You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Introduction

This document details the procedure for creating an eagle-i institutional node as a virtual server (or instance) in the Amazon Elastic Compute Cloud (or EC2). Once created, the eagle-i node will operate entirely in the cloud. However, you will retain administrative responsibility over its operation and maintenance, and in particular, you will be responsible for running upgrade scripts when new eagle-i software is released. We do not expect these tasks to be complex, though basic Unix skills are desirable. This solution is ideal for institutions that want to evaluate eagle-i or participate in the eagle-i network but do not have easy access to a data center service. Naturally, the AWS service will incur operational costs (for pricing details, consult the AWS website).

The installation procedure is simple and does not require specialized technical skills. It will allow you to get an eagle-i node up and running in a short amount of time. For a production system, you may need to involve your IT department, in a limited way. 

What this is: an automated mechanism for instantiating an eagle-i node in the Amazon Cloud
What this is not: an SaS (Software as a Service) solution

First time installation

Getting ready

This procedure can be used to create an evaluation/development or a production eagle-i node:

  • An EVALUATION/DEVELOPMENT NODE requires less configuration, but it should not be used for collecting actual data; this type of node can be created and destroyed at will.
  • PRODUCTION NODE will likely need some (limited) involvement of your IT department, but will result in a node that is ready for real world data collection. 

Note that an evaluation or development node cannot be converted to a production node. 

As a pre-prerequisite, you will need to decide which type of installation you will need, evaluation/development or production eagle-i node.

Prerequisites

You may need to involve your IT department to obtain the first 2 prerequisites for a PRODUCTION NODE.

  1. Public host name

    1. EVALUATION/DEVELOPMENT NODEmay use the amazon-generated public hostname
    2. PRODUCTION NODE will need to have a DNS record once you obtain an IP address from EC2
      • Decide on a good host name. It will determine the namespace of your Linked Open Data, and it shouldn't be changed once data exists in production.
      • Examples of existing host names: harvard.eagle-i.neteagle-i.ea.vanderbilt.edu
  2. An SSL Certificate
    1. EVALUATION/DEVELOPMENT NODE may use the self-signed certificate provided by the AMI
    2. PRODUCTION NODE needs an X509 certificate in PEM format
  3. A browser (in our experience Firefox works best; in Chrome, the scrollbars in AWS dialogues are finicky)
  4. An Amazon Web Services (AWS) account with the Amazon Elastic Compute Cloud (EC2) service enabled
    1. Sign up for AWS
    2. Sign up for the EC2 service; this will require that you provide credit card information.
  5. An SSH client for remotely logging in to the EC2 instance
    • If you're using Linux, you know what this is about already
    • In MacOSX you can simply use the Terminal application that is installed by default (look in your Applications folder, under Utilities)
    • In Windows we recommend downloading and installing PuTTY (a remote login client that can handle SSH keys) or cygwin (a full Unix toolset)

Throughout this procedure, you will be using the AWS Management Console, and in particular the EC2 Dashboard and the Cloud Formation Dashboard. You may want to familiarize yourself with the console and bookmark it: https://console.aws.amazon.com

1. Installation Procedures

  1. Allocate EC2 Resources
  2. Create an eagle-i node

2. Customize eagle-i node

Evaluation Node

For an evaluation node, there is no need to customize the installation any further. Using the public DNS as your hostname, you may now go to a browser and navigate to the eagle-i node to begin entering data, searching data, accessing the repository, etc. See verify the eagle-i node is up and running for more information on where to navigate to.

 

1. Allocate EC2 Resources

Please note that all the EC2 resources described below need to be allocated in the same availability zone

1.1 Select a US availability zone/geographic region

Amazon allocates EC2 resources (IP addresses, virtual hardware) in specific facilities that are meant to cover different geographic regions (also called availability zones). We support three zones: US East (N. Virginia), US West (Oregon) and US West (N. California).

  1. Go to your EC2 Dashboard
  2. Using the pull down list at the top right hand corner of the dashboard (next to your user name); choose that which is most appropriate to your institution's location.

