Gateway Configuration Menu (Appliance)

To configure a single Gateway or the first processing node of a cluster, select option 2 (Display CA API Gateway configuration menu) from the Gateway main menu.
gateway93
To configure a single Gateway or the first processing node of a cluster, select option
2
(Display
Layer7 API Gateway
configuration menu) from the Gateway main menu.
Prerequisite:
  • When configuring the first node of a cluster, ensure that the database layer is properly configured for replication and tested.
    Failure to do this will require complex steps to enable proper operation of the cluster.
    Replication is described in Configuring Cluster Database Replication.
The procedure described in this section is suitable for configuring a single stand-alone Gateway or to configure the first node of a cluster of Gateways after replication has been configured. If you are configuring a cluster of Gateways, be sure to read Configure a Gateway Cluster for instructions on setting up replication and configuring the processing nodes.
The Gateway Configuration menu has the following options:
This menu allows you to configure the Gateway application What would you like to do? 1) Upgrade the Layer7 API Gateway database 2) Create a new Layer7 API Gateway database 3) Configure the Layer7 API Gateway 4) Change the Layer7 API Gateway cluster passphrase 5) Delete the Layer7 API Gateway 6) Display the current Layer7 API Gateway configuration 7) Manage Layer7 API Gateway status 8) Reset Admin password X) Exit Please make a selection: 1
Gateway Configuration Menu Options
The following table describes each menu option. When configuring a new stand-alone Gateway or first processing node of a Gateway cluster, you only need to use option
2
(Create a new
Layer7 API Gateway
database).
Option
Description
1) Upgrade the
Layer7 API Gateway
database
Select this option to upgrade the Gateway database to the current software version. This is required only if you have installed a new version of the Gateway. If an upgrade is not required, you will be notified by a message on the screen.
2) Create a new
Layer7 API Gateway
database
Select this option to create a database for the first (or only) Gateway node in the cluster.
When configuring a database connection, you are guide through the following steps:
  • Set Up the Gateway Database
  • Set Up the Gateway Failover Database
  • Set Up the SSM Administrator
  • Set Up the Gateway Cluster
  • Set Up the Gateway Node
Fewer prompts are displayed when using the embedded database.
Once the new Gateway database is created, you can no longer use option 2 on that cluster. To modify the configuration afterwards or to add additional processing nodes, use option 3,
Configure the Gateway
. To delete the Gateway configuration and start over again, use option 5,
Delete the Gateway
.
2) Create a new
Layer7 API Gateway
database
-->
Database Connection
Enter
yes
to configure a connection to a MySQL database. This is the default.
Enter
no
to use the embedded database (see Using the Gateway Embedded Database). The first prompt you  see is “Set Up the SSM Administrator”.
2) Create a new
Layer7 API Gateway
database
-->
Set Up the Gateway Database
(Only applies to MySQL database connections)
Enter information about the new MySQL database:
  • Database Host:
    Enter the name of the database host. If the database is installed on the same server as the Gateway, you can press [
    Enter
    ] to accept
    localhost
    .
If setting up the first node of a cluster, accept “localhost” as the primary database node. You can enter the secondary database node in the next step (“Set Up the Gateway Failover Database”).
  • Database Port:
    Enter the port number or press [
    Enter
    ] to accept the default port
    3306
    .
  • Database Name:
    Enter a distinct name to define the Gateway database name or press [
    Enter
    ] to accept the default name
    ssg
    .
  • Database Username:
    Enter the name of the user who has access to the database. The default name is
    gateway
    .
  • Database Password:
    Define a password for the database user, then retype to confirm.
  • Administrative Database Username:
    Enter the username of the root MySQL user. The default user is
    root
    .
  • Administrative Database Password:
    Enter the password for the root MySQL user.
2) Create a new
Layer7 API Gateway
database
-->
Set Up the Gateway Failover Database
(Only applies to MySQL database connections)
For MySQL database connections, you can optionally configure a failover database.
  • Configure Database Failover Connection:
    Enter
    yes
    to configure a database failover connection or press [
    Enter
    ] to enter “no” and skip to the next part of the configuration.
  • Database Failover Host:
    Enter the host name of the machine that serves as a database failover.
  • Database Failover Port:
    Enter the port number to use on the failover host, or press [
    Enter
    ] to accept the default port
    3306
    .
2) Create a new
Layer7 API Gateway
database
--> 
Set Up the SSM Administrator
Create a Policy Manager administrative user account:
  • SSM Username:
    Enter the name of the Policy Manager administrative user.
  • SSM Password:
    Define a password for the administrative user, then retype to confirm.
For information on logging in with these credentials, see “Connect to the Gateway” in Start the Policy Manager.
2) Create a new
Layer7 API Gateway
database
--> 
Set Up the Gateway Cluster
Enter the host name and password for the Gateway cluster.
