Microgateway Command Line Reference
This section describes operations you can perform such as, start and stop Microgateway, retrieve Microgateway status, view the assets provisioned, create a Microgateway instance, create an asset archive, create a docker file, and so on through Command Line Interface(CLI).
Using Microgateway CLI
The Microgateway CLI script comes in 2 flavors: Windows (.bat) and Linux (.sh). Invoking the script provides usage information:
Please renew the usage action:
start - Start a Microgateway server
stop - Stop a Microgateway server
status - Retrieve the Microgateway server status
assets - Show the provisioned assets of a running server
createInstance - Create a Microgateway instance
createAssetArchive - Create an asset archive
createDockerFile - Create a Microgateway docker file
createKubernetesFile - Create a Kubernetes file
downloadSettings - Create a custom settings file
settings - Show the settings configured in the Microgateway instance
Starting a Microgateway
Run the following command to start a Microgateway.
./microgateway.sh start options
where the options are:
-Shortcut, --Name | Description |
-a, --archive <arg> | List of API Gateway archives |
-adp,--admin_password <arg> | Password for administration access |
-adu,--admin_user <arg> | User for administration access |
-apis, --apis <arg> | List of API identifiers (name, unique identifier, name/version). |
-apps, --applications <arg> | List of global applications (name, unique identifier) |
-as, --apps_sync | Enable Applications sync |
-asi, --apps_sync_interval | Polling interval in secs for applications sync |
-ast, --apps_sync_timeout | Connection timeout in secs for applications sync |
-asv, --apps_to_sync | Applications to synchronize (all, registeredApplications, comma separated ids) |
-bp,--base_path <arg> | API Gateway base path |
-c,--config <arg> | Configuration (YAML) file |
-ds,--download_settings | Downloads the settings from API Gateway. |
-gw,--api_gateway <arg> | API Gateway URL |
-gwp,--api_gateway_password <arg> | API Gateway password |
-gwu,--api_gateway_user <arg> | API Gateway user |
-gwd,--api_gateway_dir <arg> | API Gateway install directory |
-ikf,--import_keystore_file <arg> | To import one or more keystore files into Microgateway. If there are multiple keystore files you can provide the keystore file names as comma separated items. |
-ikp,--import_keystore_password <arg> | To import one or more keystore passwords corresponding to the keystore files being imported into Microgateway. |
-itf, --import_truststore_file <arg> | To import one or more truststore files into Microgateway. If there are multiple truststore files you can provide the truststore file names as comma separated items. |
-itp, --import_truststore_password <arg> | To import one or more truststore passwords corresponding to the truststore files being imported into Microgateway If there are multiple truststore passwords you can provide the password names as comma separated items. |
-jvmopt,--jvm_option <arg> | JVM option. Microgateway supports multiple JVMs. |
-lv,--log_level <arg> | ERROR, WARN, INFO, DEBUG, TRACE The default value is ERROR |
-lp,--log_path <arg> | Path to log files The default value is logs |
-mpc,--max_parallel_connections <arg> | Number of parallel HTTP connections to the native API. |
-p,--http_port <arg> | HTTP port number |
-pols,--policies <arg> | List of global policy identifiers (name, unique identifier). |
-sp,--https_port <arg> | HTTPS port number |
-sr,--service_registries <arg> | List of service registry names. |
-ua,--user_auth <arg> | User authentication method (internal or delegated) |
-v,--verbose | Print more information to console You will see a status message for each provisioned API. Also, the user authentication status is exposed. |
Stopping a Microgateway
Run the following command to stop a Microgateway.
./microgateway.sh stop options
where the options are:
-Shortcut, --Name | Description |
-c,--config <arg> | Configuration (YAML) file |
-p,--http_port <arg> | HTTP port number |
-sp,--https_port <arg> | HTTPS port number |
-adu,--admin_user <arg> | User for administration access |
-adp,--admin_password <arg> | Password for administration access |
Retrieving Microgateway Status
Run the following command to retrieve the status of a Microgateway.
./microgateway.sh status
Viewing the Provisioned Assets in Microgateway
Run the following command to view the assets provisioned in Microgateway.
