Skip to content
You are reading Codefi Orchestrate development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure Orchestrate Gateway API

Follow these steps to configure and connect to Orchestrate Gateway API dependencies:

  1. Configure PostgreSQL database (mandatory)
  2. Configure Apache Kafka (mandatory)
  3. Configure monitoring (optional). Improve the development experience and debugging.
  4. Configure Multi-tenancy (optional). Use Orchestrate with multiple tenants.
  5. Configure the Chain Proxy cache (optional).

In addition to the dependencies, Orchestrate Gateway API needs to be configured to connect to the other microservices and to define how the service should be exposed.

Tip

Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.

Configuration

Environment Variable Command line option Description Default
REST_HOSTNAME rest-hostname Hostname to expose REST services
REST_PORT rest-port Port to expose REST services 8081
KEY_MANAGER_URL key-manager-url URL of the Key Manager HTTP endpoint http://localhost:8081
KEY_MANAGER_METRICS_URL (only ENV var) URL of the Key Manager HTTP metrics endpoint http://localhost:8082

CLI options

See the complete list of command line options for the Orchestrate Gateway API:

Run options

Usage:
  orchestrate api run [flags]

Flags:
      --api-store-type string                     Type of API Store (one of ["postgres"]) Environment variable: "API_STORE_TYPE" (default "postgres")
      --auth-api-key string                       Key used for authentication (it should be used only for Orchestrate internal authenetication).
                                                  Environment variable: "AUTH_API_KEY"
      --auth-jwt-certificate string               certificate of the authentication service encoded in base64.
                                                  Environment variable: "AUTH_JWT_CERTIFICATE"
      --auth-jwt-claims-namespace string          Tenant Namespace to retrieve the tenant id in the Access Token (JWT).
                                                  Environment variable: "AUTH_JWT_CLAIMS_NAMESPACE" (default "orchestrate.info")
      --db-database string                        Target Database name
                                                  Environment variable: "DB_DATABASE" (default "postgres")
      --db-host string                            Database host
                                                  Environment variable: "DB_HOST" (default "127.0.0.1")
      --db-keepalive duration                     Controls the number of seconds after which a TCP keepalive message should be sent 
                                                  Environment variable: "DB_KEEPALIVE" (default 1m0s)
      --db-password string                        Database User password
                                                  Environment variable: "DB_PASSWORD" (default "postgres")
      --db-pool-timeout duration                  Time for which client waits for free connection if all connections are busy
                                                  Environment variable: "DB_POOL_TIMEOUT" (default 30s)
      --db-poolsize int                           Maximum number of connections on database
                                                  Environment variable: "DB_POOLSIZE"
      --db-port int                               Database port
                                                  Environment variable: "DB_PORT" (default 5432)
      --db-sslmode string                         TLS/SSL mode to connect to database (one of "DB_TLS_SSLMODE")
                                                  Environment variable: ["require" "disable" "verify-ca" "verify-full"] (default "disable")
      --db-tls-ca string                          Trusted Certificate Authority
                                                  Environment variable: "DB_TLS_CA"
      --db-tls-cert string                        TLS Certificate to connect to database
                                                  Environment variable: "DB_TLS_CERT"
      --db-tls-key string                         TLS Private Key to connect to database
                                                  Environment variable: "DB_TLS_KEY"
      --db-user string                            Database User.
                                                  Environment variable: "DB_USER" (default "postgres")
  -h, --help                                      help for run
      --kafka-sasl-enabled                        Whether or not to use SASL authentication when connecting to the broker
                                                  Environment variable: "KAFKA_SASL_ENABLED"
      --kafka-sasl-handshake                      Whether or not to send the Kafka SASL handshake first if enabled (defaults to true). You should only set this to false if you're using a non-Kafka SASL proxy.
                                                  Environment variable: "KAFKA_SASL_HANDSHAKE" (default true)
      --kafka-sasl-mechanism string               SASLMechanism is the name of the enabled SASL mechanism. Possible values: OAUTHBEARER, PLAIN (defaults to PLAIN).
                                                  Environment variable: "KAFKA_SASL_MECHANISM"
      --kafka-sasl-password string                Password for SASL/PLAIN or SASL/SCRAM auth.
                                                  Environment variable: "KAFKA_SASL_PASSWORD"
      --kafka-sasl-scramauthzid string            Authz id used for SASL/SCRAM authentication
                                                  Environment variable: "KAFKA_SASL_SCRAMAUTHZID"
      --kafka-sasl-user string                    Username for SASL/PLAIN or SASL/SCRAM auth.
                                                  Environment variable: "KAFKA_SASL_USER"
      --kafka-tls-ca-cert-file string             CA cert file Path.
                                                  Environment variable: "KAFKA_TLS_CA_CERT_FILE"
      --kafka-tls-client-cert-file string         Client Cert File Path.
                                                  Environment variable: "KAFKA_TLS_CLIENT_CERT_FILE"
      --kafka-tls-client-key-file string          Client key file Path.
                                                  Environment variable: "KAFKA_TLS_CLIENT_KEY_FILE"
      --kafka-tls-enabled                         Whether or not to use TLS when connecting to the broker (defaults to false).
                                                  Environment variable: "KAFKA_TLS_ENABLED"
      --kafka-tls-insecure-skip-verify            Controls whether a client verifies the server's certificate chain and host name. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
                                                  Environment variable: "KAFKA_TLS_INSECURE_SKIP_VERIFY"
      --kafka-url strings                         URL (addresses) of Kafka server(s) to connect to.
                                                  Environment variable: "KAFKA_URL" (default [localhost:9092])
      --kafka-version string                      The version of Kafka that Sarama will assume it is running against. Defaults to the oldest supported stable version. Since Kafka provides backwards-compatibility, setting it to a version older than you have will not break anything, although it may prevent you from using the latest features. Setting it to a version greater than you are actually running may lead to random breakage.
                                                  Environment variable: "KAFKA_CONSUMER_GROUP_REBALANCE_TIMEOUT" (default "1.0.0")
      --key-manager-metrics-url string            URL of the Key Manager HTTP metrics endpoint.
                                                  Environment variable: "KEY_MANAGER_METRICS_URL" (default "http://localhost:8082")
      --key-manager-url string                    URL of the Key Manager HTTP endpoint.
                                                  Environment variable: "KEY_MANAGER_URL" (default "http://localhost:8081")
      --log-format string                         Log formatter (one of ["text" "json"]).
                                                  Environment variable: "LOG_FORMAT" (default "text")
      --log-level string                          Log level (one of ["panic" "fatal" "error" "warn" "info" "debug" "trace"]).
                                                  Environment variable: "LOG_LEVEL" (default "info")
      --log-timestamp                             Enable logging with timestamp (only TEXT format).
                                                  Environment variable: "LOG_TIMESTAMP"
      --metrics-hostname string                   Hostname to expose metrics services
                                                  Environment variable: "METRICS_HOSTNAME"
      --metrics-modules strings                   List of metrics modules exposed. Available metric modules are ["http" "tcp" "orchestrate_api" "go" "process" "healthz"], to enable all use ENABLED or to disable all DISABLED. 
                                                  Environment variable: "METRICS_MODULES" (default [ENABLED])
      --metrics-port uint                         Port to expose metrics services
                                                  Environment variable: "METRICS_PORT" (default 8082)
      --multi-tenancy-enabled                     Whether or not to use Multi Tenancy.
                                                  Environment variable: "MULTI_TENANCY_ENABLED"
      --proxy-cache-ttl duration                  Proxy Cache TTL duration (Disabled by default). Environment variable: "PROXY_CACHE_TTL"
      --proxy-max-idle-connections-per-host int   Maximum number of open HTTP connections to a chain proxied. Environment variable: "PROXY_MAXIDLECONNSPERHOST" (default 50)
      --rest-hostname string                      Hostname to expose REST services
                                                  Environment variable: "REST_HOSTNAME"
      --rest-port uint                            Port to expose REST services
                                                  Environment variable: "REST_PORT" (default 8081)
      --topic-tx-sender string                    Topic for messages between the API and the Tx-Sender.

