Installation

Solace Amplify Discovery Agent for Async API-Management is typically executed as Docker container.

Releases of the agent are published to Docker Hub and are located at solaceiotteam/solace-amplify-discovery-agent .

Configuration of solace-amplify-discovery-agent Docker container

The agent is configured by providing a configuration file and/or environment variables.

A documented sample of the configuration options is located at https://github.com/solace-iot-team/solace-amplify-discovery-agent/tree/main/sample .

  • solace-amplify-discovery-agent is executed as user AGENT (uid=9999,gid=9999)

  • Path /opt/agent is read and writeable for user AGENT

Two options are available to provide the key-pair (private_key.pem and public_key.pem) for Amplify:

  • Option a) make key-pair accessible through file-mount and point solace-amplify-discovery-agent to this mount point

    • CENTRAL_AUTH_PRIVATEKEY=/path/to/private_key.pem and CENTRAL_AUTH_PRIVATEKEY=/path/to/public_key.pem

    • CENTRAL_AUTH_PRIVATEKEY_DATA and CENTRAL_AUTH_PUBLIC_DATA must not be set

  • Option b) share key-pair as environment variable

    # Path and Filename of Axway Central Service Account private key as PEM
CENTRAL_AUTH_PRIVATEKEY=/path/to/private_key.pem
# Optional - PEM content as one line PEM
CENTRAL_AUTH_PRIVATEKEY_DATA="-----BEGIN PRIVATE KEY-----\n ... \n-----END PRIVATE KEY-----\n"
#publickey within Axway Central
# Path and Filename of Axway Central Service Account public key as PEM
CENTRAL_AUTH_PUBLICKEY=/path/to/public_key.pem
# Optional - PEM content as one line PEM
CENTRAL_AUTH_PUBLICKEY_DATA="-----BEGIN PUBLIC KEY-----\n ... \n-----END PUBLIC KEY-----\n"

    The agent first checks, if there are already key-files located at CENTRAL_AUTH_PRIVATEKEY or CENTRAL_AUTH_PUBLICKEY file location. If there are no keys at these locations the agent looks up if there are environment variables defined CENTRAL_AUTH_PRIVATEKEY_DATA or CENTRAL_AUTH_PUBLICKEY_DATA with the actual key-data. The agent writes a copy of the key-data to the key-files locations and continues by using the keys written to the files.

    • /opt/agent within the Docker container is writeable for solace-amplify-discovery-agent

    • as solace-amplify-discovery-agent is not executed as ROOT the mount-paths for public-key and private-key must be writeable for NON-ROOT user (uid=9999, gid=9999)

    • it could be a security risk to mount a file system and let the agent write the public-key into this file mount.

Note

To convert PEM files into environment variable format you can use the following command:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert-name.pem