Install on Amazon Web Services Elastic Beanstalk

Install on Amazon Web Services Elastic Beanstalk
lac52
You can install 
Layer7 Live API Creator
 to run as a cloud-based service in an Amazon Web Services (AWS) Elastic Beanstalk environment. Elastic Beanstalk automatically handles capacity provisioning, load balancing, scaling, and application health monitoring.
In this article:
 
 
Verify the Prerequisites
Before installing 
Layer7 Live API Creator
 to run in AWS Elastic Beanstalk, ensure that you have completed the following prerequisite steps:
  • You have obtained the package containing the 
    CALiveAPICreator.war
     web application ARchive (WAR) file. 
  • You have an AWS account.
  • You know which license type you are using 
    Layer7 Live API Creator
     under, either a standard license that the CA Support site issues or an Enterprise Software Portfolio License Agreement (PLA).
    For more information about licensing, see Licensing.
  • You have reviewed the installation best practices.
    For more information about the best practices, see Installation Best Practices.
(Optional) Bundle the Admin Repository into the WAR File
You can bootstrap 
Layer7 Live API Creator
 with a specific configuration for your API metadata by bundling the admin repository into the 
CALiveAPICreator.war
 file. For example, you have configured 
Layer7 Live API Creator
 in your development environment, and you want to include this configuration in the 
CALiveAPICreator.war
 file and deploy it to a server.
If you are persisting the authentication tokens that 
Layer7 Live API Creator
 dynamically generates by way of an authentication database, you can also bundle the definition of the data source for the authentication token database (the 
ApiKey.json
 file) into the WAR file.
You can bundle the admin repository and the definition of the data source for the authentication token database into the WAR file using a script. For more information about this script, see Example: Deploy the Bundled WAR to a Cluster.
Prerequisite: 
If you are licensed to use 
Layer7 Live API Creator
 under a PLA, you have verified that the admin repository includes the 
system/telemetry.json
 file and that it is configured to collect and send 
Layer7 Live API Creator
-specific usage data.
You can also activate 
Layer7 Live API Creator
 and configure it to send usage data after you have started API Server. For more information, see Activate and Configure to Send Usage Data.
For more information:
Follow these following steps:
 
  1. Create the 
    WEB-INF/classes
     directory.
  2. Create the 
    configuration.zip
     file from your admin repository (the 
    teamspaces
     and 
    system
     directories).
    For more information about these directories, see View your API Definition.
  3. Copy the following files to the 
    WEB-INF/classes
     directory:
    • The 
      configuration.zip
       file.
    • (Optional) The 
      ApiKey.json
       file for your environment.
  4. From the command line window, bundle the files that are in the 
    WEB-INF
     directory into the WAR file by issuing the following command:
    jar uvf <war file> WEB-INF
    Step 3 of the sample script bundles these files into the WAR file.
The admin repository (and optionally the definition of the data source for the authentication token database) is added to the 
CALiveAPICreator.war
 file.
Optional Configuration
The following topics provide optional configuration details.
The following optional configurations require that you restart API Server after you configure.
Add the JDBC Drivers to the WAR File
If you plan to create a database for 
Layer7 Live API Creator
 to store the authentication tokens it generates for API users, then you must add the 
JDBCDrivers.config
 file to the 
.ebextensions
 directory that is in the WAR file. The 
JDBCDrivers.config
 file tells Elastic Beanstalk to install JDBC drivers for these databases.
Layer7 Live API Creator
 requires the corresponding JDBC driver to the database management system (DBMS) that you use as your database for your authentication tokens and for any other databases that you plan to access.
Follow these steps:
 
  1. Create the 
    .ebextensions
     directory in the same directory as the 
    CALiveAPICreator.war
     file.
  2. Create the 
    JDBCDrivers.config
     file in the 
    .ebextensions
     directory.
  3. Open the file, add links to the JDBC drivers that are located in the public maven repository that is in the file, and then save and close the file. To use licensed third-party drivers, create a storage location on AWS and modify the source to point to this internal S3 location.
    Examples:
     