1.2 Create an EC2 key pair and download your private key 

For more detailed information on creating and using a key pair with your EC2 instances, please see AWS Documentation: EC2 Key Pairs

  1. Go to your EC2 Dashboard
  2. In the left navigation bar, open the Network and Security section.
  3. Select Key Pairs
  4. Click on the Create Key Pair button. 
  5. Enter a name for your key pair (e.g. eagle-i-key) and select create.
  6. Your private key will be downloaded to your computer,  as a file with the name you specified and the .pem extension (you may be prompted by your browser to select a location). Store it in a dedicated directory to which you will come back later, e.g. /my-home/aws/keys
    Create EC2 key pairDownload and save .pem

2. Create an eagle-i node

2.1 Launch Instance of the eagle-i AMI

For more detailed information on how to launch an EC2 Instance from an AMI, please see AWS Documentation: Launching an Instance.

  1. Go to your EC2 Dashboard.
  2. Click on the Launch Instance button
  3. Select the Community AMIs tab on the left
  4. Search for 'eaglei'

  5. Select the latest eagle-i AMI

    Latest eagle-i AMI
    eaglei-4.3.0-20160605 - ami-39e81654
    Root device type: ebs Virtualization type: hvm

  6. Choose an Instance Type that is appropriate for your installation. For the available instance types as of August 2016, we recommend:

    1. EVALUATION/DEVELOPMENT NODE t2.micro

    2. PRODUCTION NODE m3.medium

  7. Click on the Review and Launch button
  8. Click on Edit Security groups
  9. Click on the Add Rule button
  10. Select HTTPS from the drop down
  11. Click on the Review and Launch button
  12. Click on the Launch button
  13. Select the key pair that was created in 1.2
  14. Click on the Launch Instance button

2.2 Wait for Instance to complete initialization

For more detailed information about the instance lifecycle, please see AWS Documentation: EC2 Instance Lifecycle.

  1. Go to the Instances view by doing either:
    1. Click on the EC2 Instance ID in the Launch Status page
    2. Go to your EC2 Dashboard and click on Running Instances
  2. Wait for the Instance State to go from Pending to Running
  3. If you are running an EVALUATION/DEVELOPMENT NODE, make note of the Public DNS  


Customize eagle-i node

Evaluation Node

For an evaluation node, there is no need to customize the installation any further. Using the public DNS as your hostname, you may now go to a browser and navigate to the eagle-i node to begin entering data, searching data, accessing the repository, etc. See verify the eagle-i node is up and running for more information on where to navigate to.

1. Prepare to customize eagle-i node

1.1 Connect to the eagle-i node

  1. Go to your EC2 Dashboard.
  2. Click on Running Instances
  3. Select the newly created EC2 Instance
  4. Click on the Connect button and follow the instructions to SSH to the node

1.2 Set required environment variables

In the SSH terminal:

  1. Set the environment variable REPO_HOME to point to the repository home directory

    • export REPO_HOME=/opt/eaglei/repo

  2. Set the environment variable SPARQLER_HOME to point to the SPARQLer home directory

    • export SPARQLER_HOME=/opt/eaglei/sparqler

  3. Verify the variables have been set correctly
    • echo ${REPO_HOME}
    • echo ${SPARQLER_HOME}

     

    Set environment variables
    [root@ip-172-31-54-208 repo]# export REPO_HOME=/opt/eaglei/repo/
[root@ip-172-31-54-208 repo]# export SPARQLER_HOME=/opt/eaglei/sparqler/
[root@ip-172-31-54-208 repo]# echo ${REPO_HOME}
/opt/eaglei/repo/
[root@ip-172-31-54-208 repo]# echo ${SPARQLER_HOME}
/opt/eaglei/sparqler/

2. Customize repository

The following assumes that you are in the SSH terminal connected to your ec2 instance.

2.1 Stop the running tomcat instance

  1. Go to the tomcat directory

    • cd /opt/apache-tomcat-7.0.39/

  2. Stop tomcat using the shutdown wrapper script

    • sudo -su tomcat bin/shutdownwrapper.sh

  3. Verify tomcat has been shutdown

    • ps aux | grep tomcat


Shutdown tomcat
[root@ip-172-31-54-208 log]# cd /opt/apache-tomcat-7.0.39/
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# sudo -su tomcat bin/shutdown.sh
Using CATALINA_BASE:   /opt/apache-tomcat-7.0.39
Using CATALINA_HOME:   /opt/apache-tomcat-7.0.39
Using CATALINA_TMPDIR: /opt/apache-tomcat-7.0.39/temp
Using JRE_HOME:        /opt/jdk1.8.0_66
Using CLASSPATH:       /opt/apache-tomcat-7.0.39/bin/bootstrap.jar:/opt/apache-tomcat-7.0.39/bin/tomcat-juli.jar
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# ps aux | grep tomcat
root      1646  0.0  0.0 103312   876 pts/0    S+   13:02   0:00 grep tomcat
 
