In this guide, we focus on deploying the pre-built EC2 image of Stratos 2. For information on deploying Stratos 2.0 on EC2 from scratch or on other IaaSes, see the Deployment Guide.
Starting the Stratos Demo Image
Prerequisites for step 1
|Common Prerequisites||Ensure that the common prerequisites are met.|
|EC2 Account||To follow this guide, you need an EC2 account. Create an AWS account if you do not have an account. For more information, see Sign Up for Amazon EC2. This account must be authorized to manage EC2 instances (including start and stop instances, create security groups and key pairs).|
|Stratos 2.0 EC2 image||We have created a EC2 image (AMI) for Stratos, as well as several Cartridges. The Stratos 2.0 AMI is the main AMI that you should care about. Stratos will spawn the Cartridges instances based on the preferences you set at the config time.|
|Create a security group||For more information, see Creating a security group.|
|Create a Key Pair||For more information, see Creating a Key Pair.|
|Gather the required data||For more information, see Gathering data.|
For a quick start, you can use one of the following public Elastic Compute Cloud (EC2) images.
|EC2 Image||Asia Pacific (Singapore) Region||US East - 1 (N. Virginia) Region|
WSO2 Carbon Cartridge
Creating a Security Group
Before launching the instance, you need to create the right security group. This security group defines firewall rules for your instances, which are a list of ports that are used as part of the default Stratos deployment. These rules specify which incoming network traffic is delivered to your instance. All other traffic is ignored. The ports that should be defined are listed here: Common IaaS Configurations.
To create the security group and configure it:
- On the Network and Security menu, click Security Groups.
- Click on Create Security Group.
- Enter the name and description of the security group.
- Click Yes, Create .
- Click Inbound.
Select "Custom TCP rule".
All the UDP and TCP ports can be opened by adding the following two rules. Note that the latter mentioned two rules are a demo only setting. Individual rules with the specified ports must be added for security purposes in a production environment.
Rule type Port Range All TCP 0 - 65535 All UDP 0 - 65535
Enter the port or port range.
There are two kinds of ports listed in the common configurations, which are namely open for outside access and restricted internal access. You will have to ideally enter each of the ports as separate rules.
You can set the Source to be 0.0.0.0/0
Note that setting the Source to be 0.0.0.0/0 is a demo only setting, which must be changed for security purposes in a production environment.
For details, go to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html.
Click Add Rule and then click Apply Rule Changes.
Always apply rule changes, as your rule will not get saved unless the rule changes are applied.
Repeat steps 6 to 9 to add all the ports mentioned, as each port or port range has to be added as a separate rule.
Note down the names of your security groups if you wish to enter your user data in the wizard.
Creating a Key Pair
Before launching the instance, it is recommended to create a Key Pair. Save your private key in a safe place on your computer. Note the location because you will need the Key Pair to connect to your instance.
To create a Key Pair and download it:
- On the Network and Security menu, click Key Pairs.
- Click Create New Key Pair.
- Enter a name for your Key Pair.
- Click Create. After the Key Pair automatically downloads, click Close.
The following data is required:
To get your Access Key ID and Secret Access Key:
Access key and Secret key of your EC2 account
- On the EC2 account details menu, click My Account.
- Click Security Credentials on the left-bar menu.
- Switch to the Access Keys tab.
- Create an access key for this setup.
Then note the Access Key ID and Secret Access Key.
To view the Owner ID:
- On the EC2 account details menu, click My Account .
- Your account number will appear, which is your Owner ID. Omit the hyphens when entering the Owner ID.
- On the EC2 account details menu, click My Account .
This is the zone where the virtual machines will be launched. If you set the Availability zone to "No Preference", the system will set the default value. Only Asia Pacific Singapore and US East 1 are available at this point, and therefore the potential values are:
This will be the default value, if you want to let the system choose the availability zone. Otherwise, provide us-east-1a, us-east-1b or us-east-1c.
This will be the default value, if you want to let the system choose the availability zone. Otherwise, provide ap-southeast-1a or ap-southeast-1b.
- Domain name
This is the CNAME for your Stratos domain, such as stratos2-demo.com
Step 1: Spawning the Stratos 2.0 instance
- Sign in to the Amazon Web Services (AWS) Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- Click EC2 on the home console.
- Select the either the Asia Pacific (Singapore) or US - East (North Virginia) region for the instance from the region drop down list.
In the rest of the steps, we assume that you have chosen North Virginia.
Click Launch Instance.
Select Quick Launch Wizard.If you use the Classic Wizard, your response may contain an invalid JSON while searching for AMIs. Therefore, we recommend you to retry later or switch to the Quick Launch Wizard.For more information, see https://forums.aws.amazon.com/message.jspa?messageID=445740.
Name your instance, for example Stratos2Demo.