./microgateway.sh assets options
where the options are:
-Shortcut, --Name | Description |
-c,--config <arg> | Configuration (YAML) file |
-p,--http_port <arg> | HTTP port number |
-sp,--https_port <arg> | HTTPS port number |
-adu,--admin_user <arg> | User for administration access |
-adp,--admin_password <arg> | Password for administration access |
-v,--verbose | Print all details |
Creating a Microgateway Instance
Run the following command to create a Microgateway instance package.
./microgateway.sh createInstance options
where the options are:
-Shortcut, --Name | Description |
-gwd,--api_gateway_dir <arg> | API Gateway install directory for taking over the user credential file |
-c,--config <arg> | Configuration (YAML) file that would be copied into the instance |
-os,--os <arg> | Operating system (windows / linux) |
-ins,--instance <arg> | Zip filename to hold the resulting Microgateway instance (mandatory) |
-ikf,--import_keystore_file <arg> | To import one or more keystore files into Microgateway. If there are multiple keystore files you can provide the keystore file names as comma separated items. |
-ikp,--import_keystore_password <arg> | To import one or more keystore passwords corresponding to the keystore files being imported into Microgateway. |
-itf, --import_truststore_file <arg> | To import one or more truststore files into Microgateway. If there are multiple truststore files you can provide the truststore file names as comma separated items. |
-itp, --import_truststore_password <arg> | To import one or more truststore passwords corresponding to the truststore files being imported into Microgateway If there are multiple truststore passwords you can provide the password names as comma separated items. |
-v,--verbose | Print all details |
Creating an Asset Archive
Run the following command to create an asset archive from a running API Gateway instance.
./microgateway.sh createAssetArchive options
where the options are:
-Shortcut, --Name | Description |
-a, --archive <arg> | The resulting API Gateway archive |
-apis, --apis <arg> | List of API identifiers (name, unique identifier, name/version). |
-apps, --applications <arg> | List of global applications (name, unique identifier, name/version). |
-gw,--api_gateway <arg> | API Gateway URL |
-gwp,--api_gateway_password <arg> | API Gateway password |
-gwu,--api_gateway_user <arg> | API Gateway user |
-pols,--policies <arg> | List of global policy identifiers (name, unique identifier). |
Creating a Microgateway Docker File
Run the following command to create a Microgateway docker file.
./microgateway.sh createDockerFile options
where the options are:
-Shortcut, --Name | Description |
-a, --archive <arg> | List of API Gateway archives |
-apis,--apis <arg> | List of API identifiers |
-apps,--applications <arg> | List of global application identifiers |
-c,--config <arg> | Configuration (YAML) file |
-dod,--docker_dir | Microgateway directory to use in Docker file |
-dof,--docker_file | Filename to hold Docker file |
-dor,--docker_from | FROM image to use in Docker file |
-exec, --exec | Command to start micro service |
-gw,--api_gateway <arg> | API Gateway URL |
-gwd,--api_gateway_dir <arg> | API Gateway install directory |
-gwp,--api_gateway_password <arg> | API Gateway password |
-gwu,--api_gateway_user <arg> | API Gateway user |
-ikf,--import_keystore_file <arg> | To import one or more keystore files into Microgateway. If there are multiple keystore files you can provide the keystore file names as comma separated items. |
-ikp,--import_keystore_password <arg> | To import one or more keystore passwords corresponding to the keystore files being imported into Microgateway. |
-itf, --import_truststore_file <arg> | To import one or more truststore files into Microgateway. If there are multiple truststore files you can provide the truststore file names as comma separated items. |
-itp, --import_truststore_password <arg> | To import one or more truststore passwords corresponding to the truststore files being imported into Microgateway If there are multiple truststore passwords you can provide the password names as comma separated items. |
-jre, --jre | none, linux or linux-musl |
-jvmopt,--jvm_option <arg> | JVM option. Microgateway supports multiple JVMs. |
-lv,--log_level <arg> | ERROR, WARN, INFO, DEBUG, TRACE The default value is ERROR |
-msr, --msr | Indicates MSR base image |
-p,--http_port <arg> | HTTP port number |
-pols,--policies <arg> | List of global policy identifiers |
-sp,--https_port <arg> | HTTPS port number |
-ua,--user_auth <arg> | User authentication method (internal or delegated) |
Creating a Microgateway Kubernetes File
You can prepare a Kubernetes deployment file (yml format) for deploying a Microgateway Docker image to Kubernetes. Sidecar deployment is possible and also health-check methods can be selected.
