Edge for Private Cloud v4.19.01
This document describes how to install the New Edge experience for Edge for the Private Cloud. The New Edge experience is the next generation of UI for Edge.
To try out the New Edge experience in an Edge for Private Cloud installation, you must:
- Enable SAML on Edge. The New Edge experience only supports SAML as the authentication mechanism.
- Install the New Edge experience on its own node. You cannot install it on a node that contains other Edge components, including the node on which the existing Edge UI resides. Doing so will cause users to be unable to log in to the classic Edge UI.
For more on the New Edge experience, see The New Edge Experience for Private Cloud.
Installation overview
To install the New Edge experience for Edge for the Private Cloud, you perform two different installation processes:
- Install the base Edge UI, called shoehorn, and configure the base
Edge UI to use SAML to authenticate with Edge.
- Install the New Edge experience, and configure the New Edge experience to use SAML to authenticate with Edge. After installing the New Edge experience, you can log in and use it to work with Edge.
Installation prerequisites
- You must enable SAML on Edge before you install the New Edge experience. The New Edge
experience only supports SAML as its authentication mechanism.
For information on enabling SAML on Edge, see Supporting SAML on Edge for Private Cloud.
- The New Edge experience only supports TLS v1.2. Because you connect to the SAML IDP over TLS, your SAML IDP must therefore support TLS v1.2.
You must install the New Edge experience on its own node. You cannot install it on a node that contains other Edge components, including the node on which the existing Edge UI resides.
The node must meet the following requirements:
- JAVA 1.8
- 4 GBytes of RAM
- 2-core
- 60GB disk space
- You must first install the 4.19.01 version of the
apigee-setup
utility on the node as described at Install the Edge apigee-setup utility. - Port 3001 must be open. This is the default port used for requests to the New Edge experience. If you change the port by using the properties described below, make sure that port is open.
Considerations before installing the New Edge experience
As described above in the prerequisites, the New Edge experience requires that you enable SAML on Edge. That means user authentication is controlled by a SAML IDP, where you configure the SAML IDP to use email addresses as the user ID. All New Edge experience users must therefore be registered in the SAML IDP.
The Edge classic UI, the default UI you installed with Edge for the Private Cloud, does not require SAML. It can use either SAML or basic authentication. That means you can either:
- Enable SAML support on Edge and on both the classic UI and the New Edge experience.
In this scenario, all classic UI and New Edge experience users are registered in the SAML IDP. For information on adding new users to the SAML IDP, see Register new Edge users.
- Enable SAML support on Edge, but leave basic auth enabled. The New Edge experience uses
SAML and the classic UI still uses basic authentication.
In this scenario, all classic UI users log in with basic authentication credentials, where their credentials are stored in the Edge OpenLDAP database. New Edge experience users are registered in the SAML IDP and log in by using SAML.
However, a classic UI user cannot log in to the New Edge experience until you have added that user to the SAML IDP as described in Register new Edge users.
Installation configuration changes from previous releases
Be aware of the following changes fo the installation procedure from the Beta release of the New Edge experience.
Installation configuration changes from Edge 4.18.05
The Edge 4.19.01 release of the New Edge experience contains the following changes to the configuration file from the Edge 4.18.05 release:
Change type | Affected properties |
---|---|
Removed | MANAGEMENT_UI_SSO_PUBLIC_KEY_CACHE_HOURS That property has a predefined value of 0.5 (30 minutes) and cannot be changed. |
Added | You can now use properties to enable TLS on the New Edge experience. See Configuring TLS for the New Edge experience for more. |
Installation configuration changes from Edge 4.18.01
The Edge 4.19.01 release of the New Edge experience contains the following changes to the configuration file from the Edge 4.18.01 release:
Change type | Affected properties |
---|---|
Added | # Shoehorn UI configurations. SHOEHORN_SCHEME SHOEHORN_IP SHOEHORN_PORT # Classic UI configurations. CLASSIC_UI_SCHEME CLASSIC_UI_IP CLASSIC_UI_PORT # Information about Edge SSO module. MANAGEMENT_UI_SKIP_VERIFY |
Removed | ROUTES_SHOEHORN ROUTES_CLASSICUI |
Replaced | MANAGEMENT_UI_USE_HTTPSReplaced by: MANAGEMENT_UI_SCHEME |
Installation configuration file
The configuration file contains all the information necessary to install and configure the New Edge experience. You can use the same configuration file to install and configure both the base UI and the New Edge experience.
