Install the agent and provision Amplify Central access as described in https://github.com/Axway/agents-webmethods/blob/main/README.md.
- Amplify organization id: the organization identifier. Refer to Platform home > Organization
- Amplify Central environment name: the name of the environment the agent will report APIs to.
- Service account client id: the service account client ID used by the agent to communicate with Amplify platform.
- Public/Private key pem files: the public and private key associated to the service account the agent is using to communicate with Amplify platform.
As well as access to Amplify Central it is assumed you have access to the Webmethods APIM Gateway. You need:
- Credentials with access to the organization the agents will attach to.
- Details of access for Webmethods API gateway
The agents read their configuration from a YAML files or optionally from an environment variables file. Within the release package, you will find the agent binary as well as the agent yaml configuration file. To set up your agent configuration, replace the values in <valueToBeReplaced> with the correct name that reflect your environment (organizationID, environment, public/private key file names and clientID).
# starting the agent by providing the path of the configuration file
./webmethods_discovery_agent --pathConfig <path to webmethods_discovery_agent.yaml>
# If binary and yaml files are in the same folder, you can start the agent using:
./webmethods_discovery_agent| Variable Name | YAML Path | Description | Location / Default |
|---|---|---|---|
| CENTRAL_AGENTNAME | central.agentname | Agent name to visualize the agent status in Amplify | |
| CENTRAL_ADDITIONALTAGS | central.additionalTags | Additional tag names to publish separated by a comma | |
| CENTRAL_APISERVERVERSION | central.apiServerVersion | Version of the API Server that the agent will communicate with | v1alpha1 |
| CENTRAL_APPENDDATAPLANETOTITLE | central.appenddataplanetotitle | When true appends the data plane title to the Consumer Instance description and title. When false, nothing is changed | true |
| CENTRAL_AUTH_CLIENTID | central.auth.clientId | The DOSA ID of the AMPLIFY Central Service Account created | AMPLIFY Central -> Access -> Service Accounts |
| CENTRAL_AUTH_KEYPASSWORD | central.auth.keyPassword | The password for the private key, if applicable | |
| CENTRAL_AUTH_PRIVATEKEY | central.auth.privateKey | The private key file path from the commands above | ./private_key.pem |
| CENTRAL_AUTH_PUBLICKEY | central.auth.publicKey | The public key file path from the commands above | ./public_key.pem |
| CENTRAL_AUTH_REALM | central.auth.realm | The Realm used to authenticate for AMPLIFY Central | Broker |
| CENTRAL_AUTH_TIMEOUT | central.auth.timeout | The timeout to wait for the authentication server to respond (ns - default, us, ms, s, m, h) | 10s |
| CENTRAL_AUTH_URL | central.auth.url | The URL used to authenticate for AMPLIFY Central | https://login.axway.com/auth |
| CENTRAL_ENVIRONMENT | central.environment | Environment eventually set by download kit in AMPLIFY Central | Name of the AMPLIFY Central environment |
| CENTRAL_MODE | central.mode | How to send endpoints back to Central. (publishToEnvironment = API Server, publishToEnvironmentAndCatalog = API Server and Catalog) | publishToEnvironmentAndCatalog |
| CENTRAL_ORGANIZATIONID | central.organizationID | The Organization ID from AMPLIFY Central | Platform -> Click User -> Organization |
| CENTRAL_PLATFORMURL | central.platformURL | The URL to the platform instance being used to get user information such as email address used for smtp notifications | https://platform.axway.com |
| CENTRAL_POLLINTERVAL | central.pollInterval | The frequency in which Central is polled for subscriptions (ns - default, us, ms, s, m, h) | 60s |
| CENTRAL_PROXYURL | central.proxyUrl | The url for the proxy for Amplify Central (e.g. http://username:password@hostname:port). If empty, no proxy is defined. | Internally, this value defaults to empty |
| CENTRAL_SSL_CIPHERSUITES | central.ssl.cipherSuites | An array of strings. It is a list of supported cipher suites for TLS versions up to TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites is used, with a preference order based on hardware performance. See below for currently supported cipher suites. | See below for default cipher suite setting |
| CENTRAL_SSL_INSECURESKIPVERIFY | central.ssl.insecureSkipVerify | InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. | Internally defaulted to false |