Note:
A stand-alone Gateway or a Gateway with an embedded database is considered to be a “cluster” of one.
  • Cluster Host:
    Enter the Gateway cluster fully qualified domain name (FQDN) used to identify the Gateway and to generate the SSL certificate. An example of a hostname:
    clusterhostname.mycompany.com
    .
  • Cluster Passphrase:
    Enter a passphrase to protect the cluster, between 6-129 characters. Retype to confirm.
If you need to change the
cluster hostname, you cannot do it using this menu option once it has been set. Instead, perform these steps using the Policy Manager to change a cluster host name:
  1. Set the cluster property
    cluster.hostname
    to the new name of the host.
  2. Create a new private key using the
    Manage Private Keys
    task. Be sure to set this key as the default SSL key. For more information, see Private Key Properties.
  3. Restart all nodes in the cluster for the new cluster host name to take effect.
2) Create a new
Layer7 API Gateway
database
--> 
Set Up the Gateway Node
Set up the Gateway node:
  • Enabled:
    Press [
    Enter]
    to enable the node, or enter
    no
    to leave the node disabled after configuration is complete.
The configuration summary is displayed. Carefully review the settings and then press [
Enter
] to confirm. To make corrections, enter
<<
to return to the appropriate step in the wizard.
2) Create a new
Layer7 API Gateway
database
--> 
Configuration Results
The configuration results show either:
  • Success:
    Press [
    Enter]
    to return to the Configure Gateway menu. Enter
    X
    to exit the menu, and then enter
    R
    on the main menu to reboot the appliance. You may now start the Gateway.
  • Errors encountered:
    Copy and paste the log messages from the command window into a text file. Analyze the errors and run the wizard again.
3) Configure the
Layer7 API Gateway
Use this option to do one of the following:
  • Edit the settings for a Gateway node that has already been configured.
  • Add a new processing node to a cluster.
Select which settings to change:
  • Enter
    1
    to change the database connection. For details, see “Create a new Gateway database --> Database Connection” above.
  • Enter
    2
    to change the database failover connection. For details, see “Create a new Gateway database --> Set Up the Gateway Failover Database” above.
  • Enter
    3
    to change the password for the cluster. For details, see “Create a new Gateway database --> Set Up the Gateway Cluster” above.
  • Enter
    4
    to change the node configuration. For details, see “Create a new Gateway database --> Set Up the Gateway Node” above.
When this option is used to add a new processing node to a cluster, you are prompted to enter the following:
Database Host
Database Port
Database Name
Database Username
Failover Database Host (optional)
Failover Database Port (optional)
Cluster Password
For more information on each of these fields, see Configuring Subsequent Processing Nodes.
4) Change the
Layer7 API Gateway
cluster passphrase
Select this option to change the passphrase for the Gateway cluster.
  1. Type the existing password.
  2. Enter the new password, between 6 to 128 characters.
  3. Retype the password to confirm.
IMPORTANT NOTE FOR SAFENET LUNA HSM:
If the Gateway is using the SafeNet HSM device, you must disable support for the SafeNet HSM prior to changing the master passphrase, then re-enable support afterwards. For more information, see Manage Keystore.
5) Delete the
Layer7 API Gateway
Select this option to delete the configuration for the Gateway node.
  • If the node being deleted is also the host for the primary database, the database can be optionally deleted by entering database administration credentials.
  • If the database is not deleted, you can reuse it at a later time by using option 3,
    Configure the Gateway
    .
Deleting the configuration is permanent. All information in the database is lost.
Enter
yes
to proceed with the deletion.
6) Display the current
Layer7 API Gateway
configuration
Select this option to view the current Gateway configuration. The following information is displayed:
  • Database hostname
  • Database port
  • Database name
  • Database user name
  • Whether the node is enabled
7) Manage
Layer7 API Gateway
status
Select this option to view the current Gateway status or to stop/restart the Gateway. The following information is displayed initially:
  • Current status of the Gateway node, which is one of:
    • STARTING – Node is starting up
    • WONT_START – Node encountered an unrecoverable error when starting
    • RUNNING – Node is running normally
    • ABNORMAL_SHUTDOWN – Node shut down unexpectedly
    • STOPPING – Node is stopping
    • STOPPED – Node is stopped
    • Current time stamp
    • When the node was started
Press [
Enter
] to display options that allow you to:
  • Stop the Gateway (if currently running)
  • Start the Gateway (if currently stopped)
  • Restart the Gateway
Always stop and restart the Gateway using these menu options or by using the command line equivalents (
“service ssg stop”
and
“service ssg start”
, or simply
“service ssg restart”
).
Never
stop a Gateway by turning off the appliance or use the appliance power switch to restart the Gateway.
8) Reset Admin password
Use this option to change the password of the administrative user.
Enter the name of the admin user and then enter the new password.