An example configuration file is shown below:
# IP of the Edge Management Server. # This node also hosts the Edge SSO module and the current, or classic, Edge UI. IP1=11.111.111.111 # IP of the New Edge experience node. IP2=22.222.222.222 # Edge sys admin credentials. ADMIN_EMAIL=your@email.com APIGEE_ADMINPW=yourPassword # If omitted, you are prompted for it. # Edge Management Server information. APIGEE_PORT_HTTP_MS=8080 MSIP=$IP1 MS_SCHEME=http # # New Edge experience configuration. # # Enable the New Edge experience. EDGEUI_ENABLE_UNIFIED_UI=y # Specify IP and port for the New Edge experience. MANAGEMENT_UI_PORT=3001 MANAGEMENT_UI_IP=$IP2 # Specify a Private Cloud deployment. MANAGEMENT_UI_APP_ENV=OPDK # Disable TLS on the New Edge experience. MANAGEMENT_UI_SCHEME=http # Location of New Edge experience. MANAGEMENT_UI_PUBLIC_URIS=$MANAGEMENT_UI_SCHEME://$MANAGEMENT_UI_IP:$MANAGEMENT_UI_PORT MANAGEMENT_UI_SSO_REGISTERED_PUBLIC_URIS=$MANAGEMENT_UI_PUBLIC_URIS MANAGEMENT_UI_SSO_CSRF_SECRET=CHANGE_TO_YOUR_SECRET # Duration of CSRF token. MANAGEMENT_UI_SSO_CSRF_EXPIRATION_HOURS=24 # Defaults to 8760 hours, or 365 days. MANAGEMENT_UI_SSO_STRICT_TRANSPORT_SECURITY_AGE_HOURS=8760 # SSO configuration for the New Edge experience. MANAGEMENT_UI_SSO_ENABLED=y MANAGEMENT_UI_SSO_CLIENT_OVERWRITE=y MANAGEMENT_UI_SSO_CLIENT_ID=newueclient MANAGEMENT_UI_SSO_CLIENT_SECRET=secret111 # # Shoehorn UI configuration # # Set to http even if you enable TLS on the New Edge experience. SHOEHORN_SCHEME=http SHOEHORN_IP=$MANAGEMENT_UI_IP SHOEHORN_PORT=9000 # # Edge Classic UI configuration. # Some settings are for the classic UI, # but are still required to configure the New Edge experience. # # These settings assume that classic UI is installed on the Management Server. CLASSIC_UI_IP=$MSIP CLASSIC_UI_PORT=9000 CLASSIC_UI_SCHEME=http EDGEUI_PUBLIC_URIS=$CLASSIC_UI_SCHEME://$CLASSIC_UI_IP:$CLASSIC_UI_PORT # Information about publicly accessible URL for Classic UI. EDGEUI_SSO_REGISTERED_PUBLIC_URIS=$EDGEUI_PUBLIC_URIS # Enable SSO. EDGEUI_SSO_ENABLED=y # The name of the OAuth client used to connect to apigee-sso. # The default client name is edgeui. # Apigee recommends that you use the same settings as you used # when enabling SAML on the classic Edge UI. EDGEUI_SSO_CLIENT_NAME=edgeui # Oauth client password using uppercase, lowercase, number, and special chars. EDGEUI_SSO_CLIENT_SECRET=ssoClient123 # If set, existing EDGEUI client will deleted and new one will be created. EDGEUI_SSO_CLIENT_OVERWRITE=y # Information about Edge SSO module. # Externally accessible IP or DNS of Edge SSO module. SSO_PUBLIC_URL_HOSTNAME=$IP1 SSO_PUBLIC_URL_PORT=9099 # Default is http. Set to https if you enabled TLS on the Edge SSO module. # If Edge SSO uses a self-signed cert, you must also set MANAGEMENT_UI_SKIP_VERIFY to "y". SSO_PUBLIC_URL_SCHEME=http # MANAGEMENT_UI_SKIP_VERIFY=y # SSO admin credentials as set when you installed Edge SSO module. SSO_ADMIN_NAME=ssoadmin SSO_ADMIN_SECRET=Secret123 # # Required SMTP information. # SKIP_SMTP=n # Skip now and configure later by specifying "y". SMTPHOST=smtp.gmail.com SMTPUSER=your@email.com SMTPPASSWORD=yourEmailPassword SMTPSSL=y SMTPPORT=465 # If no SSL, use a different port, such as 25. SMTPMAILFROM="My Company myco@company.com"
Install the base Edge UI (shoehorn)
You must install the base Edge UI, called shoehorn, before you can install the New Edge experience.
To install the base UI:
- Install the 4.19.01 version of the
apigee-setup
utility on the node as described at Install the Edge apigee-setup utility. - Clean Yum:
sudo yum clean all
- Create the config file as described above and ensure that is is owned by the "apigee" user:
chown apigee:apigee configFile
where configFile is the configuration file described above in Installation configuration file.
- Change the value of the
MANAGEMENT_UI_SSO_CSRF_SECRET
property in the config file to your CSRF secret. - Install the Shoehorn version of the Edge UI:
/opt/apigee/apigee-service/bin/apigee-service edge-ui install
- Configure the Edge UI:
/opt/apigee/apigee-service/bin/apigee-service edge-ui setup -f configFile
- Enable SAML on the Edge UI:
/opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f configFile
Install the New Edge experience
After installing the base Edge UI, you can then install and configure the New Edge experience.
To install the New Edge experience:
- Install the New Edge experience:
/opt/apigee/apigee-service/bin/apigee-service edge-management-ui install
- Change to the
edge-management-ui
directory:cd /opt/apigee/edge-management-ui
- Configure the New Edge experience:
/opt/apigee/apigee-service/bin/apigee-service edge-management-ui setup -f configFile
where configFile is the configuration file described above in Installation configuration file.
- Enable SAML on the New Edge experience:
/opt/apigee/apigee-service/bin/apigee-service edge-management-ui configure-sso -f configFile
- Log in to the New Edge experience by opening the following URL in a browser:
http://newEdgeExperienceIP:3001
where newEdgeExperienceIP is the IP address of the node hosting the New Edge experience. You will be prompted for your SAML credentials. After entering your credentials, the New Edge experience appears.
- See The New Edge Experience for Private Cloud for more information, including links for information on using the New Edge experience.
Uninstall the New Edge experience
To uninstall the New Edge experience:
/opt/apigee/apigee-service/bin/apigee-service edge-management-ui uninstall
To uninstall the base Edge UI (shoehorn):
/opt/apigee/apigee-service/bin/apigee-service edge-ui uninstall
To completely remove Edge from the node:
- Stop all Edge services running on the machine:
/opt/apigee/apigee-service/bin/apigee-all stop
- Clear the yum cache:
sudo yum clean all
- Remove all the Apigee RPMs:
sudo rpm -e $(rpm -qa | egrep "(apigee-|edge-)")
- Remove the installation root directory:
sudo rm -rf /opt/apigee