# Server ### Multitenancy Setup This section describes how to create new tenants (also called organizations) in the replex software. The user who can set up another organization/tenant must have a `SUPER_ADMIN` role. If you do not yet have your authentication token, you must first log in to receive the token. If you already have the token, you can jump to step 3 and use the token in the authentication header. 1. Ensure the replex API is accessible. If you have exposed the API over a public URL, then you can use that. Otherwise, access the API locally by port-forwarding the service with the following command: ``` kubectl port-forward --namespace replex svc/replex-server 3100 ``` The following steps will assume the replex API is running at `http://localhost:3100`. 1. Login with super admin credentials. Next you'll login to the API to retrieve your authentication token for further requests to the API. ``` curl --location --request POST 'http://localhost:3100/api/v1/auth/login' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "", "password": "", "tenant": "" }' ``` The output will be similar to: ```javascript { "status": true, "data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdh...." } } ``` The contents of the `data.token` field is the authentication token we need. 1. Call the 'create organization' endpoint. ``` curl --location --request POST 'http://localhost:3100/api/v1/organizations' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "", "email": "", "tenantID": "", "admin":{ "firstName": "--", "lastName": "--", "password": "--" } }' ``` A user with the user details provided in `admin` is automatically created for the new tenant. The login details are the values in `email` and `admin.password`. NOTE: The user that creates the new tenant is not automatically a member of the new tenant, but they can login to the tenant because the software allows `SUPER_ADMIN` users to login to any tenant on an installation. The output will be similar to: ```javascript { "status": true, "data": { "id": "eafedacd-4fba-4d31-be52-69567262a372", "defaultCurrency": "USD", "billingStatus": true, "name": "New Organization", "email": "john.doe@hello.com", "tenantID": "neworganization", "active": true, "updated_at": "2020-10-20T15:54:48.100Z", "created_at": "2020-10-20T15:54:48.100Z" } } ``` The new organization/tenancy has been successfully created. Once the software detects that more than one tenant exists, it automatically adds a new 'Tenant ID' field to the login form. The value of this field is the tenant you want to log in to. The email / password combination must exist in the tenant. 1. Generate Replex token. For configuring replex agents a Replex token is needed. To generate the token we need the organization ID from the previous step to specify for which organization we want to generate a token. The ID can be found in the response under `data.id`. We'll make use of the authentication token to get the Replex token: ```bash curl --location --request GET 'http://localhost:3100/api/v1/organizations//token' \ --header 'Authorization: Bearer ' ``` The response contains a new token which can be used as the replex.token Helm parameter in the agent Helm chart. ### Replex filter query language This section describes cluster stats querying basics and provides examples. **NOTE**: Examples below require authentication token, that can be retrieved at '' An instruction can be found in the section `Multitenancy Setup` above on the step 2. Cluster stats endpoints supports different parameters depending on the type of resource. Assume that a labels range stats endpoint is queried. It requires a couple of parameters: * start: timestamp that represents the beginning of the period where to start aggregate metrics. * end: timestamp that represents the end of the period where to stop aggregating metrics. * filters: a query string in [Lucene](https://lucene.apache.org/core/2_9_4/queryparsersyntax.html) query syntax. * clusterID: the unique ID of the cluster to query stats for. Available lucene keys to filter by are: * `labels.:` - represents resource labels, where key is `LABEL_NAME` and value is `LABEL_VALUE`, e.g. `labels.app:replex-server`. * `namespace:` - represents resources namespace, e.g. `namespace:monitoring`. * `key:` - represents label name that must appear in stats, e.g. `key:app`. A basic examples of `filters` parameter to query stats: | | Parameter value | Description | | - | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 