Install on Amazon Web Services Elastic Beanstalk

Install on Amazon Web Services Elastic Beanstalk
lac52
You can install
Layer7 Live API Creator
to run as a cloud-based service in an Amazon Web Services (AWS) Elastic Beanstalk environment. Elastic Beanstalk automatically handles capacity provisioning, load balancing, scaling, and application health monitoring.
In this article:
Verify the Prerequisites
Before installing
Layer7 Live API Creator
to run in AWS Elastic Beanstalk, ensure that you have completed the following prerequisite steps:
  • You have obtained the package containing the
    CALiveAPICreator.war
    web application ARchive (WAR) file.
  • You have an AWS account.
  • You know which license type you are using
    Layer7 Live API Creator
    under, either a standard license that the CA Support site issues or an Enterprise Software Portfolio License Agreement (PLA).
    For more information about licensing, see Licensing.
  • You have reviewed the installation best practices.
    For more information about the best practices, see Installation Best Practices.
(Optional) Bundle the Admin Repository into the WAR File
You can bootstrap
Layer7 Live API Creator
with a specific configuration for your API metadata by bundling the admin repository into the
CALiveAPICreator.war
file. For example, you have configured
Layer7 Live API Creator
in your development environment, and you want to include this configuration in the
CALiveAPICreator.war
file and deploy it to a server.
If you are persisting the authentication tokens that
Layer7 Live API Creator
dynamically generates by way of an authentication database, you can also bundle the definition of the data source for the authentication token database (the
ApiKey.json
file) into the WAR file.
You can bundle the admin repository and the definition of the data source for the authentication token database into the WAR file using a script.
For more information about this script, see Example: Deploy the Bundled WAR to a Cluster.
Prerequisite:
If you are licensed to use
Layer7 Live API Creator
under a PLA, you have verified that the admin repository includes the
system/telemetry.json
file and that it is configured to collect and send
Layer7 Live API Creator
-specific usage data.
You can also activate
Layer7 Live API Creator
and configure it to send usage data after you have started API Server.
For more information:
Follow these following steps:
  1. Create the
    WEB-INF/classes
    directory.
  2. Create the
    configuration.zip
    file from your admin repository (the
    teamspaces
    and
    system
    directories).
    For more information about these directories, see View your API Definition.
  3. Copy the following files to the
    WEB-INF/classes
    directory:
    • The
      configuration.zip
      file.
    • (Optional) The
      ApiKey.json
      file for your environment.
  4. From the command line window, bundle the files that are in the
    WEB-INF
    directory into the WAR file by issuing the following command:
    jar uvf <war file> WEB-INF
    Step 3 of the sample script bundles these files into the WAR file.
The admin repository (and optionally the definition of the data source for the authentication token database) is added to the
CALiveAPICreator.war
file.
Optional Configuration
The following topics provide optional configuration details.
The following optional configurations require that you restart API Server after you configure.
Add the JDBC Drivers to the WAR File
If you plan to create a database for
Layer7 Live API Creator
to store the authentication tokens it generates for API users, then you must add the
JDBCDrivers.config
file to the
.ebextensions
directory that is in the WAR file. The
JDBCDrivers.config
file tells Elastic Beanstalk to install JDBC drivers for these databases.
Layer7 Live API Creator
requires the corresponding JDBC driver to the database management system (DBMS) that you use as your database for your authentication tokens and for any other databases that you plan to access.
Follow these steps:
  1. Create the
    .ebextensions
    directory in the same directory as the
    CALiveAPICreator.war
    file.
  2. Create the
    JDBCDrivers.config
    file in the
    .ebextensions
    directory.
  3. Open the file, add links to the JDBC drivers that are located in the public maven repository that is in the file, and then save and close the file. To use licensed third-party drivers, create a storage location on AWS and modify the source to point to this internal S3 location.
    Examples:
    Derby data source
    files: "/usr/share/tomcat8/lib/derby-10.12.1.1.jar": mode: "000755" owner: tomcat group: tomcat source: http://central.maven.org/maven2/org/apache/derby/derby/10.12.1.1/derby-10.12.1.1.jar
    MySQL/MariaDB data source
    files:
    "/usr/share/tomcat8/lib/mariadb-java-client-1.2.2.jar":
    mode: "000755"
    owner: tomcat
    group: tomcat
    source: http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.2.2/mariadb-java-client-1.2.2.jar
    PostgreSQL data source
    files:"/usr/share/tomcat8/lib/postgresql-9.4-1206-jdbc42.jar":mode: "000755"owner: tomcat group: tomcat source: http://central.maven.org/maven2/org/postgresql/postgresql/9.4-1206-jdbc42/postgresql-9.4-1206-jdbc42.jar
  4. From the command line window, add the
    JDBCDrivers.config
    file to the
    CALiveAPICreator.war
    file by issuing the following command:
    jar uvf <war file> .ebextensions/JDBCDrivers.config
    The file format is YAML. For more information, see the Amazon Web Services documentation.
    A confirmation message appears.
The
JDBCDrivers.config
file is added to the
.ebextensions
directory that is in the
CALiveAPICreator.war
file.
Optimize the Performance of your AWS Beanstalk Instance
  1. Create the
    JVMoptions.config
    file in the
    .ebextensions
    directory.
