4.16.01 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation. info

On Thursday, March 24, 2016, we released a new version of Apigee Edge for Private Cloud.

Since the previous Edge for Private Cloud quarterly release (4.15.07.00), the following releases have occurred and are included in this Feature Release:

• Cloud: 15.07.08, 15.07.22, 15.08.05, Nginx migration, 15.09.02, 15.09.30, 16.01.20
• Private Cloud: 4.15.07.01, 4.15.07.03

See About release numbering to understand how you can figure out whether a specific cloud release is included in your version of Edge for Private Cloud.

Deprecations

Private Cloud 4.15.07.03

curl http:// <qpid_IP>:8083/v1/servers/self/queues

Analytics: Custom Reports Dashboard view of multiple reports (Cloud 15.09.30)

The specific Custom Reports Dashboard feature that provides a view of up to four custom reports is being deprecated and will be removed in a future release. (MGMT-2673). All other aspects of custom reports will still be available.

Cannot override org name length in Private Cloud

You can no longer override organization name length of 20 characters by setting:

• APIGEE_ORG_NAME_LENGTH=25
  

• APIGEE_ENV_NAME_LENGTH=25
  

New features and enhancements

Following are the new features and enhancements in this release. In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

Private Cloud

Support added for RedHat, CentOS, and Oracle 6.7 - 7.2

This release adds support for RedHat Enterprise Linux, CentOS, and Oracle Linux versions 6.7 through 7.2.

For a complete list of system requirements, see Supported software and supported versions.

RPM-based install

This release of Edge uses an RPM-based install mechanism which greatly simplifies the installation and migration procedures.

New base directory

The directory structure for version Edge 4.16.01 has changed. In previous releases of Edge, you installed Edge into the base directory:

/<install-dir>/apigee4

Where install-dir could be located anywhere, with a default of /opt. For example:

/opt/apigee4

For version 4.16.01, you must install Edge into the following directory:

/opt/apigee

Notice also that the apigee4 directory has been changed to apigee.

The location of your data directory is not affected. It can be under /opt/apigee, or it can be located elsewhere.

New virtual host requirement

The Edge migrate script handle most of the tasks required to migrate an existing Netty Router to Nginx. However, as part of upgrading, you must also ensure that all of your virtual host definitions include a host alias before you migrate.

See the Edge Installation Guide, available on the Apigee ftp site: ftp://ftp.apigee.com/, for information on how to add a host alias to an existing virtual host for more.

Code with config

In Edge version 4.16.01, you no longer use .properties files under the /<install-dir>/apigee4/conf directory to configure Edge components. As of 4.16.01, you still configure Edge components by using .properties files, but they are now located in the directory:

/opt/apigee/customer/application

For each Edge component installed on a node, there will be a .properties file in that directory. To configure a component, edit the corresponding .properties file to either change the value of an existing property, or add a new property and value. If the file does not exist already, you can create it.

Unlike previous versions of Edge, the .properties files for Edge 4.16.01 do not contain all the properties for a component. One of the changes for this release is that the .properties files only contain overrides to default property values.

The benefit of this architecture is that on an migration to a later version of Edge, the Edge installer never overwrites the files in /opt/apigee/customer/application. That eliminates the chance of Edge accidentally overwriting your settings.

On a migrate, the Edge installer examines your existing .properties files and copies changes to default property values to the /opt/apigee/token directory. Therefore, you should not have to make any edits after the migrate.

For more, see the Apigee Edge Operations Guide, available on the Apigee ftp site: ftp://ftp.apigee.com/.

Edge configuration scripts have been replaced

The configuration scripts that you used in previous releases of Edge have been removed and replaced by either:

• Commands that you run through Apigee utilities, such as the apigee-service, apigee-all, apigee-setup, apiee-provision, or apigee-migrate utilities.
  For example, the all-start.sh and all-stop.sh scripts have been replaced by the following commands:
  > /opt/apigee/apigee-service/bin/apigee-all start
  > /opt/apigee/apigee-service/bin/apigee-all stop
• Commands that you run on the Edge components directly. For example, in previous releases you used the chpasswd-openldap.sh script used to change the OpenLDAP password. That script has been replaced by the following command that you run on the apigee-openldap component:
  > /opt/apigee/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o oldPword -n newPword

See the Apigee Edge Operations Guide, available on the Apigee ftp site: ftp://ftp.apigee.com/, for more on how you now perform configuration through commands.

New Edge Router

This release of Edge for the Private Cloud includes a new router architecture based on the Nginx Router. The Nginx Router replaces the Netty Router used in Edge releases previous to 4.16.01.

The Nginx Routers has the same hardware and port requirements as the Netty Router, so no changes to existing nodes are required.

