPaddressoftheRouter,andpassthehostaliasinthe header.

Note :Thecurlcommand,mostbrowsers,andmanyotherutilitiesautomaticallyappendthe Host
headerwiththedomainaspartoftherequest,soyoucanactuallyuseacurlcommandintheform:

curlhttp://<routerIP>:9001/{proxybasepath}/{resourcepath}

OptionswhenyoudonothaveaDNSentryforthevirtualhost
OneoptionwhenyoudonothaveaDNSentryistosetthehostaliastotheIPaddressoftheRouterandport
<routerIP>:port
ofthevirtualhost,as .Forexample:
192.168.1.31:9001
Whenyoumakeacurlcommandintheformbelow:
curlhttp://
<routerIP>:9001
/{proxybasepath}/{resourcepath}
ThisoptionispreferredbecauseitworkswellwiththeEdgeUI.
IfyouhavemultipleRouters,addahostaliasforeachRouter,specifyingtheIPaddressofeachRouterand
portofthevirtualhost.
Alternatively,youcansetthehostaliastoavalue,suchas
temp.hostalias.com
.Then,youhavetopassthe
Host headeroneveryrequest:
curlvhttp ://<routerIP>:9001 /{proxybasepath}/{resourcepath}
H'host:temp.hostalias.com'

/etc/hosts
Or,addthehostaliastoyour /etc/hosts
file.Forexample,addthislineto :
192.168.1.31temp.hostalias.com
ThenyoucanmakearequestasifyouhadaDNSentry:
curlvhttp://
myapis.apigee.net
:9001/{proxybasepath}/{resourcepath}

ConfiguringEdgecomponentspostinstallation
ToconfigureEdgeafterinstallation,youuseacombinationof .properties filesandEdgeutilities.For
example,toconfigureSSLontheEdgeUI,youedit .properties filestosetthenecessaryproperties.
Changesto.properties filesrequireyoutorestarttheaffectedEdgecomponent.
.properties
The filesarelocatedinthe /opt/apigee/customer/application directory.Each
componenthasitsown .properties router.properties
fileinthatdirectory.Forexample, and
managementserver.properties .

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage41

Note:Ifyouhavenotsetanypropertiesforacomponent,the /opt/apigee/customer/application
.properties
directorymightnotcontaina fileforthecomponent.Inthatcase,createone.
.properties
Tosetapropertyforacomponent,editthecorresponding file,andthenrestartthecomponent:
component
>/opt/apigee/apigeeservice/bin/apigeeservice restart
Forexample:
>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
WhenyouupdateEdge,the.properties /opt/apigee/customer/application
filesinthe directory
areread.Thatmeanstheupdateretainsanypropertiesthatyousetonthecomponent.
Seehttp://docs.apigee.com/apiservices/latest/howconfigureedge
formoreinformationonEdgeconfiguration.

InvokingcommandsonEdgecomponents
/opt/apigee/apigeeservice/bin
Edgeinstallsmanagementutilitiesunder thatyoucanuseto
apigeeall
manageanEdgeinstallation.Forexample,youcanusethe utilitytostart,stop,restart,or
determinethestatusofallEdgecomponentsonthenode:
/opt/apigee/apigeeservice/bin/apigeeallstop|start|restart|status|version
Usethe apigeeservice
utilitytocontrolandconfigureindividualcomponents.The
apigeeservice
utilityhastheform:
component
/opt/apigee/apigeeservice/bin/apigeeservice
action
Forexample,torestarttheEdgeRouter:
/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart
Youcandeterminethelistofcomponentsinstalledonthenodebyexaminingthe/opt/apigee directory.
ThatdirectorycontainsasubdirectoryforeveryEdgecomponentinstalledonthenode.Eachsubdirectoryis
prefixedby:
apigee apigeecassandra
athirdpartycomponentusedbyEdge.Forexample, .
edge edgemanagementserver
anEdgecomponentfromApigee.Forexample, .
edgemint edgemintmanagementserver
aMonetizationcomponent.Forexample .
baas baasusergrid
anAPIBaaScomponent.Forexample .
Thecompletelistofactionsforacomponentdependsonthecomponentitself,butallcomponentssupport
thefollowingactions:
start stop
, ,
restart
status
,
version
backup
,
restore

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage42

install
,
uninstall

Accessinglogfiles
Thelogfilesforeachcomponentarecontainedinthe/opt/apigee/var/log directory.Eachcomponent
hasitsownsubdirectory.Forexample,thelogsfortheManagementServerareinthedirectory:
/opt/apigee/var/log/edgemanagementserver

CommonYumcommands
TheEdgeinstallationtoolsforLinuxrelyonYumtoinstallandupdatecomponents.Youmighthavetouse
severalYumcommandstomanageaninstallationonanode.
CleanallYumcaches:

sudoyumcleanall
ToupdateanEdgecomponent:

sudoyumupdate componentName

Forexample:

sudoyumupdateapigeesetup
sudoyumupdateedgemanagementserver

FileSystemStructure
/opt/apigee
Edgeinstallsallfilesinthe directory.
Note:Youcannotchangethisdirectorylocation.However,youcancreateasymlinktomapittoadifferent
location.See
Creatingasymlinkfrom/opt/apigeeformore.
OperationsGuide,
InthisguideandintheEdge therootinstallationdirectoryisnotedas:
<inst_root>/apigee

TheinstallationusesthefollowingfilesystemstructuretodeployApigeeEdgeforPrivateCloud.

LogFiles
Components Location
ManagementServer <inst_root>/apigee/var/log/edgemanagementserver
Router <inst_root>/apigee/var/log/edgerouter
MessageProcessor <inst_root>/apigee/var/log/edgemessageprocessor

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage43

ApigeeQpidServer <inst_root>/apigee/var/log/edgeqpidserver
ApigeePostgresServer <inst_root>/apigee/var/log/edgepostgresserver
EdgeUI <inst_root>/apigee/var/log/edgeui
ZooKeeper <inst_root>/apigee/var/log/apigeezookeeper
OpenLDAP <inst_root>/apigee/var/log/apigeeopenldap
Cassandra <inst_root>/apigee/var/log/apigeecassandra
Qpidd <inst_root>/apigee/var/log/apigeeqpidd
PostgreSQLdatabase <inst_root>/apigee/var/log/apigeepostgresql

Data

Components Location
ManagementServer <data_root>/apigee/data/edgemanagementserver
Router <data_root>/apigee/data/edgerouter
MessageProcessor <data_root>/apigee/data/edgemessageprocessor
ApigeeQpidagent <data_root>/apigee/data/edgeqpidserver
ApigeePostgresagent <data_root>/apigee/data/edgepostgresserver
ZooKeeper <data_root>/apigee/data/apigeezookeeper
OpenLDAP <data_root>/apigee/data/apigeeopenldap
Cassandra <data_root>/apigee/data/apigeecassandra/data
Qpidd <data_root>/apigee/data/apigeeqpid/data
PostgreSQLdatabase <data_root>/apigee/data/apigeepostgres/pgdata

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage44

InstalltheEdgeapigeesetuputility
apigeesetup
ToinstallEdgeonanode,youfirstinstalltheEdge utility.Ifyouareinanenvironmentwhere
yournodesdonothaveanexternalinternetconnection,youmustalsoinstallalocalcopyoftheApigeerepo.

Creatingasymlinkfrom/opt/apigee
/opt/apigee
Edgeinstallsallfilesinthe directory.Youcannotchangethisdirectory.However,ifdesired,
youcancreateasymlinktomap /opt/apigee toanotherlocation.
Beforeyoucreatethesymlink,youmustfirstcreateauserandgroupnamed"apigee".Thisisthesamegroup
andusercreatedbytheEdgeinstaller.
Tocreatethesymlink,performthesestepsbeforedownloadingthebootstrap_4.16.05.shfile.Youmust
performallofthesestepsasroot:
1. Createthe"apigee"userandgroup:

>groupaddrapigee
>useraddrgapigeed/opt/apigees/sbin/nologinc"Apigeeplatform
user"apigee
/opt/apigee
2. Createasymlinkfrom toyourdesiredinstallroot:

>lnTs /srv/myInstallDir /opt/apigee

/srv/myInstallDir
where isthedesiredlocationoftheEdgefiles.
3. Changeownershipoftheinstallrootandsymlinktothe"apigee"user:

>chownhapigee:apigee/srv/apigee/opt/apigee

Prerequisite:DisableSELinux
apigeesetup
YoumustdisableSELinux,orsetittopermissivemode,beforeyoucaninstallEdge utilityor
anyEdgecomponents.Ifnecessary,afterinstallingEdge,youcanreenableSELinux.
Note
:ThisstepisnotrequiredonSUSEinstallations.
To
temporarily
setSELinuxtopermissivemode,executethefollowingcommand:
a. OnaLinux6.xoperatingsystem :

echo0>/selinux/enforce

ToreenableSELinuxafterinstallingEdge:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage45

echo1>/selinux/enforce
b. OnaLinux7.xoperatingsystem :

setenforce0

ToreenableSELinuxafterinstallingEdge:

setenforce1
To
permanently
disableSELinuxorsetittopermissivemode:
/etc/sysconfig/selinux
a) Open inaneditor.
SELINUX=disabled
b) Set or
SELINUX=permissive
c) Saveyouredits.
d) Restartthenode.
e) Ifnecessary,reenableSELinuxafterEdgeinstallationbyrepeatingthisproceduretoset
SELINUX=enabled .

InstallEdgeapigeesetuputilityonanodewithanexternalinternetconnection
ToinstallEdgeonanodewithanexternalInternetconnection:
1. ObtaintheusernameandpasswordfromApigeethatyouusetoaccesstheApigeerepository.Ifyou
haveanexistingusername:passwordfortheApigeeftpsite,youcanusethosecredentials.
2. LogintoyournodeasroottoinstalltheEdgeRPMs

Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.
3. DisableSELinuxasdescribedin
Prerequisite:DisableSELinux
.
/tmp/bootstrap_4.16.05.sh
4. DownloadtheEdgebootstrap_4.16.05.shfileto :

>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
apigeeservice
5. InstalltheEdge utilityanddependencies:

>sudobash/tmp/bootstrap_4.16.05.shapigeeuser= uName
apigeepassword= pWord

where uName:pWord pWord
aretheusernameandpasswordyoureceivedfromApigee.Ifyouomit ,
youwillbepromptedtoenterit.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage46

Bydefault,theinstallercheckstoseethatyouhaveJava1.8installed.Ifyoudonot,itinstallsitforyou.
Usethe JAVA_FIX JAVA_FIX
optiontospecifyhowtohandleJavainstallation. takesthefollowing
values:

I=InstallOpenJDK1.8(default)
C=ContinuewithoutinstallingJava
Q=Quit.Forthisoption,youhavetoinstallJavayourself.

apigeeservice
Theinstallationofthe /etc/yum.repos.d/apigee.repo
utilitycreatesthe file
thatdefinestheApigeerepository.Toviewthedefinitionfile,usethecommand:

>cat/etc/yum.repos.d/apigee.repo

Toviewtherepocontents,usethecommand:

>sudoyumvrepolist'apigee*'
apigeeservice
6. Use apigeesetup
toinstallthe utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
apigeesetup
7. Use toinstallandconfigureEdgecomponentsonthenode.See
InstallEdge
componentsonanode
formore.

InstallEdgeapigeesetuputilityonanodewithnoexternalInternetconnection
IfyourEdgenodesarebehindafirewall,orinsomeotherwayareprohibitedfromaccessingtheApigee
mirror
repositoryovertheInternet,thenyoumustcreatealocalrepository,or ,oftheApigeerepo.Thatmirror
mustthenbeaccessibletoallnodes.Oncecreated,nodescanthenaccessthatlocalmirrortoinstallEdge.
AfteryoucreatealocalEdgerepository,youmightlaterhavetoupdateitwiththelatestEdgereleasefiles.
Thefollowingsectionsdescribehowtocreatealocalrepository,andhowtoupdateit.

CreatealocalApigeerepository
TocreatealocalApigeerepo:
1. ObtaintheusernameandpasswordfromApigeethatyouusetoaccesstheApigeerepository.Ifyou
haveanexistingusername:passwordfortheApigeeftpsite,youcanusethosecredentials.
2. LogintoyourRedHatorCentOSnodeasroottoinstalltheEdgeRPMs.

Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage47

yumutils
3. Makesureyouhavethelatestversionof :

>sudoyumupdateyumutils
4. DisableSELinuxasdescribedin
Prerequisite:DisableSELinux
.
/tmp/bootstrap_4.16.05.sh
5. DownloadtheEdgebootstrap_4.16.05.shfileto :

>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
apigeeservice
6. InstalltheEdge utilityanddependencies:

>sudobash/tmp/bootstrap_4.16.05.shapigeeuser= uName
apigeepassword= pWord

where uName:pWord pWord
aretheusernameandpasswordyoureceivedfromApigee.Ifyouomit ,
youwillbepromptedtoenterit.
apigeemirror
7. Installthe utilityonthenode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorinstall
8. Usetheapigeemirror utilitytosynctheApigeerepotothe
/opt/apigee/data/apigeemirror/repos/ directory.

Tominimizethesizeoftherepo,includethe onlynewrpms todownloadjustthelatestRPMs.
Youneedapproximately800MBofdiskspaceforthedownload:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
onlynewrpms

Ifyouwanttoentirerepo,includingolderRPMs,omit onlynewrpms .Youneedapproximately6
GBofdiskspaceforthefulldownload:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync

YounowhavealocalcopyoftheApigeerepo.ThenextsectiondescribeshowtoinstalltheEdge
apigeesetup utilityfromthelocalrepo.
9. (Optional)
IfyouwanttoinstallEdgefromthelocalrepoontothesamenodethathoststhelocalrepo,
thenyouneedtofirstrunthefollowingcommands:
bootstrap_4.16.05.sh
a) Run apigeeservice
fromthelocalrepotoinstallthe utility:

>sudobash/opt/apigee/data/apigeemirror/repos/bootstrap_4.16.05.sh

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage48

apigeeprotocol="file://"
apigeerepobasepath=/opt/apigee/data/apigeemirror/repos
apigeeservice
b) Use apigeesetup
toinstallthe utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
apigeesetup
c) Use toinstallandconfigureEdgecomponentsonthenode.See
InstallEdge
componentsonanode
formore.

Installapigeesetuponaremotenodefromthelocalrepo
YouhavetwooptionsforinstallingEdgefromthelocalrepo.Youcaneither:
Createa.tarfileoftherepo,copythe.tarfiletoanode,andtheninstallEdgefromthe.tarfile.
Installawebserveronthenodewiththelocalreposothatothernodescanaccessit.Apigeeprovides
theNginxwebserverforyoutouse,oryoucanuseyourownwebserver.

Installfromthe.tarfile:
1. Onthenodewiththelocalrepo,usethefollowingcommandtopackagethelocalrepointoasingle.tar
/opt/apigee/data/apigeemirror/apigee4.16.05.tar.gz
filenamed :

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage
/tmp
2. Copythe.tarfiletothenodewhereyouwanttoinstallEdge.Forexample,copyittothe directory
onthenewnode.
3. Onthenewnode,disableSELinuxasdescribedin
Prerequisite:DisableSELinux
.
4. Onthenewnode,untarthefiletothe/tmpdirectory:

>tarxzfapigee4.16.05.tar.gz

Thiscommandcreatesanewdirectory,named repos ,inthedirectorycontainingthe.tarfile.For
/tmp/repos
example .
apigeeservice
5. InstalltheEdge utilityanddependenciesfrom /tmp/repos
:

>sudobash/tmp/repos/bootstrap_4.16.05.shapigeeprotocol="file://"
apigeerepobasepath=/tmp/repos

Noticethatyouincludethepathtotherepos directoryinthiscommand.
apigeeservice
6. Use apigeesetup
toinstallthe utility:

>
/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage49

apigeesetup
7. Use toinstallandconfigureEdgecomponentsonthenode.See
InstallEdge
componentsonanode
formore.