#### The following means that tomcat is still running ####
tomcat    1674 93.2 11.4 3599164 116800 pts/0  Sl   13:08   0:03 /opt/jdk1.8.0_66/bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.39/conf/logging.properties 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xmx1536m -XX:+PrintGCDetails 
-Xloggc:/opt/apache-tomcat-7.0.39/logs/tomcat-gc.log -Djava.endorsed.dirs=/opt/apache-tomcat-7.0.39/endorsed 
-classpath /opt/apache-tomcat-7.0.39/bin/bootstrap.jar:/opt/apache-tomcat-7.0.39/bin/tomcat-juli.jar 
-Dcatalina.base=/opt/apache-tomcat-7.0.39 -Dcatalina.home=/opt/apache-tomcat-7.0.39 
-Djava.io.tmpdir=/opt/apache-tomcat-7.0.39/temp org.apache.catalina.startup.Bootstrap start

2.2 Modify configuration.properties for the repository

  1. Go to the repository home directory
    • cd ${REPO_HOME}
  2. Open configuration.properties file in a text editor of your choice
    • vim configuration.properties
  3. The following property must be be set for your eagle-i node
    • eaglei.repository.namespace
  4. The following properties should be set for proper display of the interface
    • eaglei.repository.title
    • eaglei.repository.logo

  5. Save the changes.

    Edit repository properties
    [root@ip-172-31-54-208 ~]# cd ${REPO_HOME}
[root@ip-172-31-54-208 repo]# vim configuration.properties
 
##### configuration.properties file ####
eaglei.repository.namespace = http://ec2-54-175-59-6.compute-1.amazonaws.com/i/
eaglei.repository.title = AMI Test Repository
eaglei.repository.logo = https://alaska.qa.eagle-i.net:8443/sweet/images/eaglei-medium-blue.png

2.3 Prepare the repository for customization

  1. Go to the repository home directory
    • cd ${REPO_HOME}
  2. Delete the existing derby database
    • rm -fr db/
  3. Run the prepare-install script in the etc directory.  Replace REPOADMIN and REPOADMINPW with the credentials for the repository administrator.
    • bash etc/prepare-install.sh REPOADMIN REPOADMINPW ${REPO_HOME}

  4. Modify the ownership of the derby database to be owned by the tomcat user

    • chown -R tomcat:tomcat db/

     

    Prepare repository
    [root@ip-172-31-54-208 sparqler]# cd ${REPO_HOME}
[root@ip-172-31-54-208 repo]# rm -r db/
[root@ip-172-31-54-208 repo]# bash etc/prepare-install.sh ami-admin-user ami-admin-pw ${REPO_HOME}
_RUNJAVA set to "/opt/jdk1.8.0_66/jre/bin/java"
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

---all superuser logins---
  ami-admin-user
[root@ip-172-31-54-208 repo]# chown -R tomcat:tomcat db/

2.4 Start tomcat

  1. Go to the tomcat directory

    • cd /opt/apache-tomcat-7.0.39/

  2. Start tomcat using the startup wrapper script

    • sudo -su tomcat bin/startupwrapper.sh

  3. Wait for tomcat to finish startup.

    Start tomcat
    [root@ip-172-31-54-208 opt]# cd apache-tomcat-7.0.39/
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# sudo -su tomcat bash bin/startupwrapper.sh
Waiting for Tomcat to startup ...
Tomcat startup finished in ~120 seconds

2.5 Finish the repository customization

  1. Go to the repository home directory
    • cd ${REPO_HOME}
  2. Run the finish install script in the etc directory.  Replace REPOADMIN and REPOADMINPW with the credentials for the repository administrator.
    • bash etc/finish-install.sh REPOADMIN REPOADMINPW repository-url-prefix

  3. Run the upgrade script in the etc directory. Replace REPOADMIN and REPOADMINPW with the credentials for the repository administrator.