| CENTRAL_SSL_MAXVERSION | central.ssl.maxVersion | String value for the maximum SSL/TLS version that is acceptable. If empty, then the maximum version supported by this package is used, which is currently TLS 1.3. Allowed values are: TLS1.0, TLS1.1, TLS1.2, TLS1.3 | Internally, this value defaults to empty |
| CENTRAL_SSL_MINVERSION | central.ssl.minVersion | String value for the minimum SSL/TLS version that is acceptable. If zero, empty TLS 1.0 is taken as the minimum. Allowed values are: TLS1.0, TLS1.1, TLS1.2, TLS1.3 | Internally, the value defaults toTLS1.2 |
| CENTRAL_SSL_NEXTPROTOS | central.ssl.nestProtos | An array of strings. It is a list of supported application level protocols, in order of preference, based on the ALPN protocol list. Allowed values are: h2, htp/1.0, http/1.1, h2c | Internally empty. Default negotiation. |
| CENTRAL_SUBSCRIPTIONS_APPROVAL_MODE | central.subscriptions.approval.mode | The mode for approving subscriptions on AMPLIFY Central (manual, auto, webhook) | manual |
| CENTRAL_SUBSCRIPTIONS_APPROVAL_WEBHOOK_AUTHSECRET | central.subscriptions.approval.webhook.authSecret | The authentication secret to pass to the subscription approval webhook (if any) | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_APPROVAL_WEBHOOK_HEADERS | central.subscriptions.approval.webhook.headers | The headers to pass to the subscription approval webhook (if any). | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_APPROVAL_WEBHOOK_URL | central.subscriptions.approval.webhook.url | The url for a subscription approval webhook (if any). CENTRAL_SUBSCRIPTIONS_APPROVAL_MODE must be set to "webhook" for webhooks to be invoked | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_AUTHTYPE | central.subscriptions.approval.notifications.smtp.authtype | The authentication type based on the email server. You may have to refer to the email server properties and specifications | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_FROMADDRESS | central.subscriptions.notifications.smtp.fromaddress | Email address which will represent the sender | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_HOST | central.subscriptions.notifications.smtp.host | SMTP server where the email notifications will originate from | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_PASSWORD | central.subscriptions.approval.notifications.smtp.password | Login password for the SMTP server | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_PORT | central.subscriptions.notifications.smtp.port | Port of the SMTP server | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBE_APIKEYS | central.subscriptions.notifications.smtp.subscribe.apikeys | Body of the email notification for action subscribe on APIKey authorization if your API is secured using an APIKey credential:header:{keyHeaderName}/value:${key} | Internally, this value defaults to "Your API is secured using an APIKey credential: header: ${keyHeaderName} / value: ${key}" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBE_BODY | central.subscriptions.approval.notifications.smtp.subscribe.body | Body of the email notification for action subscribe. | Internally, this value defaults to "Subscription created for Catalog Item: ${catalogItemName} ${authtemplate} " |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBE_OAUTH | central.subscriptions.notifications.smtp.subscribe.oauth | Body of the email notification for action subscribe on OAuth authorization if your API is secured using OAuth token. You can obtain your token using grant_type=client_credentials with the following client_id=${clientID} and client_secret=${clientSecret} | Internally, this value defaults to "Your API is secured using OAuth token. You can obtain your token using grant_type=client_credentials with the following client_id=${clientID} and client_secret=${clientSecret}" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBE_SUBJECT | central.subscriptions.approval.notifications.smtp.subscribe.subject | Subject of the email notification for action subscribe. | Internally, this value defaults to "Subscription Notification" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBEFAILED_BODY | central.subscriptions.notifications.smtp.subscribedfailed.body | Body of the email notification for action subscribe failed. | Internally, this value defaults to "Could not subscribe to CatalogItem: ${catalogItemName}" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_SUBSCRIBEFAILED_SUBJECT | central.subscriptions.notifications.smtp.subscribefailed.subject | Subject of the email notification for action subscribe failed. | Internally, this value defaults to "Subscription Failed