InstallfromtherepousingtheNginxwebserver:
1. InstalltheNginxwebserveronthereponode:

/>opt/apigee/apigeeservice/bin/ apigeeserviceapigeemirrornginxconfig
2. Bydefault,Nginxisconfiguredtouselocalhostastheservernameandport3939.Tochangethese
values
a. Open /opt/apigee/customer/application/mirror.properties
inaneditor.Create
thefileifitdoesnotexist.
b. Setthefollowingvaluesasnecessary:

conf_apigee_mirror_listen_port=3939
conf_apigee_mirror_server_name=localhost
c. RestartNginx:

>/opt/nginx/scripts/apigeenginxrestart
admin:admin
3. Bydefault,thereporequiresausername:passwordof .Tochangethesecredentials,set
thefollowingenvironmentvariables:

MIRROR_USERNAME= uName
MIRROR_PASSWORD= pWord
4. Onthenewnode,disableSELinuxasdescribedin
Prerequisite:DisableSELinux
.
5. Ontheremotenode,downloadtheEdgebootstrap_4.16.05.shfileto
/tmp/bootstrap_4.16.05.sh :

>/usr/bin/curlhttp:// uName:pWord @ remoteRepo
:3939/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh

whereuName:pWord remoteRepo
aretheusernameandpasswordyousetabovefortherepo,and is
theIPaddressorDNSnameofthereponode.
apigeeservice
6. Ontheremotenode,installtheEdge utilityanddependencies:

>sudobash/tmp/bootstrap_4.16.05.shapigeerepohost= remoteRepo:3939
apigeeuser= uName apigeepassword= pWord apigeeprotocol=http://

uName:pWord
where
aretherepousernameandpassword.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage50

apigeeservice
7. Ontheremotenode,use apigeesetup
toinstallthe utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
apigeesetup
8. Use toinstallandconfigureEdgecomponentsontheremotenode.See
InstallEdge
componentsonanode
formore.

UpdatealocalApigeerepository
Toupdatetherepo,youmustdownloadthelatestbootstrap_4.16.05.shfile,thenperformanewsysnc:
/tmp/bootstrap_4.16.05.sh
1. DownloadtheEdgebootstrap_4.16.05.shfileto :

>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
2. Performthesync:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync
onlynewrpms

Ifyouwanttoentirerepo:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorsync

CleanalocalApigeerepo
/opt/apigee/data/apigeemirror
Cleaningthelocalrepodeletes /var/tmp/yumapigee*
and .
Tocleanthelocalrepo,use:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorclean

AddorupdateEdge4.16.01ina4.16.05repo
IfyouhavetomaintaininstallationsforbothEdge4.16.05and4.16.01,youcanmaintainarepothatcontains
bothversions.Fromthatrepo,youcantheninstalleitherEdge4.16.05and4.16.01.
Toadd4.16.01toan4.15.05repo:
1. Ensurethatyouhaveinstalledthe4.16.05versionoftheapigeemirror utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorversion

xyz
Youshouldseearesultintheformbelow,where isthebuildnumber:

apigeemirror 4.16.050.0. xyz

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage51

apigeemirror
2. Usethe utilitytodownloadEdge4.16.01toyourrepo.Noticehowyouprefixthe
commandwith apigeereleasever=4.16.01 :

>apigeereleasever=4.16.01 /opt/apigee/apigeeservice/bin/apigeeservice
apigeemirrorsynconlynewrpms

Usethissamecommandtolaterupdatethe4.16.01repo.

3. Examinethe/opt/apigee/data/apigeemirror/repos directorytoseethefilestructure:

>ls/opt/apigee/data/apigeemirror/repos

Youshouldseethefollowingfilesanddirectories:

apigeeapigeerepo1.06.x86_64.rpm bootstrap_4.16.01.sh
bootstrap_4.16.05.sh thirdparty

NoticehowyouhaveabootstrapfileforbothversionsofEdge.The apigee directoryalsocontains
separatedirectoriesforeachversionofEdge.

4. Topackagetherepointoa.tarfile,usethefollowingcommand:

>
/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage

Thiscommandpackagesboththe4.16.05and4.16.01reposintothesame.tarfile.Youcannot
packageonlypartoftherepo.
ToinstallEdgefromthelocalrepoor.tarfile,justmakesuretorunthecorrectbootstrapfilebyusingoneof
thefollowingcommands:
Ifinstallingfroma.tarfile,runthecorrectbootstrapfilefromtherepo:

>sudobash/tmp/repos/ bootstrap_4.16.0X.sh apigeeprotocol="file://"
apigeerepobasepath=/tmp/repos

Tocompletetheinstallation,followtheremainingstepsfrom Installfromthe.tarfile:
.

IfinstallingusingtheNginxwebserver,downloadandthenrunthecorrectbootstrapfilefromtherepo:

>/usr/bin/curlhttp:// uName:pWord @remoteRepo :3939/ bootstrap_4.16.0X.sh o
/tmp/ bootstrap_4.16.0X.sh

>sudobash/tmp/ bootstrap_4.16.0X.sh apigeerepohost= remoteRepo :3939
apigeeuser= uName apigeepassword= pWord apigeeprotocol=http://

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage52

Tocompletetheinstallation,followtheremainingstepsfrom
InstallfromtherepousingtheNginx
webserver:
.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage53

InstallEdgecomponentsonanode
apigeesetup
AfteryouinstalltheEdge apigeesetup
utilityonanode,usethe utilitytoinstalloneor
moreEdgecomponentsonthenode.
Note
:See
InstalltheEdgeapigeesetuputility apigeesetup
formoreoninstallingtheEdge utility.
apigeesetup
The utilityusesacommandintheform:
component
>/opt/apigee/apigeesetup/bin/setup.shp f
configFile
wherecomponent configFile
istheEdgecomponenttoinstall,and isthesilentconfigurationfilecontaining
theinstallationinformation.Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user. For
example,putthefileinthe/tmpdirectoryonthenode.
Forexample,toinstalltheEdgeManagementServer
:
>/opt/apigee/apigeesetup/bin/setup.shpmsf/tmp/myConfig

Installationconsiderations
Asyouwriteyourconfigfile,takeintoconsiderationthefollowingoptions.

SettingupPostgresmasterstandbyreplication
Bydefault,EdgeinstallsallPostgresnodesinmastermode.However,inmostproductionsystems,you
configurethemtousemasterstandbyreplicationsothatifthemasternodefails,thestandbynodecan
continuetoservertraffic.
Youcanenableandconfiguremasterstandbyreplicationatinstalltimebyusingpropertiesinthesilentconfig
file.Or,youcanenablemasterstandbyreplicationafterinstallation.Formore,see
SetupMasterStandby
ReplicationforPostgres.

EnablingCassandraauthentication
Bydefault,Cassandrainstallswithoutauthenticationenabled.ThatmeansanyonecanaccessCassandra.You
canenableauthenticationafterinstallingEdge,oraspartoftheinstallationprocess.
YoucanenableCassandraauthenticationasinstalltimebyusingpropertiesinthesilentconfigfile.Or,you
canenableitafterinstallation.
Note
:WhileyoucanenableauthenticationwhenyouinstallCassandra,youcannotchangethedefault
usernameandpassword.YouhavetoperformthatstepmanuallyafterinstallationofCassandracompletes.
Formore,see
EnableCassandraauthentication
.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage54

BindingtheRoutertoaprotectedport
IfyouwanttobindtheRoutertoaprotectedport,suchasportnumberslessthan1000,thenyouhaveto
configuretheRoutertorunasauserwithaccesstothoseports.Bydefault,theRouterrunsastheuser
"apigee"whichdoesnothaveaccesstoprivilegedports.
ToruntheRouterasadifferentuser:
/opt/apigee/etc/edgerouter.d/RUN_USER.sh
1. Asroot,createthefile .
2. Addthefollowingentrytothefile:

RUN_USER=root

IfyoudonotwanttoruntheRouterasroot,specifyauserwithaccesstotheport.
3. Savethefile.
4. Ifyouspecifiedauserotherthanroot,changetheownerofthefiletothatuser:

>chown USER USER
: /opt/apigee/etc/edgerouter.d/RUN_USER.sh
5. Restartrouter:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgerouterrestart

Specifyingthecomponentstoinstall
Thefollowingtableliststheoptionsyoupassto p
the apigeeservice
optionofthe utilitytospecifywhich
componentstoinstallonthenode:

Componen Description
t

c InstallCassandraonly.

ld InstallOpenLDAPonly.

ms InstallEdgeManagementServer,whichalsoinstallstheEdgeUIandOpenLDAP.
IfyousetUSE_LDAP_REMOTE_HOST=yintheconfigfile,thenOpenLDAP
installationisskippedandtheManagementServerusesOpenLDAPinstalledona
differentnode.

r InstallEdgeRouteronly.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage55

mp InstallEdgeMessageProcessoronly.

rmp InstallEdgeRouterandMessageProcessor.

qs InstallQpidServeronly.

ps InstallPostgresServeronly.

mo InstallMonetization.

ds InstallZooKeeperandCassandra.

ui InstalltheEdgeUI.

sa InstallEdgestandalone,meaningCassandra,ZooKeeper,ManagementServer,
OpenLDAP,EdgeUI,Router,andMessageProcessor.ThisoptionomitstheEdge
analyticscomponents:QpidandPostgres.
Usethisoptionfordevelopmentandtestingonly,notforproduction.

sax Installanalyticscomponents,meaningQpidandPostgres.
Usethisoptionfordevelopmentandtestingonly,notforproduction.

aio Installallcomponentsonasinglenode.
Usethisoptionfordevelopmentandtestingonly,notforproduction.

Creatingaconfigurationfile
TheconfigurationfilecontainsalltheinformationnecessarytoinstallEdge.Youcanoftenusethesame
configurationfiletoinstallallcomponentsinanEdgeinstallation.
However,youwillhavetousedifferentconfigurationfiles,ormodifyyourconfigurationfile,if:
YouareinstallingmultipleOpenLDAPserversandneedtoconfigurereplicationaspartofa13node
LDAP_SID
installation.Eachfilerequiresdifferentvaluesfor LDAP_PEER
and .
Youarecreatingmultipledatacentersaspartofa12nodeinstallation.Eachdatacenterrequires
ZK_CLIENT_HOSTS
differentsettingsforpropertiessuchas andCASS_HOSTS .

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage56

Exampleconfigurationfile
Shownbelowisanexampleofacompletesilentconfigurationfilefora9nodeEdgeinstallation.Editthisfileas
f
necessaryforyourconfiguration.Usethe setup.sh
optionto toincludethisfile.Alsoshownbeloware
exampleconfigurationfilesforeachEdgetopology.
Note IP#
:Thedefinitionofthe variablesfortheRouter,MessageProcessor,Qpid,andPostgresnodesarefor
illustratingthenodeconfigurationtheyarenotactuallyused.
#IPaddressorDNSnameofnodes.
IP1=192.168.1.1#ManagementServer,OpenLDAP,UI,ZooKeeper,Cassandra
IP2=192.168.1.2#ZooKeeper,Cassandra
IP3=192.168.1.3#ZooKeeper,Cassandra
IP4=192.168.1.4#Router,MessageProcessor
IP5=192.168.1.5#Router,MessageProcessor
IP6=192.168.1.6#Qpid
IP7=192.168.1.7#Qpid
IP8=192.168.1.8#Postgres
IP9=192.168.1.9#Postgres
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1or
localhost.
HOSTIP=$(hostnamei)
#SetEdgesysadmincredentials.
[email protected]
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
#LocationofEdgelicensefile.
LICENSE_FILE=/tmp/license.txt
#ManagementServerinformation.
MSIP=$IP1 #IPorDNSnameofManagementServernode.
#SpecifytheporttheManagementServerlistensonforAPIcalls.
#APIGEE_PORT_HTTP_MS=8080 #Defaultis8080.
#
#OpenLDAPinformation.
#
#SettoyifyouareconnectingtoaremoteLDAPserver.
#Ifn,EdgeinstallsOpenLDAPwhenitinstallstheManagementServer.
USE_LDAP_REMOTE_HOST=n
#IfconnectingtoremoteOpenLDAPserver,specifytheIP/DNSnameandport.
#LDAP_HOST=$IP1 #IPorDNSnameofOpenLDAPnode.
#LDAP_PORT=10389 #Defaultis10389.
APIGEE_LDAPPW=yourLdapPassword

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage57

#SpecifyOpenLDAPwithoutreplication,1,orwithreplication,2.
LDAP_TYPE=1
#Setonlyifusingreplication.
#LDAP_SID=1 #UniqueIDforthisLDAPserver.
#LDAP_PEER= #IPorDNSnameofLDAPpeer.

BIND_ON_ALL_INTERFACES=y
#TheMessageProcessorandRouterpod.
MP_POD=gateway
#Thenameoftheregion,correspondingtothedatacentername.
REGION=dc1 #Usedc1unlessinstallingina
#multidatacenterenvironment.
#ZooKeeperinformation.
#Seetablebelowifinstallinginamultidatacenterenvironment.
ZK_HOSTS="$IP1$IP2$IP3" #IP/DNSnamesofallZooKeepernodes.
ZK_CLIENT_HOSTS="$IP1$IP2$IP3" #IP/DNSnamesofallZooKeepernodes.
#Cassandrainformation.
CASS_CLUSTERNAME=Apigee #DefaultnameisApigee.
#IPorDNSnamesoftheCassandrahostsseparatedbyspaces.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
#SettoenableCassandraauthentication.
#CASS_AUTH=y #Thedefaultvalueisn.
#Cassandrauname/pwordrequiredifyouenabledCassandraauthentication.
#CASS_USERNAME=
#CASS_PASSWORD=
#OptionallyusetoenablePostgresmasterstandbyreplication.
#PG_MASTER=
IPorDNSofNewMaster
#PG_STANDBY=
IPorDNSofOldMaster
#SMTPinformation.
SKIP_SMTP=n #Skipnowandconfigurelaterbyspecifying"y".
SMTPHOST=smtp.gmail.com
[email protected]
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y
SMTPPORT=465 #IfnoSSL,useadifferentport,suchas25.
Thefollowingtablecontainsadditionalinformationabouttheseproperties:
Property Note

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage58

IP/DNSnames Donotuseahostnamemappingto127.0.0.1oranIPaddress
of127.0.0.1whenspecifyingtheIPaddressofanode.

ADMIN_EMAIL Thesystemadministrator'spasswordmustbeatleast8
APIGEE_ADMINPW characterslongandcontainoneuppercaseletter,onelowercase
letter,onedigitoronespecialcharacter.Ifyouomitthe
password,youwillbepromptedforit.

LICENSE_FILE Thelocationofthelicensefile,whichmustbeaccessibletothe
"apigee"user.Forexample,storeitinthe/tmpdirectoryand
chmod777onthefile.ThefileiscopiedtotheEdgeinstallation
directory.

USE_LDAP_REMOTE_HOST USE_LDAP_REMOTE_HOST
If isn,Edgeautomaticallyinstalls
LDAP_HOST OpenLDAPwhenitinstallstheManagementServer.
LDAP_PORT
USE_LDAP_REMOTE_HOST
Set toyifyouareconnectingtoa
remoteLDAPserver.OpenLDAPisnotinstalledwiththe
ManagementServer.
IfyouareconnectingtoaremoteOpenLDAPserver,use
LDAP_HOST
andLDAP_PORT tospecifytheIPaddressorDNSnameandport
numberofthehost.

LDAP_TYPE LDAP_TYPE=1
Set forOpenLDAPwithnoreplication.
LDAP_SID LDAP_TYPE=2correspondstoOpenLDAPwithreplication.
LDAP_PEER
IfyourEdgetopologyusesasingleOpenLDAPserver,specify1.
IfyourEdgeinstallationusesmultipleOpenLDAPnodes,suchas
ina13nodeproductioninstallation,specify2.
Ifyouenablereplication,setthefollowingproperties:
LDAP_SID=1UniqueIDforthisLDAPserver.Each
LDAPnodeusesadifferentID.Forexample,setto2for
LDAPpeer.
LDAP_PEER=10.0.0.1
IPorDNSnameofLDAP
peer.

