Table of Contents Previous Next


3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS

3.
Use ssh to connect to the Ark host, and update the ppcd.properties configuration file. For more information, see Section 3.1.2.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\7e869bde\Screen Shot 2017-01-11 at 11.57.58 AM.png
The Custom TCP rule that opens ports 7800 through 7999 provides enough ports for 200 cluster connections; the upper limit of the port range can be extended if more than 200 clusters are required.
ssh -i /path_to_your_private_key centos@ip_address
path_to_your_private_key specifies the complete path to the key on your local system. This must be the same key used when launching the console instance (see Section 3).
ip_address specifies the IP address of the Ark console.
After connecting with SSH, assume root privileges, and use the following commands to set the console time zone.
# rm /etc/localtime
# ln -s /usr/share/zoneinfo/
time_zone /etc/localtime
# rm –f /etc/timezone
# ln –s /usr/share/zoneinfo/
time_zone /etc/timezone
Where time_zone specifies the time zone identifier that the console will use. To discover the available time zones for your system, you can use the command:
You must supply configuration information before deploying the Ark console on the console host. This information is specified in the ppcd.properties file, located in the /var/ppcd/ directory. Modify the ppcd.properties file, specifying the system-specific information detailed below.
Please note that parameter names that start with the word openstack have a corresponding value that was declared during the OpenStack installation. The value specified during the OpenStack configuration must match the value specified in the ppcd.properties file for EDB Ark to function properly.
Likewise, parameters that are prefaced with aws have values that correspond to values specified on the Amazon AWS management console. The value specified on the Amazon AWS Management console must match the value specified in the ppcd.properties file for EDB Ark to function properly.
Use the parameters in the PPCD Console DB Backup properties section to specify backup instructions for the Ark console. By default, the backup properties are commented out; if you uncomment them, the backup service will start when the console application is deployed.
# console.db.password= 0f42d1934a1a19f3d25d6288f2a3272c6143fc5d
EDB Ark provides a console backup script. For console backups to function properly, the console (GlassFish) must be running as the ppcd user. Ark creates the .pgpass file in the ppcd user’s home directory (by default, /var/ppcd).
By default, the console.db.backup.script parameter specifies the name and location of the script provided with EDB Ark. If you choose to provide your own backup script, use the parameter to specify the name and location. Please note that you must ensure that the script can be read and executed by the Ark user account (ppcd).
Use the console.db.backup.dir parameter to specify the directory to which console backups will be written. Please note that you must create the directory specified. The Ark user account (ppcd) must have sufficient privileges to write to the specified directory. For information about recovering from a console failure, please see Section 7.
On an Amazon hosted console, you can use the console.db.backup.container and console.db.backup.folder parameters to specify the name of a container (an Amazon S3 bucket) in which console backups will be stored, and a console-specific folder name. If no value is specified for console.db.backup.folder, the value will default to default.

