Devs ~ Deploy to AWS - GeoscienceAustralia/egeodesy GitHub Wiki
Preparation
Only necessary the first time to configure your environment
# On your local box
cd geodesy-web-services-aws`
nix-shell
python # to test if installed. If not follow the nix instructions to install the latest
pip # to test if installed. If not follow the nix instructions to install the latest
cd amazonia
make
make install
Preparation if a redeploy
That is, if it already exists it needs to be deleted first
- In AWS go to CloudFormation
- Find the stack:
DevGeodesy
currently holds Geodesy Web Services and GeoserverADevGeodesy
currently holds OpenAM- Tick it and click
delete
from the Action menu
Deploy Geodesy && Geoserver to AWS
./deploy-infra.sh create dev
- Wait for it to complete - see AWS CloudFormation - https://ap-southeast-2.console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks?filter=active
- Change health test - Required because the ELB Health Check will fail until the
codedeploy
has been run, but because the health check fails, Tomcat will be going up and down and thecodedeploy
will fail to complete. Classic catch-22. - Go to AWS Auto Scaling Groups - https://ap-southeast-2.console.aws.amazon.com/ec2/autoscaling/home?region=ap-southeast-2#AutoScalingGroups:view=details
- Select
DevGeodes-WebServi...
Details
tab >Edit
- Change
Health Check Type
fromELB
toEC2
./codedeploy-WebServices/depoly.sh dev
./codedeploy-GeoServer/depoly.sh dev
- Change back health test
- As above but change
Health Check Type
fromEC2
toELB
Deploy OpenAM to AWS
./deploy-infra_openam.sh create adev # NOTE the different stack name
./codedeploy-OpenAM/deploy.sh adev
The last step uses the configurations in s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au/
AmAdmin password
From your terminal run this AWS command:
credstash -r ap-southeast-2 get AdevGeodesyOpenAmAdminPassword
The key was found in geodesy-web-services-aws/deploy-infra_openam.sh
.
Export AWS OpenAM configuration
Do this after you've made configuration changes and want to persist them for when it is next deployed.
BE AWARE THAT THE EXISTING SCRIPTS IN s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au
will be deleted and replace
ssh -A [email protected]
ssh 10.0.102.234 # privateIP as found at `ec2 > AdevGeodesy-OpenAMAsg`
cd /opt/codedeploy-agent/deployment-root/<some long dir name with hex chars>/<some short random char dir>/deployment-archive/deploy-code/scripts
# Currently its
cd /opt/codedeploy-agent/deployment-root/7c05e6f9-f361-4237-8d2d-24ef765a4a13/d-0JT6WXJ8K/deployment-archive/deploy-code/scripts
sudo su
export OPENAM_SERVER_FQDN=adevgeodesy-openam.geodesy.ga.gov.au
export OPENAM_DS_DIRMGRPASSWD=$(/usr/local/bin/credstash -r ap-southeast-2 get AdevGeodesyOpenAmDsDirMgrPassword)
chmod +x export_openam.sh
./export_openam.sh
# Configuration files should be saved to `s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au`
Copy locally
Using:
aws --profile geodesy s3 cp --recursive s3://geodesy-openam/exports/adevgeodesy-openam.geodesy.ga.gov.au .
Domain Names (for URLS)
- AWS > Route53 > Hosted Zones >
geodesy.ga.gov.au.
- Filter by 'dev' for example
- Any ALIAS is valid (either key or value) but will only work if the service is up
- The DNS with
jump
in their names is what we can ssh to (see below) - Currently they are:
- http://adevgeodesy-openam.geodesy.ga.gov.au - OpenAM server (http://adevgeodesy-openam.geodesy.ga.gov.au/openam)
adevgeodesy-jump.geodesy.ga.gov.au
- OpenAM server ssh- http://devgeodesy-geoserver.geodesy.ga.gov.au - Geoserver server (:8080 I think)
- http://devgeodesy-webservices.geodesy.ga.gov.au - Geodesy RESTful services
devgeodesy-jump.geodesy.ga.gov.a
u - ssh for Geodesy RESTful services and Geoserver- http://dev.gnss-site-manager.geodesy.ga.gov.au - the Client (running on S3)
ssh
- Obtain the private key from team lead (who may modify it slightly in-case it is intercepted in transit)
- Save as
~/.ssh/geodesy_id_rsa
- Find the URL from Route 53 (see above) -
devgeodesy-jump.geodesy.ga.gov.au
is being used below ssh-add ~/.ssh/geodesy_id_rsa
ssh -A [email protected]
# The -A passes the key through the jumpbox to the actual server that sits behind it so the ssh public / private mechanism works as-per normal