    • bash etc/upgrade.sh REPOADMIN REPOADMINPW repository-url-prefix 
    Finish repo
    [root@ip-172-31-54-208 sparqler]# cd ${REPO_HOME}
[root@ip-172-31-54-208 repo]# bash etc/finish-install.sh ami-admin-user ami-admin-pw https://ec2-54-175-59-6.compute-1.amazonaws.com
User metadata created.
Updating data model ontology from jar, please wait...
Updated data model ontology from jar.
[root@ip-172-31-54-208 repo]# bash etc/upgrade.sh ami-admin-user ami-admin-pw https://ec2-54-175-59-6.compute-1.amazonaws.com

***** Checking and Upgrading Repository's Internal Graphs

INFO: Skipping, internal graph is already up to date: http://eagle-i.org/ont/repo/1.0/
INFO: Skipping, internal graph is already up to date: http://eagle-i.org/ont/repo/1.0/NG_Query


.....lots of output and stuff here .....
 
OK - specials all succeeded.
rm -rf /tmp/repo-upgrade-9784

2.6 Verify repository has been customized correctly

In a browser, navigate to the repository admin console and log in using the repository administrator credentials.

3. Create and configure additional system users

3.1 Create the additional system users

Additional system users are needed for several automated processes. The following users need to be created:

  1. Global user. This is an automated agent responsible for keeping the cached copy of commonly used resources up to date with the Commonly Used Resources' repository. This agent caches only the minimal information needed for the SWEET application.
    • Role: Automated Agent
    • Corresponding properties: eaglei.datatools.globals.user & eaglei.datatools.globals.password
  2. Anonymous user. This agent is responsible for retrieving published information for using the profiles integration and for the resource listings on the institution (node) home page.
    • Role:none
    • Corresponding properties: eaglei.anonymousExtended.user & eaglei.anonymousExtended.password

3.2 Add the additional system users to the properties file

In the SSH terminal:

  1. Go to the eagle-i configuration directory
    • cd /opt/eaglei/conf/
  2. Open the eagle-i-apps-credentials.properties file in the text editor of your choice.
  3. Add the credentials for the two system user mentioned above to the file
  4. Save your changes.
Finish repo
[root@ip-172-31-54-208 sparqler]# cd /opt/eaglei/conf/
[root@ip-172-31-54-208 conf]# vim eagle-i-apps-credentials.properties
 
##### eagle-i-apps-credentials.properties file ####
# GLOBAL SERVICE
eaglei.datatools.globals.user=dtgu
eaglei.datatools.globals.password=dtgp

# Catalyst service
eaglei.anonymousExtended.user=eaeu
eaglei.anonymousExtended.password=eaep

4. Customize public sparql endpoint

The following assumes that you are in the SSH terminal connected to your ec2 instance.

4.1 Stop the running tomcat instance

  1. Go to the tomcat directory

    • cd /opt/apache-tomcat-7.0.39/

  2. Stop tomcat using the shutdown wrapper script

    • sudo -su tomcat bin/shutdownwrapper.sh

  3. Verify tomcat has been shutdown

    • ps aux | grep tomcat


Shutdown tomcat
[root@ip-172-31-54-208 log]# cd /opt/apache-tomcat-7.0.39/
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# sudo -su tomcat bin/shutdown.sh
Using CATALINA_BASE:   /opt/apache-tomcat-7.0.39
Using CATALINA_HOME:   /opt/apache-tomcat-7.0.39
Using CATALINA_TMPDIR: /opt/apache-tomcat-7.0.39/temp
Using JRE_HOME:        /opt/jdk1.8.0_66
Using CLASSPATH:       /opt/apache-tomcat-7.0.39/bin/bootstrap.jar:/opt/apache-tomcat-7.0.39/bin/tomcat-juli.jar
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# ps aux | grep tomcat
root      1646  0.0  0.0 103312   876 pts/0    S+   13:02   0:00 grep tomcat
 