# Unique name for the console backup folder that identifies this
Please note: Your AWS S3 backup container name must be unique when compared to the names of all other AWS containers. Including account specific information in the container identifier may help you create a unique name; for example:
Please note: backups are first created in the location specified in console.db.backup.dir before being copied to the container specified in console.db.backup.container. You must provide values for both parameters.
Use the contact.email.address parameter to specify the email address included in the body of cluster status notification emails.
Use the email.from.address parameter to specify the return email address specified on cluster status notification emails.
Use the notification.email parameter to specify the email address to which email notifications about the status of the Ark console will be sent.
The wal.archive.container parameter specifies the name of the object storage container where WAL archives (used for point-in-time recovery) are stored. You must provide a value for this property. Once this property is set, this property must not be changed.
Please note: If you are using an AWS S3 bucket, your bucket name must be unique when compared to the names of all other AWS buckets. Including account specific information in the bucket identifier may help you create a unique name; for example:
The api.timeout parameter specifies the number of minutes that an authorization token will be valid for use with the API.
The parameters listed in the OpenStack specific properties section will not apply to those consoles that are installed on an Amazon AWS host.
Use the openstack.admin.role parameter to specify the name of the OpenStack administrative role. The OpenStack role is created during the OpenStack installation; when a user that is a member of this role connects to the Ark console, the console will display the Admin and DBA tabs.
Use the openstack.identity.service.endpoint parameter to specify the URL of the OpenStack Keystone Identity Service.
Use the service.account.id parameter to specify the name of the OpenStack user account that EDB Ark will use when managing clusters. The account must be a member of and be assigned the admin role (as specified in the openstack.admin.role property) for all tenants that are allowed to run EDB Ark clusters.
Use the service.account.password parameter to specify the password associated with the OpenStack service account.
Use the aws.service.account.rolearn parameter to specify the Amazon RoleARN (resource name) that should be used by the Ark service user (ppcd) when performing management functions on behalf of Ark.
Use the aws.service.account.externalid parameter to specify the Amazon external ID that should be used by the Ark service user (ppcd).
Use the aws.region parameter to specify the Amazon region in which Ark clusters will reside.
Use the aws.cross.account.accesskey parameter to specify the Amazon AWS_ACCESS_KEY_ID associated with the AWS role used for account administration.
Use the aws.cross.account.secretkey parameter to specify the Amazon AWS_SECRET_ACCESS_KEY associated with the AWS role used for account administration.
If your console uses an Amazon AWS backing host, you can use the self.registration.enabled parameter to instruct the Ark console to enable or disable self-registration for Ark users.
If self.registration.enabled is set to true, the Ark console login dialog will display a Register button. An unregistered console user can use the Register button to access a dialog that allows them to register their own user account, and access the console. To successfully register, the user must be able to access the AWS management console to retrieve a valid Amazon Role ARN that will be associated with their identity.
Use the console.dashboard.docs and console.dashboard.hot.topics parameters to specify the source of the content that will be displayed on the Dashboard tab of the Ark console:
If your cluster resides on a network with Internet access, set the parameters to DEFAULT to display content (alerts and documentation) from EnterpriseDB.
After modifying the ppcd.properties file, assume root privileges, and use the following command to deploy the Ark console:
[root@ip-10-0-83-6 ~]# /var/ppcd/postInstall.sh
Have you modified the ppcd.properties file according to your requirements?
Are you sure you want to continue? <y/N> y
Deploying EDB-ARK Application...
Application deployed with name PPCDConsole.
Command deploy executed successfully.
Done!
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\69bef57d\Screen Shot 2017-01-05 at 4.19.11 PM.png
Navigate to the Roles dashboard, and click the Create New Role button.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4c8e106\Screen Shot 2017-01-05 at 4.20.06 PM.png
When the Set Role Name dialog opens (shown in Figure 3.3), specify a name for the new role and click Next Step to specify a role type.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e93d7cf7\Screen Shot 2017-01-05 at 4.21.31 PM.png
On the Select Role Type dialog, select the AWS Service Roles radio button (shown in Figure 3.4), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9377ce9\Screen Shot 2017-01-05 at 4.22.29 PM.png
When the Attach Policy dialog (shown in Figure 3.5) opens, do not specify a policy; instead, click Next Step to continue to the Review dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4c2e1b8\Screen Shot 2017-01-05 at 4.23.04 PM.png
When the Review dialog opens (as shown in Figure 3.6), review the information displayed, and then click Create Role to instruct the AWS management console to create the described role.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a6c0e7b6\Screen Shot 2017-01-05 at 4.24.00 PM.png
The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.7). The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.
After completing the Create Role wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Highlight the role name; then open the Inline Policies menu and select click here to add a new policy.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9be7df3\Screen Shot 2017-01-05 at 4.25.34 PM.png
When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.9).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4cae180\Screen Shot 2017-01-05 at 4.25.59 PM.png
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e93f7c50\Screen Shot 2017-01-05 at 4.28.20 PM.png
Use the fields on the Set Permissions dialog (Figure 3.10) to define the security policy:
Copy the security policy text into the Policy Document field. The security policy required by Ark is available in Section 10.3, AWS User Security Policy.
After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.11).
C:\Users\susan\Desktop\2.21.png
Replace the displayed content of the policy document with the content of the file available in Section 10.4, AWS User Trust Policy.
EDB-PPCD-CONSOLE is a placeholder within the trust policy (see Figure 3.11). You must replace the placeholder with the External ID provided on the Step 2 tab of the Ark console New User Registration dialog.
To retrieve the External ID, open another browser window and navigate to the Log In page of your Ark console. Click the Register button to open the New User Registration dialog (shown in Figure 3.12).
Screen shot 2014-05-21 at 5
Enter user information in the User Details box located on the Step 1 tab:
Enter your first and last names in the First Name and Last Name fields.
Provide an email address in the Email field; please note that the email address is used as the Login identity for the user.
Use the drop-down listbox in the Cloud Provider field to select the host on which the cloud will reside.
When you've completed Step 1, click Next to open the Step 2 tab (see Figure 3.14).
The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-PPCD-CONSOLE. Please note that you must enclose the External ID in double-quotes ("). Click the Update Trust Policy button to save your edits and exit the dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\7f17d3a8\Screen Shot 2017-01-11 at 1.36.26 AM.png
Your Amazon IAM role ARN is displayed on the IAM Roles detail panel of the Amazon management console. Highlight a role name to display the assigned value on the Summary page (as shown in Figure 3.13).
Screen shot 2014-07-22 at 3
Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish to complete the registration (see Figure 3.14). Select Cancel to exit without completing the registration.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\7ab1d4e9\Screen Shot 2017-01-12 at 10.19.20 AM.png
Figure 3.15 - The Login/Register dialog.
Provide the email address in the Email field, and the associated password in the Password field, and click Log In to connect to the Ark management console (shown in Figure 3.16).
C:\Users\susan\Desktop\dashboard.png
Figure 3.16 - The Dashboard tab of the Ark management console.

3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS

Table of Contents Previous Next