Step 6 – Create an Admin Node Manager Docker image

To create an Admin Node Manager Docker image, use the build_anm_image.py script. This script builds an Admin Node Manager Docker image using the base image you created in Step 5 – Create base Docker image.

You must specify the following as options when using the build_anm_image.py script:

  • Domain certificate, private key, and password.
  • User name and password for the administrator user. You can use this user name and password to log in to the API Gateway Manager web console.

This script also supports additional options when generating an Admin Node Manager image. For example, you can:

  • Reuse the same configuration in multiple domains by specifying an existing fed file containing Admin Node Manager configuration to include in the Admin Node Manager Docker image.
  • Specify a merge directory to add to the Admin Node Manager Docker image. This merge directory can include custom configuration, JAR files, and so on.
  • Enable FIPS mode for the Admin Node Manager Docker image.
  • Enable API metrics processing in the Admin Node Manager Docker image. This enables you to monitor APIs and applications in API Manager.

For the latest script usage and options, run the script with no options, or with the -h option. For example:

$ cd emt_containers-<version>
$ ./build_anm_image.py -h

The following examples show how you can use the script to build Admin Node Manager Docker images:

Create an ANM image using defaults

The following example creates an Admin Node Manager Docker image using default certificates and a default administrator user.

Usage guidelines

  • Do not use default options on production systems. The --default-cert and --default-user options are provided only as a convenience for development environments.

Example command

$ cd emt_containers-<version>
$ ./build_anm_image.py 
--default-cert --default-user

This example creates an Admin Node Manager Docker image named admin-node-manager with a tag of latest. This image has the following characteristics:

  • Based on the apigw-base:latest image
  • Uses a default certificate and key (generated from running ./gen_domain_cert.py --default-cert)
  • Uses a default user name of admin and a default password for the administrator user

Create an ANM image using domain certificate

The following example creates an Admin Node Manager Docker image using a specified domain certificate and administrator user.

Example command

$ cd emt_containers-<version>
$ ./build_anm_image.py 
--domain-cert=certs/mydomain/mydomain-cert.pem 
--domain-key=certs/mydomain/mydomain-key.pem 
--domain-key-pass-file=/tmp/pass.txt
--anm-username=gwadmin --anm-pass-file=/tmp/gwadminpass.txt
--parent-image=my-gw-base:1.0 --out-image=my-admin-node-manager:1.0

This example creates an Admin Node Manager Docker image named my-admin-node-manager with a tag of 1.0. This image has the following characteristics:

  • Based on the my-gw-base:1.0 image
  • Uses a specified certificate and key
  • Uses a user name of gwadmin and a specified password for the administrator user

Create an ANM image using existing ANM fed and customized configuration

The following example creates an Admin Node Manager Docker image using an existing Admin Node Manager deployment package (fed file) and customized configuration from an existing API Gateway installation.

Usage guidelines

  • Ensure that your fed contains the following:
    • Admin Node Manager configuration.
    • To check this, you can open the fed in Policy Studio and verify that it is identified as a Node Manager configuration in the navigation pane.
    • Only IP addresses that are accessible at runtime. For example, the fed cannot contain IP addresses of container-based Admin Node Managers and API Gateways, as IP addresses are usually dynamically assigned in a Docker network.
  • Use the --merge-dir option to add additional files and folders to the apigateway directory inside the image.
    • The merge directory must be called apigateway and must have the same directory structure as the apigateway directory of an API Gateway installation.
    • For example, to add a custom envSettings.props file to your image, copy envSettings.props to a new directory /tmp/apigateway/conf/ and specify /tmp/apigateway to the --merge-dir option. The envSettings.props must contain only IP addresses and host names that are accessible at runtime. For example, it cannot contain IP addresses of container-based Admin Node Managers and API Gateways, as IP addresses are usually dynamically assigned in a Docker network.
    • For example, to add custom JAR files to your image, copy the JAR files to a new directory /tmp/apigateway/ext/lib/ and specify /tmp/apigateway to the --merge-dir option.

