Thursday, 5 April 2012

Head in the clouds

Head in the clouds


My supervisor gave me the opportunity to establish a demo webgis in "the cloud". So I worked out, what all this fuzz with cloud computing is about and initialised an Ubuntu image in the Amazon EC2 (Amazons Elastic Computing Cloud).

Installation and Basic Configuration

  • Login to amazon web services: http://aws.amazon.com/ec2/ 
  • Login to security access for accessing X509 key: http://aws.amazon.com/security-credentials
  • Select AMI, launch instance EC2
  • ubuntu 11.10, t1.micro, "dev-instance", your key pair
  • created some rules that allow for SSH, web, FTP and a ftp passive port range/ reflected in /etc/proftpd/proftpd.conf for passive ports, if firewall issues prevent active ports, typical ftp issue
  • instance home and availability zone in Singapore, test for performance between Europe and NZ
  • login with user ubuntu instead of root with the private key, it’s ok, just use sudo for root commands
  • http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/putty.html does work, converted to putty private key

Software
  • Apache and Tomcat6 with Geoserver
#> apt-get update
#> apt-get install apache2 
#> apt-get install openjdk-7-jdk (for geoserver etc)
#> apt-get install postgresql-9.1-postgis postgis postgresql-9.1
#> useradd -m geoserver (dedicated non-root-user for geoserver instance)
#> update-alternatives --config java (because I installed  openjdk7)
#> vi /etc/apache2/sites-enabled/000-default (password protection for complete site)
#> htpasswd -c /home/geoserver/includes/htpasswd sbg (http password for sbg user is that from amazon test user)
#> a2enmod proxy auth_basic authn_file proxy_http rewrite
  • configured proxying and password security for webserver in /etc/apache2/sites-enabled/default
  • configured tomcat security in /home/geoserver/tomcat6/conf/tomcat-users.xml (role manager-gui)
  • configured tomcat for localhost only in /home/geoserver/tomcat6/conf/server.xml (address=127.0.0.1)\
  • deployed geoserver.war in /home/geoserver/tomcat6/webapps
  • ftp daemon proftpd
#> apt-get install proftpd-basic
  • edited config file /etc/proftpd/proftpd.conf for virtual users under /vol1 and shared identity for easy file maintenance
  • ftp users and passwords in /vol1/conf
#> apt-get install libapache2-mod-php5 php5-pgsql  (for web php based postgre sql admin console)
  • enabled php in apache2
  • downloaded PhpPgAdmin, edited apache2 config again to include it
  • configured includes/phppgadmin/conf/conig.inc.php for localhost
  • Customised postgresql db for postgis and changed user password
#> su postgres -c psql template1
psql>  ALTER USER postgres WITH PASSWORD 'TheSecr3tP@ss';
psql>  CREATE DATABASE template_postgis WITH TEMPLATE = template1 ENCODING = 'UTF8';
psql>  \i /usr/share/postgresql/9.1/contrib/postgis-1.5/postgis.sql
psql>  \i /usr/share/postgresql/9.1/contrib/postgis-1.5/spatial_ref_sys.sql
psql>  UPDATE pg_database set datistemplate = TRUE where datname = 'template_postgis';
psql>  grant all on geometry_columns to public;
psql>  grant all on spatial_ref_sys to PUBLIC ;
psql>  create database my_geoserver_data_store with template = template_postgis;
psql>  \q
#>
#> passwd -d postgres
#> su postgres -c passwd
#> 

Some Sysadmin considerations

Take care, terminating a standard instance running from public AMI will be gone with all the data!!! So to be more flexible, I added a EBS volume (Elastic Block storage, independent from the AMI), formatted it and mounted it to /vol1 and made changes to the typical directory layout.
  • /vol1   (supposed to be used as a mount point when on different file system, so file system is almost easily movable)
  • /vol1/www  (base for web stuff, also ftp entry point/root )
  • /vol1/www/logs  (log-dir from apache2 and ftp daemon)
  • /vol1/www/htdocs (general Webserver Document Root)
  • /vol1/www/includes (some additional web stuff/libraries that should not directly be accible via HTTP, like phppgadmin)
  • /vol1/www/tmp (temp dir for user and apache2 stuff)
  • /vol1/www/geoserver (geoserver directory)
  • /vol1/conf (some config  and password files, for apache2 and ftp)
  • /vol1/data (data directories of postgres db moved to /vol1/data/postgresql and symlinked to /var/lib/postgresql (origin) )
  • main apache2 config moved to /vol1/conf/apache2/smartsite1.conf and symlinked to /etc/apache2/sites-available/
  • main proftpd config moved to /vol1/conf/proftpd/proftpd.conf and symlinked to /etc/proftpd/proftpd.conf (origin)
Pros of virtualisation

To be safe I created snapahots and registered the AMI as a private one, because config options under /etc and the installed programs are already available.
  • created one snapshot each (running AMI, and /vol1 EBS volume) wrote some descriptive tags to them
  • from snapshot of the root device I created an image (AMI) to start a new instance from
  • from the vol1 snapshot I created a new volume, to attach to the new instance
  • added some descriptive tags to the AMI and the new volume
  • we now have a kind of useful base AMI and base volumes
  • probably I should check the mount options, maybe the new instance does not react
  • by attaching the cloned volume and reboot in the AWS webconsole (reboot works)  does the system initialise properly
Cheers

No comments:

Post a Comment

Note: only a member of this blog may post a comment.