Run the following command to create a Microgateway Kubernetes file:
./microgateway.sh createKubernetesFile options
where the options are:
-Shortcut, --Name | Description |
-pn,--pod_name <arg> | Name for the Kubernetes pod and deployment |
-di,--docker_image <arg> | The Microgateway Docker image name (inside a docker registry in the shape: registry/ imagename) |
-hm,--health_mode <arg> | Mode for Kubernetes health checks (all, lifeness, readiness) The default value is all. |
-p,--http_port <arg> | The exposed port of the Microgateway Docker image |
-rep,--replicas <arg> | Number of pod replicas. The default value is 1. |
-sdi,--sidecar_docker_image <arg> | Optional. Docker image name for the sidecar container (inside a docker registry in the shape: registry/imagename) |
-spn,--sidecar_pod_name <arg> | Optional. NAme for the sidecar Kubernetes pod. |
-o,--output <arg> | Generated output file (yml format) |
Creating Settings file
Run the following command to create a custom settings file.
./microgateway.sh downloadSettings options
where the options are:
-Shortcut, --Name | Description |
-gw,--api_gateway <arg> | API Gateway URL |
-gwp,--api_gateway_password <arg> | API Gateway password |
-gwu,--api_gateway_user <arg> | API Gateway user |
-c,--config <arg> | Optional: input configuration file |
-o, - output <arg> | Output settings file |
Viewing the Settings in Microgateway
Run the following command to view the settings configured in the Microgateway instance.
./microgateway.sh settings options
where the options are:
-Shortcut, --Name | Description |
-adu,--admin_user <arg> | User for administration access |
-adp,--admin_password <arg> | Password for administration access |
-c,--config <arg> | Configuration (YAML) file |
-p,--http_port <arg> | HTTP port number |
-sp,--https_port <arg> | HTTPS port number |
-v,--verbose | Print all details |
system-settings.yml
The following shows a sample system-settings.yml file structure.
---
faults:
default_error_message: "API Gateway encountered an error.
Error Message: $ERROR_MESSAGE. Request Details: Service - $SERVICE,
Operation - $OPERATION, Invocation Time:$TIME, Date:$DATE,
Client IP - $CLIENT_IP, User - $USER and Application:$CONSUMER_APPLICATION"
native_provider_fault: "false"
extended_settings:
defaultEncoding: "UTF-8"
apiKeyHeader: "x-Gateway-APIKey"
apig_MENConfiguration_tickInterval: "60"
events.collectionQueue.size: "10000"
events.collectionPool.minThreads: "1"
events.collectionPool.maxThreads: "8"
gateway_destination:
sendPolicyViolationEvent: "true"
es_destination:
protocol: "http"
hostName: "localhost"
port: "9240"
indexName: "gateway_default_analytics"
userName: ""
password: ""
sendPolicyViolationEvent: "true"
key_store:
type: JKS
provider: SUN
location: config/keystore.jks
password: password
system:
version: "10.4.0.0"
---
custom-settings.yml
The following shows a sample custom-settings.yml file structure.
---
ports:
http: 7071
https: 7072
key_alias: ssos
api_gateway:
url: http://localhost:5555
user: Administrator
password: password
dir: "C:\\SoftwareAG"
download_settings: "false"
api_endpoint:
base_path: "/gateway"
admin_api:
user: admin
password: password
admin_path: "/rest/microgateway"
downloads:
apis: EmployeeService
applications:
policies:
archive:
file: "E:/archives/gateway/EmployeeService.zip
policies:
user_auth: internal | delegated
logging:
level: "ERROR"
path: "logs"
applications_sync:
enabled: true | false
applications_to_sync: "all | registeredApplications | comma separated ids"
polling_interval_secs: 10
connection_timeout_secs: 10
faults:
default_error_message: "API Gateway encountered an error.