For more, see Appendix A: About the Nginx Router, in the Edge Installation Guide, available on the Apigee ftp site: ftp://ftp.apigee.com/,

BaaS load balancer removed

The internal load balancer has been removed from the API BaaS portal. Now, you must use your own load balancer between the API BaaS Portal and the three API BaaS Stack nodes.

As an alternative to a load balancer, you could use round-robin DNS. In this scenario, you create a DNS entry with multiple A records corresponding to BaaS stack IP addresses. During a DNS lookup, the DNS server automatically returns A record values in a round robin fashion.

New documentation describing how to add Cassandra and ZooKeeper nodes, and how to add a data center to an existing data center

The documentation ZIP file on the Apigee ftp site now contains "Scaling Edge for Private Cloud" describing how to add Cassandra and ZooKeeper nodes, and how to add a data center to an existing data center.

Orgtool removed

The orgtool could query an Edge installation to get information about an organization. That tool has now been removed. You now use the Edge UI or API calls to get information about the organization.

How to perform tasks in 4.16.01

The following table shows how you performed tasks in 4.15.07.03 and how you perform them now in 4.16.01. For more, see the Edge Operations Guide, available on the Apigee ftp site: ftp://ftp.apigee.com/.

Alpha release of the Monitoring Tool and Dashboard

Included in this release is an Alpha version of the new monitoring tool and dashboard for Edge. This tool allows you to understand the health of various components (Routers, Message Processors, ZooKeeper, Cassandra) as well as http error codes for various orgs and environments in your deployment. You can also take to snapshot of your dashboard data and share it with Apigee to help resolve support incidents.

The documentation, including the install instructions, is included in the ZIP file of the Edge 4.16.01 doc available on the Apigee ftp site: ftp://ftp.apigee.com/.

However, before you can install and use the dashboard, you must complete the Apigee Evaluation Agreement included in the doc ZIP file, and return it to Apigee by emailing it to orders@apigee.com.

Edge Platform

Management UI restyling (Cloud 15.09.30)

Multiple pages in the management UI have gotten a look-and-feel update. (MGMT-2627)

API Services

Redesigned API proxy wizard (Cloud 16.01.20)

The API proxy wizard has been redesigned. When you click "+ API Proxy" on the API Proxies page in the management UI, the new wizard guides you through the API proxy creation process. All the same settings as the previous API proxy wizard are available. (MGMT-1376)

Create API proxies with OpenAPI (Swagger) documents (Cloud 16.01.20)

As part of the new API proxy wizard redesign, you can now create an API proxy from a OpenAPI (Swagger) document. On the first page of the API proxy wizard, click Use OpenAPI when selecting Reverse Proxy, Node.js App, or No Target. In the field that appears, enter the URL to your OpenAPI document. For more information, see Build a simple API proxy. (MGMT-1376)

WSDL 1.2 support for SOAP proxies (Cloud 16.01.20)

Apigee Edge supports WSDL 1.2 in creating API proxies to call SOAP services. (MGMT-2835)

SSLInfo variables in TargetEndpoint configurations (Cloud 16.01.20)

In an API proxy TargetEndpoint, you can dynamically set SSL/TLS details to support flexible runtime requirements. In the following example of how SSLInfo would be set in a TargetEndpoint configuration, the values can be supplied at runtime by a Java Callout, a JavaScript policy, or an Assign Message policy. Use whichever message variables contain the values you want to set.

<TargetEndpoint>
...
  <SSLInfo>
    <Enabled>{myvars.ssl.enabled}</Enabled>
    <ClientAuthEnabled>{myvars.ssl.client.auth.enabled}</ClientAuthEnabled>
    <KeyStore>{myvars.ssl.keystore}</KeyStore>
    <KeyAlias>{myvars.ssl.keyAlias}</KeyAlias>
    <TrustStore>{myvars.ssl.trustStore}</TrustStore>
  </SSLInfo>
...
</TargetEndpoint>

This feature is covered in the following docs:

• API proxy configuration reference
• https://community.apigee.com/articles/21424/dynamic-sslinfo-for-targetendpoint-using-variable.html

(APIRT-1475)

RSA_SHA256 algorithm support for SAML assertion policies (Cloud 16.01.20)

The SAML assertion policies now support the RSA_SHA256 algorithm in addition to RSA_SHA1. (APIRT-1779)

Validation on certificate uploads (Cloud 16.01.20)

To help prevent the uploading of expired or invalid certificates to keystores and truststores, the management API validates certificates on upload. Certificates are validated to ensure that the size of the file is not larger than 50KB and that the format is either PEM or DER. Certificate expiry is also validated. To override the default expiry validation (to not validate for certificate expiration on upload), use the following query parameter: ?ignoreExpiryValidation=true