BIND_ON_ALL_INTERFACES Ifsetto"y"thentheRouter/MessageProcessorbind(listen)on
allinterfaces(IPs).IfsettonthentheRouter/Message

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage59

Processorbind(listen)onaspecificinterface,theIPreturnedby
the"hostnamei"command).

MP_POD SpecifythenameoftheMessageProcessorandRouterpod.By
gateway
default,thenameis .

REGION Regionname.Byconvention,namesaretypicallyintheform
dc#where#correspondstoanintegervalue.Forexample,dc1,
dc2,etc.Youcanusedc1unlessinstallinginamultidata
centerenvironment.
Inamultipledatacenterinstallation,thevalueisdc1,ordc2,
etc.dependingonwhichdatacenteryouareinstalling.However,
youarenotrestrictedtousingonlynamesintheformdc#.You
canuseanynamefortheregion.

ZK_HOSTS TheIPaddressesorDNSnamesoftheZooKeepernodes.The
IPaddressesorDNSnamesmustbelistedinthesameorderon
allZooKeepernodes.
Inamultidatacenterenvironment,listallZooKeepernodesfrom
bothdatacenters.
Specifythe:observermodifieronZooKeepernodesonlywhen
creatingmultipledatacentersasdescribedina12host
installation.Inasingledatacenterinstallation,omitthatmodifier.
See12hostclusteredinstallation
formore.

ZK_CLIENT_HOSTS TheIPaddressesorDNSnamesoftheZooKeepernodesused
bythisdatacenter.TheIPaddressesorDNSnamesmustbe
listedinthesameorderonallZooKeepernodes.
Inasingledatacenterinstallation,thesearethesamenodesas
ZK_HOSTS
specifiedby .
Inamultidatacenterenvironment,listonlytheZooKeepernodes
inthisdatacenter.See
12hostclusteredinstallationformore.

CASS_HOSTS TheIPaddressesorDNSnamesoftheCassandranodes.The
firsttwonodeswillbeusedasseedservers.TheIPaddressesor
DNSnamesmustbelistedinthesameorderonallCassandra
nodes.
Cassandranodescanhaveanoptional:dc,rasuffixthat
specifiesthedatacenterandrackoftheCassandranode.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage60

Specifythismodifieronlywhencreatingmultipledatacentersas
describedina12hostinstallation.Inasingledatacenter
installation,omitthatmodifier.
Forexample'192.168.124.201:1,1=datacenter1and
rack/availabilityzone1,and'192.168.124.204:2,1=datacenter2
andrack/availabilityzone1.
Inamultidatacenterenvironment,toovercomefirewallissues,
CASS_HOSTS havetobeorderedinamanner(asshownin
aboveexample)suchthatthenodesofthecurrentdatacenter
areplacedatthebeginning.See
12hostclusteredinstallationfor
more.

CASS_AUTH CASS_AUTH=y
IfyouenableCassandraauthentication, ,youcan
CASS_USERNAME passtheCassandrausernameandpasswordbyusingthese
properties.
CASS_PASSWORD

PG_MASTER SettoenablePostgresmasterstandbyreplication,intheform:
PG_STANDBY PG_MASTER=
IPorDNSofNewMaster
PG_STANDBY=
IPorDNSofOldMaster

SKIP_SMTP ConfigureSMTPsoEdgecansendemailsforlostpasswords
SMTPHOST andothernotifications.
SMTPUSER
SMTPUSER
IfSMTPusercredentialsarenotrequired,omit and
SMTPPASSWORD
SMTPPASSWORD .
SMTPSSL
SMTPPORT

Orderofcomponentinstallation
Theorderofcomponentinstallationisbasedonyourdesiredtopology.
Alloftheinstallationexampleshownbelowassumethatyouareinstalling:
WithCassandraauthenticationdisabled(default).See
EnableCassandraauthenticationformore.
WithPostgresmasterstandbyreplicationdisabled(default).See
SetupMasterStandbyReplicationfor

Postgresformore.
Note:YoumustdisableSELinuxorsetittopermissivemodebeforeyouinstallEdgecomponents.See

Prerequisite:DisableSELinuxformore.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage61

Note :The
InstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.

Installationlogfiles
setup.sh
Bydefault,the utilitywritesloginformationabouttheinstallationto:
/opt/apigee/var/log/apigeesetup/setup.log
setup.sh
Iftheuserrunningthe utilitydoesnothaveaccesstothatdirectory,itwritesthelogtothe
/tmp
directoryasafilenamed username
setup_ .log .

setup.sh
Iftheuserdoesnothaveaccessto/tmp,the utilityfails.

AllinoneInstallation
Note
:SeeavideoofanEdgeallinoneinstall
here
.
1. Installallcomponentsonasinglenodeusingthecommand:

>/opt/apigee/apigeesetup/bin/setup.shpaiof configFile
/opt/nginx/conf.d
2. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
4. Testtheinstallationasdescribedat
Testtheinstall
.
5. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IPorDNSnameOfNode
IP1=
HOSTIP=$(hostnamei)
[email protected]
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1"

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage62

ZK_CLIENT_HOSTS="$IP1"
CASS_HOSTS="$IP1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
[email protected]
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25

2hoststandaloneinstallation
1. InstallStandaloneGatewayandnode1

configFile
>/opt/apigee/apigeesetup/bin/setup.shpsaf
2. Onnode1:
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
3. InstallAnalyticsonnode2:

configFile
>/opt/apigee/apigeesetup/bin/setup.shpsaxf
4. Testtheinstallationasdescribedat
Testtheinstall
.
5. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IPorDNSnameOfNode1
IP1=
HOSTIP=$(hostnamei)
[email protected]
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.tx
t
MSIP=$IP1
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage63

REGION=dc1
ZK_HOSTS="$IP1"
ZK_CLIENT_HOSTS="$IP1"
CASS_HOSTS="$IP1"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
[email protected]
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25

5hostclusteredinstallation
1. InstallDatastoreclusteronnodes1,2and3:

>/opt/apigee/apigeesetup/bin/setup.shpdsf
configFile
2. InstallManagementServeronnode1:

>/opt/apigee/apigeesetup/bin/setup.shpmsf
configFile
3. Onnodes2and3:
a. InstallRouterandMessageProcessor:

>/opt/apigee/apigeesetup/bin/setup.shprmpf
configFile
/opt/nginx/conf.d
b. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
4. InstallAnalyticsonnode4and5:

>/opt/apigee/apigeesetup/bin/setup.shpsaxf
configFile
5. Testtheinstallationasdescribedat
Testtheinstall
.
6. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IPorDNSnameOfNode1
IP1=
IPorDNSnameOfNode2
IP2=

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage64

IPorDNSnameOfNode3
IP3=
HOSTIP=$(hostnamei)
[email protected]
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2
$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
SKIP_SMTP=n
SMTPHOST=smtp.example.com
[email protected]
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25

9hostclusteredinstallation
1. InstallDatastoreClusterNodeonnode1,2and3:

configFile
>/opt/apigee/apigeesetup/bin/setup.shpdsf
2. InstallApigeeManagementServeronnode1:

>/opt/apigee/apigeesetup/bin/setup.shpmsf
configFile
3. Onnodes4and5:
a. InstallRouterandMessageProcessor:

>/opt/apigee/apigeesetup/bin/setup.shprmpf
configFile
/opt/nginx/conf.d
b. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage65

4. InstallApigeeAnalyticsQpidServeronnode6and7:

>/opt/apigee/apigeesetup/bin/setup.shpqsf configFile
5. InstallApigeeAnalyticsPostgresServeronnode8and9:

>/opt/apigee/apigeesetup/bin/setup.shppsf configFile
6. Testtheinstallationasdescribedat
Testtheinstall
.
7. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology:
#WithSMTP
IPorDNSnameOfNode1
IP1=
IPorDNSnameOfNode2
IP2=
IPorDNSnameOfNode3
IP3=
IPorDNSnameOfNode3
IP8=
IPorDNSnameOfNode3
IP9=
HOSTIP=$(hostnamei)
[email protected]
APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt
MSIP=$IP1
USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=1
APIGEE_LDAPPW=secret
BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2
$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
SKIP_SMTP=n
#PG_MASTER=$IP8
#PG_STANDBY=$IP9
SMTPHOST=smtp.example.com
[email protected]
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage66

13hostclusteredinstallation
1. InstallDatastoreClusterNodeonnode1,2and3:

>/opt/apigee/apigeesetup/bin/setup.shpdsf configFile
2. InstallOpenLDAPonnode4and5:

>/opt/apigee/apigeesetup/bin/setup.shpldf
configFile
3. InstallApigeeManagementServeronnode6and7:

>/opt/apigee/apigeesetup/bin/setup.shpmsf configFile
4.InstallApigeeAnalyticsPostgresServeronnode8and9:

>/opt/apigee/apigeesetup/bin/setup.shppsf configFile
5. Onnodes10and11:
a. InstallRouterandMessageProcessor:

>/opt/apigee/apigeesetup/bin/setup.shprmpf
configFile
/opt/nginx/conf.d
b. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
c. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. InstallApigeeAnalyticsQpidServeronnode12and13:

>/opt/apigee/apigeesetup/bin/setup.shpqsf configFile
7. Testtheinstallationasdescribedat
Testtheinstall
.
8. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology:
#Forallcomponentsexcept #ForOpenLDAPonIP4andIP5
OpenLDAP IPorDNSnameOfNode1
IP1=
IPorDNSnameOfNode1
IP1= IPorDNSnameOfNode2
IP2=
IPorDNSnameOfNode2
IP2= IPorDNSnameOfNode3
IP3=
IPorDNSnameOfNode3
IP3= IPorDNSnameOfNode4
IP4=
IPorDNSnameOfNode4
IP4= IPorDNSnameOfNode5
IP5=
IPorDNSnameOfNode5
IP5= IPorDNSnameOfNode6
IP6=
IPorDNSnameOfNode7
IP7=

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage67

IPorDNSnameOfNode6
IP6= IPorDNSnameOfNode8
IP8=
IPorDNSnameOfNode7
IP7= IPorDNSnameOfNode9
IP9=
IPorDNSnameOfNode8
IP8= HOSTIP=$(hostnamei)
IPorDNSnameOfNode9
IP9= [email protected]
HOSTIP=$(hostnamei) APIGEE_ADMINPW=Secret123
[email protected] #FirstOpenLDAPServeronIP4
APIGEE_ADMINPW=Secret123 MSIP=$IP6
LICENSE_FILE=/tmp/license.txt USE_LDAP_REMOTE_HOST=n
#FirstManagementServeronIP6 LDAP_TYPE=2
MSIP=$IP6 LDAP_SID=1
MSUM=1 LDAP_PEER=$IP5
USE_LDAP_REMOTE_HOST=y #SecondOpenLDAPServeronIP5
LDAP_HOST=$IP4 #MSIP=$IP17
LDAP_PORT=10389 #USE_LDAP_REMOTE_HOST=n
#SecondManagementServeronIP7 #LDAP_TYPE=2
#MSIP=$IP7 #LDAP_SID=2
#USE_LDAP_REMOTE_HOST=y #LDAP_PEER=$IP4
#LDAP_HOST=$IP5 #Setsamepasswordforboth
#LDAP_PORT=10389 OpenLDAPs.
#SamepasswordforbothOpenLDAPs. APIGEE_LDAPPW=secret
APIGEE_LDAPPW=secret

BIND_ON_ALL_INTERFACES=y
MP_POD=gateway
REGION=dc1
ZK_HOSTS="$IP1$IP2$IP3"
ZK_CLIENT_HOSTS="$IP1$IP2$IP3"
CASS_HOSTS="$IP1$IP2$IP3"
#PG_MASTER=$IP8
#PG_STANDBY=$IP9
SKIP_SMTP=n
SMTPHOST=smtp.example.com
[email protected]
#0fornousername
SMTPPASSWORD=smtppwd
#0fornopassword
SMTPSSL=n
SMTPPORT=25

12hostclusteredinstallation
BeforeyouinstallEdgeona12hostclusteredtopology(twodatacenters),youmustunderstandhowtosetthe
ZooKeeperandCassandrapropertiesinthesilentconfigfile.
Note:
Shownbelowisacompleteconfigfileforbothdatacenters.
ZooKeeper
ZK_HOSTS
Forthe propertyforbothdatacenters,specifytheIPaddressesorDNSnamesofall
ZooKeepernodesfrombothdatacenters,inthesameorder,andmarkanynodeswiththewith
:observermodifier.Nodeswithoutthe:observermodifierarecalled"voters".Youmusthaveanodd

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage68

numberof"voters"inyourconfiguration.

Inthistopology,theZooKeeperhostonhost9istheobserver:

ZK_CLIENT_HOSTS
Forthe propertyforeachdatacenter,specifytheIPaddressesorDNSnamesof
onlytheZooKeepernodesinthedatacenter,inthesameorder,forallZooKeepernodesinthedata
center.Intheexampleconfigurationfileshownbelow,node9istaggedwiththe:observermodifierso
thatyouhavefivevoters:Nodes1,2,3,7,and8.
Cassandra
AlldatacentersmusttohavethesamenumberofCassandranodes.
CASS_HOSTS
For foreachdatacenter,ensurethatyouspecifyallCassandraIPaddressesorDNS
namesforbothdatacenters.Fordatacenter1,listtheCassandranodesinthatdatacenterfirst.For
datacenter2,listtheCassandranodesinthatdatacenterfirst.ListtheCassandranodesinthesame
orderforallCassandranodesinthedatacenter.
AllCassandranodesmusthaveasuffix':<d>,<r>',forexample'<ip>:1,1=datacenter1and
rack/availabilityzone1and'<ip>:2,1=datacenter2andrack/availabilityzone1.
Forexample,"192.168.124.201:1,1192.168.124.202:1,1192.168.124.203:1,1192.168.124.204:2,1
192.168.124.205:2,1192.168.124.206:2,1"
Thefirstnodeinrack/availabilityzone1ofeachdatacenterwillbeusedastheseedserver.
Inthisdeploymentmodel,Cassandrasetupwilllooklikethis:

1. InstallDatastoreClusterNodeonnode1,2,3,7,8,and9:

>/opt/apigee/apigeesetup/bin/setup.shpdsf configFile

2. InstallApigeeManagementServerwithOpenLDAPreplicationonnode1and7:

>/opt/apigee/apigeesetup/bin/setup.shpmsf configFile

3. Onnodes2,3,8,and9:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage69

1. InstallRouterandMessageProcessor:

>/opt/apigee/apigeesetup/bin/setup.shprmpf
configFile
/opt/nginx/conf.d
2. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart

4. InstallApigeeAnalyticsQpidServeronnode4,5,10,and11:

>/opt/apigee/apigeesetup/bin/setup.shpqsf configFile

5. InstallApigeeAnalyticsPostgresServeronnode6and12:

>/opt/apigee/apigeesetup/bin/setup.shppsf configFile
6. Testtheinstallationasdescribedat
Testtheinstall
.
7. Onboardyourorganizationasdescribedat
Onboardanorganization
.
Shownbelowisasilentconfigurationfileforthistopology.Noticethatthisconfigfile:
ConfiguresOpenLDAPwithreplicationacrosstwoOpenLDAPnodes.
Specifiesthe:observermodifierononeZooKeepernode.Inasingledatacenterinstallation,omitthat
modifier.