1 | `filters=labels.labelKey1:labelValue1 OR (labels.labelKey1:labelValue2 AND namespace:nsName1)` | Query resources that have labels with key `labelKey1` and value `labelValue1` or resources that are in namespace `nsName1` and have labels key `labelKey1` with value `labelValue2`. | | 2 | `filters=labels.labelKey1:labelValue1 AND namespace:nsName1` | Query resources that have labels with key `labelKey1` and value `labelValue1` and belong to namespace `nsName1`. | | 3 | `filters=namespace:nsName1 OR namespace:nsName2` | Query resources that belong to namespace `nsName1` or `nsName2`. | | 4 | `filters=namespace:nsName1 AND key:labelKey1` | Query resources that belong to namespace `nsName1` and have label keys such as `labelKey1`. | ### Environment Variables These are the environment variables used by the application: | | Variable | Required | Default | Description | | -- | ----------------------------------- | ------------------------------- | ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | | 1 | POSTGRES\_DB | Yes | | | | 2 | POSTGRES\_USER | Yes | | | | 3 | POSTGRES\_PASSWORD | Yes | | | | 4 | POSTGRES\_HOST | Yes | | Database host, or Master if using replication | | 5 | POSTGRES\_PORT | No | 5432 | | | 6 | ENV | No | development | Options: `production`, `development`, `test` | | 7 | PORT | No | 3100 | | | 8 | PUBLIC\_KEY | Yes | | Public key string (used for JWT). Prefix with `file:` if specifying a file path. | | 9 | PRIVATE\_KEY | Yes | | Private key string (used for JWT). Prefix with `file:` if specifying a file path. | | 10 | ADMIN\_FIRST\_NAME | No | | Initial Admin user credentials | | 11 | ADMIN\_LAST\_NAME | No | | | | 12 | ADMIN\_EMAIL | No | | | | 13 | ADMIN\_PASSWORD | No | | | | 14 | ORGANIZATION\_NAME | No | | Initial organization name | | 15 | SECRET | Yes | | Used for internal password recovery token en-/decryption | | 16 | CODE\_ACTIVE\_MINUTES | No | 15 | Token lifetime in minutes | | 17 | EMAIL\_MODE | No | enable | Options: `enable`, `disable` | | 18 | SMTP\_HOST | If `EMAIL_MODE` is enable | | | | 19 | SMTP\_PORT | If `EMAIL_MODE` is enable | | | | 20 | SMTP\_USER | If `EMAIL_MODE` is enable | | | | 21 | SMTP\_PASS | If `EMAIL_MODE` is enable | | | | 22 | SMTP\_SECURE | If `EMAIL_MODE` is enable | | | | 23 | HOST\_URL | No (required for on-prem) | | Server host url. | | 24 | PRICING\_API\_MODE | No | enable | Options: `enable`, `disable` | | 25 | PRICING\_API\_KEY | If `PRICING_API_MODE` is enable | | | | 26 | PRICING\_API\_HOST | If `PRICING_API_MODE` is enable | | | | 27 | MAX\_POOL\_SIZE | No | 20 | Max database connection pool size | | 28 | LOG\_LEVEL | No | 6 | Higher value represents higher verbosity (correspond to `syslog` levels - ) | | 29 | INGRESS\_NAME | No | | Ingress to be configured with new host information for organization | | 30 | INGRESS\_HOST\_SUFFIX | No | `replex.io` | Suffix appended to organization tenant ID to form Ingress host | | 31 | STRIPE\_API\_KEY | No | | Stripe API key. Used for Servicebot self checkout | | 32 | STRIPE\_WEBHOOK\_SECRET | No | | Stripe webhook secret. Used for verifying stripe webhook requests. | | 33 | SERVICEBOT\_PORTAL\_ID | No | | Servicebot Billing Page ID of the Customer Portal. | | 34 | SERVICEBOT\_CHECKOUT\_ID | No | | Servicebot Checkout Page ID. | | 35 | STRIPE\_PRODUCT\_ID | No | | Stripe Product ID. | | 36 | SAML\_DECRYPTION\_PRIVATE\_KEY | No | | SAML SP Private Key to decrypt SAMLResponses. Prefix with `file:` if specifying a file path. | | 37 | SAML\_DECRYPTION\_PUBLIC\_CERT | No | | SAML SP Public certificate to decrypt SAMLResponses. Prefix with `file:` if specifying a file path. | | 38 | SAML\_SIGNING\_PRIVATE\_KEY | No | | SAML SP Private Key to sign SAMLRequests. Prefix with `file:` if specifying a file path. | | 39 | SAML\_SIGNING\_PUBLIC\_CERT | No | | SAML SP Public Certificate to sign SAMLRequests. Prefix with `file:` if specifying a file path. | | 40 | METRICS\_RETENTION\_THRESHOLD\_DAYS | No | 7 | Represents the period when the raw metrics are saved in the db and could be accessed in short time range stats queries | | 41 | CLOUDCOST\_TAG\_KEY\_NAMESPACE | No | CLOUDCOST\_TAG\_KEY\_NAMESPACE | Tag key representing namespaces in cloud billing data. | | 42 | DB\_READ\_HOSTS | NO | | Comma-separated list of read replica IP addresses, e.g. 1.1.1.1,8.8.9.9,192.168.5.255 | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.replex.io/concepts/server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.