Environment Variables for the Container Gateway

This topic lists the environment variables that are specific to the Container Gateway application and includes:

gateway

This topic lists the environment variables that are specific to the Container Gateway application and includes:

To obtain better understanding of how these environment variables are used, refer to the More Information section. We recommend that you first review the sample files before looking up the detailed descriptions.

Available Gateway Environment Variables

Variable	Required?	Default	Description
ACCEPT_LICENSE	Yes	-	Set the ACCEPT_LICENSE environment variable to true to confirm that you have a valid commercial license for CA API Gateway. You also confirm that you have reviewed and accepted the terms of the CA End User License Agreement (EULA) that governs your use of the CA API Gateway. This value is case-sensitive.
SSG_JVM_HEAP	No	2G	The JVM heap size to use. This value should be a number, followed by m , M , k , K , g , G . For example: "4G", "4000m", "4g", "3M" (m and M both mean megabyte). This value must be set to a value that is less than the mem_limit value set in the api-gateway section of the docker-compose.yml file. The mem_limit value should be 1GB more or 50% more than the SSG_JVM_HEAP value, whichever is higher. For memory configuration guidelines, see Guidelines for Configuring Resources for the Container Gateway.
SSG_ADMIN_USERNAME	No	random	The administrative username for the Policy Manager. May contain alphanumeric ASCII characters and any of the following symbols: ! @ . = - _ ^ + ; : # , %
SSG_ADMIN_PASSWORD	No	random	The password for the administrative user. For improved security, the password should be at least 12 characters long. It may contain alphanumeric ASCII characters and any of the following symbols: ! @ . = - _ ^ + ; : # , % IMPORTANT: You should embed sensitive data such as passwords in plain-text within a configuration file only for convenience in development or test environments. Many container PaaS environments provide mechanisms for properly managing sensitive data. For an example, see "Secrets" in Configure Environment Variables in OpenShift. To disable Policy Manager connectivity, leave the SSG_ADMIN_USERNAME and SSG_ADMIN_PASSWORD variables empty. Disabling Policy Manager access is ideal if you want to enforce the redeployment of the container when making changes in a production environment. You will also do this if you have a derived image that is bootstrapped.
SSG_DATABASE_JDBC_URL	No	-	The URL of the JDBC connection that is used to connect to the MySQL database. If this URL is not defined, the Container Gateway defaults to using the embedded database instead. If a valid URL is provided, the Container Gateway uses this JDBC connection to connect to the MySQL database(s) (MySQL mode). If a URL is not provided (empty or not declared), the Container Gateway defaults to the embedded database (Derby mode). If you want to use the Policy Manager, make sure the SSG_ADMIN_USERNAME and SSG_ADMIN_PASSWORD are defined. The JDBC URL can be used to configure the secondary database connection, for example: jdbc:mysql://mysql-server-primary:3306,mysql-server-secondary:3306/ssg
SSG_DATABASE_USER	Yes, if SSG_DATABASE_ JDBC_URL is provided	-	The user who is connecting to the MySQL server(s). Only alphanumeric ASCII characters are accepted. If you are using the CA Technologies sample deployment files: This user must match any MYSQL_USER username defined in the environment section for the MySQL service. This environment section is identified by these names: "mysql-server" in the Sample Docker Compose Deployment File "creating the MySQL database" section in the deploy.sh file (see Sample OpenShift Deployment Files). If you specify a user name other than root , you must also define a MYSQL_DATABASE entry. This is necessary for the database user to have the correct permissions. If you have deployed your own MySQL instance, then set this environment variable to match the credentials for the account created on your MySQL instance.
SSG_DATABASE_PASSWORD	Yes, if SSG_DATABASE_ JDBC_URL is provided	-	Password that is used to connect to the MySQL server(s). The password may contain alphanumeric ASCII characters and any of the following symbols: ! @ . = - _ ^ + ; : # , % (special symbols supported as of v9.3 CR3). If you are using the sample deployment files, then this environment variable must match: any MYSQL_PASSWORD defined in the environment section for the MySQL service. This environment section is identified by these names: "mysql-server" in the Sample Docker Compose Deployment File "creating the MySQL database" section in the deploy.sh file (see Sample OpenShift Deployment Files). If you have deployed your own MySQL instance, then set this environment variable to match the credentials for the account created on your MySQL instance.