- Select the Key Pair that you created (we recommend that you use a specific keypair for the Stratos installation).
Select More Amazon Machine Images and click on Continue.
- On the next page, specific the image ID as per the table above and click Search.
- Click on your search result and click Continue.
- Click Edit Details.
- Edit the image size.
- Select the Instance Details option.
- Change the image type to either m1.xlarge or m3.xlarge (15GB of memory).
- Select a security group.
- Select the Security Settings option.
- Click Select Existing Security Groups.
- Select the Stratos security group you have created previously.
- Add user data
- Click Advanced Details.
Enter the following parameters with your own values in the User Data text-box and do not keep spaces in between the user data text.
You can either enter a part of the parameters or skip this entire step. If you do not enter the required configurations in this step, then you will be prompted for those configurations at a later step.
To avoid having to add the user data each time a server is restarted, it is recommended to enter the user data parameters at this point.
User Data Description
The path that you will upload your EC2 key.
See Access key and Secret key of your EC2 account
See Access key and Secret key of your EC2 account
See Owner ID
See Availability zone
See Creating a Security Group
See Creating a Key Pair
This is the CNAME for your Stratos domain, such as isawso2.com
Click Save details.
Review the information and click Launch to start the EC2 instance.
This will redirect you to the instance page. It takes a short time for an instance to launch. The instance's status appears as pending while it is launching. After the instance is launched, its status changes to running.
Configuring the Stratos Instance
Prerequisites for step 2
|Upload the Key Pair file||For more information, see Uploading your Key Pair file.|
|Locate your EC2 instance hostname||For more information, see Locating your EC2 instance hostname.|
Uploading your Key Pair file
You need to upload the PEM file that you created during the image configuration (for example, StratosKeyPair.pem) to the running Stratos instance. This file will be used to securely copy files to the runtime instances (Cartridges).
Your Key Pair is also known as your private key. In the following instances, if you have navigated to the directory of the Key Pair, enter only the name of the Key Pair; otherwise, e nter the full path of the Key Pair.
Change the PEM file permissions.
By default your PEM file will be unprotected. When uploading your PEM file, if it is unprotected it will be rejected. Use the following command to secure your PEM file so that others will not have access to it:
Upload the Key Pair using the following scp command:
In the above command the private key will be uploaded to
/home/ubuntulocation on the Stratos instance.
Once the command mentioned in the example completes, the PEM will be uploaded to the
/tmplocation on the Stratos instance.
The following output will appear. Say 'yes' to connect and add the RSA fingerprint to your known hosts list.
Locating your EC2 instance hostname
To get your EC2 instance hostname:
On the Instances menu in the navigation panel, click the Instances sub-menu.
The list of instances that you own will appear.
Search and select the correct instance.
The EC2 instance hostname will appear in the second line of the bottom pane that contains descriptions on the instance.
Step 2: Configuring the Stratos Instance
Once the instance is successfully launched, you need to configure several settings that will be used by Stratos to manage and launch the virtual machines (Cartridges) available.
Login to the instance using
ubuntuas the username and the Key Pair that you downloaded when you were spawning the instance as the password.
If you have navigated to the directory of the Key Pair, enter only the name of the Key Pair in the following ssh command; otherwise, e nter the full path of the private key.
Once connected, start a root session using:
Navigate to the /opt location using:
config.shscript located in this directory, using:
The script prompts you to override data.
As we have provided user data when launching the instance you can use this option. However, you will be prompted for the values that are not found in the user data section.
This will discard the values in the User Data section and will prompt for the user data details that need to be configured according to your EC2 account. This is useful if you have mistakenly added incorrect values for fields in the User Data section. Answer to the list of questions, using the data gathered above.
Beware that you are working under a Linux system, so filename capitalization does matter (for example /tmp/StratosKeyPair.pem).
Once all questions are answered, the script will configure the various deployment scripts and Stratos will be ready to create tenants and allows them to use Cartridges.
Answer 'y' to the next question and all the servers will be started.
If you make a mistake during the confirmation, use the
clean.sh script to reset the configuration before running the
config.sh script again.
Registering a tenant and configuring Cartridges
Once the Stratos main servers have been started, you can connect to the Stratos controller (which is the “heart” of Stratos) to create a tenant. A tenant is an organization that will use the PaaS. Inside an organization, one or N Cartridges (runtimes) can be subscribed to.
The Stratos controller runs at:
>:9445 (for example, https://ec2-184-72-129-229.compute-1.amazonaws.com:9445). Once you are connected, login using the default admin user (admin/admin). This logs you in as the super tenant administrator.
- Change your default super tenant admin password.
- Create a Tenant.
- Subscribe to Cartridges. For more information, see Subscribing to a Cartridge and Connecting to another Cartridge when subscribing.
- If you wish, map a domain to the newly created Cartridge.
- Map the host name to ELB IP.