The EDB Ark console is distributed through the Amazon AWS Marketplace in an Amazon machine instance. To install the Ark console on your Amazon instance, you will need to:
3. Use ssh to connect to the Ark host, and update the ppcd.properties configuration file. For more information, see Section 3.1.2.
5. Before launching an AMI into an Amazon VPC, you must ensure that the VPC has access to an Internet Gateway. If your VPC does not have access to an Internet Gateway, you can use the Amazon management console to create an Internet Gateway and associate it with your VPC. Please note: if you are using EC2-Classic networking, you do not need to provide an Internet Gateway.For detailed information about creating and using an Internet Gateway, see the Amazon documentation at:To create an Amazon Machine Instance (AMI) that contains a running copy of GlassFish, the Ark console, and the Ark console's backing database, connect to your Amazon AWS Marketplace Account and locate the AMI that contains the Ark console. Navigate through the introductory page for the AMI, selecting AWS service options that are appropriate to your application, and agreeing to the Terms and Conditions. When you agree to the Terms and Conditions, Amazon will process the subscription.After you subscribe, Amazon will forward an email to the address associated with your user account that includes launch instructions for the AMI. For additional information about launching software from the AWS Marketplace, please refer to the online resources for Amazon Marketplace:Please note that when configuring your security group (see Step 9 of the AWS documentation referenced above, and Step 6 of the launch process), the group must allow communication between the nodes of the cluster.
The CIDR addresses specified in the rules for SSH, HTTP, HTTPS, and 5432 can be customized to restrict access to a limited set of users. The CIDR addresses specified for port 6666 and ports 7800 through 7999 must specify a value of 0.0.0.0/0.The Custom TCP rule that opens ports 7800 through 7999 provides enough ports for 200 cluster connections; the upper limit of the port range can be extended if more than 200 clusters are required.When the launch of your instance completes, you can review the system log to confirm the status of the GlassFish application server and the backing PostgreSQL database. To review the system log, connect to the Amazon Management Console and navigate to the Instances dashboard. Highlight the instance name in the list and open the Actions drop-down menu; navigate through the Instance Settings menu, selecting Get System Log.After confirming that the services are running, you can configure the installation. Use the identity associated with the Amazon AMI and the SSH key associated with the instance on which the console will reside to SSH to the console host:ssh -i /path_to_your_private_key centos@ip_addresspath_to_your_private_key specifies the complete path to the key on your local system. This must be the same key used when launching the console instance (see Section 3).ip_address specifies the IP address of the Ark console.After connecting with SSH, assume root privileges, and use the following commands to set the console time zone.# rm /etc/localtime
# ln -s /usr/share/zoneinfo/time_zone /etc/localtime
# rm –f /etc/timezone
# ln –s /usr/share/zoneinfo/time_zone /etc/timezoneWhere time_zone specifies the time zone identifier that the console will use. To discover the available time zones for your system, you can use the command:Then, use your choice of editor to modify the ppcd.properties file.You must supply configuration information before deploying the Ark console on the console host. This information is specified in the ppcd.properties file, located in the /var/ppcd/ directory. Modify the ppcd.properties file, specifying the system-specific information detailed below.Please note that parameter names that start with the word openstack have a corresponding value that was declared during the OpenStack installation. The value specified during the OpenStack configuration must match the value specified in the ppcd.properties file for EDB Ark to function properly.Likewise, parameters that are prefaced with aws have values that correspond to values specified on the Amazon AWS management console. The value specified on the Amazon AWS Management console must match the value specified in the ppcd.properties file for EDB Ark to function properly.Use the parameters in the PPCD Console DB Backup properties section to specify backup instructions for the Ark console. By default, the backup properties are commented out; if you uncomment them, the backup service will start when the console application is deployed.