Example command

$ cd emt_containers-<version>
$ ./build_anm_image.py 
--domain-cert=certs/mydomain/mydomain-cert.pem 
--domain-key=certs/mydomain/mydomain-key.pem 
--domain-key-pass-file=/tmp/pass.txt
--anm-username=gwadmin --anm-pass-file=/tmp/gwadminpass.txt
--parent-image=my-gw-base:1.0 --out-image=my-fed-admin-node-manager:1.0
--fed=my-anm-fed.fed --fed-pass-file=/tmp/anmfedpass.txt
--merge-dir=/tmp/apigateway

This example creates an Admin Node Manager Docker image named my-fed-admin-node-manager with a tag of 1.0. This image has the following characteristics:

  • Based on the my-gw-base:1.0 image
  • Uses a specified certificate and key
  • Uses a specified user name of gwadmin and a specified password for the administrator user
  • Uses a specified fed that contains Admin Node Manager configuration
  • Uses a specified merge directory that is merged into the Admin Node Manager image

Create a FIPS-enabled ANM image

The following example creates an Admin Node Manager Docker image that runs in FIPS-compliant mode.

Usage guidelines

  • You must have a valid FIPS-compliant mode API Gateway license file to create an image that can run in FIPS-compliant mode.

Example command

$ cd emt_containers-<version>
$ ./build_anm_image.py 
--domain-cert=certs/mydomain/mydomain-cert.pem 
--domain-key=certs/mydomain/mydomain-key.pem 
--domain-key-pass-file=/tmp/pass.txt
--anm-username=gwadmin --anm-pass-file=/tmp/gwadminpass.txt
--parent-image=my-gw-base:1.0 --out-image=my-fips-admin-node-manager:1.0
--fips --license=/tmp/api_gw_fips.lic

This example creates an Admin Node Manager Docker image named my-fips-admin-node-manager with a tag of 1.0. This image has the following characteristics:

  • Based on the my-gw-base:1.0 image
  • Uses a specified certificate and key
  • Uses a specified user name of gwadmin and a specified password for the administrator user
  • Runs in FIPS-compliant mode

Create a metrics-enabled ANM image

The following example creates an Admin Node Manager Docker image that runs with metrics processing enabled. The Admin Node Manager container processes event logs from API Gateway containers and writes them to a specified metrics database.

Usage guidelines

  • Use the --merge-dir option to specify the apigateway directory containing the JDBC driver JAR file for the metrics database in the ext/lib directory.
    • The merge directory must be called apigateway and must have the same directory structure as the apigateway directory of an API Gateway installation.
    • Copy the JAR file to a new directory /tmp/apigateway/ext/lib/ and specify /tmp/apigateway to the --merge-dir option.
  • When running the Admin Node Manager and API Gateway Docker containers, use the docker run -v option to mount a volume for the API Gateway events directory.
    • Run the API Gateway container with a volume mounted for the events directory (for example -v /tmp/events:/opt/Axway/apigateway/events writes API Gateway event logs to /tmp/events on the host machine).
    • Run the Admin Node Manager container with the same volume mounted (for example -v /tmp/events:/opt/Axway/apigateway/events enables the Admin Node Manager to read API Gateway event logs from /tmp/events on the host machine). For details, see Start a metrics-enabled Admin Node Manager container.
  • Use the metrics options to specify the URL, user name, and password for your metrics database. If not specified the metrics options have the following default values:
    • --metrics-db-url: Defaults to ${environment.METRICS_DB_URL}
    • --metrics-db-username: Defaults to ${environment.METRICS_DB_USERNAME}
    • --metrics-db-pass-file: Default value for password if password file not specified is ${environment.METRICS_DB_PASS}
Note   When running in a multi-node system, you must mount a shared network volume that is accessible from the Admin Node Manager and from all API Gateways.

Example command

$ cd emt_containers-<version>
$ ./build_anm_image.py 
--domain-cert=certs/mydomain/mydomain-cert.pem 
--domain-key=certs/mydomain/mydomain-key.pem 
--domain-key-pass-file=/tmp/pass.txt
--anm-username=gwadmin --anm-pass-file=/tmp/gwadminpass.txt
--parent-image=my-gw-base:1.0 --out-image=my-metrics-admin-node-manager:1.0
--metrics --merge-dir=/tmp/apigateway

This example creates an Admin Node Manager Docker image named my-metrics-admin-node-manager with a tag of 1.0. This image has the following characteristics:

  • Based on the my-gw-base:1.0 image
  • Uses a specified certificate and key
  • Uses a specified user name of gwadmin and a specified password for the administrator user
  • Runs with metrics processing enabled
  • Uses a specified merge directory (containing the JDBC driver JAR file for the metrics database) that is merged into the API Gateway image

Related Links