CA APIM Gateway 9.x Software edition "Headless" installation (Auto Provisioning)

book

Article ID: 111710

calendar_today

Updated On:

Products

CA API Gateway API SECURITY

Issue/Introduction

This document provides an overview of the steps undertaken by CA Support when testing the ability to install the Software edition of APIM Gateway using the headless scripts provided by CA for the auto provisioning an Appliance form factor APIM Gateway. This document covers the following:
 
  • Environment and Preparation
  • Auto-Provisioning script installation
    1. Create the Properties Template
    2. Edit the Template File
    3. Create the Gateway Node
  • Start the Gateway
  • Post install cleanup


The standard APIM Gateway documentation specifically states that the auto provisioning is for Appliance based systems only.  Initial testing has shown that a successful “headless” installation of a Software edition can be achieved with some small updates to the install process and scripts (as documented below). The basis of the testing was to utilize the headless option which we have on the Virtual Appliance and run this for a Software form factor installation.
The end result is a vanilla install of a Gateway instance. The example in this doc is based on CA API Gateway 9.3

Note:     At this time, any use of this process should be for testing purposes
 

Environment

Release: L7SGA299000-9.2-API Gateway SOA Gateway-HARDWARE APPLIANCE DUAL CPU
Component:

Resolution

Environment and Preparation

•    RedHat/CentOS Server as the product manual suggest we support.
•    Latest JDK as per the product online manual.
•    JCE Policy as per the product manual.
•    MYSQL Server and Client 
•    CA APIM Gateway RPM  
•    CA APIM Gateway license file.

https://docops.ca.com/ca-api-gateway/9-3/en/release-notes-9-3/requirements-and-compatibility/software-gateway-specifications

1. Set JAVA_HOME in the environment. For example:
 
[[email protected] tmp]# export JAVA_HOME=/usr/java/jdk1.8.0_181-amd64/
[[email protected] tmp]# export PATH=$PATH:$JAVA_HOME

2. Auto-Provisioning script installation
 
Create the Properties Template
Refer to the current auto provision manual:
https://docops.ca.com/ca-api-gateway/9-3/en/install-configure-upgrade/auto-provision-a-gateway/auto-provision-a-gateway-node

The following is the command line, slightly modified to enable it to run for a Software edition install.

[[email protected] tmp]# /opt/SecureSpan/Gateway/config/ssgconfig.sh -headless create -template > create-node.properties


3. Edit the Template File
 
Edit the created template to include changes to incorporate the specific requirements for the intended install.
Below an example:

#### Headless config create template properties file ####

### Cluster Configuration ###
## Cluster Hostname (not required if joining an existing cluster)
cluster.host=<HOSTNAME>
## Cluster Passphrase
cluster.pass=<PASSWORD>

### Node Configuration ###
## Node Enabled State
node.enable=true
## Configure the node.properties
configure.node=true

### CA API Gateway Policy Manager Administrative Account ###
## CA API Gateway Policy Manager Username (not required if joining an existing cluster)
admin.user=admin
## CA API Gateway Policy Manager Password (not required if joining an existing cluster)
admin.pass=<PASSWORD>

### Database Connection ###
## Creates the database
configure.db=true
## The database type, either 'mysql' or 'embedded'
database.type=mysql
## Database Hostname
database.host=localhost
## Database Port
database.port=3306
## Database Name
database.name=ssg
## Database Username
database.user=gateway
## Database Password
database.pass=<PASSWORD>
## Administrative Database Username (not required if joining an existing cluster)
database.admin.user=root
## Administrative Database Password (not required if joining an existing cluster)
database.admin.pass=<PASSWORD>

NOTE:  Password must met complexity policy

4. Create the Gateway Node

Use the modified template to create the node.These steps also cover the Auto-provisioning of the following:
•    provision a license (filename needs to be license.xml), 
•    provision the RESTman service:

The following steps/commands perform the equivalent functions 

[[email protected] tmp]# su - gateway
Last login: Fri Jul 20 00:23:43 EDT 2018 on pts/0
[[email protected] ~]$ /opt/SecureSpan/Controller/bin/pc.sh start
Starting Gateway Services: done.
[[email protected] ~]$
[[email protected] ~]$ exit

[[email protected] tmp]# cat create-node.properties | /opt/SecureSpan/Gateway/config/ssgconfig.sh -headless create
Configuration Successful

[[email protected] tmp]# echo "node.java.path=/usr/java/jdk1.8.0_181-amd64
> node.java.heap=8096" >> /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
[[email protected] tmp]#

[[email protected] tmp]# chown layer7:gateway /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
[[email protected] tmp]# chmod 540 /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
[[email protected] tmp]# chmod 750 /opt/SecureSpan/Gateway/node/default/etc/conf
[[email protected] tmp]#
[[email protected] tmp]# mkdir -p /opt/SecureSpan/Gateway/node/default/etc/bootstrap/services
[[email protected] tmp]# mkdir -p /opt/SecureSpan/Gateway/node/default/etc/bootstrap/license
[[email protected] tmp]# chmod -R 775 /opt/SecureSpan/Gateway/node/default/etc/bootstrap/
[[email protected] tmp]# touch /opt/SecureSpan/Gateway/node/default/etc/bootstrap/services/restman
[[email protected] tmp]#
[[email protected] tmp]# cp license.xml /opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/
[[email protected] tmp]# chmod -R 775 /opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/license.xml
[[email protected] tmp]# chown -R layer7:gateway /opt/SecureSpan/Gateway/node/default/etc/bootstrap/

5. Start the Gateway
 
[[email protected] tmp]# su - gateway
Last login: Fri Jul 20 00:35:07 EDT 2018 on pts/0
[[email protected] ~]$ /opt/SecureSpan/Gateway/runtime/bin/gateway.sh start
Starting Process Controller...
Starting Gateway Services: done.

6. Post install cleanup
After the gateway is completely started up with the license and the service in place remove the files:

[[email protected] ~]$ rm -rf /opt/SecureSpan/Gateway/node/default/etc/bootstrap

This will get you with an up and running Vanilla Software Gateway.