  2. Open the file, enter the following JVM options, and then save and close the file:
    To set your initial and maximum heap size
    , define the following settings:
    option_settings:
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: Xms
    value: 256m
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: Xmx
    value: 1024m
    For more information:
    To set the detail level for logging for garbage collection
    , define the following setting:
    option_settings:
    - namespace: "aws:elasticbeanstalk:container:tomcat:jvmoptions"
    option_name: verbose
    value: gc
  3. From the command line window, add this file to the
    CALiveAPICreator.war
    file by issuing the following command:
    jar uvf <war file> .ebextensions/JVMoptions.config
Your JVM options take affect after you deploy the WAR file.
Minimize Security Vulnerabilities by Enabling HTTP Security Headers
You can minimize security vulnerabilities on
Layer7 Live API Creator
applications, such as API Creator and Data Explorer, which are web-based applications, by adding security headers to Tomcat. HTTP security headers give browsers explicit instructions about how to communicate with a website.
You can minimize security vulnerabilities on
Layer7 Live API Creator
applications at one of the following levels:
  • At the Java-container level, within Tomcat.
  • At the
    Layer7 Live API Creator
    application-level.
For more information about how to add security headers to Tomcat, see Install on Apache Tomcat.
Create an AWS Elastic Beanstalk Instance
Creating an AWS Elastic Beanstalk instance creates an application with
Layer7 Live API Creator
and a Web server environment. Complete this procedure in the AWS Elastic Beanstalk console.
Layer7 Live API Creator
can run in a micro instance, but it takes advantage of the CPUs that you allocate.
Layer7 Live API Creator
uses up to 4 GB to 8 GB of memory per Java container.
For more information about the amount of memory that
Layer7 Live API Creator
requires, see Installation Requirements and Supported Platforms.
For more information about how to create an AWS Elastic Beanstalk instance, see the Amazon Web Services documentation.
Follow these steps:
  1. Define the general information for the Web server environment. On the Create a web server environment page, complete the following:
    Environment name
    Confirm the environment name.
    Domain
    Enter a domain name.
    Platform
    Select
    Tomcat
    .
    Application code
    Upload the
    CALiveAPICreator.war
    WAR file by clicking
    Upload your code
    , and then click
    Upload
    .
  2. (Optional) Configure options for the Web server environment by clicking
    Configure more options
    .
    The Configure <your environment name> page appears.
    • Configure the environment properties. Complete the following steps:
      1. Click
        Modify
        in the
        Software
        tile.
        The Modify software page appears.
      2. In the
        Environment properties
        section, add the following environment variables, and then save your changes:
        • (If you want to set the location of your admin repository)
          LAC_REPOSITORY_ROOT
        • (If you want to set the location from which
          Layer7 Live API Creator
          pulls your admin repository)
          LAC_REPOSITORY_CONFIGURATION_URL
        • (If you want to set the absolute path of the logging configuration file)
          LAC_LOGGING_CONFIG_FILE
        For more information about these options and other options that you can add before starting your server, see API Server Startup Options.The Configure <your environment name> page appears.
    • Configure the capacity. Complete the following steps:
      1. Click
        Modify
        in the
        Capacity
        tile.
        The Modify capacity page appears.
      2. Select
        Load balanced
        as the
        Environment type
        , and then save your changes.
        The Configure <your environment name> page appears.
      3. (Optional) Configure load balancer health checks. Complete the following steps:
        1. Click
          Modify
          in the
          Load balancer
          tile.
          The Modify load balancer page appears.
        2. Point the health check path to the
          @heartbeat
          system REST endpoint. For
          Health check path
          , enter
          /rest/abl/admin/v2/@heartbeat
          , and then save your changes.
          For more information about this system REST endpoint, see System REST Endpoints.
      The Configure
      <your environment>
      page appears.
  3. Click
    Create environment
    .
An application with
Layer7 Live API Creator
and a Web server environment is created. AWS Elastic Beanstalk creates EC2 instances, a load balancer, an elastic IP address, and a security group.
Next Steps
Complete the following procedures after you have installed
Layer7 Live API Creator
to run in AWS Elastic Beanstalk.
Configure
Layer7 Live API Creator
to Collect and Send Usage Data
If you are licensed to use
Layer7 Live API Creator
under a PLA, you must activate
Layer7 Live API Creator
and configure it to collect and send usage data. If you are licensed to use
Layer7 Live API Creator
under a standard license, you can consent to
Layer7 Live API Creator
collecting and sending usage data.
For more information about how to configure to collect and send usage data, see Activate and Configure to Send Usage Data.
Import the API Server License
The API Server license controls access to API Creator and services. If you are licensed to use
Layer7 Live API Creator
under a standard license and you did not specify a license file when starting AWS Elastic Beanstalk (by adding the
LAC_DEFAULT_LICENSE_FILE
option at AWS Elastic Beanstalk startup), you must now upload it.
For more information about licensing, see Licensing.
Advanced Configuration
The following topic provides advanced configuration details.
Create a Database for your Authentication Tokens
Prerequisite:
You have added the
JDBCDrivers.config
file to the
.ebextensions
directory that is in the
CALiveAPICreator.war
file.
By default,
Layer7 Live API Creator
generates authentication tokens, stores them in the in-memory Derby database, and synchronizes them to your admin repository in the following cases:
  • You have configured
    Layer7 Live API Creator
    to run as a single node.
  • You are running in a local development environment.
  • You have specified an authentication provider that uses the
    Default Auth Provider
    authentication method (for example, the
    built-in authentication
    authentication provider) or a custom JavaScript authentication provider that uses the
    JavaScript Auth Provider
    authentication method as the authentication provider for your API.
You can optionally have
Layer7 Live API Creator
store the authentication tokens that it generates for API users in a database instead by creating one.
For more information about how to create this database, see Create a Database for your Authentication Tokens.