#### The following means that tomcat is still running ####
tomcat    1674 93.2 11.4 3599164 116800 pts/0  Sl   13:08   0:03 /opt/jdk1.8.0_66/bin/java -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.39/conf/logging.properties 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xmx1536m -XX:+PrintGCDetails 
-Xloggc:/opt/apache-tomcat-7.0.39/logs/tomcat-gc.log -Djava.endorsed.dirs=/opt/apache-tomcat-7.0.39/endorsed 
-classpath /opt/apache-tomcat-7.0.39/bin/bootstrap.jar:/opt/apache-tomcat-7.0.39/bin/tomcat-juli.jar 
-Dcatalina.base=/opt/apache-tomcat-7.0.39 -Dcatalina.home=/opt/apache-tomcat-7.0.39 
-Djava.io.tmpdir=/opt/apache-tomcat-7.0.39/temp org.apache.catalina.startup.Bootstrap start

4.2 Modify configuration.properties for the public sparql endpoint

  1. Go to the repository home directory
    • cd ${SPARQLER_HOME}
  2. Open configuration.properties file in a text editor of your choice
    • vim configuration.properties
  3. The following property must be be set for your eagle-i node
    • eaglei.repository.namespace
  4. The following properties should be set for proper display of the interface
    • eaglei.repository.title
    • eaglei.repository.logo

  5. Save the changes.

    Edit repository properties
    [root@ip-172-31-54-208 ~]# cd ${SPARQLER_HOME}
[root@ip-172-31-54-208 sparqler]# vim configuration.properties
 
##### configuration.properties file ####
eaglei.repository.namespace = http://ec2-54-175-59-6.compute-1.amazonaws.com/i/
eaglei.repository.title = AMI Test Repository
eaglei.repository.logo = https://alaska.qa.eagle-i.net:8443/sweet/images/eaglei-medium-blue.png

4.3 Prepare the public sparql repository for customization

  1. Go to the repository home directory
    • cd ${REPO_HOME}
  2. Run the prepare-install script in the etc directory.  Replace SPARQLADMINUSER and SPARQLADMINPW with the credentials for the public sparqler repository administrator.
    • bash etc/prepare-install.sh SPARQLADMINUSER SPARQLADMINPW ${REPO_HOME} sparqler-users.derby

  3. Modify the ownership of the derby database to be owned by the tomcat user

    • chown -R tomcat:tomcat db/ 

    Prepare repository
    [root@ip-172-31-54-208 sparqler]# cd ${REPO_HOME}
[root@ip-172-31-54-208 repo]# bash etc/prepare-install.sh sparqler-user sparqler-pw ${REPO_HOME} sparqler-users.derby
_RUNJAVA set to "/opt/jdk1.8.0_66/jre/bin/java"
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

---all superuser logins---
  sparqler-user
[root@ip-172-31-54-208 repo]# chown -R tomcat:tomcat db/

4.4 Update eagle-i property files with public sparqler information

  1. Go to the eagle-i configuration directory
    • cd /opt/eaglei/conf/
  2. Using the text editor of your choice, edit the eagle-i-apps.properties file
    • vim eagle-i-apps.properties
  3. Add the following two properties to the eagle-i-apps.properties file to define the source and target repository for the public sparql endpoint:
    • eaglei.sparqler.source.URL, this will be your main repository URL
    • eaglei.sparqler.target.URL, this will be the URL of your public sparql endpoint. Typically it is a concatenation of the main repository URL with 'sparqler'
  4. Save your changes.
  5. Using the text editor of your choice, edit the eagle-i-apps-credentials.properties file.
  6. Add the credentials used when running the prepare-install.sh script for the sparqler to the eagle-i-apps-credentials.properties file.
    • eaglei.sparqler.target.user
    • eaglei.sparqler.target.password

  7. Save your changes

    Update Sparqler configs
    [root@ip-172-31-54-208 sparqler]# cd /opt/eaglei/conf/
[root@ip-172-31-54-208 conf]# vim eagle-i-apps.properties
##### eagle-i-apps.properties file #####
## SPARQLER
### URL of source-repository (from which the sparqler reads public information):
eaglei.sparqler.source.URL = https://ec2-54-175-59-6.compute-1.amazonaws.com/

### URL of target (i.e., sparqler) repository:
eaglei.sparqler.target.URL = https://ec2-54-175-59-6.compute-1.amazonaws.com/sparqler/
########################################
 
[root@ip-172-31-54-208 conf]# vim eagle-i-apps-credentials.properties
##### eagle-i-apps-credentials.properties file #####
eaglei.sparqler.target.user=sparqler-user
eaglei.sparqler.target.password=sparqler-password
####################################################