     
    Derby data source
    files: "/usr/share/tomcat8/lib/derby-10.12.1.1.jar": mode: "000755" owner: tomcat group: tomcat source: http://central.maven.org/maven2/org/apache/derby/derby/10.12.1.1/derby-10.12.1.1.jar
     
    MySQL/MariaDB data source
    files:
    "/usr/share/tomcat8/lib/mariadb-java-client-1.2.2.jar":
    mode: "000755"
    owner: tomcat
    group: tomcat
    source: http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.2.2/mariadb-java-client-1.2.2.jar
     
    PostgreSQL data source
    files:"/usr/share/tomcat8/lib/postgresql-9.4-1206-jdbc42.jar":mode: "000755"owner: tomcat group: tomcat source: http://central.maven.org/maven2/org/postgresql/postgresql/9.4-1206-jdbc42/postgresql-9.4-1206-jdbc42.jar
  4. From the command line window, add the 
    JDBCDrivers.config
     file to the 
    CALiveAPICreator.war
     file by issuing the following command:
    jar uvf <war file> .ebextensions/JDBCDrivers.config
    The file format is YAML. For more information, see the Amazon Web Services documentation.
    A confirmation message appears.
The 
JDBCDrivers.config
 file is added to the 
.ebextensions
 directory that is in the 
CALiveAPICreator.war
 file.
Optimize the Performance of your AWS Beanstalk Instance
  1. Create the 
    JVMoptions.config
     file in the 
    .ebextensions
     directory.
  2. Open the file, enter the following JVM options, and then save and close the file:
    To set your initial and maximum heap size
    , define the following settings:
    option_settings:
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: Xms
    value: 256m
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: Xmx
    value: 1024m
    For more information:
    To set the detail level for logging for garbage collection
    , define the following setting:
    option_settings:
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: verbose
    value: gc
  3. From the command line window, add this file to the 
    CALiveAPICreator.war
     file by issuing the following command:
    jar uvf <war file> .ebextensions/JVMoptions.config
Your JVM options take affect after you deploy the WAR file.
Minimize Security Vulnerabilities by Enabling HTTP Security Headers
You can minimize security vulnerabilities on 
Layer7 Live API Creator
 applications, such as API Creator and Data Explorer, which are web-based applications, by adding security headers to Tomcat. HTTP security headers give browsers explicit instructions about how to communicate with a website. 
You can minimize security vulnerabilities on 
Layer7 Live API Creator
 applications at one of the following levels: 
  • At the Java-container level, within Tomcat.
  • At the 
    Layer7 Live API Creator
     application-level.
For more information about how to add security headers to Tomcat, see Install on Apache Tomcat.
Create an AWS Elastic Beanstalk Instance
Creating an AWS Elastic Beanstalk instance creates an application with 
Layer7 Live API Creator
 and a Web server environment. Complete this procedure in the AWS Elastic Beanstalk console.
Layer7 Live API Creator
 can run in a micro instance, but it takes advantage of the CPUs that you allocate. 
Layer7 Live API Creator
 uses up to 4 GB to 8 GB of memory per Java container.
For more information about the amount of memory that 
Layer7 Live API Creator
 requires, see Installation Requirements and Supported Platforms.
For more information about how to create an AWS Elastic Beanstalk instance, see the Amazon Web Services documentation.
Follow these steps:
 
  1. Define the general information for the Web server environment. On the Create a web server environment page, complete the following:
    Environment name
     
    Confirm the environment name.
    Domain
     
    Enter a domain name.
    Platform
     
    Select 
    Tomcat
    .
    Application code
     
    Upload the 
    CALiveAPICreator.war
     WAR file by clicking 
    Upload your code
    , and then click 
    Upload
    .
  2. (Optional) Configure options for the Web server environment by clicking 
    Configure more options
    .
    The Configure <your environment name> page appears.
    • Configure the environment properties. Complete the following steps:
      1. Click 
        Modify
         in the 
        Software
         tile.
        The Modify software page appears.
      2. In the 
        Environment properties
         section, add the following environment variables, and then save your changes:
        • (If you want to set the location of your admin repository) 
          LAC_REPOSITORY_ROOT
           