# console.db.password= 0f42d1934a1a19f3d25d6288f2a3272c6143fc5dEDB Ark provides a console backup script. For console backups to function properly, the console (GlassFish) must be running as the ppcd user. Ark creates the .pgpass file in the ppcd user’s home directory (by default, /var/ppcd).By default, the console.db.backup.script parameter specifies the name and location of the script provided with EDB Ark. If you choose to provide your own backup script, use the parameter to specify the name and location. Please note that you must ensure that the script can be read and executed by the Ark user account (ppcd).Use the console.db.backup.dir parameter to specify the directory to which console backups will be written. Please note that you must create the directory specified. The Ark user account (ppcd) must have sufficient privileges to write to the specified directory. For information about recovering from a console failure, please see Section 7.On an Amazon hosted console, you can use the console.db.backup.container and console.db.backup.folder parameters to specify the name of a container (an Amazon S3 bucket) in which console backups will be stored, and a console-specific folder name. If no value is specified for console.db.backup.folder, the value will default to default.Please note: Your AWS S3 backup container name must be unique when compared to the names of all other AWS containers. Including account specific information in the container identifier may help you create a unique name; for example:Please note: backups are first created in the location specified in console.db.backup.dir before being copied to the container specified in console.db.backup.container. You must provide values for both parameters.Use the contact.email.address parameter to specify the email address included in the body of cluster status notification emails.Use the email.from.address parameter to specify the return email address specified on cluster status notification emails.Use the notification.email parameter to specify the email address to which email notifications about the status of the Ark console will be sent.The wal.archive.container parameter specifies the name of the object storage container where WAL archives (used for point-in-time recovery) are stored. You must provide a value for this property. Once this property is set, this property must not be changed.# the name of the Object Storage (swift) container used by
# Point-In-Time Recovery(this should never change after
# the initial deployment of EDB Ark).Please note: If you are using an AWS S3 bucket, your bucket name must be unique when compared to the names of all other AWS buckets. Including account specific information in the bucket identifier may help you create a unique name; for example:The api.timeout parameter specifies the number of minutes that an authorization token will be valid for use with the API.The parameters listed in the OpenStack specific properties section will not apply to those consoles that are installed on an Amazon AWS host.Use the openstack.admin.role parameter to specify the name of the OpenStack administrative role. The OpenStack role is created during the OpenStack installation; when a user that is a member of this role connects to the Ark console, the console will display the Admin and DBA tabs.Use the openstack.identity.service.endpoint parameter to specify the URL of the OpenStack Keystone Identity Service.# the URL for the API endpoint for the Identity Service
openstack.identity.service.endpoint=http://identity_service_urlUse the service.account.id parameter to specify the name of the OpenStack user account that EDB Ark will use when managing clusters. The account must be a member of and be assigned the admin role (as specified in the openstack.admin.role property) for all tenants that are allowed to run EDB Ark clusters.Use the service.account.password parameter to specify the password associated with the OpenStack service account.Use the aws.service.account.rolearn parameter to specify the Amazon RoleARN (resource name) that should be used by the Ark service user (ppcd) when performing management functions on behalf of Ark.Use the aws.service.account.externalid parameter to specify the Amazon external ID that should be used by the Ark service user (ppcd).# the external ID for the IAM role for the AWS service account
aws.service.account.externalid=iam_role_externalIdUse the aws.region parameter to specify the Amazon region in which Ark clusters will reside.Use the aws.cross.account.accesskey parameter to specify the Amazon AWS_ACCESS_KEY_ID associated with the AWS role used for account administration.Use the aws.cross.account.secretkey parameter to specify the Amazon AWS_SECRET_ACCESS_KEY associated with the AWS role used for account administration.If your console uses an Amazon AWS backing host, you can use the self.registration.enabled parameter to instruct the Ark console to enable or disable self-registration for Ark users.If self.registration.enabled is set to false, an administrative user must register each Ark console user in the Ark administrative console.If self.registration.enabled is set to true, the Ark console login dialog will display a Register button. An unregistered console user can use the Register button to access a dialog that allows them to register their own user account, and access the console. To successfully register, the user must be able to access the AWS management console to retrieve a valid Amazon Role ARN that will be associated with their identity.Use the console.dashboard.docs and console.dashboard.hot.topics parameters to specify the source of the content that will be displayed on the Dashboard tab of the Ark console:
• If your cluster resides on a network with Internet access, set the parameters to DEFAULT to display content (alerts and documentation) from EnterpriseDB.