#Datacenter1 #Datacenter2
IPorDNSnameOfNode1
IP1= IPorDNSnameOfNode1
IP1=
IPorDNSnameOfNode2
IP2= IPorDNSnameOfNode2
IP2=
IPorDNSnameOfNode3
IP3= IPorDNSnameOfNode3
IP3=
IPorDNSnameOfNode7
IP7= IPorDNSnameOfNode7
IP7=
IPorDNSnameOfNode8
IP8= IPorDNSnameOfNode8
IP8=
IPorDNSnameOfNode9
IP9= IPorDNSnameOfNode9
IP9=
HOSTIP=$(hostnamei) HOSTIP=$(hostnamei)
MSIP=$IP1 MSIP=$IP7
[email protected] [email protected]
APIGEE_ADMINPW=Secret123 APIGEE_ADMINPW=Secret123
LICENSE_FILE=/tmp/license.txt LICENSE_FILE=/tmp/license.txt
USE_LDAP_REMOTE_HOST=n USE_LDAP_REMOTE_HOST=n
LDAP_TYPE=2 LDAP_TYPE=2
LDAP_SID=1 LDAP_SID=2
LDAP_PEER=$IP7 LDAP_PEER=$IP1
APIGEE_LDAPPW=secret

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage70

APIGEE_LDAPPW=secret BIND_ON_ALL_INTERFACES=y
BIND_ON_ALL_INTERFACES=y MP_POD=gateway2
MP_POD=gateway1 REGION=dc2
REGION=dc1 ZK_HOSTS="$IP1$IP2$IP3$IP7$IP8
ZK_HOSTS="$IP1$IP2$IP3$IP7$IP8 $IP9:observer"
$IP9:observer" ZK_CLIENT_HOSTS="$IP7$IP8$IP9"
ZK_CLIENT_HOSTS="$IP1$IP2$IP3" CASS_HOSTS="$IP7:2,1$IP8:2,1$IP9:2,1
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1 $IP1:1,1$IP2:1,1$IP3:1,1"
$IP7:2,1$IP8:2,1$IP9:2,1" SKIP_SMTP=n
SKIP_SMTP=n SMTPHOST=smtp.example.com
SMTPHOST=smtp.example.com [email protected]
[email protected] #0fornousername
#0fornousername SMTPPASSWORD=smtppwd
SMTPPASSWORD=smtppwd #0fornopassword
#0fornopassword SMTPSSL=n
SMTPSSL=n SMTPPORT=25
SMTPPORT=25

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage71

Testtheinstall
Apigeeprovidestestscriptsthatyoucanusetovalidateyourinstallation.

Runthevalidationtests
EachstepofthevalidationtestingprocessreturnsanHTTP20Xresponsecodeforasuccessfultest.
Torunthetestscripts:
apigeevalidate
1. Install onaManagementServernode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall
2. RunthesetupcommandonaManagementServernodetoinvokethetestscripts:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatesetupf
configFile

The configFilefilemustcontainthefollowingproperty:

APIGEE_ADMINPW=sysAdminPword

Ifomitted,youwillbepromptedforthepassword.

Bydefault,theapigeevalidate utilitycreatesavirtualhostontheRouterthatusesport59001.If
thatportisnotopenontheRouter,youcanoptionallyincludethe VHOST_PORT propertyintheconfig
filetosettheport.Forexample:

VHOST_PORT=9000
3. Thescriptthendoesthefollowing:
a. Createsanorganizationandassociatesitwiththepod.
b. CreatesanenvironmentandassociatestheMessageProcessorwiththeenvironment.
c. Createsavirtualhost.
d. Importsasimplehealthcheckproxyanddeploystheapplicationtothetestenvironment.
e. ImporttheSmartDocsproxy.
f. Executesthetesttomakesureeverythingisworkingasexpected.
Asuccessfultestreturnsthe20XHTTPresponse.
Toremovetheorganization,environmentandotherartifactscreatedbythetestscripts:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage72

1. Runthefollowingcommand:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatecleanf
configFile

whereconfigFileisthesamefileyouusedtorunthetests.

Note
:Ifyougeterrorsfromthetestingandthetroubleshootingmethodology,contactApigeeSupport
andprovidetheerrorlog.

Verifypodinstallation
NowthatyouhaveinstalledtheApigeeAnalytics,itisrecommendedthatyouperformfollowingbasicbut
importantvalidation:

1. VerifythattheManagementServerisinthecentralPOD.OnManagementServer,runthefollowing
CURLcommand:

curlu sysAdminEmail:password http://localhost:8080/v1/servers?pod=central

Youshouldseeoutputintheform:

[{
"internalIP":"192.168.1.11",
"isUp":true,
"pod":"central",
"reachable":true,
"region":"dc1",
"tags":{
"property":[]
},
"type":["applicationdatastore","schedulerdatastore",
"managementserver","authdatastore","apimodeldatastore",
"usersettingsdatastore","auditdatastore"],
"uUID":"d4bc87c62baf457598aa88c37b260469"
},{
"externalHostName":"localhost",
"externalIP":"192.168.1.11",
"internalHostName":"localhost",
"internalIP":"192.168.1.11",
"isUp":true,
"pod":"central",
"reachable":true,

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage73

"region":"dc1",
"tags":{
"property":[{
"name":"started.at",
"value":"1454691312854"
},...]
},
"type":["qpidserver"],
"uUID":"9681202c8c6e4da1b59b23e3ef092f34"
}]

2. VerifythattheRouterandMessageProcessorareingatewayPOD.OnManagementServer,runthe
followingCURLcommand:

curlu sysAdminEmail:password http://localhost:8080/v1/servers?pod=gateway

YouseeoutputsimilartothecentralpodbutfortheRouterandMessageProcessor.

3. VerifythatPostgresisintheanalyticsPOD.OnManagementServer,runthefollowingCURL
command:

curlu sysAdminEmail:password
http://localhost:8080/v1/servers?pod=analytics

YouseeoutputsimilartothecentralpodbutforPostgres.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage74

Onboardanorganization
setuporg
Usethe commandtoperformtheonboardingprocess.Youmustrunthecommandonthe
ManagementServernode.
Aspartoftheonboardingprocess,thescript:
Optionallycreatesanewusertofunctionastheorganizationadministrator.
Createstheorganization.
Addsthespecifieduserastheorgadmin.Theusermustalreadyexistotherwisethescriptissuesan
error.
Associatestheorganizationwithapod,bydefaultisassociatesitwiththe"gateway"pod.
Createanenvironment.
Createavirtualhostfortheenvironment.
AssociatetheenvironmentwithallMessageProcessor(s).
Enablesanalytics.
Note
:Youcannotcreatetwoorganizationswiththesamename.Inthatcase,thesecondcreatewillfail

Silentconfigurationfileforonboarding
setuporg
Passaconfigurationfiletothe command . setuporg
Invokethe commandandspecifythe
f
option,includingthepathtothesilentconfigurationfile:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisionsetuporgf
/tmp/configFile
Theonlyrequirementonsilentinstallationsisthattheconfigurationfilemustbeaccessibleorreadablebythe
"apigee"user.Forexample,putthefileinthe/tmpdirectoryonthenode.
Shownbelowisanexamplesilentconfigurationfile.Edititasnecessaryforyourrequirements:
IP1=192.168.1.1
#SpecifytheIPorDNSnameoftheManagementServer.
MSIP="$IP1"
#SpecifytheEdgeadmincredentials.
ADMIN_EMAIL="[email protected]"
APIGEE_ADMINPW=adminPassword #Ifomitted,youarepromptedforit.
#Specifyorganizationnameandadministrator.
ORG_NAME=myorg#lowercaseonly,nospaces,underscores,orperiods.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage75

#
#Settheorganizationadministrator.
#Donotusesysadminasorganizationadministrator.
#
#Createanewuserfortheorganizationadministrator.
NEW_USER="y"
#NewuserinformationifNEW_USER="y".
[email protected]
FIRST_NAME=new
LAST_NAME=user
USER_PWD="newUserPword"
[email protected]
#Specifyanexistinguserastheorganizationadmin,
#omitUSER_NAME,FIRST_NAME,LAST_NAME,USER_PWD.
#NEW_USER="n"
#[email protected]
#Specifyenvironmentname.
ENV_NAME=prod
#Specifyvirtualhostinformation.
VHOST_PORT=9001
VHOST_NAME=default
#IfyouhaveaDNSentryforthevirtualhost.
VHOST_ALIAS=myorgtest.apigee.net
#IfyoudonothaveaDNSentryforthevirtualhost,
#specifytheIPandportofeachrouterasaspaceseparatedlist:
#VHOST_ALIAS="firstRouterIP:9001secondRouterIP:9001"
#OptionallyconfigureSSLforvirtualhost.
#VHOST_SSL=y#Setto"y"toenableSSLonthevirtualhost.
#KEYSTORE_JAR=#JARfilecontainingthecertandprivatekey.
#KEYSTORE_NAME=#Nameofthekeystore.
#KEYSTORE_ALIAS=#Thekeyalias.
#KEY_PASSWORD=#Thekeypassword,ifithasone.
#Specifytheanalyticsgroup.
#
AXGROUP=axgroup001 #Defaultnameisaxgroup001.
Notes:
ForVHOST_ALIAS ,ifyoualreadyhaveaDNSrecordthatyouwillusetoaccesstothevirtualhost,
specifythehostaliasandoptionallytheport,forexample,myapi.example.com.

IfyoudonotyethaveaDNSrecord,see
Settingupavirtualhostformoreinformation.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage76

ForSSLconfiguration,seeKeystoresandTruststores
and ConfiguringSSLaccesstoanAPIforthe
PrivateCloud
formoreinformationoncreatingtheJARfile,andotheraspectsofconfiguringSSL.

Onboarding
apigeeprovision
1. Install ontheManagementServernode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisioninstall
2. RunthecommandontheManagementServernode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovisionsetuporg
f configFile

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
the/tmpdirectoryonthenode.

OnboardingVerification
Oncompletionofonboarding,verifythestatusofthesystembyissuingthefollowingCURLcommandsonthe
ManagementServernode.
1. CheckforuserandorganizationstatusontheManagementServerbyissuingthefollowingCURL
commands:

>curlu<adminEmail>:<adminpasswd>http://localhost:8080/v1/users

>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations

>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations/<orgname>/deployments
2. Ifyouenabledanalytics,thenusethiscommand:

>curlu<adminEmail>:<adminpasswd>
http://localhost:8080/v1/organizations/<orgname>/environments/<envname>/pr
ovisioning/axstatus
3. YoucanalsocheckthePostgreSQLdatabasestatusbyrunningthefollowingcommandonMachine2
tostartpsql:

>psqlh/opt/apigee/var/run/apigeepostgresqlUapigeeapigee

Atthecommandprompt,enterthefollowingcommandtoviewtheanalyticstableforyourorganization:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage77

apigee=#:\danalytics."<orgname>.prod.fact"

Usethefollowingcommandtoexitpsql:

apigee=#\q
4. AccesstheApigeeEdgeuserinterfaceusingawebbrowser.Rememberthatyoualreadynotedthe
managementconsoleURLattheendoftheinstallation.
a. LaunchyourpreferredbrowserandentertheURLoftheEdgeUI.Itlookssimilartothe
following,wheretheIPaddressisforMachine1,orforwhichevermachineyouinstalledtheUI
onforalternativeconfigurations:

http://192.168.56.111:9000/login

9000istheportnumberusedbytheUI.Ifyouarestartingthebrowserdirectlyontheserver
hostingtheEdgeUI,thenyoucanuseaURLintheform:

http://localhost:9000/login

Note :Ensurethatport9000isopen.
b. Ontheconsoleloginpage,specifytheApigeesystemadminusername/password.

Note:Thisistheglobalsystemadministratorpasswordthatyouhavesetduringtheinstallation.
Alternately,youcan:

Signinastheorganizationadministratorthatyoucreatedabovewhencreatingtheorganization.
SignupforanewApigeeuseraccountandusethenewusercredentialtologin.
c. ClickSignIn,thebrowserredirectsto:

http://192.168.56.111:9000/platform/#/<orgname>/

andopensadashboardwhichallowsyoutoconfiguretheorganizationcreatedbefore(iflogged
inusingApigeeadmincredentials).
d. IfyouarenewtoEdge,youcannowcreateyourfirstAPIproxy.Formoreinformation,seethe
followingtutorials:

CreateyourAPI
CreateyourAPIinXML

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage78

EnableCassandraauthentication
Bydefault,Cassandrainstallswithoutauthenticationenabled.ThatmeansanyonecanaccessCassandra.You
canenableauthenticationafterinstallingEdge,oraspartoftheinstallationprocess.
IfyoudecidetoenableauthenticationonCassandra,itusesthefollowingdefaultcredentials:
username='cassandra'
password='cassandra'
Youcanusethisaccount,setadifferentpasswordforthisaccount,orcreateanewCassandrauser.Add,
remove,andmodifyusersbyusingtheCassandraCREATE/ALTER/DROPUSERstatements.
Formoreinformation,see
http://www.datastax.com/documentation/cql/3.0/cql/cql_reference/cqlCommandsTOC.html
.

EnableCassandraauthenticationduringinstallation
YoucanenableCassandraauthenticationasinstalltime.However,whileyoucanenableauthenticationwhen
youinstallCassandra,youcannotchangethedefaultusernameandpassword.Youhavetoperformthatstep
manuallyafterinstallationofCassandracompletes.
Note
:UsethisprocedurewheninstallingCassandrabyusingthe"pc","pds","psa",or"paio"options.
CASS_AUTH
ToenableCassandraauthenticationatinstalltime,includethe propertyintheconfigurationfilefor
allCassandranodes:
CASS_AUTH=y #Thedefaultvalueisn.
ThefollowingEdgecomponentsaccessCassandra:
ManagementServer
MessageProcessors
Routers
Qpidservers
Postgresservers
Therefore,whenyouinstallthesecomponents,youmustsetthefollowingpropertiesintheconfigurationfileto
specifytheCassandracredentials:
CASS_USERNAME=cassandra
CASS_PASSWORD=cassandra
TochangetheCassandracredentialsafterinstallingCassandra:
cqlsh
1. LogintoCassandrausingthe toolandthedefaultcredentials:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage79

>/opt/apigee/apigeecassandra/bin/cqlshcassIPcassPortucassandrap
cassandra

Where:
a. cassIP
istheIPaddressoftheCassandranode.
b. cassPort
istheCassandraport,whichbydefaultis9160.
cassandra
c. Thedefaultuseris .
cassandra
d. Thedefaultpasswordis .Ifyouchangedthepasswordpreviously,usethecurrent
password.
cqlsh>
2. Runthefollowingcommandasthe prompttoupdatethepassword:

cqlsh>ALTERUSERcassandraWITHPASSWORD' NEW_PASSWORD '
3. Exitthecqlshtool:

cqlsh>exit
4. RepeatonallCassandranodes,ensuringthatyouusethesamepasswordonallnodes.
5. WheninstallingtheManagementServer,MessageProcessors,Routers,Qpidservers,andPostgres
servers,setthefollowingpropertiesintheconfigfile:

CASS_USERNAME=cassandra
CASS_PASSWORD= NEW_PASSWORD

ToenableCassandraauthenticationpostinstallation
Toenableauthentication:
UpdateallEdgecomponentsthatconnecttoCassandrawiththeCassandrausernameandpassword.
OnallCassandranodes,enableauthenticationandsettheusernameandpassword.
apigeeservice
Usethe utilitytoupdateallEdgecomponentsthatcommunicatewithCassandra:
1. OntheManagementServernode,runthefollowingcommand:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
store_cassandra_credentialsu CASS_USERNAME pCASS_PASSWORD

Optionally,youcanpassafiletothecommandcontainingthenewusernameandpassword:

>
apigeeserviceedgemanagementserverstore_cassandra_credentialsf
configFile

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage80

configFile
Wherethe containsthefollowing:

conf_credentials_cassandra.user=cassandra
conf_credentials_cassandra.password= CASS_PASSWROD

ThiscommandautomaticallyrestartstheManagementServer.
2. Repeatthisprocessonthe:
AllMessageProcessors
AllRouters
AllQpidservers(edgeqpidserver)
Postgresservers(edgepostgresserver)
OnallCassandranodes,enableauthenticationandsettheusernameandpassword:
1. LogintothefirstCassandranode.
2. Runthefollowingcommand:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeecassandra
enable_cassandra_authenticationey

ThiscommandenablesauthenticationandrestartsCassandra.
cqlsh
3. LogintoCassandrausingthe toolandthedefaultcredentials:

>/opt/apigee/apigeecassandra/bin/cqlshcassIPcassPortucassandrap
cassandra

Where
a. cassIP
istheIPaddressoftheCassandranode.
b. cassPort
istheCassandraport,whichbydefaultis9160.
cassandra
c. Thedefaultuseris .
cassandra
d. Thedefaultpasswordis .Ifyouchangedthepasswordpreviously,usethecurrent
password.
cqlsh>
4. Runthefollowingcommandasthe prompttoupdatethepassword:

cqlsh>ALTERUSERcassandraWITHPASSWORD' NEW_PASSWORD '
5. Exitthecqlshtool:

cqlsh>exit

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage81

6.RepeatonallCassandranodes,ensuringthatyouusethesamepasswordonallnodes:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceapigeecassandra
restart

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage82

SetupMasterStandbyReplicationforPostgres
Bydefault,EdgeinstallsallPostgresnodesinmastermode.However,inmostproductionsystems,you
configurethemtousemasterstandbyreplicationsothatifthemasternodefails,thestandbynodecan
continuetoservertraffic.
Ifthemasternodeeverfails,youcanpromotethestandbyservertothemaster.Seethesection"Handlinga
PostgresSQLDatabaseFailover"inthe EdgeOperationsGuideformoreinformation.

