Installing Edge using Ops Manager

Edge for Private Cloud v4.18.05

Apigee Edge Installer for Pivotal Cloud Foundry v18.05.01 corresponds to Apigee Edge for Private Cloud v4.18.05.01

This topic describes how to install Apigee Edge on Pivotal Cloud Foundry for the first time. If you are updating an existing installation of Edge to version 18.05.01, see Update Edge to 18.05.01 using Ops Manager.

Prerequisites

Before you can install Edge, you must first meet the following prerequisites.

Edge License

Each installation of Edge requires a unique license file that you obtain from Apigee. If the license file is valid, the management server validates the expiry and allowed Message Processor (MP) count.

Complete Edge installation before enabling Edge SSO or Monetization

Ops Manager 2.1 or 2.2

Ensure that you are using Ops Manager version 2.1 or 2.2 from Pivotal Software. To upgrade to a previous version of Ops Manager, see the Pivotal documentation.

Define VMs that meet the Edge system requirements

Ensure that you have defined VMs that meet the memory, CPU, and disk requirements of Edge components as defined in Installation Requirements.

Configure load balancers

With Ops Manager, you must predefine load balancers to control access to the servers running Edge. The load balancer defines the domain name and port of the Edge access point, optionally enables TLS, and forwards requests to the appropriate port on an Edge component.

When configuring an Edge installation in the Ops Manager, you specify the predefined load balancers used by the Edge components. Only a subset of the Edge components are externally accessible and therefore require load balancers to control access. The following tables lists the Edge components that require a load balancer, as well as the requirements on the load balancer for that component:

Component

Load Balancer Requirements

TLS

Management Server

You install two Management Servers when installing Edge. You must configure two load balancers for the Management Servers:

  1. Defines the publicly accessible domain name of the Edge UI. For example, https://edgeui.example.com.

    Routes requests to the Edge UI to port 9000 on the Management Servers.

  2. Defines the publicly accessible domain name of the Edge management API. For example, https://edgemgmt.example.com.

    Routes requests to the Edge API to port 8080 on the Management Servers.

Recommended for both

Router

You typically install a minimum of two Routers when installing Edge. Configure the following two load balancers for the Routers:

  1. (Required) Defines the publicly accessible domain name of API proxies deployed on Edge. For example, https://api.example.com.

    API proxy request are in the form domain:port, which you then route to port on the Router servers. Use this domain name when configuring a virtual host for an organization. For example, if you define a virtual host as api.example.com on port 443, then you should configure your load balancer to route requests to port 443.
  2. (Recommended) Defines the publicly accessible domain name of the test APIs used to validate the installation. For example, https://test.example.com. You can also use this domain at runtime to take Routers out of rotation on a failure.

    Requests to this domain are forwarded to port 59001 on the Routers.

Recommended

Developer Services portal

You install a single Developer Services portal server. The load balancer defines the publicly accessible domain name of the portal. For example, https://dev_portal.example.com.

The load balancer then routes Developer Services portal requests to port 8079 on the portal server.

Recommended

Installation overview

This section describes how to install Edge using the Ops Manager. During the actual installation, the following events occur:

  • Ops Manager creates a VM for the Apigee Mirror Repo to host the Apigee yum repo and makes sure that subsequent VMs have access to this repo.
  • Ops Manager then creates VMs and installs the Edge components that do not depend on other components, such as Zookeeper. Each Edge component is installed on its own VM.
  • Ops Manager then creates the next VM and installs the Edge components that do not depend on any other component except for the components that have already been installed.
  • The “apigee” user is created on each VM.
  • The apigee-service utility is installed on each VM in case you have to log in to the VM to troubleshoot issues.

After the installation completes, use the Edge management API to provision an organization and log in to the Edge UI to start creating API proxies.

You can optionally choose to install additional Edge components, including:

  • Developer Services portal
  • Edge SSO (Install Edge first and verify that it is working, then enable Edge SSO and apply that change to the Edge installation). See Configuring Edge SSO using Ops Manager for more.
  • Monetization (Install Edge first and verify that it is working, then enable Monetization and apply that change to the Edge installation). See Configuring Monetization using Ops Manager for more.

If you choose to install these optional components, you might have to perform additional onboarding or configuration steps.

Developer Services portal requires an SMTP server. If installed, it uses the same SMTP server as configured for Edge.

Install Edge

Use the following procedure to install Edge:

  1. Create the required load balancers as defined above in Define VMs that meet the Edge system requirements.
  2. Import the Edge tile into the Ops Manager.
  3. Select the Edge tile. The Settings tab is selected.

  4. Under Assign AZs and Networks, select the network for the Edge install.
    Note: After this and the following steps, select the Save button to save your changes.
  5. Under Apigee Edge on PCF, enter:
    • System admin's e-mail address and password
    • MP Pod name: default is "gateway"
    • Region: default is "dc-1".
    • Edge license.
  6. Optionally select Drupal-Devportal to enable the installation of the Developer Services portal (default is disabled).

    If you choose to install the Developer Services portal, it uses the same sys admin credentials and SMTP server as configured for Edge.
  7. If this is your first installation of Edge, do not enable Monetization (default is disabled). After the Edge installation completes, then you can enable Monetization.