For more information, see Upload a JAR file to a Keystore and Upload a Certificate to a Truststore. (SECENG-516) and (APIRT-2213)

Auto-polling on Node.js Logs page (Cloud 16.01.20)

When viewing Node.js logs from the proxy editor, the Node.js Logs page is automatically refreshed periodically to list new logs that are available. Click "Stop Auto Refresh" to turn off auto-refresh. (MGMT-1692)

X-Forwarded-For HTTP header (Cloud 15.09.30)

For stronger security, Edge by default strips the X-Forwarded-For HTTP request header that may contain one or more IP addresses. The new default behavior means the client IP address received by Edge will be the IP address it received from the last external TCP handshake, not an address that could potentially be spoofed to bypass the Access Control policy.

To change this default behavior and allow X-Forwarded-For addresses to reach your API proxies, you must set the property feature.enableMultipleXForwardCheckForACL=true in your organization.

JavaScript access to policy properties (Cloud 15.07.08)

When using JavaScript in API proxy flows, you can access properties defined in the JavaScript policy. This is particularly useful if you want to use well-known variables in your JavaScript code. For example, say your JavaScript policy contained the following property definition:

<Properties>
    <Property name='source'>response.content</Property>
</Properties>

In your JavaScript, you could access the message response with a reference to the 'source' property, like this:
var source = properties.get('source'); // returns: response.content
or
var source = properties.source
or
var source = properties['source']

For more information, see JavaScript policy. (APIRT-1460)

Organization-level audits (Cloud 15.07.08)

Organization Administrators can audit the history of actions taken at the organization level. In the management UI, select Admin > Organization History. For more information, see Audits: API, Product, and organization history. (MGMT-2232)

Organization administrator self-removal from role (Cloud 15.07.08)

Organization administrators can remove themselves from the Organization Administrator role in the management UI by going to Admin > Organization Users and clicking Remove next to their name. (MGMT-934)

API proxy bundle import progress indicator (Cloud 15.07.08)

When uploading a large API proxy bundle in the management UI, a "working" animation is displayed to indicate the import is still occurring, which keeps you from interacting with the management UI until the import is complete. (MGMT-1285)

Cache behavior and configuration (Cloud 15.07.22)

For better in-memory cache management and utilization, the "Maximum Elements in Memory" settings on environment cache resources has been deprecated as of Edge cloud release 15.06.10. In Edge Cloud release 15.07.22, this setting has been removed from the Create Cache UI in the Environment Configuration part of the Apigee Edge management UI.

The total elements present across all cache resources (including the default cache) depends on the total memory allocated to the cache. By default, the total memory allocated for in-memory caching on a given message processor is 40% of the total memory available. Elements will be evicted from in-memory cache only when there is insufficient cache memory or the elements expire. (MGMT-2413, APIRT-1140)

Target Server configuration in management UI (Cloud 15.07.22)

The APIs > Environment Configuration page in the management UI now lets you add, edit, and delete target servers.

In addition, the page has been redesigned so that caches can also be created, added, and deleted inline rather than going to a new page. Several cache properties, including "Maximum Elements in Memory", are no longer available in the UI, as setting these properties no longer has any effect on runtime cache behavior. (MGMT-280)

SSL with message logging to syslog (Cloud 15.07.22)

The Message Logging policy supports sending syslog to third-party log management providers over SSL/TLS. Use the following in the policy configuration as a direct child of the parent element:

<SSLInfo>
    <Enabled>true</Enabled>
</SSLInfo>

For more information, see Message Logging policy. (APIRT-942)

Management UI (Cloud 15.07.22)

Apigee engineering made various small bug fixes and usability enhancements in the management UI.

cURL in Trace (Cloud 15.09.02)

When tracing an API proxy call that makes a request to a target server, you can view the request to the target server as a cURL command. Select the "Request sent to target server" stage in the Transaction Map diagram, then click the "Show Curl" button on the "Request sent to target server" column in the Phase Details pane. (MGMT-2589)

Data masking special characters (Cloud 15.09.02)

When using data masking to mask sensitive data in JSON payloads, special characters such as $, *, and { can now be masked. (APIRT-1727)

Key Value Maps in the management UI (Cloud 15.09.30)

You can now create and manage environment-scoped Key Value Maps (KVMs) in the Edge management UI. Environment-scoped KVMs contain key/value pairs that are accessible by any API proxy in an environment, such as test or prod. In the management UI menu, go to APIs > Environment Configuration > select the environment you want > Key Value Maps tab. For more information, see Creating and editing environment key value maps. (MGMT-1393)

PopulateCache policy default expiration in management UI (Cloud 15.09.30)