ToconfigureMasterStandbyReplicationatinstalltime
Youcanconfiguremasterstandbyreplicationatinstalltimebyincludingthefollowingpropertiesintheconfig
fileforthetwoPostgresnodes:
PG_MASTER=
IPorDNSofNewMaster
PG_STANDBY=
IPorDNSofOldMaster
TheinstallerautomaticallyconfiguresthetwoPostgresnodetofunctionasmasterstandbywithreplication.

ToconfigureMasterStandbyReplicationafterinstallation
Youcanconfiguremasterstandbyreplicationafterinstallationbybyusingthefollowingprocedure:
1. IdentifywhichPostgrenodewillbethemasterandwhichwillbethestandbyserver.
2. Onthemasternode,edittheconfigfiletoset:

PG_MASTER= IPorDNSofNewMaster
PG_STANDBY= IPorDNSofOldMaster
3. Enablereplicationonthenewmaster:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
setupreplicationonmasterf configFIle
4. Onthestandbynode,edittheconfigfiletoset:

PG_MASTER= IPorDNSofNewMaster
PG_STANDBY= IPorDNSofOldMaster
5. Stopthestandbynode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresqlstop
6. Onthestandbynode,deleteanyexistingPostgresdata:

>
rmrf/opt/apigee/data/apigeepostgresql/

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage83

Note
:Ifnecessary,youcanbackupthisdatabeforedeletingit.
7. Configurethestandbynode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
setupreplicationonstandbyf
configFile

TestMasterStandbyReplication
Oncompletionofreplication,verifythereplicationstatusbyissuingthefollowingscriptsonbothservers.The
systemshoulddisplayidenticalresultsonbothserverstoensureasuccessfulreplication:
1. Onthemasternode,run:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
postgrescheckmaster

Validatethatitsaysitisthemaster.
2. Onthestandbynode:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeepostgresql
postgrescheckstandby

Validatethatitsaysitisthestandby.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage84

InstallSmartDocs
SmartDocsisinstalledautomaticallywhenyouinstallandruntheinstallationtestscriptsdescribedin
Testthe
.
installAspartofrunningthetestscripts,yourunthefollowingcommand:
>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidatesetup
ThiscommandinstallsSmartDocsaspartofrunningthetests.
smartdocs.zip
TotestthatSmartDocsisinstalled,confirmthatthe fileislocatedinthefollowingdirectory:
/opt/apigee/apigeevalidate/bundles/
OrrunthefollowingAPIcallontheManagementServernode:
adminEmail:adminPword
>curlvu 0:8080/v1/o/VALIDATE/apis
ThiscommandshouldreturnthefollowingifSmartDocsisinstalled:
["smartdocs","passthrough"]

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage85

7hostand10hostAPIBaaSInstallation
Note :The
InstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.

UsingaLoadBalancer
AproductioninstallationofAPIBaaSusesaloadbalancerbetweentheAPIBaaSPortalnodeandAPIBaaS
Stacknodes.WhenconfiguringthePortal,youspecifytheIPaddressorDNSnameoftheloadbalancer,not
oftheStacknodes.
Asanalternativetoaloadbalancer,youcoulduseroundrobinDNS.Inthisscenario,youcreateaDNSentry
withmultipleArecordscorrespondingtoBaaSstackIPaddresses.DuringaDNSlookup,theDNSserver
automaticallyreturnsArecordvaluesinaroundrobinfashion.
Note:APIBaaStestinganddevelopmentenvironmentscaninstallallcomponentsonasinglenode,orwitha
singleAPIBaaSStacknode.IfyourinstallationusesasingleAPIBaaSStacknode,theloadbalancerisnot
requiredandyoucanspecifytheIPaddressorDNSnameoftheAPIBaaSStackwhenconfiguringthePortal.

ConnectingtoCassandra
WhileyoucanconnectAPIBaaSandEdgetothesameCassandracluster,Apigeerecommendsthatyouuse
separateclusters.SeparateclustersmaximizeperformanceifyouareexperiencinghightrafficloadsonAPI
BaaS.

Datesynchronization
Youmusthavethedate/timeonallserverssynchronized.Ifnotalreadyconfigured,ntpdateutilitycouldserve
thispurpose,whichverifieswhetherserversaretimesynchronized.Youcanuseyuminstallntp to
installtheutility.

Tomcatsecurity
TheAPIBaaSinstalleralsoinstallstheApacheTomcatserveronallAPIBaaSStacknodes,includingthe
TomcatadministratorUI.Theinstallerleavesthedefaultadministratorcredentialsunchangedfrom
admin:admin .
Ifnecessary,youcanchangethesecredentialsaspartofsecuringTomcat.Formoreinformation,see:
https://tomcat.apache.org/tomcat7.0doc/managerhowto.html
https://www.owasp.org/index.php/Securing_tomcat

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage86

Installationoverview
apigeesetup
AfteryouinstalltheEdgethe utilityonanode,usethatutilitytoinstalloneormoreBaaS
componentsonthenode.The apigeesetup
utilityhastheform:
component
>sudo/opt/apigee/apigeesetup/bin/setup.shp f
configFile
Passaconfigurationfileto apigeesetup
the utility
thatcontainstheinformationabouttheinstallation.Ifthe
configurationfileismissinganyrequiredinformation, apigeesetup
the utility
promptsyoutoenteritonthe
commandline.
Theonlyrequirementisthattheconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.For
example,putthefileinthe/tmpdirectoryonthenode.
Forexample,usethefollowingcommandtoinstalltheAPIBaaSStack:
>sudo/opt/apigee/apigeesetup/bin/setup.shpbfmyConfig
TheApigeesetup.sh utilitysupportsseveraloptionsforinstallingAPIBaaScomponents.Theinstructions
belowusethestandaloneoptions(c,e,b,andp)butyoucanusedifferentoptionsbasedonyournode
configuration:

Optio Description
n

e InstallElasticSearchonly.

b InstallAPIBaaSStackonly,whichalsoinstallsTomcat.

p InstallAPIBaaSPortalonly,whichalsoinstallstheNginxroutertobeusedasaweb
server.

c InstallCassandraonly.

eb InstallElasticSearch,APIBaaSStack,andTomcatonthenode.

ebp InstallElasticSearch,APIBaaSPortal,APIBaaSStack,andTomcat.Theportalisso
lightweightnoadditionalresourcesneededforthis.

asa InstallallAPIcomponentsonasinglenode(Cassandra,Elasticsearch,APIBaaSStack,
andAPIBaaSPortal).Usethisoptionfordevelopmentandtestingonly,notfor
production.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage87

Creatingasilentconfigurationfile
Shownbelowisanexamplesilentconfigurationfilefora10nodeAPIBaaSinstallation.Editthisfileas
f
necessaryforyourconfiguration.Usethe setup.sh
optionto toincludethisfile.
#SpecifyIPaddressorDNSnameofnode.
IP1=192.168.1.1#ElasticSearch
IP2=192.168.1.2#ElasticSearch
IP3=192.168.1.3#ElasticSearch
IP4=192.168.1.4#APIBaaSStack
IP5=192.168.1.5#APIBaaSStack
IP6=192.168.1.6#APIBaaSStack
IP7=192.168.1.7#APIBaaSPortal
IP8=192.168.1.8#Cassandra(sharedwithEdgeorstandalone)
IP9=192.168.1.9#Cassandra(sharedwithEdgeorstandalone)
IP10=192.168.1.10#Cassandra(sharedwithEdgeorstandalone)
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1orlocalhost.
HOSTIP=$(hostnamei)
#DefinetheAPIBaaSadministratoraccount.
AS_ADMIN="superuser" #Usernamedefaultis"superuser".
[email protected]
AS_PASSWD=stackAdminPWrod
#OnlyifyouareinstallingCassandra.
#SpecifyCassandraconfigurationinformation.
#CASS_HOSTS="$IP8:1,1$IP9:1,1$IP10:1,1"
#IfconnectingtoexistingCassandranodes,
#specifyCassandraIPs.
CASS_HOSTS="$IP8$IP9$IP10"
#Cassandrauname/pword.
#EvenifCassandraauthenticationisdisabled,
#youmuststillpassvaluesfortheseproperties.
CASS_USERNAME=cassandra #Defaultvalue
CASS_PASSWORD=cassandra #Defaultvalue
#SpecifyBaaSCassandraconnectioninformation.
#Specifythedatacentername.
BAAS_CASS_LOCALDC=dc1 #Defaultisdc1.
#Replicationisintheform"dataCenterName:#CassandraNodes".
#Forexample,fordc1withthreeCassandranodes,itisdc1:3.
BAAS_CASS_REPLICATION=dc1:3
#ElasticSearchIPsorDNSnames,separatedbyspaces.
ES_HOSTS="$IP1$IP2$IP3"

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage88

#APIBaaSStackinformation.
#Defaultclusternameis"apigee_baas"
BAAS_USERGRID_CLUSTERNAME="apigee_baas"
#URLandportoftheloadbalancerfortheAPIBaaSStacknodes,
#orIP/DNSandport8080ofasingleStacknodewithnoloadbalancer.
BAAS_USERGRID_URL=http://myloadbalancer:8443
#APIBaaSPortalinformation.
#URLandportnumberofloadbalancer,ifthereisoneinfrontofthePortal,
#ortheURLandportofthePortalnode.
BAAS_PORTAL_URL="http://$IP7:9000"
#Portalport.Defaultvalueis9000.
BAAS_PORTAL_LISTEN_PORT=9000
#SMTPinformation.BaaSrequiresanSMTPserver.
SMTPHOST=smtp.gmail.com
SMTPPORT=465
[email protected]
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y

Thefollowingtablecontainsadditionalinformationabouttheseproperties:
Property Note
CASS_HOSTS IfyouareinstallingCassandra,specifytheCassandranodeIPsand
includethe:dc,ramodifierthatspecifythedatacenterandrackof
theCassandranode.
Forexample'192.168.124.201:1,1=datacenter1and
rack/availabilityzone1,and'192.168.124.204:2,1=datacenter2and
rack/availabilityzone1.
CASS_USERNAME Cassandrausernameandpassword.
CASS_PASSWORD
IfCassandraauthenticationisdisabled,youstillhavetopassthese
values.However,thevaluesareignored.
BAAS_CASS_LOCALDC Theregionnamesmustbeintheformdc#where#correspondsto
anintegervalue.
Forexample,dc1,dc2,etc.IfyouareconnectingtoaCassandra
clusterinstalledwithEdge,youcanasktheEdgesystem
administratorforthisvalue.InanEdgesingledatacenterinstallation,
thedefaultvalueisdc1.
IfyouinstalledCassandraaspartofinstallingtheAPIBaaS,then
duringCassandrainstallationyouaddedthe:dc,ramodifiertothe
CassandraIPaddresses.Thefirstvalue"dc"isthedatacenter

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage89

number.Thedatacenternameisthestring"dc"withthedatacenter
numberasasuffix.
BAAS_CASS_REPLICATION dataCenterName:#CassandraNodes
Theformatis" ".For
example,fordc1withthreeCassandranodes,itisdc1:3.
BAAS_USERGRID_URL Inaproductionenvironment,thisistheURLandportoftheload
balancerthatisinfrontoftheAPIBaaSStacknodes,intheform:

http://myStackLoadBalancer:port

Inatestingordevelopmentenvironment,whereyouonlyhavea
singleAPIBaaSStacknode,thiscanbetheURLandportnumberof
anAPIBaaSStacknode,intheform:

http://stackIPorDNS:8080

TheportnumberfortheAPIBaaSStackserveris8080.
BAAS_PORTAL_URL TheURLandportnumberoftheloadbalancer,ifthereisoneinfront
ofthePortal,intheform:

http://myPortalLoadBalancer:port

Ifthereisnoloadbalancer,theURLandportnumberofthePortal
node,intheform:

http://portalIPorDNS:9000

Bydefault,theportnumberfortheAPIBaaSPortalis9000.
BAAS_PORTAL_LISTEN_PORT TheportnumberfortheAPIBaaSPortalserveris9000.Ifthisportis
notavailable,specifyadifferentport.
BAAS_PORTAL_URL
Ifyouaresetting totheURLofthePortalnode,
theportnumbersmustbethesameforbothproperties.

OptionalInstallCassandra:Machine8,9,and10
WhileyoucanconnectAPIBaaStothesameCassandraclusterasusedbyEdge,Apigeerecommendsthat
youuseseparateclusters.
TheCassandraclustercanuseauthentication,orCassandraauthenticationcanbedisabled.See
Enable

Cassandraauthenticationformore.
apigeesetup
1. InstalltheEdge utilityonthenodeusingtheinternetornoninternetprocedure.See

InstalltheEdgeapigeesetuputilityformore.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage90

2. Atthecommandprompt,runthesetupscript:

>/opt/apigee/apigeesetup/bin/setup.shpcf configFile

ThepcoptionspecifiestoinstallCassandra.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.
Theconfigurationsuccessfullycompletesthedatastoresetuponthenode.
NotethatJMXisenabledbydefaultforCassandra.TheJMXremoteaccesstoCassandradoesnotrequirea
password.YoucanconfigureCassandratouseauthenticationforJMX.Formore,see
http://docs.apigee.com/apiservices/latest/howmonitor
.

SetupCassandracronjob
nodetool
Setupacronjobthatuses toflushforlockstoruneveryhouroneveryCassandranode.
Note
:Thisstepisrequired.YoumustsetupthiscronjobonCassandranodesevenifyouareconnectingto
CassandranodesonanEdgeinstallation.
IfyouhavemultipleCassandranodes,offsetthecronjoboneachserverbyfiveminutessothatallnodesdo
notflushatthesametime.
Thecronjobmustexecutethefollowingcommand:
IP_address
/opt/apigee/apigeecassandra/bin/nodetoolh flushApigee_Baas_Locks
IP_address
where istheIPaddressoftheCassandranode.

