Secure API Manager provides a Docker container that you can deploy in a virtual environment. There are several prerequisite steps that you must perform before you can use the Docker deployment. This guide does not provide a primer for Docker. You must have a good understanding of Docker to use the Secure API Manager Docker deployment. For more information, see Docker Engine documentation.
Secure API Manager is a containerized application that you deploy on a virtual machine with Docker installed. Secure API Manager runs only on a certain version and configuration of the virtual machine. In addition, there are prerequisites you must install to have all of the features in Secure API Manager work.
IMPORTANT:The installation scripts sets an IP address for the Docker deployment. If you have a conflict, use a different IP address. You can change the IP address when you run the installation script.
To install the prerequisites and prepare for Secure API Manager:
Install a virtual machine running SUSE Linux Enterprise Server 15 SP2 or later with bash. Ensure that you install a registration key for this machine. For more information, see SUSE Linux Enterprise Server Deployment Guide.
Ensure that you have the latest packages installed by using the following commands on the SUSE Linux Enterprise Server command prompt:
To install the required packages use the following command:
sudo SUSEConnect -p sle-module-containers/15.2/x86_64
To install the required SLE Package Hub updates use the following command:
sudo SUSEConnect -p PackageHub/15.2/x86_64
Install a valid registration key for this virtual machine.
NOTE:Even though the appliance is built on SUSE Linux Enterprise Server 15 SP2, the activation key for the appliance does not work as the registration key for this virtual machine. You must purchase a separate registration key for the SUSE Linux Enterprise Server from SUSE.
Ensure that openSSL is installed on the virtual machine.
Ensure that you are not running the PackageKit on this server. The GUI install of the SUSE Linux Enterprise Server adds the PackageKit to automatically update the server with latest patches.
IMPORTANT:PackageKit conflicts with the zypper commands and some of the components for Secure API Manager will not install.
Install Docker version 19 or later.
Use the following command to ensure that the system has the latest packages:
zypper up
Use the following command to install Docker with zypper:
sudo zypper install docker
Use the following command to enable Docker:
sudo systemctl enable docker.service
Use the following command to start the Docker service:
sudo systemctl start docker.service
To ensure that the Docker installation has installed and enabled the firewalld package use the following command:
zypper search -d firewalld
Ensure that the machine has network access to dockerhub.
Record the IP address, DNS name, and login information for future reference and to use during the deployment of the Secure API Manager components. For more information, see Recording the IP Addresses, DNS Names, and Login Information for Each Deployment.
Repeat Step 1 through Step 7 for each machine that you deploy.
After you have created the appropriate number of virtual machines with the prerequisites, you can now install Secure API Manager.
The Secure API Manager Docker install script pulls down the required API Gateway images from the repository registries specified in the docker.properties file. Typically, this would point to the official MicroFocus Security public dockerhub registry, but for now, do not change the information listed in the docker.properties file. The Secure API Manager Docker script installs (if it is not already installed) Fail2Ban on the host, the Secure API Manager agent Docker image, the API Gateway Docker image, and all associated components.
The Docker deployment script assigns a default IP address. Docker reserves the IP address ranges of 172.18.0.1-172.18.0.12 for its use. If you use IP addresses in this range, the script allows you to change the default IP address that the script assigns.
To install the Secure API Manager Docker container:
Ensure that you have completed all of the prerequisites steps before proceeding. For more information, see Prerequisites for the Docker Deployment of Secure API Manager.
Download the Secure API Manager Docker installation script sapim-install-2.1.x.tar.gz from the Software Licenses and Downloads portal.
Copy the installation script sapim-install-2.1.x.tar.gz to the SUSE Linux Enterprise server virtual machine you built.
Extract the installation script sapim-install-2.1.x.tar.gz in the directory where you copied the file using the following command:
./tar -xzvf sapim-install-2.1.x.tar.gzIn the new directory structure, find the installation file sapim-node-install.sh.
From the directory where the installation file resides, execute the file with one of the following commands:
./sapim-node-install.sh
or
./sapim-node-install.sh 2>&1 | tee sapim_install.log
NOTE:The second option allows you to capture logs during the installation.
As root, execute the two following commands:
/var/opt/microfocus/sapim/scripts/system/fail2ban-after-docker.sh /usr/lib/systemd/system/fail2ban.service /var/log/fail2ban.log
fail2ban-client restart
(Conditional) Select the option to changed the default IP address if you need to use the IP address range reserved by Docker of 172.18.0.1-172.18.0.12.
Repeat Step 1 through Step 8 on each virtual machine that you have deployed.
After you have the appropriate number of virtual machines for your Secure API Manager environment, you must configure Secure API Manager and perform additional steps in Access Manager to have the product function. For more information, see Configuring Secure API Manager
in the NetIQ Secure API Manager 2.1 Administration Guide.