Notification" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_UNSUBSCRIBE_BODY | central.subscriptions.notifications.smtp.unsubscribe.body | Body of the email notification for action unsubscribe. | Internally, this value defaults to "Subscription for Catalog Item: ${catalogItemName} has been unsubscribed" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_UNSUBSCRIBE_SUBJECT | central.subscriptions.notifications.smtp.unsbuscribe.subject | Subject of the email notification for action unsubscribe. | Internally, this value defaults to "Subscription Removal Notification" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_UNSUBSCRIBEFAILED_BODY | central.subscriptions.notifications.smtp.unsbuscribedfailed.body | Body of the email notification for action unsubscribe failed. | Internally, this value defaults to "Could not unsubscribe to Catalog Item: ${catalogItemName}" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_UNSUBSCRIBEFAILED_SUBJECT | central.subscriptions.notifications.smtp.unsubscribefailed.subject | Subject of the email notification for action unsubscribe failed. | Internally, this value defaults to "Subscription Removal Failed" |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_SMTP_USERNAME | central.subscriptions.notifications.smtp.username | Login user for the SMTP server | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_WEBHOOK_HEADERS | central.subscriptions.notifications.webhook.headers | Information used to verify the webhook. Provided by the customer, and may include such information as contentType and Authorization. | Internally, this value defaults to empty |
| CENTRAL_SUBSCRIPTIONS_NOTIFICATIONS_WEBHOOK_URL | central.subscriptions.notifications.webhook.url | URL where the webhook server is defined | Internally, this value defaults to empty |
| CENTRAL_TEAM | central.team | The Team name in AMPLIFY Central that all published APIs will be linked to | AMPLIFY Central -> Access -> Teams |
| CENTRAL_URL | central.url | The URL to the AMPLIFY Central instance being used for this discovery agent | https://apicentral.axway.com |
| LOG_FILE_CLEANBACKUPS | log.file.cleanbackups | The max age of a backup file, in days | 0 |
| LOG_FILE_KEEPFILES | log.file.keepfiles | The max number of log file backups to keep | 7 |
| LOG_FILE_NAME | log.file.name | The name of the log files | [[Agent executable name]].log |
| LOG_FILE_PATH | log.file.path | The path (relative or absolute) to save logs files, if output type file or both | logs |
| LOG_FILE_ROTATEEVERYMEGABYTES | log.file.rotateeverymegabytes | The max size, in megabytes that a log file can grow to | 100 |
| LOG_FORMAT | log.format | The format to print log messages (json, line, package) | json |
| LOG_LEVEL | log.level | The log level for output messages (debug, info, warn, error) | info |
| LOG_MASKEDVALUES | log.maskedValues | Comma-separated list of key words to identify within the agent config and used to mask its corresponding sensitive data. Key words are matched by whole words and are case sensitive | (empty value list) |
| LOG_OUTPUT | log.output | The output for the log lines (stdout, file, both) | stdout |
| STATUS_HEALTHCHECKINTERVAL | status.healthCheckInterval | Time in seconds between running periodic health checker (binary agents only). Allowed values are from 30 to 300 seconds. | 30s |
| STATUS_HEALTHCHECKPERIOD | status.healthCheckPeriod | Time in minutes allotted for services to be ready before exiting the agent. Allowed values are from 1 to 5 minutes. | 3m |
| STATUS_PORT | status.port | The port that the healthcheck endpoint will listen on | 8989 |
TODO: Add config details for Webmethods discovery agent
The allowed cipher suites string values are allowed: ECDHE-ECDSA-AES-128-CBC-SHA, ECDHE-ECDSA-AES-128-CBC-SHA256, ECDHE-ECDSA-AES-128-GCM-SHA256, ECDHE-ECDSA-AES-256-CBC-SHA, ECDHE-ECDSA-AES-256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-RC4-128-SHA, ECDHE-RSA-3DES-CBC3-SHA, ECDHE-RSA-AES-128-CBC-SHA, ECDHE-RSA-AES-128-CBC-SHA256, ECDHE-RSA-AES-128-GCM-SHA256, ECDHE-RSA-AES-256-CBC-SHA, ECDHE-RSA-AES-256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-RC4-128-SHA, RSA-RC4-128-SHA, RSA-3DES-CBC3-SHA, RSA-AES-128-CBC-SHA, RSA-AES-128-CBC-SHA256, RSA-AES-128-GCM-SHA256, RSA-AES-256-CBC-SHA, RSA-AES-256-GCM-SHA384, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256
The list of default cipher suites is: ECDHE-ECDSA-AES-256-GCM-SHA384, ECDHE-RSA-AES-256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES-128-GCM-SHA256, ECDHE-RSA-AES-128-GCM-SHA256, ECDHE-ECDSA-AES-128-CBC-SHA256, ECDHE-RSA-AES-128-CBC-SHA256
docker build -t webmethods-discovery -f Dockerfile.discovery .