Error Message: $ERROR_MESSAGE.\
\ Request Details: Service - $SERVICE, Operation -
$OPERATION, Invocation Time:$TIME,\
\ Date:$DATE, Client IP - $CLIENT_IP, User - $USER and
Application:$CONSUMER_APPLICATION"
native_provider_fault: "false"
extended_settings:
apiKeyHeader: "x-Gateway-APIKey"
apig_MENConfiguration_tickInterval: "60"
apig_rest_service_redirect: "false"
apig_schemaValidationPoolSize: "10"
customCertificateHeader: "X-Client-Cert"
decodeAllDelimitersInURI: "false"
defaultEncoding: "UTF-8"
defaultLanguage: "en"
events.collectionPool.maxThreads: "8"
events.collectionPool.minThreads: "1"
events.collectionQueue.size: "10000"
events.reportingPool.maxThreads: "4"
events.reportingPool.minThreads: "2"
events.reportingQueue.size: "5000"
forwardInternalAPIsRequest: "false"
pg.3pSnmpSender.sendDelay: "0"
pg.cs.snmpTarget.base64Encoded: "false"
pg.cs.snmpTarget.connTimeout: "0"
pg.cs.snmpTarget.maxRequestSize: "10485760"
pg.cs.snmpTarget.retries: "1"
pg.cs.snmpTarget.sendTimeOut: "500"
pg.endpoint.connectionTimeout: "30"
pg.endpoint.readTimeout: "30"
pg.lb.failoverOnDowntimeErrorOnly: "true"
pg.snmp.communityTarget.base64Encoded: "false"
pg.snmp.communityTarget.maxRequestSize: "65535"
pg.snmp.communityTarget.retries: "1"
pg.snmp.communityTarget.sendTimeOut: "500"
pg.snmp.customTarget.connTimeout: "0"
pg.snmp.userTarget.maxRequestSize: "65535"
pg.snmp.userTarget.retries: "1"
pg.snmp.userTarget.sendTimeOut: "500"
pg.uddiClient.publish.maxThreads: "2"
pg.uddiClient.uddiClientTimeout: "15000"
pg_Cache_autoScalerRunInterval: "120"
pg_Cache_averageObjectSize: "64"
pg_Cache_boundedCacheResizerRunInterval: "30"
pg_Cache_maxCacheSize: "1048576"
pg_Cache_minCachePercent: "20"
pg_Cache_minCacheSize: "1024"
pg_Cache_statisticsProcessorRunInterval: "15"
pg_JWT_isHTTPS: "true" pg_OpenID_isHTTPS: "true"
pg_oauth2_isHTTPS: "true"
pg_xslt_disableDoctypeDeclarations: "true"
pg_xslt_enableDOM: "false"
pg_xslt_enableSecureProcessing: "true"
pgmen.quotaSurvival.addLostIntervals: "true"
pgmen.quotaSurvival.interval: "1"
retainResponseStatus: "false"
sendClientRequestURI: "false"
setDefaultContentType: "true"
transformerPoolSize: "5"
es_destination:
metricsPublishInterval: "60"
port: "9240"
sendAuditlogAPIManagementEvent: "false"
sendAuditlogAccessProfileManagementEvent: "false"
sendAuditlogAdministrationEvent: "false"
sendAuditlogAliasManagementEvent: "false"
sendAuditlogApplicationManagementEvent: "false"
sendAuditlogApprovalManagementEvent: "false"
sendAuditlogGroupManagementEvent: "false"
sendAuditlogPackageManagementEvent: "false"
sendAuditlogPlanManagementEvent: "false"
sendAuditlogPolicyManagementEvent: "false"
sendAuditlogPromotionManagementEvent: "false"
sendAuditlogRuntimeDataManagementEvent: "false"
sendAuditlogUserManagementEvent: "false"
sendErrorEvent: "false"
sendLifecycleEvent: "false"
sendPerformanceMetrics: "false"
sendPolicyViolationEvent: "false"
gateway_destination:
metricsPublishInterval: "60"
sendAuditlogAPIManagementEvent: "true"
sendAuditlogAccessProfileManagementEvent: "true"
