Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide focuses on deploying a pre-built EC2 image of WSO2 Private PaaS 4.0.0. For information on configuring Private PaaS from scratch or on other IaaSs, see the Installation Guide.

...

PrerequisiteDescription
EC2 AccountaccountTo follow this guide, you need an EC2 account. Create an AWS account if you do not have an account. For more information, see Sign Up for Amazon EC2. This account must be authorized to manage EC2 instances (including start and stop instances, create security groups and key pairs).
Private PaaS 4.0.0 EC2 imageWe have created an EC2 image (AMI) for Private PaaS, as well as several Cartridges. The Private PaaS 4.0.0 AMI is the main AMI that you should care about. Private PaaS will spawn the Cartridges instances based on the preferences you set at the config time.
Create a security groupFor more information, see Creating a security group.
Create a Key Pairkey pairFor more information, see Creating a key pair.
Gather the required dataFor more information, see Gathering data.

...

EC2 ImageAsia Pacific (Singapore) Region
Private PaaSami-8c96b5de4e062c1c
Base imageami-e6bd9eb4

 

Anchor
Creating a Security Group
Creating a Security Group
Creating a Security Group

Before launching the instance, you need to create the right security group. This security group defines firewall rules for your instances, which are a list of ports that are used as part of the default Private PaaS deployment. These rules specify which incoming network traffic is delivered to your instance. All other traffic is ignored. For more information on the ports that should be defined, see see Required Ports.

To create the security group and configure it:

  1. On the Network and Security menu, click Security Groups.
  2. Click Create Security Group.
  3. Enter the name and description of the security group.
  4. Click Yes.

  5. Add a rule by following the steps below. Note that the following steps need to be repeated to add another rule.

    1. Click Add Rule which is under the Inbound tab section.

    2. Select the rule type.

      Info

      You can open all the UDP and TCP ports by adding the following two rules. The latter mentioned two rules are only demo settings. You must add Individual rules with the specified ports for security purposes in a production environment.

      Rule typePort range
      All TCP0 - 65535
      All UDP0 - 65535
    3. Enter the port or port range.
      The Required Ports /wiki/spaces/SM100/pages/14222781 section lists two kinds of ports, which are ports opened for outside access and ports restricted for internal access. You will have to ideally enter each of the ports as separate rules.  

    4. You can set the source to be 0.0.0.0/0.

      Info

      Note that setting the source to be 0.0.0.0/0 is a demo only setting, that must be changed for security purposes in a production environment.

      For more information, see Amazon EC2 Security Groups

  6. Click Create.

...

  1. Sign in to the Amazon Web Services (AWS) Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. Click EC2 on the home console.
  3. Select the Asia Pacific (Singapore) region for the instance from the region drop down list.
  4. Carry out all steps to gather the prerequisite for step 1.
  5. Navigate to the EC2 Dashboard.

    EC2 Dashboard 

  6. Click Launch Instance and then click Community AMIs.
  7. Search for ami-8c96b5de and 4e062c1c and click Select.
  8. Select the instance type you want. The recommended instance type is General purpose  m1.xlarge.
     

  9. Click Next: Configure Instance Details. This will redirect you to configure Instance Details. You do not need to add or select any instance detail configurations.
     

  10. Click Next: Add Storage. You do not need to add or select any storage configurations.

  11. Click Next: Tag Instance

  12. Enter preferred key-value pair to tag your instance. For more information, see Using Tags.

  13. Click Next: Configure Security Group.

  14. Select the Select an existing security group option and select the security group that you created.

  15. Click Review and Launch. 
  16. After reviewing in instance click Review and Launch

  17. Enter the key pair when prompted. 

  18. Select the I acknowledge that I have access to the selected private key file (xxx.pem), and that without this file, I won't be able to log into my instance checkbox.

  19. Click Launch Instances.

Info

After you successfully configured the EC2 instance, it will redirect you to the page including the instances. It takes a short time for an instance to launch. The status of the instance will appear as pending while it is launching. After the instance is launched, the status will change to running.

...

  1. Change your Key Pair (private key) file permissions. By default your private key file, which has a PEM file extension, will be unprotected. If your private key is unprotected it will be rejected. Use the following command to secure your PEM file so that others will not have access to it: 

    Info

    If you have navigated to the directory of the Key Pair, enter only the name of the Key Pair; otherwise, enter the full path of the Key Pair.

    chmod 0600 <path to the private key>

  2. Log in to the created instance using the private key. Use ubuntu as the username.
    ssh -i <KEYPAIR-FILENAME>.pem ubuntu@<PUBLIC-IP>

    For example:

    ssh -i kim.pem ubuntu@54.255.101.249

    The public IP can be located from the instance details as follows:

  3. If you are accessing this machine for the first time, a message similar to the following will appear. Enter 'yes' to connect and add the RSA fingerprint to your known hosts list.

    Code Block
    The authenticity of host '54.255.101.249 (54.255.101.249)' can't be established.
    RSA key fingerprint is 33:99:3b:ct:a8:83:3d:c5:46:w6:fe:a5:cd:83:78:c6.
    Are you sure you want to continue connecting (yes/no)?
  4. Navigate to the /home/ubuntu/private-paas/ directory and execute the following commands using root user permissions. The boot.sh script is used to automate the WSO2 Private PaaS configuration and installation process. 

    sudo bash 
    ./boot.sh

  5. Enter the following details regarding EC2 and cartridges as required, when prompted. For more information on these EC2 information required by the installation script, see Gathering data section.

...