• # these properties allow you to control the dashboard content.
# Legal values:
# DEFAULT = load the default pages from enterprisedb.com
# <unset> = don't load anything
# <url> = load alternate content at specified url
console.dashboard.hot.topics=DEFAULT3.1.3 Deploying the ConsoleAfter modifying the ppcd.properties file, assume root privileges, and use the following command to deploy the Ark console:[root@ip-10-0-83-6 ~]# /var/ppcd/postInstall.sh
Have you modified the ppcd.properties file according to your requirements?
Are you sure you want to continue? <y/N> y
Deploying EDB-ARK Application...
Application deployed with name PPCDConsole.
Command deploy executed successfully.
Done!3.1.4 Creating an Amazon RoleAfter deploying the console, you must create an Amazon role with an associated security policy that will be applied to the Ark console user. You can use the same security policy for multiple users, or create additional Amazon roles with custom security policies for additional users. Each time you register a user, you will be prompted for a Role ARN. The Role ARN determines which security policy will be applied to that user.To define an Amazon role, connect to the Amazon management console, and navigate to the Identity and Access Management dashboard (see Figure 3.2).Navigate to the Roles dashboard, and click the Create New Role button.When the Set Role Name dialog opens (shown in Figure 3.3), specify a name for the new role and click Next Step to specify a role type.On the Select Role Type dialog, select the AWS Service Roles radio button (shown in Figure 3.4), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.When the Attach Policy dialog (shown in Figure 3.5) opens, do not specify a policy; instead, click Next Step to continue to the Review dialog.When the Review dialog opens (as shown in Figure 3.6), review the information displayed, and then click Create Role to instruct the AWS management console to create the described role.The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.7). The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.After completing the Create Role wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Highlight the role name; then open the Inline Policies menu and select click here to add a new policy.When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.9).Use the fields on the Set Permissions dialog (Figure 3.10) to define the security policy:
• Provide a name for the security policy in the Policy Name field.
• After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.11).Replace the displayed content of the policy document with the content of the file available in Section 10.4, AWS User Trust Policy.EDB-PPCD-CONSOLE is a placeholder within the trust policy (see Figure 3.11). You must replace the placeholder with the External ID provided on the Step 2 tab of the Ark console New User Registration dialog.To retrieve the External ID, open another browser window and navigate to the Log In page of your Ark console. Click the Register button to open the New User Registration dialog (shown in Figure 3.12).Enter user information in the User Details box located on the Step 1 tab:
• Enter your first and last names in the First Name and Last Name fields.
• Enter a password that will be associated with the user account, and confirm the password in the Password and Verify Password fields.
• Provide an email address in the Email field; please note that the email address is used as the Login identity for the user.
• Use the drop-down listbox in the Cloud Provider field to select the host on which the cloud will reside.
• Enter the name of the company with which you are associated in the Company Name field.When you've completed Step 1, click Next to open the Step 2 tab (see Figure 3.14).The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-PPCD-CONSOLE. Please note that you must enclose the External ID in double-quotes ("). Click the Update Trust Policy button to save your edits and exit the dialog.Your Amazon IAM role ARN is displayed on the IAM Roles detail panel of the Amazon management console. Highlight a role name to display the assigned value on the Summary page (as shown in Figure 3.13).Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish to complete the registration (see Figure 3.14). Select Cancel to exit without completing the registration.After registering your user identity and connection information, you are ready to log in to the Ark console (shown in Figure 3.15).Figure 3.15 - The Login/Register dialog.Provide the email address in the Email field, and the associated password in the Password field, and click Log In to connect to the Ark management console (shown in Figure 3.16).Figure 3.16 - The Dashboard tab of the Ark management console.