InstallElasticSearch:Machine1,2,and3
Note:IfyouareinstallingElasticSearchandtheAPIBaaSStackonthesamenode,youcanusethe"peb"
optiontothesetup utilitytoinstallthembothatthesametime.
ToinstalltheElasticSearch:
apigeesetup
1. InstalltheEdge utilityonthenodeusingtheinternetornoninternetprocedure.See

InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:

>/opt/apigee/apigeesetup/bin/setup.shpef configFile

ThepeoptionspecifiestoinstallElasticSearch.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage91

3. (Optional)IfyouinstallElasticSearchonastandalonenode,meaningitisnotinstalledwithAPIBaaS
Stack,thenadjustthedefaultmemoryoptiontoincreasethememoryallocatedforElasticSearchfrom
4GBto6GB:

a. Open /opt/apigee/customer/application/elasticsearch.properties
inan
editor.Ifthisfiledoesnotexist,createit.
setenv_elasticsearch_max_mem_size
b. Setthe propertyto6g(thedefaultis4g):

setenv_elasticsearch_max_mem_size=6g
c. Savethefile.
d. Runthefollowingcommand:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeelasticsearch
restart
Theconfigurationsuccessfullycompletesthesetuponthenode.

InstallAPIBaaSStack:Machine4,5,and6
Note:IfyouareinstallingElasticSearchandtheAPIBaaSStackonthesamenode,youcanusethe"peb"
optiontothesetup utilitytoinstallthembothatthesametime.
ToinstalltheAPIBaaSStack:
apigeesetup
1. InstalltheEdge utilityonthenodeusingtheinternetornoninternetprocedure.See

InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:

>/opt/apigee/apigeesetup/bin/setup.shpbf configFile

ThepboptionspecifiestoinstallAPIBaaSStack.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.
Aftertheinstallerfetchesthecorrectadmincredentials,itinstallsTomcat,createsAPIBaaSkeyspaces,and
setsuptheAPIBaaSStackontheserver.SMTPisalsoconfiguredtoallowtheUItosendpassword
confirmationemails.

InstallAPIBaaSPortal:Machine7
ToinstalltheAPIBaaSPortal:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage92

apigeesetup
1. InstalltheEdge utilityonthenodeusingtheinternetornoninternetprocedure.See

InstalltheEdgeapigeesetuputilityformore.
2. Atthecommandprompt,runthesetupscript:

>/opt/apigee/setup/bin/setup.shppf configFile

TheppoptionspecifiestoinstallAPIBaaSPortal.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.
TheinstallerstartstheNginxwebserverandthenfinishestheAPIBaaSPortalconfiguration.
MakeanoteoftheAPIBaaSPortalURL.ThisistheURLyouenterintoabrowsertoaccesstheAPIBaaS
Portaluserinterface.

Onboardinganeworganization
Onboardingistheprocessofcreatinganorganizationandorganizationadministrator.Aftercreatingthe
organizationandorganizationadministrator,youcanlogintotheAPIBaaSPortalUIandmakerequeststothe
APIBaaSRESTAPI.
Whenyoucreateanorganization,theorganizatadministrator'semailaddress:
Mustbedifferentfromthesystemadministrator'semailaddress.
Mustbeuniqueamongallotherorganizations.Thatis,youcannotcreatetwoorganizationswiththe
sameemailaddressfortheorganizationadministrator.However,aftercreatingtheorganization,you
canaddadditionaladministratorsthatcanbeduplicatedacrossmultipleorganizations.
create_org_and_user.py
Toperformonboarding,usethe Pythonscript.Invokingthisscriptwithno
commandlineargumentscausesittopromptyouforallinformation:
>pythoncreate_org_and_user.py
Alternatively,youcanpassanyoralloptionsascommandlineargument.Youarepromptedforany
informationthatyouomitfromthecommandline:
>pythoncreate_org_and_user.pyo'<orgname>'
>pythoncreate_org_and_user.pyo'<orgname>'a'<newadminemail>'p'<new
adminpassword>'
Tocreateanorganization:
/opt/apigee/baasusergrid/bin
1. Changedirectoryto .
create_org_and_user.py
2. Invokethe Pythonscript.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage93

YouarepromptedfortheBaaSsystemadministratorusernameandpasswordsothatonlyasysadmin
canrunit.
3. LogintotheAPIBaaSPortalinawebbrowserusingtheURLyounotedattheendoftheAPIBaaS
PortalURLinstallation.

Toaccesstheportal,entertheAPIBaaSPortalURLintheform:

http://{portalExternalIP}:9000/

Note:TheIPistheexternalIPaddress/hostnameofPortalmachine.Ensurethatportisopen.
4. Whentheportalloginscreenappears,youcaneither:
a. Loginusingtheorganizationadministrator'susernameandpassword.
b. Loginusingthesystemadministratorsadministrator'susernameandpassword.

AccessingtheAPIBaaSRESTAPI
ToaccesstheAPIBaaSRESTAPI,useaURLintheform:
https://{loadBalancerIP}:8080/{yourorg}/{yourapp}
Inadevelopmentenvironment,youcaninstallallAPIBaaScomponentsonasinglenode,meaningyouhave
asingleAPIBaaSStack.Or,youmighthaveasmallenvironmentwithasingleAPIBaaSStacknodeandno
loadbalancer.Inthesetypesofenvironments,youcanmakeAPIcallsdirectlytotheAPIBaaSStacknode:
curlv"http://portalExternalIP:8080/status"
FormoreinformationongettingstartedwithAPIBaaSPortal,seetheApigeedocumentationat:
http://apigee.com/docs/content/buildappshome .

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage94

InstallingMonetizationServices
Note :The
InstallationChecklistdetailstheinstallationprerequisitesandprovidesalistofrequiredfilesto
obtainbeforeproceedingwiththeinstallation.Ensurethatyouhavereviewedthechecklistbeforebeginning
theinstallationprocess.
MonetizationServicesisanextensiontoApigeeEdge,henceitdoesnotrunasastandaloneprocess.Itruns
withinanyexistingApigeeEdgesetup.

Monetizationrequirements
IfyouareinstallingMonetizationonanEdgetopologythatusemultipleManagementServernodes,
suchasa13nodeinstallation,thenyoumustinstallbothEdgeManagementServernodesbefore
installingMonetization.
ToinstallMonetizationonEdgewheretheEdgeinstallationhasmultiplePostgresnodes,thePostgres
nodesmustbeconfiguredinMaster/Standbymode.YoucannotinstallMonetizationonEdgeifyou
havemultiplePostgresmasternodes.Formore,seeSetupMasterStandbyReplicationforPostgres .

Installationoverview
ThefollowingstepsillustratehowtoaddMonetizationServicesonanexistingApigeeEdgeinstallation:
Usetheapigeesetup utilitytoupdatetheApigeeManagementServernodetoenablethe
MonetizationServices,forexample,catalogmanagement,limitsandnotificationsconfiguration,billing
andreporting.

IfyouhavemultipleManagementServernodes,suchasa13nodeinstallation,thenyoumustinstall
bothEdgeManagementServernodesbeforeinstallingMonetization.
apigeesetup
Usethe utilitytoupdatetheApigeeMessageProcessortoenabletheruntime
componentsoftheMonetizationServices,forexample,transactionrecordingpolicyandlimit
enforcement.IfyouhavemultipleMessageProcessors,installMonetizationonallofthem.
PerformtheMonetizationonboardingprocessforyourEdgeorganizations.
ConfiguretheDeveloperServicesportaltosupportmonetization.Formoreinformation,see
http://apigee.com/docs/monetization/content/configuremonetizationdeveloperportal.

CreatingasilentconfigurationfileforMonetization
ShownbelowisanexamplesilentconfigurationfileforaMonetizationinstallation.Editthisfileasnecessaryfor
f
yourconfiguration.Usethe setup.sh
optionto toincludethisfile.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage95

Note:
Typically,youaddthesepropertiestothesameconfigurationfilethatyouusedtoinstallEdge,asshown
in
Creatingaconfigurationfile
.
#Edgeconfigurationproperties
#SpecifyIPaddressorDNSnameofnode.
IP1=192.168.1.1#ManagementServer,OpenLDAP,UI,ZooKeeper,Cassandra
IP2=192.168.1.2#ZooKeeper,Cassandra
IP3=192.168.1.3#ZooKeeper,Cassandra
IP4=192.168.1.4#Router,MessageProcessor
IP5=192.168.1.5#Router,MessageProcessor
IP6=192.168.1.6#Qpid
IP7=192.168.1.7#Qpid
IP8=192.168.1.8#Postgres
IP9=192.168.1.9#Postgres
#MustresolvetoIPaddressorDNSnameofhostnotto127.0.0.1orlocalhost.
HOSTIP=$(hostnamei)
#Edgesysadmincredentials
[email protected]
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
#
#Monetizationconfigurationproperties.
#
#PostgrescredentialsfromEdgeinstallation.
PG_USER=apigee #DefaultfromEdgeinstallation
PG_PWD=postgres #DefaultfromEdgeinstallation
#SpecifyPostgresserver.
MO_PG_HOST="$IP8" #OnlyspecifyonePostgresnode.
#CreateaPostgresuserforMonetization.
MO_PG_USER=postgre#Defaultusernameis"postgre"
MO_PG_PASSWD=moUserPWord
#SpecifyoneZooKeeperhost.
#EnsurethisisaZooKeeperleadernodeinamultidatacenterenvironment.
ZK_HOSTS="$IP2"
#SpecifyCassandrainformation.
#EnsureCASS_HOSTSissettothesamevalueaswhenyouinstalledEdge.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
CASS_CLUSTERNAME=Apigee #Defaultis"Apigee",unlessit
#waschangedduringEdgeinstall.
#Cassandrauname/pwordrequiredonlyifyouenabledCassandraauthentication.
#CASS_USERNAME=
#CASS_PASSWORD=

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage96

#Specifytheregion.
#Defaultisdc1unlessyouareinamultidatacenterenvironment.
REGION=dc1
#IfyourEdgeconfigfiledidnotspecifySMTPinformation,addit.
#MonetizationrequiresanSMTPserver.
SMTPHOST=smtp.gmail.com
SMTPPORT=465
[email protected]
SMTPPASSWORD=yourEmailPassword
SMTPSSL=y

Notes:
IfyourEdgeconfigfiledidnotspecifySMTPinformation,addit.MonetizationrequiresanSMTPserver.
Inasingledatacenterinstallation,allZooKeepernodesarebydefaultconfiguresasleaders.Whenyou
areinstallingEdgeacrossmultipledatacenters,someZooKeepernodeswillbeconfiguredas
observers.Ensurethatthe ZK_HOSTS propertyabovespecifiesaleadernodeinamultipledatacenter
installation.
IfyouenableCassandraauthentication,youcanpasstheCassandrausernameandpasswordby
usingthefollowingproperties:
o CASS_USERNAME
o CASS_PASSWORD

IntegrateMonetizationServiceswithallManagementServers
UsethefollowingproceduretointegratemonetizationonManagementServernodes.
1. IfyouareinstallingMonetizationonanEdgetopologythatusesmultipleManagementServernodes,
suchasa13nodeinstallation,thenensurethatyouinstalledbothManagementServernodesbefore
installingMonetization.
2. OntheManagementServernode,runthesetupscript:

>/opt/apigee/apigeesetup/bin/setup.shpmof configFile

ThepmooptionspecifiestointegrateMonetization.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.
3. IfyouareinstallingMonetizationonmultipleManagementServernodes,repeatstep2onthesecond
ManagementServernode.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage97

Onsuccessfulconfiguration,anRDBMSschemaforMonetizationServicesiscreatedinthePostgreSQL
database.ThiscompletestheintegrationofMonetizationServicesanditsassociatedcomponentswith
PostgresServer.

IntegrateMonetizationServiceswithallMessageProcessors
UsethefollowingproceduretointegratemonetizationonallMessageProcessornodes.
1. OnthefirstMessageProcessornode,atthecommandprompt,runthesetupscript:

>/opt/apigee/apigeesetup/bin/setup.shpmof configFile

ThepmooptionspecifiestointegrateMonetization.

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.
2. RepeatthisprocedureonallMessageProcessornodes.
Onsuccessfulconfiguration,theMessageProcessorisupdatedwithMonetizationServices.Thiscompletes
theintegrationofMonetizationServicesanditsassociatedcomponentswiththeMessageProcessors.

MonetizationOnboarding
Tocreateaneworganizationwithmonetizationenabled,youfirstcreatetheorganizationasyouwouldforany
neworganization.Formoreinformation,see
Onboardanorganization .

AdditionalOnboardingtoenableMonetizationforanorganization
Tocompletemonetizationonboardingofanorganization,youhaveto:
mxgroup
1. Createthemonetizationgroup: .
2. AddQpidtothegroup.
3. Enablemonetizationfortheorganization.
4. Enablenotificationsettingsfortheorganization.
5. RepeatthisprocessforallorganizationswhereyouwanttoenableMonetization.
enablemonetization
Usethe commandtoperformallofthesetasks.Thisscripttakesaconfigurationfile
containingthefollowingproperties:
MSIP=IPorDNSofManagementServer
APIGEE_PORT_HTTP_MS=8080 #Defaultis8080.
[email protected]
APIGEE_ADMINPW=yourPassword #Ifomitted,youarepromptedforit.
CASS_HOSTS="$IP1:1,1$IP2:1,1$IP3:1,1"
QPID_HOST="$IP6$IP7" #SpaceseparatedlistIP/DNSnamesof

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage98

#allQPidnodes.
QPID_PORT=8083 #Defaultis8083.
REGION=dc1
ORG_NAME=myorg #TheEdgeorgwhereyouwanttoenablemonetization.
MX_GROUP=mxgroup #DefaultMonetizationgroup.

Notes
:
CASS_HOSTS
Set REGION
and tothesamevaluesasyouusedwheninstallingMonetization.
Torunthescript:
1. Invokethescript:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeeprovision
enablemonetizationf configFile

Theconfigurationfilemustbeaccessibleorreadablebythe"apigee"user.Forexample,putthefilein
/tmp
the directoryonthenode.

Thisscriptreplicatestheorganization,products,developersandapplicationsfromCassandradatabase
toMonetizationPostgreSQLdatabase.AftersuccessfulinstallationofMonetizationServicesthedatais
synchronizedautomatically.
WhenyounextlogintotheEdgeUI,youseetheMonetizationentryinthetoplevelmenufortheorganization:

ConfiguretheDeveloperServicesportal
ToconfiguretheDeveloperServicesportaltosupportmonetization,see
http://apigee.com/docs/monetization/content/configuremonetizationdeveloperportal
.

AddingaManagementServernodetoaMonetizationInstallation
IfyouaddaManagementServertoanexistingEdgeinstallation,youmustensurethatyouaddMonetization
servicestothenewManagementServerandconfigureallManagementServerssotheycancommunicate.
ToaddaManagementServer:
1. Installthe
new
ManagementServer.
2. InstallMonetizationonthe
new
ManagementServer.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage99

3. Onthe
original
ManagementServer,callthefollowing:

>/opt/apigee/apigeeservice/bin/apigeeservice
edgemintmanagementservermintconfiguremgmtcluster
4. Restartthe
original
ManagementServer:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
restart
5. Onthe
new
ManagementServer,callthefollowing:

>/opt/apigee/apigeeservice/bin/apigeeservice
edgemintmanagementservermintconfiguremgmtcluster
6. Restartthe
new
ManagementServer:

>/opt/apigee/apigeeservice/bin/apigeeserviceedgemanagementserver
restart

Additionalconfiguration
ProvideBillingDocumentsasPDFFiles
MonetizationdisplaysbillingdocumentstoendusersinHTMLformat.ToprovidebillingdocumentsasPDF
files,youcanintegrateMonetizationwithabillingsystemthatprovidesPDFgenerationorlicenseasupported
thirdpartyPDFlibrary.

