Using the public Stratos 2.0 setup on Amazon EC2
We provide a pre-configured EC2 image that is publicly accessible through the EC2. Please see the Quick Start Guide for more information on how to use the pre-configured image to run Stratos 2.0.
If you are using the public Stratos 2.0 setup on Amazon EC2, you will not need to setup a Puppet Master and Puppet Agent, and also you will not need to carryout the steps mentioned under the Setting up Stratos2, as a Puppet Master and Puppet Agent is pre-configured with the Stratos 2 Amazon EC2 setup.
Installing Stratos2 in Amazon EC2 using the Puppet based deployment methodology
We provide a Puppet based deployment mechanism to deploy Stratos 2 using Amazon EC2. Puppet is an IT automation software that helps system administrators to manage infrastructure throughout its life cycle. For more information on Puppet go to https://puppetlabs.com/. You need to access the EC2 environment, by creating an Amazon AWS account for EC2 IaaS.
Make sure that the mentioned prerequisites are available for the demo deployment (for more information see Prerequisites) and also that the common configurations are configured (for more information see Common IaaS Configurations).
The users can follow the steps given below to install Stratos2 in Amazon EC2 using this Puppet based deployment methodology:
Setting up Puppet master (with nginx and mongrel)
Install Puppet master packages ( puppetmaster 2.7 , mongrel, nginx)
apt-get install puppetmaster mongrel nginx
The following commands are used to stop
puppetmasterandnginx/etc/init.d/puppetmaster stop /etc/init.d/nginx stop
Apply the following ch anges to the respective configuration files.
/etc/default/puppetmasterDAEMON_OPTS="--ssl_client_header=HTTP_X_SSL_SUBJECT" SERVERTYPE=mongrel PUPPETMASTERS=5 PORT=18140
/etc/pupet/puppet.conf
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=/etc/puppet/templates/ modulepath=/etc/puppet/modules/ report=false [stratos2] modulepath=/mnt/puppet/stratos2/modules/ templatedir=/mnt/puppet/stratos2/templates/ manifest=/mnt/puppet/stratos2/manifests/site.pp manifestdir=/mnt/puppet/stratos2/manifests/ report=false [master] node_name = facter
/etc/puppet/autosign.conf
*.wso2.com
/etc/puppet/auth.conf
path ~ ^/catalog/([^/]+)$ method find allow $1 allow star.s2.wso2.com path ~ ^/node/([^/]+)$ method find allow $1 path /certificate_revocation_list/ca method find allow * path /report method save allow * path /file allow * path /file_metadata auth any method find allow * path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * path / environment stratos2 allow * path / auth any
/etc/puppet/fileserver.conf
[files] path /etc/puppet/ allow * [plugins] allow * [stratos2] path /mnt/puppet/stratos2/ allow *
Configurations for Nginx is as follows:
/etc/nginx/nginx.conf
user www-data; worker_processes 5; error_log /var/log/nginx/error-puppet.log; pid /var/run/nginx.pid; events { worker_connections 1024; } http { default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 120; tcp_nodelay on; upstream puppetmaster { server 127.0.0.1:18140; server 127.0.0.1:18141; server 127.0.0.1:18142; server 127.0.0.1:18143; server 127.0.0.1:18144; } server { listen 8140; ssl on; ssl_certificate /var/lib/puppet/ssl/certs/s2demo.s2.wso2.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/s2demo.s2.wso2.com.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_session_cache shared:SSL:8m; ssl_session_timeout 5m; ssl_verify_client optional; rewrite_log on; client_max_body_size 50m; root /var/empty; access_log /var/log/nginx/access.log; location / { proxy_pass http://puppetmaster; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify $ssl_client_verify; proxy_set_header X-SSL-Subject $ssl_client_s_dn; proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_read_timeout 120; } } }Set the server host name to
s2demo.s2.wso2.comand add the host entry to/etc/hostsaccordingly.
If you want to change the domain name make sure to change the nginx ssl settings.
hostname s2demo.s2.wso2.com hostname > /etc/hostname
Start the Puppet master.
/etc/init.d/puppetmaster start /etc/init.d/nginx start
Setting up Puppet agent
Install packages.
$apt-get install puppet
Generate the keys in the server (Puppet master)
$puppet cert --generate star.s2.wso2.com
Copy the generated key in
/var/lib/puppet/ssl/private_keys/star.s2.wso2.com.pemto clients (Puppet agent)/var/lib/puppet/ssl/private_keys/Copy the generated key in
/var/lib/puppet/ssl/ca/signed/star.s2.wso2.com.pemto clients/var/lib/puppet/ssl/certs/Change the
/etc/puppet/puppet.confas follows:[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates server=s2demo.s2.wso2.com waitforcert=60 report=false [master] environment=stratos2 modulepath=/etc/puppet/$environment/modules templatedir=/etc/puppet/$environment/templates manifest=/etc/puppet/$environment/manifests/site.pp manifestdir=/etc/puppet/$environment/manifests/ [agent] environment=stratos2 certname = star.s2.wso2.com node_name = facter node_name_fact = fqdn
Setting up Stratos2
Create a folder path for Stratos2 Puppet manifests.
$ mkdir -p /mnt/puppet/stratos2
- Extract the Puppet master files (
manifests,modules,templates) to/mnt/puppet/stratos2 Change the hosts template file in
/mnt/puppet/stratos2/templates/hosts.erb