This guide focuses on deploying a pre-built EC2 image of WSO2 Private PaaS 4.0.0. For information on configuring Private PaaS from scratch or on other IaaSs, see the Installation Guide.
...
| Prerequisite | Description |
|---|---|
| EC2 Accountaccount | To follow this guide, you need an EC2 account. Create an AWS account if you do not have an account. For more information, see Sign Up for Amazon EC2. This account must be authorized to manage EC2 instances (including start and stop instances, create security groups and key pairs). |
| Private PaaS 4.0.0 EC2 image | We have created an EC2 image (AMI) for Private PaaS, as well as several Cartridges. The Private PaaS 4.0.0 AMI is the main AMI that you should care about. Private PaaS will spawn the Cartridges instances based on the preferences you set at the config time. |
| Create a security group | For more information, see Creating a security group. |
| Create a Key Pairkey pair | For more information, see Creating a key pair. |
| Gather the required data | For more information, see Gathering data. |
...
| EC2 Image | Asia Pacific (Singapore) Region |
|---|---|
| Private PaaS | ami-4e062c1c |
| Base image | ami-e6bd9eb4 |
| Anchor | ||||
|---|---|---|---|---|
|
Before launching the instance, you need to create the right security group. This security group defines firewall rules for your instances, which are a list of ports that are used as part of the default Private PaaS deployment. These rules specify which incoming network traffic is delivered to your instance. All other traffic is ignored. For more information on the ports that should be defined, see Required Ports /wiki/spaces/SM100/pages/14222781.
To create the security group and configure it:
- On the Network and Security menu, click Security Groups.
- Click Create Security Group.
- Enter the name and description of the security group.
Click Yes.
Add a rule by following the steps below. Note that the following steps need to be repeated to add another rule.
Click Add Rule which is under the Inbound tab section.
Select the rule type.
Info You can open all the UDP and TCP ports by adding the following two rules. The latter mentioned two rules are only demo settings. You must add Individual rules with the specified ports for security purposes in a production environment.
Rule type Port range All TCP 0 - 65535 All UDP 0 - 65535 Enter the port or port range.
The Required Ports /wiki/spaces/SM100/pages/14222781 section lists two kinds of ports, which are ports opened for outside access and ports restricted for internal access. You will have to ideally enter each of the ports as separate rules.You can set the source to be 0.0.0.0/0.
Info Note that setting the source to be 0.0.0.0/0 is a demo only setting, that must be changed for security purposes in a production environment.
For more information, see Amazon EC2 Security Groups.
- Click Create.
...
- Sign in to the Amazon Web Services (AWS) Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- Click EC2 on the home console.
- Select the
Asia Pacific (Singapore)region for the instance from the region drop down list.
- Carry out all steps to gather the prerequisite for step 1.
Navigate to the EC2 Dashboard.
- Click Launch Instance and then click Community AMIs.
- Search for ami-4e062c1c and click Select.
Select the instance type you want. The recommended instance type is
General purposem1.xlarge.
Click Next: Configure Instance Details. This will redirect you to configure Instance Details. You do not need to add or select any instance detail configurations.
Click Next: Add Storage. You do not need to add or select any storage configurations.
Click Next: Tag Instance.
Enter preferred key-value pair to tag your instance. For more information, see Using Tags.
Click Next: Configure Security Group.
Select the Select an existing security group option and select the security group that you created.
- Click Review and Launch.
After reviewing in instance click Review and Launch.
Enter the key pair when prompted.
Select the I acknowledge that I have access to the selected private key file (xxx.pem), and that without this file, I won't be able to log into my instance checkbox.
Click Launch Instances.
| Info |
|---|
After you successfully configured the EC2 instance, it will redirect you to the page including the instances. It takes a short time for an instance to launch. The status of the instance will appear as pending while it is launching. After the instance is launched, the status will change to |
...
Change your Key Pair (private key) file permissions. By default your private key file, which has a PEM file extension, will be unprotected. If your private key is unprotected it will be rejected. Use the following command to secure your PEM file so that others will not have access to it:
Info If you have navigated to the directory of the Key Pair, enter only the name of the Key Pair; otherwise, enter the full path of the Key Pair.
chmod0600<path to theprivatekey>Log in to the created instance using the private key. Use
ubuntuas the username.ssh -i <KEYPAIR-FILENAME>.pem ubuntu@<PUBLIC-IP>For example:
ssh -i kim.pem ubuntu@54.255.101.249
The public IP can be located from the instance details as follows:
If you are accessing this machine for the first time, a message similar to the following will appear. Enter 'yes' to connect and add the RSA fingerprint to your known hosts list.
Code Block The authenticity of host '54.255.101.249 (54.255.101.249)' can't be established. RSA key fingerprint is 33:99:3b:ct:a8:83:3d:c5:46:w6:fe:a5:cd:83:78:c6. Are you sure you want to continue connecting (yes/no)?
Navigate to the /
home/ubuntu/private-paas/directory and execute the following commands usingrootuser permissions. Theboot.shscript is used to automate the WSO2 Private PaaS configuration and installation process.sudo bash
./boot.shEnter the following details regarding EC2 and cartridges as required, when prompted. For more information on these EC2 information required by the installation script, see Gathering data section.
...