        • (If you want to set the location from which 
          Layer7 Live API Creator
           pulls your admin repository) 
          LAC_REPOSITORY_CONFIGURATION_URL
           
        • (If you want to set the absolute path of the logging configuration file) 
          LAC_LOGGING_CONFIG_FILE
           
        • (If you want to set the cluster synchronization strategy) 
          LAC_CLUSTER_SYNC_STRATEGY
           
        • (If you want to assign the path of the Hazelcast configuration XML file when determining how nodes discover each other in a cluster) 
          hazelcast.config
           
        For more information about these options and other options that you can add before starting your server, see API Server Startup Options.The Configure <your environment name> page appears.
    • Configure the capacity. Complete the following steps:
      1. Click 
        Modify
         in the 
        Capacity
         tile.
        The Modify capacity page appears.
      2. Select 
        Load balanced
         as the 
        Environment type
        , and then save your changes.
        The Configure <your environment name> page appears.
      3. (Optional) Configure load balancer health checks. Complete the following steps:
        1. Click 
          Modify
           in the 
          Load balancer
           tile.
          The Modify load balancer page appears.
        2. Point the health check path to the 
          @heartbeat
           system REST endpoint. For 
          Health check path
          , enter 
          /rest/abl/admin/v2/@heartbeat
          , and then save your changes.
          For more information about this system REST endpoint, see System REST Endpoints.
       The Configure <your environment> page appears.
  3. Click 
    Create environment
    .
An application with 
Layer7 Live API Creator
 and a Web server environment is created. AWS Elastic Beanstalk creates EC2 instances, a load balancer, an elastic IP address, and a security group.
Next Steps
Complete the following procedures after you have installed 
Layer7 Live API Creator
 to run in AWS Elastic Beanstalk.
Configure 
Layer7 Live API Creator
 to Collect and Send Usage Data
If you are licensed to use 
Layer7 Live API Creator
 under a PLA, you must activate 
Layer7 Live API Creator
 and configure it to collect and send usage data. If you are licensed to use 
Layer7 Live API Creator
 under a standard license, you can consent to 
Layer7 Live API Creator
 collecting and sending usage data.
For more information about how to configure to collect and send usage data, see Activate and Configure to Send Usage Data.
Import the API Server License
The API Server license controls access to API Creator and services. If you are licensed to use 
Layer7 Live API Creator
 under a standard license and you did not specify a license file when starting AWS Elastic Beanstalk (by adding the 
LAC_DEFAULT_LICENSE_FILE
 option at AWS Elastic Beanstalk startup), you must now upload it.
For more information about licensing, see Licensing.
Advanced Configuration
The following topic provides advanced configuration details.
Create a Database for your Authentication Tokens
Prerequisite:
 You have added the 
JDBCDrivers.config
 file to the 
.ebextensions
 directory that is in the 
CALiveAPICreator.war
 file.
By default, 
Layer7 Live API Creator
 generates authentication tokens, stores them in the in-memory Derby database, and synchronizes them to your admin repository in the following cases:
  • You have configured 
    Layer7 Live API Creator
     to run as a single node.
  • You are running in a local development environment.
  • You have specified an authentication provider that uses the 
    Default Auth Provider
     authentication method (for example, the 
    built-in authentication
     authentication provider) or a custom JavaScript authentication provider that uses the 
    JavaScript Auth Provider
     authentication method as the authentication provider for your API.
You can optionally have 
Layer7 Live API Creator
 store the authentication tokens that it generates for API users in a database instead by creating one.
For more information about how to create this database, see Create a Database for your Authentication Tokens.