When adding a PopulateCache policy with the API proxy editor, the <TimeoutInSec> element for cache expiration is pre-populated with a value of 3600 seconds (1 hour). The previous default was 300 seconds (5 minutes). (MGMT-2622)

Developer Services

API product page performance, no developer apps listed (Cloud 16.01.20)

When viewing an API product in the management UI, the developer apps associated with that product are listed. To improve UI performance, the list of developer apps is not shown when editing the API product. (MGMT-2869)

Key column on Developer Apps page (Cloud 15.08.05)

In organizations with a large number of developer apps (thousands), displaying the Key column on the Developer Apps page (shows the number of keys per app) can hamper display performance. To improve display performance in this situation, contact Apigee Support to set the following organization-level property: features.appsNoCredentialsEnabled = true. This property removes the Key column. Note, however, that removing the Key column also removes the ability to search by consumer key and secret. (MGMT-2486)

Developer Details page progress spinner (Cloud 15.09.30)

When the Developer Details page is loaded in the management UI, the Apps section of the page shows a progress spinner if apps are still being loaded. This enhances the previous behavior where the Apps section appeared empty while loading apps. (MGMT-2667)

Monetization

Edit API package names (Cloud 16.01.20)

You can update the name of an API package at any point during the monetization lifecycle, even when the API package contains a published rate plan. (DEVRT-2177)

Decimals allowed in custom attributes (Cloud 16.01.20)

When using a "Rate Card with Custom Attribute" plan, the custom attribute in the message header that is used as a multiplier for the transaction can now be a decimal value of up to four decimal places. For more information on this type of plan, see Specify rate card custom attribute details (DEVRT-2191).

Rate Plan name and ID in summary reports (Cloud 15.09.02)

When generating a summary revenue report with the management API, you can add "Rate Plan" name and rate "Plan ID" columns to the report. To do this, add "RATEPLAN" as a groupBy attribute in the API call, as described in Create reports. (Note that this feature is not yet available in the monetization report UI.) In detail reports, the existing rate plan name and ID columns are now located near the front of the report along with the other grouping columns. (DEVRT-1740)

Analytics Services

sum( ) function on response time metrics (Cloud 16.01.20)

In analytics custom reports and API calls, the "sum" aggregate function is now available for Target Response Time, Total Response Time, and end_point_response_time. For example, in the /stats API (http://docs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/environments/%7Benv_name%7D/stats/%7Bdimension_name%7D-0), you can now use the following "select" query parameter: ?select=sum(total_response_time). (AXAPP-2006)

Latency Analysis report: API proxy names sorted (Cloud 16.01.20)

In the Latency Analysis report UI (Apigee Edge enterprise plans only), the API proxies are listed alphabetically in the Proxy drop-down list. (MGMT-2858)

Developer Apps on dashboard shown by display name (Cloud 16.01.20)

On the management UI dashboard, the Developer Apps bar chart lists developer apps by display name rather than internal name. (MGMT-2853)

New date/time widget on custom reports (Cloud 16.01.20)

The date/time picker widget on a custom reports page in the management UI has been enhanced. (MGMT-2881)

City drilldown on GeoMap (Cloud 15.07.22)

The analytics GeoMap includes a "City" drilldown for the United States and Canada. When you click a state or province on the map, a list of cities where calls originated is displayed. (MGMT-2282)

| (pipe) and = characters in analytics custom reports (Cloud 15.09.02)

Analytics custom report definitions support the use of | (pipe) and = symbols. Prior to this, %7C and %3D encoding needed to be used for those symbols. (MGMT-2504)

Proxy Path Suffix dimension (Cloud 15.09.30)

A new Proxy Path Suffix (proxy_pathsuffix) dimension is available in analytics Custom Reports and API calls. Proxy path suffix is the part of an API proxy URL that comes after the base path, such as the path created for conditional flows. (AXAPP-1902)

Reports show developer IDs not display names (Cloud 15.09.30)

When making Edge analytics API calls with the /stats API that returns developers, the developer display name is returned along with developer ID. Previously, only developer ID was returned. (AXAPP-1759)

Bugs fixed

The following bugs are fixed in this release.

Private Cloud 4.16.01

The following table lists the bugs fixed since the Edge for Private Cloud 4.16.01 release. To obtain these fixes, follow the instructions to update your 4.16.01 installation to the latest RPMs and support files as described in Update Apigee Edge 4.16.01.x to latest 4.16.01 release.

Cloud 16.01.20

Cloud 15.07.08

Cloud 15.07.22

Cloud 15.08.05

Cloud 15.09.02

Cloud 15.09.30

Private Cloud 4.15.07.03

Private Cloud 4.15.07.01

Known issues

This release has the following known issues.

> rm -f /opt/nginx/conf.d/*
> /opt/apigee/apigee-service/bin/apigee-service edge-router restart