Devs ~ Deploy to AWS - GeoscienceAustralia/egeodesy GitHub Wiki

Preparation

Only necessary the first time to configure your environment

# On your local box
cd geodesy-web-services-aws`
nix-shell
python   # to test if installed.  If not follow the nix instructions to install the latest
pip      # to test if installed.  If not follow the nix instructions to install the latest
cd amazonia
make
make install

Preparation if a redeploy

That is, if it already exists it needs to be deleted first

  1. In AWS go to CloudFormation
  2. Find the stack:
  3. DevGeodesy currently holds Geodesy Web Services and Geoserver
  4. ADevGeodesy currently holds OpenAM
  5. Tick it and click delete from the Action menu

Deploy Geodesy && Geoserver to AWS

  1. ./deploy-infra.sh create dev
  2. Wait for it to complete - see AWS CloudFormation - https://ap-southeast-2.console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks?filter=active
  3. Change health test - Required because the ELB Health Check will fail until the codedeploy has been run, but because the health check fails, Tomcat will be going up and down and the codedeploy will fail to complete. Classic catch-22.
  4. Go to AWS Auto Scaling Groups - https://ap-southeast-2.console.aws.amazon.com/ec2/autoscaling/home?region=ap-southeast-2#AutoScalingGroups:view=details
  5. Select DevGeodes-WebServi...
  6. Details tab > Edit
  7. Change Health Check Type from ELB to EC2
  8. ./codedeploy-WebServices/depoly.sh dev
  9. ./codedeploy-GeoServer/depoly.sh dev
  10. Change back health test
  11. As above but change Health Check Type from EC2 to ELB

Deploy OpenAM to AWS

  1. ./deploy-infra_openam.sh create adev # NOTE the different stack name
  2. ./codedeploy-OpenAM/deploy.sh adev

The last step uses the configurations in s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au/

AmAdmin password

From your terminal run this AWS command:

credstash -r ap-southeast-2 get AdevGeodesyOpenAmAdminPassword

The key was found in geodesy-web-services-aws/deploy-infra_openam.sh.

Export AWS OpenAM configuration

Do this after you've made configuration changes and want to persist them for when it is next deployed.

BE AWARE THAT THE EXISTING SCRIPTS IN s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au will be deleted and replace

ssh -A [email protected]
ssh 10.0.102.234  # privateIP as found at `ec2 > AdevGeodesy-OpenAMAsg`

cd /opt/codedeploy-agent/deployment-root/<some long dir name with hex chars>/<some short random char dir>/deployment-archive/deploy-code/scripts

# Currently its
cd /opt/codedeploy-agent/deployment-root/7c05e6f9-f361-4237-8d2d-24ef765a4a13/d-0JT6WXJ8K/deployment-archive/deploy-code/scripts

sudo su

export OPENAM_SERVER_FQDN=adevgeodesy-openam.geodesy.ga.gov.au
export OPENAM_DS_DIRMGRPASSWD=$(/usr/local/bin/credstash -r ap-southeast-2 get AdevGeodesyOpenAmDsDirMgrPassword)

chmod +x export_openam.sh
./export_openam.sh

# Configuration files should be saved to `s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au`

Copy locally

Using:

aws --profile geodesy s3 cp --recursive s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au .

Domain Names (for URLS)

  1. AWS > Route53 > Hosted Zones > geodesy.ga.gov.au.
  2. Filter by 'dev' for example
  3. Any ALIAS is valid (either key or value) but will only work if the service is up
  4. The DNS with jump in their names is what we can ssh to (see below)
  5. Currently they are:

ssh

  1. Obtain the private key from team lead (who may modify it slightly in-case it is intercepted in transit)
  2. Save as ~/.ssh/geodesy_id_rsa
  3. Find the URL from Route 53 (see above) - devgeodesy-jump.geodesy.ga.gov.au is being used below
  4. ssh-add ~/.ssh/geodesy_id_rsa
  5. ssh -A [email protected] # The -A passes the key through the jumpbox to the actual server that sits behind it so the ssh public / private mechanism works as-per normal