sendAuditlogAdministrationEvent: "true"
sendAuditlogAliasManagementEvent: "true"
sendAuditlogApplicationManagementEvent: "true"
sendAuditlogApprovalManagementEvent: "true"
sendAuditlogGroupManagementEvent: "true"
sendAuditlogPackageManagementEvent: "true"
sendAuditlogPlanManagementEvent: "true"
sendAuditlogPolicyManagementEvent: "true"
sendAuditlogPromotionManagementEvent: "true"
sendAuditlogRuntimeDataManagementEvent: "true"
sendAuditlogUserManagementEvent: "true"
sendErrorEvent: "true"
sendLifecycleEvent: "true"
sendPerformanceMetrics: "true"
sendPolicyViolationEvent: "true"
security_settings:
providers:
- !<clientMetadataMapping>
id: "PingFederate"
name: "PingFederate"
type: "clientMetadataMapping"
owner: "Administrator"
providerName: "PingFederate"
implNames:
grant_types: "grantTypes"
logo_uri: "logoUrl"
scope: "restrictedScopes"
client_secret: "secret"
redirect_uris: "redirectUris"
client_name: "name"
client_id: "clientId"
extendedValues: {}
extendedValuesV2:
- endpointType: "CLIENT_REGISTRATION"
key: "restrictScopes"
value: "true"
- endpointType: "CLIENT_UPDATE"
key: "restrictScopes"
value: "true"
- !<clientMetadataMapping>
id: "OKTA"
name: "OKTA"
type: "clientMetadataMapping"
owner: "Administrator"
providerName: "OKTA"
implNames: {}
extendedValues: {}
extendedValuesV2: []
auth_servers:
- !<authServerAlias>
id: "local"
name: "local"
description: "API Gateway as an Authorization server."
type: "authServerAlias"
owner: "Administrator"
tokenGeneratorConfig:
expiry: 0
accessTokenExpInterval: 3600
authCodeExpInterval: 600
authServerScopes: []
supportedGrantTypes:
- "authorization_code"
- "password"
- "client_credentials"
- "refresh_token"
- "implicit"
oauthTokens: []
authServerType: "LOCAL_IS"
service_registries:
- !<serviceRegistryAlias>
id: "ServiceConsulDefault"
name: "ServiceConsulDefault"
description: "Service Consul is a tool for discovering and configuring services\
\ in IT infrastructure."
type: "serviceRegistryAlias"
owner: "Administrator"
endpointURI: "http://localhost:8500/v1"
heartBeatInterval: 0 password: ""
customHeaders: {}
discoveryInfo:
path: "/catalog/service/{serviceName}"
httpMethod: "GET"
registrationInfo:
path: "/agent/service/register"
httpMethod: "PUT"
deRegistrationInfo:
path: "/agent/service/deregister/{serviceId}"
httpMethod: "PUT"
serviceRegistryType: "SERVICE_CONSUL"
connectionTimeout: 30
readTimeout: 30
- !<serviceRegistryAlias>
id: "EurekaDefault"
name: "EurekaDefault"
description: "Eureka is a REST based service that is primarily used in the AWS
cloud\
\ for locating services for the purpose of load balancing and failover of
middle-tier servers"
type: "serviceRegistryAlias"
owner: "Administrator"
endpointURI: "http://localhost:8761"
heartBeatInterval: 0
password: ""
customHeaders: {}
discoveryInfo:
path: "/eureka/apps/{app}"
httpMethod: "GET"
registrationInfo:
path: "/eureka/apps/{app}"
httpMethod: "POST"
deRegistrationInfo:
path: "/eureka/apps/{app}/{instanceId}"
httpMethod: "DELETE"
serviceRegistryType: "EUREKA"
connectionTimeout: 30
readTimeout: 30
---