You're
viewing Apigee X documentation.
View Apigee Edge documentation.
This section describes how to install and configure Apigee with an evaluation organization (or eval org) from the command line. You can provision an eval org with just a Google Cloud billing account. Eval orgs expire after 60 days and may have other limitations. For details, see Organization types and Provisioning options.
Step 1: Define environment variables
Set up gcloud
and define environment variables for use in later steps:
- Be sure you have completed the setup requirements listed in Prerequisites.
- You must have the Cloud SDK installed. If you need to install it, see Installing Cloud SDK.
- Initialize the Cloud SDK, as described in Initializing Cloud SDK, or otherwise ensure that
the Google Cloud project you created in Prerequisites is the default project for
gcloud
. - Define the following environment variables:
AUTH="Authorization: Bearer $(gcloud auth print-access-token)"
PROJECT_ID="YOUR_PROJECT_ID"
RUNTIME_LOCATION="YOUR_RUNTIME_LOCATION"
ANALYTICS_REGION="YOUR_ANALYTICS_REGION"
Where:
- AUTH defines the
Authentication
header with a bearer token. You will use this header when calling Apigee APIs. Note that the token expires after a period of time and when it does, you can simply regenerate it using the same command. For more information, see the reference page for the print-access-token command. - PROJECT_ID is the Cloud project ID that you created as part of the Prerequisites.
RUNTIME_LOCATION is the physical location where the Apigee instance you will create later is located. Valid values are any Compute Engine region.
-
ANALYTICS_REGION is the physical location at which Apigee analytics data will be stored.
Where ANALYTICS_REGION is one of the following:
asia-northeast1
asia-south1
asia-east1
asia-southeast1
australia-southeast1
us-central1
us-east1
us-west1
asia-southeast2
europe-west1
europe-west2
Choose a region that is geographically close or one that satisfies your organization's storage requirements.
Both RUNTIME_LOCATION and ANALYTICS_REGION can be the same region, but they do not have to be the same. However, there may be a performance benefit if they are the same.
- AUTH defines the
- (Optional) Check your work by echoing the values you just set. Note that when you want
to use a variable in your commands, precede the variable's name with a dollar sign
($).
echo $AUTH
echo $PROJECT_ID
echo $RUNTIME_LOCATION
echo $ANALYTICS_REGION
The responses to your
echo
commands should look something like the following:Authorization: Bearer ya29.a123456678940B63hPSAMPLEsampleKKYVsample0f3pWDWZDuH2-hENkNa TvgZ1PD977TMvv6edBQPJezdHw040880Ol_LoD5ZDkt-i-knizia_KhA9L20sSvztL81-SAMPLE42ELPMASk2_ 1CxN my-cloud-project us-west1 us-west1
Step 2: Enable APIs
-
Apigee requires you to enable several Google Cloud APIs. Enable them by executing the following
services enable
command:gcloud services enable apigee.googleapis.com \ servicenetworking.googleapis.com compute.googleapis.com \ cloudkms.googleapis.com --project=$PROJECT_ID
(Optional) To check your work, use the
services list
command to show all the enabled APIs:gcloud services list
The response shows all enabled services, including the APIs that you just enabled (Apigee, Service Networking, Cloud KMS, and Compute Engine).
Step 3: Configure service networking
- Create these environment variables:
RANGE_NAME=YOUR_RANGE_NAME
NETWORK_NAME=YOUR_NETWORK_NAME
Where:
RANGE_NAME
is the name of the IP address range you are creating. You can name the range anything you want. For example:google-svcs
NETWORK_NAME
is the name of the network resource in which the addresses should be reserved.Google creates a default network (named
default
) for each new project, so you can use that. However, Google does not recommend using the default network for anything other than testing.
- Create an IP range with a CIDR length of /22:
gcloud compute addresses create $RANGE_NAME \ --global \ --prefix-length=22 \ --description="Peering range for Apigee services" \ --network=$NETWORK_NAME \ --purpose=VPC_PEERING \ --project=$PROJECT_ID
On success,
gcloud
responds with the following:Created [https://www.googleapis.com/compute/v1/projects/PROJECT_NAME/global/addresses/google-svcs].
After you create a range of IP addresses, the addresses are associated with the project until you release them.
- Create a second IP range with a CIDR length of /28. This range is used by Apigee for troubleshooting purposes and cannot be customized or changed.
gcloud compute addresses create google-managed-services-support-1 \ --global \ --prefix-length=28 \ --description="Peering range for supporting Apigee services" \ --network=$NETWORK_NAME \ --purpose=VPC_PEERING \ --project=$PROJECT_ID
- Connect your services to the network using the following command:
gcloud services vpc-peerings connect \ --service=servicenetworking.googleapis.com \ --network=$NETWORK_NAME \ --ranges=$RANGE_NAME,google-managed-services-support-1 \ --project=$PROJECT_ID
Use the same network name you used previously (for example,
default
). This operation can take several minutes to complete.On success,
gcloud
responds with the following:Operation "operations/OPERATION_ID" finished successfully.
Where OPERATION_ID is the UUID of the LRO.
Apigee creates a connection between your network and Google's services; specifically, Apigee connects your project to the Service Networking API through VPC peering. Apigee also associates IP addresses with your project.
Step 4: Create an organization
An organization is the top-level container in Apigee. It contains all your API proxies and related resources. For details, see Understanding organizations.
- Create a new eval org using the gcloud alpha apigee
organizations command:
gcloud alpha apigee organizations provision \ --runtime-location=$RUNTIME_LOCATION \ --analytics-region=$ANALYTICS_REGION \ --authorized-network=default \ --project=$PROJECT_ID
Where
--authorized-network
is the name of your custom peering network. For example:default
. -
When you execute the
provision
command, Google starts an LRO (long-running operation) to create the eval org. This operation takes about 15 minutes to complete. During that time,gcloud
displays the following:Provisioning organization...
-
(Optional) In another terminal window, check the status of your LRO by using the
operations list
command:gcloud alpha apigee operations list --organization=$PROJECT_ID
If the eval org is not created yet, the response includes an
IN_PROGRESS
status.When the eval org and its associated runtime instance are created,
gcloud
responds with the following:Provisioning organization...done.
If you execute the
operations list
command again, you should see that all UUIDs are in theFINISHED
state. For example:UUID ORGANIZATION STATE 00bab06f-c60c-41a5-4242-7SAMPLE7f my-org FINISHED 429790a7-3151-4642-4343-7SAMPLE7f my-org FINISHED d00a92a9-9b83-4642-4343-7SAMPLE7f my-org FINISHED f48a00ff-7daa-4c4a-4444-7SAMPLE7f my-org FINISHED
Step 5: Do a final test
An API proxy called hello-world
was created for you during provisioning.
By default, proxies you create in an eval org have internal-only access. To test your
newly provisioned org, follow the steps in Calling an API proxy
with internal-only access.