ConfigureOrganizationSettings
Backendsettings:Thefollowingtable( Table3:Organizationlevelattributes)liststheorganizationlevel
attributesthatareavailabletoconfigureamintorganization.Youcanusea PUT calltoadd/update
theseattributesas.
curlu${ADMIN_EMAIL}:${ADMINPW}v
http://<managementip>:8080/v1/organizations/{orgId}d{orgobjectwith
attributes}XPUT
Forexample,theoutputoftheaboveCURLcommandwilllooksomethinglikethis:

{
...
"displayName":"Orgnizationname",
"name":"org4",
"properties":{

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage100

"property":[
...
{
"name":"MINT_CURRENCY",
"value":"USD"
},
{
"name":"MINT_COUNTRY",
"value":"US"
},
{
"name":"MINT_TIMEZONE",
"value":"GMT"
}
]
}
}

Table3:
Organizationlevelattributes
Attributes Description
MINT_TAX_MODEL AcceptedvaluesareDISCLOSED,
UNDISCLOSED,HYBRID(defaultisnull)
MINT_CURRENCY ISOcurrencycode(defaultisnull)
MINT_TAX_NEXUS Taxnexus(defaultisnull)
MINT_DEFAULT_PROD_TAX_CATEGORY Defaultproducttaxcategory(defaultisnull)
MINT_IS_GROUP_ORG ISgrouporganization(defaultisfalse)
MINT_HAS_BROKER Hasbroken(defaultisfalse)
MINT_TIMEZONE Timezone(defaultisnull)
MINT_TAX_ENGINE_EXTERNAL_ID TaxengineID(defaultisnull)
MINT_COUNTRY Organization'scountry(defaultisnull)
MINT_REG_NO Organization'sregistrationnumber,United
KingdomgivesdifferentnumberthantaxID
(defaultisnull)
MINT_BILLING_CYCLE_TYPE PRORATED,CALENDAR_MONTH(defaultis
CALENDAR_MONTH)

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage101

MINT_SUPPORTED_BILLING_TYPE PREPAID/POSTPAID/BOTH(defaultis
PREPAID)
MINT_IS_SEPARATE_INV_FOR_FEES Indicateswhetheraseparatefeeinvoiceshould
begenerated(defaultisfalse)
MINT_ISSUE_NETTING_STMT Indicateswhethernettingstatementshouldbe
issued(defaultisfalse)
MINT_NETTING_STMT_PER_CURRENCY Indicateswhethernettingstatementshouldbe
generatedpercurrency(defaultisfalse)
MINT_HAS_SELF_BILLING Indicateswhethertheorganizationhasselfbilling
(defaultisfalse)
MINT_SELF_BILLING_FOR_ALL_DEV Indicateswhethertheorganizationhasselfbilling
foralldevelopers(defaultisfalse)
MINT_HAS_SEPARATE_INV_FOR_PROD Indicateswhethertheorganizationhasseparate
invoiceperproduct(defaultisfalse)
MINT_HAS_BILLING_ADJUSTMENT Indicateswhethertheorganizationsupportsbilling
adjustments(defaultisfalse)
features.isMonetizationEnabled UsedbythemanagementUItodisplay
monetizationspecificmenu(defaultisfalse)
ui.config.isOperator UsedbymanagementUItodisplayprovideras
OperatorversesOrganization
(defaultistrue)
ForconfiguringbusinessorganizationsettingsusingthemanagementUI,see
http://apigee.com/docs/monetizationservices/content/getstartedusingmonetizationservices
.
Note:
IfyouareusingMonetizationServicesLimitsandNotificationsfeatures,pleaseinstructyourdevelopers
toattachaLimitPolicyintheproxyflowaftertheaccesstokenvalidationpolicy.
LimitPolicyisanexplicitpolicydesignedtoblockanAPIcallifcertainlimithasbeenreached.Thepolicy
checksbusinesslimitsandraisesafaultifthereareanylimitsexceedingtheconfiguredvalue.Thisisan
extensionofraisefaultpolicybuttheconditionsarederivedfrombusinessvariables.
AnUItemplateisavailableinthemanagementUIforproxydevelopers.Proxydevelopershouldattachmint
policyinthemessageflow.Uponexecutionofthispolicythefaultwillberaisedwiththefaultresponseasper
ContinueOnError
policy.If issettotruethenthefaultwillnotberaisedandflowvariables
mint.limitsViolated
" mint.isDeveloperSuspended
"," mint.limitsPolicyError
"and" "
variableswillbesetwhichcouldbeusedforfurtherexceptionhandlingifrequired.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage102

UpdatingApigeeEdgeto4.16.05
ThissectionexplainstheupdateandrollbackprocessesfromoneversionofApigeeEdgetoanotherversion.

WhichEdgeversionscanyouupdateto4.16.05
YoucanonlyupdateApigeeEdgeversion4.16.01.xto4.16.05.
IfyouhaveaversionofEdgeprevioustoversion4.16.01.x,thenyoumustfirstmigratetoversion4.16.01.x
andthenupdatetoversion4.16.05.

Whocanperformtheupdate
TheuserrunningtheupdateshouldbethesameastheuserwhooriginallyinstalledEdge,orauserrunning
asroot.
AfteryouinstalltheEdgeRPMs,anyusercanconfigurethem.

RequiredupgradetoJavaJDKVersion8
ThisreleaseofEdgerequiresthatyouhaveinstalledJavaJDKversion8onallEdgeprocessingnodes.You
caninstalltheOracleJDK8orOpenJDK8.IfJavaJDK8isnotinstalledalready,theupdatescriptcaninstallit
foryou.
AspartoftheupdatetoJava8,someTLSciphersarenolongeravailableinOracleJDK1.8.Forthecomplete
list,seethesection"DefaultDisabledCipherSuites"
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html.
Warning :ThisreleaseofEdgedoesnotsupportJDK7.IfyouarecurrentlyusingJDK7,youmustupgradeto
JDK8.IfyourollbacktheEdge4.16.05installation,youcanoptionallyreconfigureEdgetouseJavaJDK7.

Diskspacerequirementsforupdate
Ensurethatyouhaveatleast1GBytesoffreediskspacebeforeyouperformtheupdate.

Automaticpropagationofpropertysettingsfrom4.16.01.x
.properties
Ifyouhavesetanypropertiesbyediting filesin
/opt/apigee/customer/application
thenthesevaluesareretainedbytheupdate.

Updatingtheapigeevalidateutility
In4.16.01,youinstalledandranthe apigeevalidate utilityona
MessageProcessor
node.In4.16.05,
apigeevalidate
the utilityhasbeenupdatedtorunonthe ManagementServernode.
apigeevalidate
Whenyouupdateto4.16.05,youhavetwooptionsonhowyouupdatethe utility:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage103

1. Apigeerecommended apigeevalidate
Installandrunthe utilityontheManagementServer
node.

Youcanoptionallyuninstalltheapigeevalidate utilitythefromtheMessageProcessornodes.If
youleaveitontheMessageProcessornode,youmustupdateitto4.16.05.

apigeevalidate
2. Alternatively,updatethe utilityontheMessageProcessornode,andrunitfrom
there.However,ApigeerecommendsthatyouinstallandrunitfromtheManagementServer.

Updateprerequisites
TakecareoffollowingprerequisitesbeforeupgradingApigeeEdge:
Backupallnodes

Beforeyouupdate,itisrecommendedtoperformacompletebackupofallnodesforsafetyreasons.
UsetheprocedureforyourcurrentversionofEdgetoperformthebackup.

Thisallowsyoutohaveabackupplan,incasetheupdatetoanewversiondoesntfunctionproperly.
Formoreinformationonbackup,seehttp://docs.apigee.com/apiservices/latest/backupandrestore.

EnsureEdgeisrunning

EnsurethatEdgeisupandrunningduringupdateprocessbyusingthecommand:

>/<inst_root>/apigee/apigeeservice/bin/apigeeallstatus

Handlingafailedupdate
update.sh
Inthecaseofanupdatefailure,youcantrytocorrecttheissue,andthenrun again.Youcanrun
theupdatemultipletimesanditcontinuestheupdatefromwhereitlastleftoff.
Ifthefailurerequiresthatyourollbacktheupdatetoyourpreviousversion,see
RollbackProcessformore.

Loggingupdateinformation
update.sh
Bydefault,the utilitywritesloginformationto:
/opt/apigee/var/log/apigeesetup/update.log
update.sh
Iftheuserrunningthe utilitydoesnothaveaccesstothatdirectory,itwritesthelogtothe
/tmp
directoryasafilenamed username
update_ .log .
update.sh
Iftheuserdoesnothaveaccessto/tmp,the utilityfails.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage104

Zerodowntimeupdate
Azerodowntimeupdate,orrollingupdate,letsyouupdateyourEdgeinstallationwithoutbringingdownEdge.
Note
:Zerodowntimeupdateisonlypossiblewitha5nodeconfigurationandlarger.
ThekeytozerodowntimeupgradingistoremoveeachRouter,oneatatime,fromtheloadbalancer.Youthen
updatetheRouterandanyothercomponentsonthesamemachineastheRouter,andthenaddtheRouter
backtotheloadbalancer.
1. Updatethemachinesinthecorrectorderforyourinstallationasdescribedin
Orderofmachineupdate
.
2. WhenitistimetoupdatetheRouters,selectanyoneRouterandmakeitunreachable,asdescribed
belowin
MakingaRouterandMessageProcessorunreachable .
3. UpdatetheselectedRouterandallotherEdgecomponentsonthesamemachineastheRouter.All
EdgeconfigurationsshowaRouterandMessageProcessoronthesamenode.
4. MaketheRouterreachableagain.
5. Repeatsteps2through4fortheremainingRouters.
6. Continuetheupdateforanyremainingmachinesinyourinstallation.

MakingaRouterandMessageProcessorunreachable
Inaproductionsetup,youwillhavemultipleRoutersandMessageProcessorstoachieveoptimalperformance
andyoumustenable/disablereachabilityoftheseRoutersandMessageProcessorsbefore/afterupdate.
ThefollowingAPIcallconfiguresanodeasreachableorunreachable:
adminEmail:pWord
>curlu ms_IP
XPOST"http://< UUID
>:8080/v1/servers/ "d
true|false
"reachable= "
UUID
where reachable
istheUUIDoftheMessageProcessororRouter,and issettoeithertrueorfalse.
IfyouneedtodeterminetheUUIDoftheRouter,usethefollowingcURLcommand:
>curlhttp://<routerIP>:8081/v1/servers/self
IfyouneedtodeterminetheUUIDoftheMessageProcessor,usethefollowingcURLcommand:
>curlhttp://<mpIP>:8082/v1/servers/self
Takecareofthefollowingbefore/afterupdate:
OncombinedRouterandMessageProcessornode:
o Beforeupdateperformthefollowing:
i. MaketheRouterunreachablebyusingtheAPIcallshownabove.
ii. MaketheMessageProcessorunreachable.
o Afterupdateperformthefollowing:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage105

I. MaketheMessageProcessorreachable.
II. MaketheRouterreachable.
OnsingleRouternode:
o Beforeupdate,maketheRouterreachable.
o Afterupdate,maketheRouterreachable.
OnsingleMessageProcessornode:
o Beforeupdate,maketheMessageProcessorunreachable.
o Afterupdate,maketheMessageProcessorreachable.

Usingasilentconfigurationfile
Youmustpassasilentconfigurationfiletotheupdatecommand.Thesilentconfigurationfileshouldbethe
sameoneyouusedtoinstalEdge4.16.01.

Procedureforupdatingto4.16.05onanodewithanexternalinternet
connection
UsethefollowingproceduretoupdatetheEdgecomponentsonanode:
1. Ifpresent,disableanyCRONjobsconfiguredtoperformarepairoperationonCassandrauntilafterthe
updatecompletes.
2. LogintoyournodeasroottoinstalltheEdgeRPMs

Note:WhileRPMinstallationrequiresrootaccess,youcanperformEdgeconfigurationwithoutroot
access.
3. DisableSELinuxasdescribedin
Prerequisite:DisableSELinux
.
bootstrap_4.16.05.sh
4. DownloadtheEdge4.16.05 /tmp/bootstrap_4.16.05.sh
fileto :

>curlhttps://software.apigee.com/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh
5. InstalltheEdge4.16.05 apigeeservice utilityanddependencies:

>sudobash/tmp/bootstrap_4.16.05.shapigeeuser= uName
apigeepassword= pWord

where uName:pWord aretheusernameandpasswordyoureceivedfromApigee.Ifyouomit pWord ,
youwillbepromptedtoenterit.

Bydefault,theinstallercheckstoseethatyouhaveJava1.8installed.Ifyoudonot,itinstallsitforyou.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage106

Usethe JAVA_FIX JAVA_FIX

optiontospecifyhowtohandleJavainstallation. takesthefollowing
values:

I=InstallOpenJDK1.8(default)
C=ContinuewithoutinstallingJava
Q=Quit.Forthisoption,youhavetoinstallJavayourself.

6. Useapigeeservice apigeesetup
toupdatethe utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupupdate

apigeeservice
Thisupdateto update.sh
installsthe utilityin
<inst_dir>/apigee/apigeesetup/bin .
apigeevalidate
7. Installthe utilityontheManagementServer:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall

Note apigeevalidate
:Ifyouhaveinstalledthe utilityonaMessageProcessornode,youcan
updateitbyusingthefollowingcommandonthatnode:


>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateupdate

However,for4.16.05,Apigeerecommendsthatyouinstallandrunthe apigeevalidate utilityon
theManagementServer.
8. Edittheconfigfilepassedtotheapigeevalidate utility.

InthepreviousEdgerelease,theconfigfileusedbyapigeevalidate requiredthefollowing
properties:

APIGEE_ADMINPW=sysAdminPword
MP_POD=gateway
REGION=dc1

APIGEE_ADMINPW
Inthisrelease,theconfigfileonlyrequiresthe property.
9. RuntheupdateutilityonyournodesintheorderdescribedbelowinOrderofmachineupdate:

>/opt/apigee/apigeesetup/bin/update.shc component fconfigFile

Usethecoptiontospecifythecomponenttoupdate.Thelistofpossiblecomponentsincludes:

ldap=OpenLDAP

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage107

cs =Cassandra
zk =Zookeeper
qpid =qpidd
ps =postgresql
edge =AllEdgecomponentsexceptEdgeUI:ManagementServer,MessageProcessor,Router,QPID
Server,PostgresServer
ui =EdgeUI
all =updateallcomponentsonmachine(onlyuseforanEdge aioinstallationprofileoranAPIBaaS
asa installationprofile)
e=ElasticSearch
b=APIBaaSStack
p=APIBaaSPortal
ebp =ElasticSearch,APIBaaSStack,andAPIBaaSPortalonthesamenode

Theonlyrequirementontheconfigfileisthattheconfigurationfilemustbeaccessibleorreadableby
/tmp
the"apigee"user.Forexample,putthefileinthe directoryonthenode.
apigeevalidate
10. Testtheupdatebyrunningthe utilityontheManagementServer,asdescribedin
Testtheinstall
.
Tolaterrollbacktheupdate,usetheproceduredescribedin .
RollbackProcess

Procedureforupdatingto4.16.05fromalocalrepo
IfyourEdgenodesarebehindafirewall,orinsomeotherwayareprohibitedfromaccessingtheApigee
mirror
repositoryovertheInternet,thenyoucanperformtheupdatefromalocalrepository,or ,oftheApigee
repo.
AfteryoucreatealocalEdgerepository,youhavetwooptionsforupdatingEdgefromthelocalrepo:
Createa.tarfileoftherepo,copythe.tarfiletoanode,andthenupdateEdgefromthe.tarfile.
Installawebserveronthenodewiththelocalreposothatothernodescanaccessit.Apigeeprovides
theNginxwebserverforyoutouse,oryoucanuseyourownwebserver.
Toupdatefromalocal4.16.05repo:
1. Createalocal4.16.05repoasdescribedinCreatealocalApigeerepository
.

Note:Ifyoualreadyhaveanexisting4.16.01repo,youcanaddthe4.16.05repotoit.