4.5 Start tomcat

  1. Go to the tomcat directory

    • cd /opt/apache-tomcat-7.0.39/

  2. Start tomcat using the startup wrapper script

    • sudo -su tomcat bin/startupwrapper.sh

  3. Wait for tomcat to finish startup.

    Start tomcat
    [root@ip-172-31-54-208 opt]# cd apache-tomcat-7.0.39/
[root@ip-172-31-54-208 apache-tomcat-7.0.39]# sudo -su tomcat bash bin/startupwrapper.sh
Waiting for Tomcat to startup ...
Tomcat startup finished in ~115 seconds

4.6 Finish the public sparql repository customization

  1. Go to the repository home directory
    • cd ${REPO_HOME}
  2. Run the finish install script in the etc directory.  Replace SPARQLADMINUSER and SPARQLADMINPW with the credentials for the public sparqler repository administrator.
    • bash etc/finish-install.sh SPARQLADMINUSER SPARQLADMINPW sparqler-repository-url-prefix
    Finish repo
    [root@ip-172-31-54-208 sparqler]# cd ${REPO_HOME}
[root@ip-172-31-54-208 repo]# bash etc/finish-install.sh sparqler-user sparqler-pw https://ec2-54-175-59-6.compute-1.amazonaws.com/sparqler
User metadata created.
Updating data model ontology from jar, please wait...
Updated data model ontology from jar

4.7 Verify the public sparql endpoint has been customized correctly

In a browser, navigate to the public sparql endpoint admin console and log in using the public sparqler repository administrator credentials.

5. Update the local-node.xml file

The local-node.xml file provides information to the applications about the node. In the SSH terminal:

  1. Go to the eagle-i configuration directory
    • cd /opt/eaglei/conf/
  2. Using the text editor of your choice, edit the local-node.xml file
    • vim local-node.xml

  3. Follow the instructions in the comments to update the <node></node> section.  Specifically, update lines 14, 21, 24, 26, 29.

    local-node.xml
    <local>
        <!-- Global node information is required to access centrally curated resources -->
        <!-- This section should be used as is, unless otherwise directed -->
        <global URL="http://global.eagle-i.net">
                <institutionList>
                        <institution URI="http://purl.org/eagle-i/app-ext/#ERO_0000065_29"
                                graphURI="test29">
                                <namespace>http://global.eagle-i.net/i/</namespace>
                                <label>Centrally Curated Resources</label>
                                <logoSrc>https://www.eagle-i.net/logos/logo_global.png</logoSrc>
                        </institution>
                </institutionList>
        </global>
        <node URL="https://ec2-54-175-59-6.compute-1.amazonaws.com/"> <!-- REQUIRED: url for the node -->
                <institutionList>
                        <!-- REQUIRED: URI and graphURI for the institution/repository -->
                        <!-- NB: URI will eventually be allocated by eagle-i's global repository; -->
                        <!-- for the time being, choose a URI in your repository's instance namespace. -->
                        <!-- This URI doesn't need to be resolvable, it is simply an identifier -->
                        <!-- NB: graphURI is required but is not currently used. -->
                        <institution URI="http://unique.key.for/insitution" graphURI="inst">
                                <!-- REQUIRED: This is the namespace that the instances are in for this repository. -->
                                <!-- The namespace needs to be a well formed url -->
                                <namespace>http://ec2-54-175-59-6.compute-1.amazonaws.com/i/</namespace>
                                <!-- REQUIRED: This is the label that is used in the UI display. -->
                                <label>AMI test repository</label>
                                <!-- OPTIONAL: Logo to be displayed for institution. -->
                                <!-- If not supplied, the default is blank square. -->
                                <logoSrc>https://alaska.qa.eagle-i.net:8443/sweet/images/eaglei-medium-blue.png</logoSrc>
                        </institution>
                </institutionList>
        </node>
</local>

Verify the eagle-i node is up and running

Log in with one of the users you created and verify you can access the SWEET workbench, create a test organization and publish it, verify it appears in search after being published, etc. You may want to compare your screens with our training node: https://training.eagle-i.net/sweet and https://training.eagle-i.net/institution

Production instance only

There are additional steps that need to happen in order to make your instance production ready. For more information about elastic IP address, please see the Amazon Documentation: Elastic IP Addresses.