Migration options

Usage:
  orchestrate api migrate [flags]
  orchestrate api migrate [command]

Available Commands:
  copy-db     Copy Database from version 2.5.x to version 21.1.x
  down        Reverts last migration
  init        Initialize database
  reset       Reverts all migrations
  set-version Set database version
  up          Upgrade database
  version     Print current database version

Flags:
      --db-database string         Target Database name
                                   Environment variable: "DB_DATABASE" (default "postgres")
      --db-host string             Database host
                                   Environment variable: "DB_HOST" (default "127.0.0.1")
      --db-keepalive duration      Controls the number of seconds after which a TCP keepalive message should be sent 
                                   Environment variable: "DB_KEEPALIVE" (default 1m0s)
      --db-password string         Database User password
                                   Environment variable: "DB_PASSWORD" (default "postgres")
      --db-pool-timeout duration   Time for which client waits for free connection if all connections are busy
                                   Environment variable: "DB_POOL_TIMEOUT" (default 30s)
      --db-poolsize int            Maximum number of connections on database
                                   Environment variable: "DB_POOLSIZE"
      --db-port int                Database port
                                   Environment variable: "DB_PORT" (default 5432)
      --db-sslmode string          TLS/SSL mode to connect to database (one of "DB_TLS_SSLMODE")
                                   Environment variable: ["require" "disable" "verify-ca" "verify-full"] (default "disable")
      --db-tls-ca string           Trusted Certificate Authority
                                   Environment variable: "DB_TLS_CA"
      --db-tls-cert string         TLS Certificate to connect to database
                                   Environment variable: "DB_TLS_CERT"
      --db-tls-key string          TLS Private Key to connect to database
                                   Environment variable: "DB_TLS_KEY"
      --db-user string             Database User.
                                   Environment variable: "DB_USER" (default "postgres")
  -h, --help                       help for migrate
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by Consensys at orchestrate@consensys.net