Head in the clouds
My supervisor gave me the opportunity to establish a demo webgis in "the cloud". So I worked out, what all this fuzz with cloud computing is about and initialised an Ubuntu image in the Amazon EC2 (Amazons Elastic Computing Cloud).
Installation and Basic Configuration
- Login to amazon web services: http://aws.amazon.com/ec2/
- Login to security access for accessing X509 key: http://aws.amazon.com/security-credentials
- Select AMI, launch instance EC2
- ubuntu 11.10, t1.micro, "dev-instance", your key pair
- created some rules that allow for SSH, web, FTP and a ftp passive port range/ reflected in /etc/proftpd/proftpd.conf for passive ports, if firewall issues prevent active ports, typical ftp issue
- instance home and availability zone in Singapore, test for performance between Europe and NZ
- login with user ubuntu instead of root with the private key, it’s ok, just use sudo for root commands
- http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/putty.html does work, converted to putty private key
- Apache and Tomcat6 with Geoserver
#> apt-get update
#> apt-get install apache2
#> apt-get install openjdk-7-jdk (for geoserver etc)
#> apt-get install postgresql-9.1-postgis postgis postgresql-9.1
#> useradd -m geoserver (dedicated non-root-user for geoserver instance)
#> update-alternatives --config java (because I installed openjdk7)
#> vi /etc/apache2/sites-enabled/000-default (password protection for complete site)
#> htpasswd -c /home/geoserver/includes/htpasswd sbg (http password for sbg user is that from amazon test user)
#> a2enmod proxy auth_basic authn_file proxy_http rewrite
- configured proxying and password security for webserver in /etc/apache2/sites-enabled/default
- configured tomcat security in /home/geoserver/tomcat6/conf/tomcat-users.xml (role manager-gui)
- configured tomcat for localhost only in /home/geoserver/tomcat6/conf/server.xml (address=127.0.0.1)\
- deployed geoserver.war in /home/geoserver/tomcat6/webapps
- ftp daemon proftpd
#> apt-get install proftpd-basic
- edited config file /etc/proftpd/proftpd.conf for virtual users under /vol1 and shared identity for easy file maintenance
- ftp users and passwords in /vol1/conf
#> apt-get install libapache2-mod-php5 php5-pgsql (for web php based postgre sql admin console)
- enabled php in apache2
- downloaded PhpPgAdmin, edited apache2 config again to include it
- configured includes/phppgadmin/conf/conig.inc.php for localhost
- Customised postgresql db for postgis and changed user password
#> su postgres -c psql template1
psql> ALTER USER postgres WITH PASSWORD 'TheSecr3tP@ss';
psql> CREATE DATABASE template_postgis WITH TEMPLATE = template1 ENCODING = 'UTF8';
psql> \i /usr/share/postgresql/9.1/contrib/postgis-1.5/postgis.sql
psql> \i /usr/share/postgresql/9.1/contrib/postgis-1.5/spatial_ref_sys.sql
psql> UPDATE pg_database set datistemplate = TRUE where datname = 'template_postgis';
psql> grant all on geometry_columns to public;
psql> grant all on spatial_ref_sys to PUBLIC ;
psql> create database my_geoserver_data_store with template = template_postgis;
psql> \q
#>
#> passwd -d postgres
#> su postgres -c passwd
#>
Some Sysadmin considerations
Take care, terminating a standard instance running from public AMI will be gone with all the data!!! So to be more flexible, I added a EBS volume (Elastic Block storage, independent from the AMI), formatted it and mounted it to /vol1 and made changes to the typical directory layout.
- /vol1 (supposed to be used as a mount point when on different file system, so file system is almost easily movable)
- /vol1/www (base for web stuff, also ftp entry point/root )
- /vol1/www/logs (log-dir from apache2 and ftp daemon)
- /vol1/www/htdocs (general Webserver Document Root)
- /vol1/www/includes (some additional web stuff/libraries that should not directly be accible via HTTP, like phppgadmin)
- /vol1/www/tmp (temp dir for user and apache2 stuff)
- /vol1/www/geoserver (geoserver directory)
- /vol1/conf (some config and password files, for apache2 and ftp)
- /vol1/data (data directories of postgres db moved to /vol1/data/postgresql and symlinked to /var/lib/postgresql (origin) )
- main apache2 config moved to /vol1/conf/apache2/smartsite1.conf and symlinked to /etc/apache2/sites-available/
- main proftpd config moved to /vol1/conf/proftpd/proftpd.conf and symlinked to /etc/proftpd/proftpd.conf (origin)
Pros of virtualisation
- created one snapshot each (running AMI, and /vol1 EBS volume) wrote some descriptive tags to them
- from snapshot of the root device I created an image (AMI) to start a new instance from
- from the vol1 snapshot I created a new volume, to attach to the new instance
- added some descriptive tags to the AMI and the new volume
- we now have a kind of useful base AMI and base volumes
- probably I should check the mount options, maybe the new instance does not react
- by attaching the cloned volume and reboot in the AWS webconsole (reboot works) does the system initialise properly
No comments:
Post a Comment
Note: only a member of this blog may post a comment.