1. Allocate an elastic IP address

  1. Go to your EC2 Dashboard
  2. In the left navigation bar, open the Network and Security section
  3. Select Elastic IPs
  4. Click on the Allocate New Address button
  5. Accept the default in the dialogue box (create in EC2) and allocate.
    Allocate an elastic IP addressNote IP address

 

2. Associate the elastic IP to your public hostname

BEFORE PROCEEDING with a PRODUCTION NODE instance:
  • The administrator of your domain (usually someone in your IT department) will need to create a DNS record that maps to the public hostname you previously selected to the elastic IP address you just created.
  • Make sure that your public hostname resolves to the elastic IP address created above. You can use an online service to check, for example: http://www.whatsmydns.net/
  1. Go to your EC2 Dashboard
  2. In the left navigation bar, open the Network and Security section
  3. Select Elastic IPs
  4. Select the desired IP address from the list
  5. Click on the Actions button and select Associate Address
  6. Select the desired running instance for the Instance field
  7. Click on the Associate button

3. Install your SSL Certificate

The install procedure above initially configures eagle-i with a self-signed certificate; this is acceptable for an evaluation or developmentenvironment, but not for a production instance. In order to finalize the installation of a production instance, please follow the steps below.

3.1 Transfer certificate, certificate chain and private key to the EC2 instance

These files are security-sensitive. Please make sure they are transferred to you in a secure manner (e.g. a memory stick, or using the scp command) and delete them from your personal machine once they are installed. If in doubt, please ask for assistance of your IT department.

Obtain, from the person who purchased the certificate, the following files:

  • The RSA key used at certificate purchase time and its password, e.g. key.pem
  • The actual certificate returned by the certificate authority, e.g. cert.crt
  • The certificate authority's (CA) certificate chain (depending on the particular CA, some of these may need to be downloaded - refer to their documentation), e.g. ca.crt

Assuming the files are located in a directory /my-home/aws/cert on your machine, here are two methods for securely transferring the files to your EC2 instance:

  1. Using a terminal
    1. SSH to your EC2 instance and create a directory for the files to reside in, /opt/eaglei/install.

       

      skc-macbook:~ sophia$ ssh -i "aws-eaglei-ami.pem" root@ec2-52-207-177-113.compute-1.amazonaws.com
Last login: Wed Aug 10 13:19:32 2016 from 134.174.140.154
[root@ip-172-31-54-208 ~]# mkdir /opt/eaglei/install

    2. In another terminal window, go to the directory containing the certificate files

      • cd /my-home/aws/cert

    3. Do a SCP of the files to the newly created install folder on your EC2 instance (substitute your own file names and public hostname)

      •  

        scp -i "aws-eaglei-ami.pem" key.pem cert.crt ca.crt root@ec2-52-207-177-113.compute-1.amazonaws.com

       

      cd /my-home/aws/cert
scp -i "aws-eaglei-ami.pem" key.pem cert.crt ca.crt root@ec2-52-207-177-113.compute-1.amazonaws.com:/opt/eaglei/install/.
  2. Using PuTTY/PSCP
    1. Follow the instructions in the section Transferring files with PSCP at the end of the AWS/PuTTY guide

3.2. Install certificate on EC2 instance

In the SSH terminal,

  1. Go to the install directory created above
    • cd /opt/eaglei/install
  2. Install the certificates
    • sh /bin/cert-install.sh -b ca.crt -c cert.crt -k key.pem
  3. At the prompt, enter the key's password. Tomcat will restart when the cert-install.sh script is finished.

3.3 Verify certificate has been installed correctly

Using an online SSL validation service, such as http://www.geocerts.com/ssl_checker, enter your public hostname to verify that the certificate has been installed correctly

3.4 Secure cleanup

Be sure to remove the security sensitive files used for installation

[root@ip-172-31-54-208 install]# rm ca.crt cert.crt key.pem

Troubleshooting

Getting a time out error when trying to navigate to the application in a browser

Double check your security groups and make sure that inbound traffic on HTTPS is allowed.

Error when running finish-install.sh : FAILED to create metadata for user, HTTP status=302

The repository url must match exactly. Typically this happens when http is typed instead of https. 

  • No labels