Friday, September 27, 2013

Quick Start Apache Stratos from EC2 images

In this blog post I focus on deploying the pre-built EC2 image of Apache Stratos.

Note : This blog post is based on "Stratos Quick Start Guide", 

Starting the Apache Stratos demo image

Common Prerequisites

The following are the recommended prerequisites when running the Apache Stratos demo setup in a single node. Please note that for production deployment the prerequisites will vary based on the scalability requirements.

 System Requirements

Processor : 2.8GHz CPU
Memory : At least 8GB memory. However, 16GB is recommended.
Disk : 40G hard disk space

The following are the memory allocations for Amazon EC2 instance types that you may require:

m1.large = 7.5 GB
m1.xlarge =15 GB
m3.xlarge= 15 GB

Software Requirements

  • Git
  • Facter
  • Java (JDK1.6.x)
  • ZIP
  • MySQL Server
  • Gitblits

A Git repository is needed. For more information, see Configuring a Git Server

Environment Compatibility

Operating Systems : Linux (Ubuntu 12.04 64bit server or SUSE Linux Enterprise 11 SP2).

EC2 Account

To follow this blog post, you need an EC2 account. Create an AWS account, if you do not have an account. For more information, see Sign Up for Amazon EC2. This account must be authorized to manage EC2 instances (including start and stop instances, create security groups and key pairs).

Apache Stratos EC2 images

You can find Apache Stratos EC2 AMI information from Dinesh's floowing blog post

 Creating a security group

Before launching the instance, you need to create the right security group. This security group defines the firewall rules for your instances, which are a list of ports that are used as part of the default Apache Stratos deployment. These rules specify which incoming network traffic is delivered to your instance. All other traffic is ignored. For more information on which ports should be defined, see Common IaaS Configurations.

To create the security group and configure it:

  1. On the Network and Security menu, click Security Groups
  2. Click Create Security Group.
  3. Enter the name and description of the security group.
  4. Click Yes, Create.
  5. Click Inbound.

  6. Select the "Custom TCP rule" option from the Create a new rule drop-down list.

    All the UDP and TCP ports can be opened by adding the following two rules. Note that the latter mentioned two rules are a demo only setting. Individual rules with the specified ports must be added for security purposes in a production environment.

    Rule type Port Range
    All TCP 0 - 65535
    All UDP 0 - 65535
  7. Enter the port or port range
    There are two kinds of ports listed in the common configurations, which are namely open for outside access and restricted internal access. You will have to ideally enter each of the ports as separate rules.
  8. You can set the Source to be
    Note that setting the Source to be is a demo only setting, which must be changed for security purposes in a production environment. For more information, see Using Network Security.
  9. Click Add Rule and then click Apply Rule Changes.
    Always apply rule changes, as your rule will not get saved unless the rule changes are applied. Repeat steps 6 to 9 to add all the ports mentioned, as each port or port range has to be added as a separate rule.

 Creating a Key Pair

Before launching the instance, it is recommended to create a Key Pair. Save your private key in a safe place on your computer. Note the location because you will need the Key Pair to connect to your instance.

To create a Key Pair and download it:

  1. On the Network and Security menu, click Key Pairs.
  2. Click Create New Key Pair.
  3. Enter a name for your Key Pair.
  4. Click Yes, Create.
  5. Click Create. After the Key Pair automatically downloads, click Close.

 Gathering data

The following data is required:

  • Access key and Secret key of your EC2 account
    To get your Access Key ID and Secret Access Key:
    1. On the EC2 account details menu, click My Account.
    2. Click Security Credentials on the left-bar menu.
    3. Click on the Access Keys tab.
    4. Create an access key for this setup.
    5. Then note the Access Key ID and Secret Access Key.
  • Owner ID
    To view the Owner ID:
    • On the EC2 account details menu, click My Account.
    • Your account number will appear, which is your Owner ID. Omit the hyphens when entering the Owner ID.
  • Availability zone
    This is the zone where the virtual machines will be launched. If you set the Availability zone to "No Preference", the system will set the default value. Only Asia Pacific Singapore and US East 1 are available at this point, and therefore the potential values are:
    • us-east-1
      This will be the default value, if you want to let the system choose the availability zone. Otherwise, provide us-east-1a,us-east-1b or us-east-1c.
    • ap-southeast-1
      This will be the default value, if you want to let the system choose the availability zone. Otherwise, provide ap-southeast-1a or ap-southeast-1b.
  • Domain name
    This is the CNAME for your Apache Stratos domain, such as

Spawning the Apache Stratos instance

  1. Sign in to the Amazon Web Services (AWS) Management Console and open the Amazon EC2 console at
  2. Click EC2 on the home console.
  3. Select either the Asia Pacific (Singapore) or US - East (North Virginia) region for the instance from the region drop down list. In the rest of the steps, we assume that you have chosen North Virginia.
  4. Launch Instance.
  5. Select Quick Launch Wizard.
  6. Name your instance, for example ApacheStratosDemo.
  7. Select the Key Pair that you created
  8. Select More Amazon Machine Images and click Continue.
  9. On the next page, specific the image ID as per the table above and click Search
  10. Click on your search result and click Continue
  11. Click Edit Details
  12. Edit the image size.
    1. Select the Instance Details option.
    2. Change the image type to either m1.xlarge or m3.xlarge (15GB of memory).
  13. Select a security group.
    1. Select the Security Settings option.
    2. Click Select Existing Security Groups.
    3. Select the Apache Stratos security group that you created previously.
  14. Add user data.
    1. Click Advanced Details.
    2. Enter the following parameters with your own values in the User Data text-box and do not keep spaces in between the user data text.