    See Configuring Monetization using Ops Manager for more.
  8. In Edge SSO, disable SSO for Management Server and Edge UI, BaaS, and Dev portal. After the Edge installation completes, then you can enable Edge SSO.

    See Configuring Edge SSO using Ops Manager for more.
  9. Select Config Overrides to enter any configuration overrides to Edge components.
    1. You must specify the following overrides under Apigee Edge Message Processor Config Override to specify the memory requirements:
      bin_setenv_min_mem=512m
      and:
      bin_setenv_max_mem=2816m


      You can apply additional overrides now during the installation, or apply them later after the installation complete.
    2. Edge requires you to configure an SMTP server, as described in the following step. Some SMTP servers require you to set the sender's e-mail address used when generating e-mails. For example, it is required when installing Edge on AWS. To set the sender's e-mail address, set the following property:
      • Under Edge UI Config Overrides set:
        conf_apigee_apigee.mgmt.mailfrom="Apigee <sender@example.com>"
        conf/application.conf+trustxforwarded=true
        The second property specifies to use TLS in the URL sent to the user when resetting their password.
      • If you installed the Developer Services portal, under Apigee Drupal Devportal Config Overrides set:
        conf_devportal_default_sender_address="sender@example.com"
  10. Select SMTP to configure the e-mail server used for e-mail messages sent from Edge. For example, when a user requests a new password. SMTP e-mail is disabled by default.

    Note: SMTP configuration is required, you must specify an SMTP server when installing Edge.

    For the SMTP port, the value can be different based on the selected encryption protocol. For example, for Gmail, the port is 465 when using SSL and 587 for TLS.

    If installed, the Developer Services portal also uses this SMTP server.
  11. Select Errands to ensure that the Apigee Validation Errand is enabled. This errand runs a series of tests to validate the installation and enables SmartDocs.
  12. Select Resource Config to specify the number of Router and Message Processor servers. The default is two servers each.
    Note: Do not check any of the INTERNET CONNECTED boxes. All externally accessible Edge components use a load balancer to provide the Internet access.
    1. In Resource Config, ensure that you select a VM TYPE that matches the system requirements of the component as defined at Hardware Requirements.
    2. In Resource Config, specify the load balancer names in the LOAD BALANCERS column for the Management Server and Router.
    3. If you are installing the Apigee Developer Services portal (called Drupal Devportal in Ops Manager), specify the load balancer for the server.


      See "Configure load balancers" above for information on the requirements of the load balancers.
  13. Select Stemcell to see the Apigee stemcell. Edge requires the CentOS stemcell. CentOS stemcells for different platforms can be downloaded from https://bosh.io/stemcells. Select and download the matching stemcell for the given infrastructure.

    Note: This release uses the 3586 version of the CentOS stemcell.

    For example, for AWS infrastructure, use only the HVM Light CentOS 7 stemcell from: http://bosh.io/stemcells/bosh-aws-xen-hvm-centos-7-go_agent
  14. Select Installation Dashboard in the upper-left corner to return to the main Ops Manager page.
  15. Select Apply Changes to start the installation. When the installation completes, you return to the Ops Manager.

Test the installation

This section describes how to test the Edge installation.

Log in to the Edge UI

The Edge UI lets you perform most of the tasks necessary to create, configure, and manage API proxies, API products, apps, and users. Once you installed Edge, you enabled the Apigee Validation Errand. This errand creates an organization named VALIDATE on edge.

After installing Edge, log in to the VALIDATE organization in the Edge UI by using the following procedure:

  1. Open the following URL in a browser:
    https://<edge_ui_domain>

    In this URL, <edge_ui_domain> is the domain name of the Edge UI as defined by the load balancer for the Management Server component.
  2. When prompted, enter the system admin's e-mail address and password that you specified in the Ops Manager when you installed Edge.

    The Edge UI appears.

Make calls the Edge API

Test the installation by making calls to the Edge management API.

  1. Create a virtual host by running the following cURL command. This virtual host lets you use API calls to validate the installation:
    curl -X PUT -u <sysAdminEmail>:<passwd> \
    https://<ms-api-domain>/v1/o/VALIDATE/e/test/virtualhosts/default \
    -d '{ "hostAliases" : [ "VALIDATE.apigee.com", "<router-test-domain>" ], "interfaces" : [ ], "name" : "default", "port" : "59001"}' -H "Content-Type: application/json"
    -i

    In this call <ms-api-domain> is the domain name of the Edge management API as defined by the load balancer for the Management Servers. <router-test-domain> is the domain name defined by the test load balancer on the Router that forwards requests to port 59001 on the Router.
  2. Run the healthcheck API:
    curl https://<ms-api-domain>/v1/apigee/healthCheck

    Where <ms-api-domain> is the domain name of the Edge management API as defined by the load balancer for the Management Servers.

    This API returns "OK," if it executes successfully.
  3. View the central pod. The central pod contains the Management Server, Zookeeper, LDAP, UI, and Qpid components:|
    curl -v -u <sysAdminEmail>:<passwd> https://<ms-api-domain>/v1/servers?pod=central

    The call returns information about the Edge components in the pod, including the UUID of each component. You often need the component's UUID to configure it.

    See About pods for more information.

Where to next?

After you install and test Edge, you must then provision Edge. Provisioning is the process of creating an Edge organization and other entities required by Edge.

See Provisioning organizations for more.