# Server ### Multitenancy Setup This section describes how to create new tenants (also called organizations) in the replex software. The user who can set up another organization/tenant must have a `SUPER_ADMIN` role. If you do not yet have your authentication token, you must first log in to receive the token. If you already have the token, you can jump to step 3 and use the token in the authentication header. 1. Ensure the replex API is accessible. If you have exposed the API over a public URL, then you can use that. Otherwise, access the API locally by port-forwarding the service with the following command: ``` kubectl port-forward --namespace replex svc/replex-server 3100 ``` The following steps will assume the replex API is running at `http://localhost:3100`. 1. Login with super admin credentials. Next you'll login to the API to retrieve your authentication token for further requests to the API. ``` curl --location --request POST 'http://localhost:3100/api/v1/auth/login' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "", "password": "", "tenant": "" }' ``` The output will be similar to: ```javascript { "status": true, "data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdh...." } } ``` The contents of the `data.token` field is the authentication token we need. 1. Call the 'create organization' endpoint. ``` curl --location --request POST 'http://localhost:3100/api/v1/organizations' \ --header 'Authorization: Bearer ' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "", "email": "", "tenantID": "", "admin":{ "firstName": "--", "lastName": "--", "password": "--" } }' ``` A user with the user details provided in `admin` is automatically created for the new tenant. The login details are the values in `email` and `admin.password`. NOTE: The user that creates the new tenant is not automatically a member of the new tenant, but they can login to the tenant because the software allows `SUPER_ADMIN` users to login to any tenant on an installation. The output will be similar to: ```javascript { "status": true, "data": { "id": "eafedacd-4fba-4d31-be52-69567262a372", "defaultCurrency": "USD", "billingStatus": true, "name": "New Organization", "email": "john.doe@hello.com", "tenantID": "neworganization", "active": true, "updated_at": "2020-10-20T15:54:48.100Z", "created_at": "2020-10-20T15:54:48.100Z" } } ``` The new organization/tenancy has been successfully created. Once the software detects that more than one tenant exists, it automatically adds a new 'Tenant ID' field to the login form. The value of this field is the tenant you want to log in to. The email / password combination must exist in the tenant. 1. Generate Replex token. For configuring replex agents a Replex token is needed. To generate the token we need the organization ID from the previous step to specify for which organization we want to generate a token. The ID can be found in the response under `data.id`. We'll make use of the authentication token to get the Replex token: ```bash curl --location --request GET 'http://localhost:3100/api/v1/organizations//token' \ --header 'Authorization: Bearer ' ``` The response contains a new token which can be used as the replex.token Helm parameter in the agent Helm chart. ### Replex filter query language This section describes cluster stats querying basics and provides examples. **NOTE**: Examples below require authentication token, that can be retrieved at '' An instruction can be found in the section `Multitenancy Setup` above on the step 2. Cluster stats endpoints supports different parameters depending on the type of resource. Assume that a labels range stats endpoint is queried. It requires a couple of parameters: * start: timestamp that represents the beginning of the period where to start aggregate metrics. * end: timestamp that represents the end of the period where to stop aggregating metrics. * filters: a query string in [Lucene](https://lucene.apache.org/core/2_9_4/queryparsersyntax.html) query syntax. * clusterID: the unique ID of the cluster to query stats for. Available lucene keys to filter by are: * `labels.:` - represents resource labels, where key is `LABEL_NAME` and value is `LABEL_VALUE`, e.g. `labels.app:replex-server`. * `namespace:` - represents resources namespace, e.g. `namespace:monitoring`. * `key:` - represents label name that must appear in stats, e.g. `key:app`. A basic examples of `filters` parameter to query stats: | | Parameter value | Description | | - | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 1 | `filters=labels.labelKey1:labelValue1 OR (labels.labelKey1:labelValue2 AND namespace:nsName1)` | Query resources that have labels with key `labelKey1` and value `labelValue1` or resources that are in namespace `nsName1` and have labels key `labelKey1` with value `labelValue2`. | | 2 | `filters=labels.labelKey1:labelValue1 AND namespace:nsName1` | Query resources that have labels with key `labelKey1` and value `labelValue1` and belong to namespace `nsName1`. | | 3 | `filters=namespace:nsName1 OR namespace:nsName2` | Query resources that belong to namespace `nsName1` or `nsName2`. | | 4 | `filters=namespace:nsName1 AND key:labelKey1` | Query resources that belong to namespace `nsName1` and have label keys such as `labelKey1`. | ### Environment Variables These are the environment variables used by the application: | | Variable | Required | Default | Description | | -- | ----------------------------------- | ------------------------------- | ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | | 1 | POSTGRES\_DB | Yes | | | | 2 | POSTGRES\_USER | Yes | | | | 3 | POSTGRES\_PASSWORD | Yes | | | | 4 | POSTGRES\_HOST | Yes | | Database host, or Master if using replication | | 5 | POSTGRES\_PORT | No | 5432 | | | 6 | ENV | No | development | Options: `production`, `development`, `test` | | 7 | PORT | No | 3100 | | | 8 | PUBLIC\_KEY | Yes | | Public key string (used for JWT). Prefix with `file:` if specifying a file path. | | 9 | PRIVATE\_KEY | Yes | | Private key string (used for JWT). Prefix with `file:` if specifying a file path. | | 10 | ADMIN\_FIRST\_NAME | No | | Initial Admin user credentials | | 11 | ADMIN\_LAST\_NAME | No | | | | 12 | ADMIN\_EMAIL | No | | | | 13 | ADMIN\_PASSWORD | No | | | | 14 | ORGANIZATION\_NAME | No | | Initial organization name | | 15 | SECRET | Yes | | Used for internal password recovery token en-/decryption | | 16 | CODE\_ACTIVE\_MINUTES | No | 15 | Token lifetime in minutes | | 17 | EMAIL\_MODE | No | enable | Options: `enable`, `disable` | | 18 | SMTP\_HOST | If `EMAIL_MODE` is enable | | | | 19 | SMTP\_PORT | If `EMAIL_MODE` is enable | | | | 20 | SMTP\_USER | If `EMAIL_MODE` is enable | | | | 21 | SMTP\_PASS | If `EMAIL_MODE` is enable | | | | 22 | SMTP\_SECURE | If `EMAIL_MODE` is enable | | | | 23 | HOST\_URL | No (required for on-prem) | | Server host url. | | 24 | PRICING\_API\_MODE | No | enable | Options: `enable`, `disable` | | 25 | PRICING\_API\_KEY | If `PRICING_API_MODE` is enable | | | | 26 | PRICING\_API\_HOST | If `PRICING_API_MODE` is enable | | | | 27 | MAX\_POOL\_SIZE | No | 20 | Max database connection pool size | | 28 | LOG\_LEVEL | No | 6 | Higher value represents higher verbosity (correspond to `syslog` levels - ) | | 29 | INGRESS\_NAME | No | | Ingress to be configured with new host information for organization | | 30 | INGRESS\_HOST\_SUFFIX | No | `replex.io` | Suffix appended to organization tenant ID to form Ingress host | | 31 | STRIPE\_API\_KEY | No | | Stripe API key. Used for Servicebot self checkout | | 32 | STRIPE\_WEBHOOK\_SECRET | No | | Stripe webhook secret. Used for verifying stripe webhook requests. | | 33 | SERVICEBOT\_PORTAL\_ID | No | | Servicebot Billing Page ID of the Customer Portal. | | 34 | SERVICEBOT\_CHECKOUT\_ID | No | | Servicebot Checkout Page ID. | | 35 | STRIPE\_PRODUCT\_ID | No | | Stripe Product ID. | | 36 | SAML\_DECRYPTION\_PRIVATE\_KEY | No | | SAML SP Private Key to decrypt SAMLResponses. Prefix with `file:` if specifying a file path. | | 37 | SAML\_DECRYPTION\_PUBLIC\_CERT | No | | SAML SP Public certificate to decrypt SAMLResponses. Prefix with `file:` if specifying a file path. | | 38 | SAML\_SIGNING\_PRIVATE\_KEY | No | | SAML SP Private Key to sign SAMLRequests. Prefix with `file:` if specifying a file path. | | 39 | SAML\_SIGNING\_PUBLIC\_CERT | No | | SAML SP Public Certificate to sign SAMLRequests. Prefix with `file:` if specifying a file path. | | 40 | METRICS\_RETENTION\_THRESHOLD\_DAYS | No | 7 | Represents the period when the raw metrics are saved in the db and could be accessed in short time range stats queries | | 41 | CLOUDCOST\_TAG\_KEY\_NAMESPACE | No | CLOUDCOST\_TAG\_KEY\_NAMESPACE | Tag key representing namespaces in cloud billing data. | | 42 | DB\_READ\_HOSTS | NO | | Comma-separated list of read replica IP addresses, e.g. 1.1.1.1,8.8.9.9,192.168.5.255 |