SSG_DATABASE_WAIT_TIMEOUT	No	300 seconds (5 minutes)	The time to wait (in seconds) for the database to become available. This value is used by the Container Gateway when SSG_DATABASE_JDBC_URL is provided.
SSG_CLUSTER_HOST	Yes, if SSG_DATABASE_ JDBC_URL is provided	${hostname}	The cluster hostname of the Container Gateway. Valid values are the quoted fully qualified domain name (FQDN) of the service endpoint; for example: mygateway.mycompany.com
SSG_CLUSTER_PASSWORD	Yes, if SSG_DATABASE_ JDBC_URL is provided	random	The cluster password. For improved security, the username and password (recommended 12 characters minimum) may contain alphanumeric ASCII characters and any of the following symbols: ! @ . = - _ ^ + ; : # ,
EXTRA_JAVA_ARGS	No	-	Define any extra JVM flags (including system properties) to add to the Java command line here. Space separated list. For example, -XX:ParallelGCThreads=4 -Dcom.l7tech.bootstrap.env.license.enable=true -Dcom.l7tech.bootstrap.autoTrustSslKey=trustAnchor,TrustedFor.SSL,TrustedFor.SAML_ISSUER Use -Dcom.l7tech.server.siteminder.enabled=true to enable CA Single Sign-On (Siteminder). By default, this functionality is disabled . Use -Dcom.l7tech.bootstrap.env.license.enable=true to enable loading the SSG license gzip, base64 string as a environment variable. By default it is disabled . Use -Dcom.l7tech.service.metrics.enabled=false to disable the service metrics when using a MySQL database. By default it is enabled . The embedded database does not use this toggle as it is always disabled.
SSG_SSL_KEY	No		IMPORTANT: Use the SSG_SSL_KEY environment variable in a development or test environment only. It is not recommended for production use, since it exposes the SSL key license in plain text in your configuration file. The preferred method is to mount the license file(s) as secret volumes. The default Gateway SSL key as a base64 encoded string. For more information, see Manage Private Keys. Copy the string from the output of this Linux command cat /path/to/key.p12 \| base64 (add –wrap=0 to the base64 command if you are running Windows OS).
SSG_SSL_KEY_PASS	No		The default Gateway SSL key password. Can be left empty if the p12 key is not password protected.
SSG_LICENSE	No/Disabled by default		IMPORTANT: Use the SSG_LICENSE environment variable in a development or test environment only. It is not recommended for production use, since it exposes the (encoded) license in plain text in your configuration file. The preferred method is to mount the license file(s) as secret volumes. The `CA API Gateway` license as a Gzipped, Base64-encoded string (with no space characters or line breaks). A valid license is required to operate the Container Gateway. Use this SSG_LICENSE env var to install a single Gateway license. To install multiple licenses, use the preferred method of mounting the license file(s) as secret volumes. Providing the license through this environment variable is disabled by default. To enable, add the following to the docker-compose.yml file in Sample Docker Compose Deployment File: EXTRA_JAVA_ARGS: "-Dcom.l7tech.bootstrap.env.license.enable=true" Alternatively, add this line to the gateway.env file in Sample Openshift Deployment Files: EXTRA_JAVA_ARGS="-Dcom.l7tech.bootstrap.env.license.enable=true"

Deprecated Environment Variables

These variables were used in the previous versions of the container Gateway and are no longer in use.

Variable

SSG_CLUSTER_COMMAND

SSG_DATABASE_TYPE

SSG_DATABASE_HOST

SSG_DATABASE_PORT

SSG_DATABASE_NAME

SSG_DATABASE_ADMIN_USER

SSG_DATABASE_ADMIN_PASS

SSG_INTERNAL_SERVICES

Known Issue

The following issue occurs only in a scenario when multiple container Gateways access the same SQL database instance.

Unable to set new Admin Username and Password for Additional Container Gateways

The Container Gateway stores values for the SSG_ADMIN_USERNAME and SSG_ADMIN_PASSWORD in the SQL database instance. If an additional Container Gateway is created and configured to use the same SQL database instance, the initial settings for admin username and password values persist. Any new admin username and password values are ignored.

Workaround: Use different SQL database instances.

More Information

Docker engine:

Configure Environment Variables for Docker

Sample Docker Compose Deployment File

OpenShift:

Configure Environment Variables in OpenShift

Sample OpenShift Deployment Files

Content feedback and comments

CA API Gateway 9.1

Environment Variables for the Container Gateway