2. Toinstallapigeeservicefroma.tarfile:
a. Onthenodewiththelocalrepo,usethefollowingcommandtopackagethelocalrepointoa
/opt/apigee/data/apigeemirror/apigee4.16.05.tar.gz
single.tarfilenamed :

>
/opt/apigee/apigeeservice/bin/apigeeserviceapigeemirrorpackage

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage108

b. Copythe.tarfiletothenodewhereyouwanttoupdateEdge.Forexample,copyittothe
/tmp
directoryonthenewnode.
/tmp
c. Onthenewnode,untarthefiletothe directory:

>tarxzfapigee4.16.05.tar.gz

Thiscommandcreatesanewdirectory,named repos ,inthedirectorycontainingthe.tarfile.
/tmp/repos
Forexample .
apigeeservice
d. InstalltheEdge utilityanddependenciesfrom /tmp/repos
:

>sudobash/tmp/repos/bootstrap_4.16.05.shapigeeprotocol="file://"
apigeerepobasepath=/tmp/repos

Noticethatyouincludethepathtotherepos directoryinthiscommand.
3. ToinstallapigeeserviceusingtheNginxwebserver:
a. ConfiguretheNginxwebserverasdescribedin
InstallfromtherepousingtheNginxwebserver:
b. Ontheremotenode,downloadtheEdgebootstrap_4.16.05.shfileto
/tmp/bootstrap_4.16.05.sh :

>/usr/bin/curl
http:// uName:pWord@ remoteRepo :3939/bootstrap_4.16.05.sho
/tmp/bootstrap_4.16.05.sh

uName:pWord
where aretheusernameandpasswordyousetabovefortherepo,and
remoteRepo istheIPaddressorDNSnameofthereponode.
apigeeservice
c. Ontheremotenode,installtheEdge utilityanddependencies:

>sudobash/tmp/bootstrap_4.16.05.shapigeerepohost= remoteRepo:3939
apigeeuser= uName apigeepassword= pWord apigeeprotocol=http://

uName:pWord
where
aretherepousernameandpassword.
4. Useapigeeservice apigeesetup
toupdatethe utility:

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupupdate

apigeeservice
Thisupdateto update.sh
installsthe utilityin
<inst_dir>/apigee/apigeesetup/bin .
apigeevalidate
5. Installthe utilityontheManagementServer:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage109

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateinstall

Note apigeevalidate
:Ifyouhaveinstalledthe utilityonaMessageProcessornode,youcan
updateitbyusingthefollowingcommandonthatnode:


>/opt/apigee/apigeeservice/bin/apigeeserviceapigeevalidateupdate

However,for4.16.05,Apigeerecommendsthatyouinstallandruntheapigeevalidate utilityon
theManagementServer.
6. Edittheconfigfilepassedtotheapigeevalidate utility.

InthepreviousEdgerelease,theconfigfileusedbyapigeevalidate requiredthefollowing
properties:

APIGEE_ADMINPW=sysAdminPword
MP_POD=gateway
REGION=dc1

APIGEE_ADMINPW
Inthisrelease,theconfigfileonlyrequiresthe property.
7. Runtheupdateutilityonyournodesintheorderdescribedbelowin Orderofmachineupdate :

>/opt/apigee/apigeesetup/bin/update.shc component f configFile

Usethecoptiontospecifythecomponenttoupdate.Thelistofpossiblecomponentsincludes:

ldap =OpenLDAP
cs =Cassandra
zk =Zookeeper
qpid =qpidd
ps =postgresql
edge =AllEdgecomponentsexceptEdgeUI:ManagementServer,MessageProcessor,Router,QPID
Server,PostgresServer
ui =EdgeUI
all =updateallcomponentsonmachine(onlyuseforanEdge aioinstallationprofileoranAPIBaaS
asa installationprofile)
e=ElasticSearch
b=APIBaaSStack
p=APIBaaSPortal
ebp =ElasticSearch,APIBaaSStack,andAPIBaaSPortalonthesamenode

Theonlyrequirementontheconfigfileisthattheconfigurationfilemustbeaccessibleorreadableby
/tmp
the"apigee"user.Forexample,putthefileinthe directoryonthenode.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage110

apigeevalidate
8. Testtheupdatebyrunningthe utilityontheManagementServer,asdescribedin
Testtheinstall
.
Tolaterrollbacktheupdate,usetheproceduredescribedin .
RollbackProcess

Orderofmachineupdate
TheorderthatyouupdatethemachinesinanEdgeinstallationisimportant.Themostimportant
considerationstoanupdateare:
o Youmustupdate
all
CassandraandZooKeepernodesbeforeyouupdateanyothernodes.
o Youmustupdate
all
qpiddandpostgresqlnodesbeforeyouupdateanyRouterandMessage
Processornodes.
o ForanymachinewithmultipleEdgecomponents(ManagementServer,MessageProcessor,Router,
QPIDServer,PostgresServer),usethe"cedge"optiontoupdatethemallatthesametime.
o Ifastepspecifiesthatitshouldbeperformedonmultiplemachines,performitinthespecifiedmachine
order.
o ThereisnoseparatesteptoupdateMonetization.Itisupdatedwhenyouspecifythe"cedge"option.
o /opt/nginx/conf.d
AfteryouupdateaRouternode,youmustremoveallfilesfromthe directory,
andthenrestarttheRouter.

Fora1hoststandaloneinstallation
1. Updatemachine1:

>/opt/apigee/apigeesetup/bin/update.shcallf
configFile
/opt/nginx/conf.d
2. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
3. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart

Fora2hoststandaloneinstallation
1. UpdateCassandraandZooKeeperonmachine1:

>/opt/apigee/apigeesetup/bin/update.shccs,zkf
configFile
2. Updateqpiddandpostgresqlonmachine2:

>/opt/apigee/apigeesetup/bin/update.shcqpid,psf
configFile

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage111

3. UpdateLDAPonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
4. UpdateEdgecomponentsonmachine2andmachine1:

>/opt/apigee/apigeesetup/bin/update.shcedgef
configFile
5. Onnode1:
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. UpdateUIonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

Fora5hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:

>/opt/apigee/apigeesetup/bin/update.shccs,zkf configFile
2. Updateqpiddandpostgresqlonmachine4and5:

>/opt/apigee/apigeesetup/bin/update.shcqpid,psf
configFile
3. UpdateLDAPonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
4. UpdateEdgecomponentsonmachine4,5,1,2,3:

>/opt/apigee/apigeesetup/bin/update.shcedgef
configFile
5. Onnodes2and3:
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage112

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
6. UpdateUIonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

Fora9hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:

>/opt/apigee/apigeesetup/bin/update.shccs,zkf configFile
2. Updateqpiddonmachine6and7:

>/opt/apigee/apigeesetup/bin/update.shcqpidf
configFile
3. Updatepostgresqlonmachine8and9:

>/opt/apigee/apigeesetup/bin/update.shcpsf
configFile
4. UpdateLDAPonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
5. UpdateEdgecomponentsonmachine6,7,8,9,1,4,and5inthatorder:

>/opt/apigee/apigeesetup/bin/update.shcedgef configFile
6. Onnodes4and5:
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
7. UpdateUIonmachine1:

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

Fora13hostclusteredinstallation
1. UpdateCassandraandZooKeeperonmachine1,2,and3:

>/opt/apigee/apigeesetup/bin/update.shccs,zkf configFile

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage113

2. Updateqpiddonmachine12and13:

>/opt/apigee/apigeesetup/bin/update.shcqpidf
configFile
3. Updatepostgresqlonmachine8and9:

>/opt/apigee/apigeesetup/bin/update.shcpsf
configFile
4. UpdateLDAPonmachine4and5:

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
5. UpdateEdgecomponentsonmachine12,13,8,9,6,7,10,and11inthatorder:

>/opt/apigee/apigeesetup/bin/update.shcedgef configFile
6. Onnodes10and11:
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
7. UpdateUIonmachine6and7:

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

Fora12hostclusteredinstallation
1. UpdateCassandraandZooKeeper:
a. Onmachines1,2and3inDataCenter1:

>/opt/apigee/apigeesetup/bin/update.shccs,zkf
configFile
b.Onmachines7,8,and9inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shccs,zkf
configFile
2. Updateqpidd:
a. Machines4,5inDataCenter1

>/opt/apigee/apigeesetup/bin/update.shcqpidf
configFile

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage114

b. Machines10,11inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shcqpidf
configFile
3. Updatepostgresql:
a. Machines6inDataCenter1

>/opt/apigee/apigeesetup/bin/update.shcpsf
configFile
b. Machines12inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shcpsf
configFile
4.UpdateLDAP:
a. Machines1inDataCenter1

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
b. Machines7inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shcldapf
configFile
5.UpdateEdgecomponents:
a. Machines4,5,6,1,2,3inDataCenter1

>/opt/apigee/apigeesetup/bin/update.shcedgef
configFile
b. Machines10,11,12,7,8,9inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shcedgef
configFile
c. Onnodes2,3,8and9:
/opt/nginx/conf.d
i. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
ii. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeservice
edgerouterrestart
6.UpdateUI:
a. Machine1inDataCenter1

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage115

b. Machine7inDataCenter2

>/opt/apigee/apigeesetup/bin/update.shcuif
configFile

Fora7hostAPIBaaSinstallation
1. UpdateCassandraonmachine5,6,and7:

>/opt/apigee/apigeesetup/bin/update.shccsf
configFile
2. UpdateElasticSearchandAPIBaaSStackonmachine1,2,and3:

>/opt/apigee/apigeesetup/bin/update.shce,bf configFile
3. UpdateAPIBaaSPortalonmachine4:

>/opt/apigee/apigeesetup/bin/update.shcpf
configFile

Fora10hostAPIBaaSinstallation
1. UpdateCassandraonmachine8,9,and10:

>/opt/apigee/apigeesetup/bin/update.shccsf
configFile
2. UpdateElasticSearchonmachine1,2,and3:

>/opt/apigee/apigeesetup/bin/update.shcef
configFile
3. UpdateAPIBaaSStackonmachine4,5,and6:

>/opt/apigee/apigeesetup/bin/update.shcbf
configFile
4. UpdateAPIBaaSPortalonmachine7:

>/opt/apigee/apigeesetup/bin/update.shcpf
configFile

Foranonstandardinstallation
Ifyouhaveanonstandardinstallation,thenupdateEdgecomponentsinthefollowingorder:
1. ZooKeeper
2. Cassandra
3. qpidd
4. postgresql
5. LDAP

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage116

6. Edge,meaningthe"cedge"profileonallnodesintheorder:Qpid,Postgres,ManagementServer,
MessageProcessor,Router.
7. OnallRouternodes
/opt/nginx/conf.d
a. Deleteanyfilesin :

>rmf/opt/nginx/conf.d/*
b. RestarttheEdgeRouter:

>/<inst_root>/apigee/apigeeservice/bin/apigeeserviceedgerouter
restart
8. UI

RollbackProcess
Therearetwoscenarioswhereyoumightwanttoperformarollback:
1. Rollbacktoanolderrelease.Forexamplefrom4.16.05to4.16.01.
2. Rollbacktoanolderversioninthesamerelease.
Usetheprocedurebelowtoperformarollbackforbothscenarios.

Whocanperformtherollback
TheuserperformingtherollbackshouldbethesameastheuserwhooriginallyupdatedEdge,orauser
runningasroot.
Bydefault,Edgecomponentsrunastheuser"apigee".Insomecases,youmightberunningEdge
componentsasdifferentusers.Forexample,iftheRouterhastoaccessprivilegedports,suchasthosebelow
1000,thenyouhavetoruntheRouterasrootorasauserwithaccesstothoseports.Or,youmightrunone
componentasoneuser,andanothercomponentasanotheruser.

Whichcomponentscanberolledback
Youshouldbeawareofthefollowingconditionswhenperformingarollback:
Torollbackanyoneofthefollowingfivecomponentsonanode,youmustrollbackanyofthefive
installedonthenode.Forexample,ifyouhavetheManagementServer,Route,andMessage
Processorinstalledonthenode,torollbackanyoneofthemyoumustrollbackallthree.

Thefivecomponentsare:
ManagementServer
Router
MessageProcessor
QpidServer
PostgresServer

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage117

DonotrollbackCassandra.ThisreleaseofEdgecontainsanupdatedversionofCassandra.Ifyou
rollbackanycomponents,leaveCassandraatthe4.16.05version.
Thisreleasedoesnotcontainanewversionofpostgresqlorqpidd.Therefore,youdonothavetoroll
themback.

Torollback4.16.05
TorollbackApigeeEdge,performthefollowingrollbacksteps:
Note
:Ifyouaretryingtorollbackonaproductionsystem,contact
ApigeeSupportformoreinformation.
1. Stopthecomponenttorollback:
a. Ifyouarerollingbackanyoneofthefollowingcomponents,youmuststopthemall:
ManagementServer,Router,MessageProcessor,QpidServer,orPostgresServer :

>apigeeserviceedgemanagementserverstop
>apigeeserviceedgerouterstop
>apigeeserviceedgemessageprocessorstop
>apigeeserviceedgeqpidserverstop
>apigeeserviceedgepostgresserverstop
b. Ifyouarerollingbackanyothercomponent,stopjustthatcomponent:

>apigeeservice compstop
2. IfyouarerollingbackMonetization,uninstallit:

>apigeeserviceedgemintgatewayuninstall
3. Uninstallthecomponenttorollback:
a. Ifyouarerollingbackanyofthefollowingcomponents,thenuninstallthemall:
ManagementServer,Router,MessageProcessor,QpidServer,orPostgresServer:

>apigeeserviceedgegatewayuninstall
b. Ifyouarerollingbackanyothercomponent,uninstalljustthatcomponent

>apigeeservice compuninstall
/opt/nginx/conf.d
4. IfyouarerollingbacktheRouter,thenyouhavetodeletethecontentsof :

>cd/opt/nginx/conf.d
>rmrf*
5. Torollbackthecomponenttothe4.16.01release:
apigeesetup
a. Uninstallthe4.16.05versionof :

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage118

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetup
uninstall
b. Downloadbootstrap.shforthe4.16.01release:

>curlhttps://software.apigee.com/bootstrap.sho/tmp/bootstrap.sh
uName
u :
pWord

uName:pWord
where aretheusernameandpasswordyoureceivedfromApigee.Ifyouomit
pWord,youwillbepromptedtoenterit.
c. Installthe4.16.01Edge apigeeservice utilityanddependencies:

>sudobash/tmp/bootstrap.shapigeeuser= uName
apigeepassword=pWord

where uName pWord
and aretheusernameandpasswordyoureceivedfromApigee.Ifyou
pWord
omit ,youwillbepromptedtoenterit.
apigeesetup
d. Installthe4.16.01versionof :

>/opt/apigee/apigeeservice/bin/apigeeserviceapigeesetupinstall
e. Installthe4.16.01versionofthecomponent:

>/<instal_dir>/apigee/apigeesetup/bin/setup.shp compf
configFile

where comp configFile
isthecomponenttoinstalland isyour4.16.01configurationfile.
6. Torollbackthecomponenttoaspecificversionofthe4.16.05release:
a. Downloadthespecificcomponentversion:

>/<instal_dir>/apigee/apigeeservice/bin/apigeeservice compversion
install

wherecompversion isthecomponentandversiontoinstall.Forexample:

>/<instal_dir>/apigee/apigeeservice/bin/apigeeservice
edgeui4.16.050.0.3649 install

IfyouareusingtheApigeeonlinerepo,youcandeterminetheavailablecomponentversionsby
usingthefollowingcommand:

>yumshowduplicateslist comp

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage119

Forexample:

>yumshowduplicateslistedgeui
b. Useapigeesetuptoinstallthecomponent:

>/<install_dir>/apigee/apigeesetup/bin/setup.shp comp
f
configFile

Forexample:

>/<install_dir>/apigee/apigeesetup/bin/setup.shp ui
f
configFile

Notehowyouonlyspecifythecomponentnamewhenyoudotheinstall.

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.
ApigeeEdgeInstallandConfigurationGuidePage120

ConfidentialandproprietaryinformationofApigee,Inc.Nottobedisclosedexceptundernondisclosureagreement.