      User Data Description
      EC2_KEY_PATH The path that you will upload your EC2 key.
      ACCESS_KEY See Access key and Secret key of your EC2 account
      SECRET_KEY See Access key and Secret key of your EC2 account
      OWNER_ID See Owner ID
      AVAILABILITY_ZONE See Availability zone
      SECURITY_GROUP See Creating a Security Group
      KEY_PAIR_NAME See Creating a Key Pair
      DOMAIN This is the CNAME for your Stratos domain



    3. You can either enter a part of the parameters or skip this entire step. If you do not enter the required configurations in this step,
    4. then you will be prompted for those configurations at a later step.
  15. Click Save details.
  16. Review the information and click Launch to start the EC2 instance.
  17. Click Close.

Configuring the Apache Stratos instance

Uploading your key pair file

You need to upload the key pair file that you created during the image configuration (for example, ApacheStratosKeyPair.pem) to the running
Apache Stratos instance. This file will be used to securely copy files to the run-time instances (Cartridges).

  1. Change the key pair file permissions.
    By default your key pair file will be unprotected.
    When uploading your key pair file, if it is unprotected it will be rejected. Use the following command to secure your key pair file so that
    others will not have access to it:

    chmod 0600 <path to the private key>
  2. Upload the key pair using the following scp command: 
    scp -i <path to the private key> <path to the private key> ubuntu@ <EC2 instance hostname>:
    In the above command the private key will be uploaded to /home/ubuntu directory on the Apache Stratos instance.
    For example:
    scp -i ApacheStratosKeyPair.pem ApacheStratosKeyPair.pem

    Once the command mentioned in the example completes, the key pair file will be uploaded to the /tmp directory on the Apache Stratos instance.
  3. The following output will appear. Say 'yes' to connect and add the RSA fingerprint to your known hosts list.
    The authenticity of host ' (' can't be established.
    RSA key fingerprint is b2:6c:c1:0e:fd:a2:05:d6:6a:4e:cc:c5:8b:ef:ce:64.
    Are you sure you want to continue connecting (yes/no)? yes

Locating your EC2 instance hostname

To get your EC2 instance hostname:.

  1. On the Instances menu in the navigation panel, click the Instances sub-menu.
    The list of instances that you own appears.
  2. Search and select the correct instance.
    The EC2 instance hostname will appear in the second line of the bottom pane that contains descriptions on the instance.

Once the instance is successfully launched, you need to configure several settings that will be used by Apache Stratos to manage and launch the virtual machines (Cartridges) available.
  1. Login to the instance using ssh with ubuntu as the username and the key pair that you downloaded when you were spawning the
    instance as the password.
    If you have navigated to the directory of the key pair, enter only the name of the key pair in the following ssh command; otherwise, enter
    the full path of the private key.
    ssh -i <private key path> ubuntu@<EC2 instance hostname>
    For example:

    ssh -i ApacheStratosKeyPair.pem

  2. Once connected, start a root session.

    sudo -i
  3. Navigate to the /opt/stratos-installer directory.

    cd /opt/stratos-installer

  4. Run the script located in this directory.


    The script prompts you to override data.

    root@ip-172-31-43-213:/opt/stratos-installer# ./
    Please confirm whether you want to be prompted, irrespective of the data
    available in user-data? [y/n]

    Enter [n]
    As we have provided user data when launching the instance you can use this option. However, you will be prompted for the
    values that are not found in the user data section.
    Enter [y]
    This will discard the values in the User Data section, and will prompt for the user data details that need to be configured
    according to your EC2 account. This is useful if you have mistakenly added incorrect values for fields in the User Data section.
    Answer to the list of questions, using the data gathered above.

    Once all questions are answered, the script will configure the various deployment scripts and Apache Stratos will be ready to
    create tenants and allows them to use Cartridges.
  5. The WSO2 MB will be started and you will be prompted to select the user:
    If you wish to change the user at this point, enter the username of the desired user, or else press "enter" to continue with the default user
    that has the username=ubuntu.

    user provided in conf/setup.conf is ubuntu. If you want to provide some other
    username please specify it at the prompt.
    If you want to continue with ubuntu just press enter to continue
  6. Answer 'y' to the next question and all the servers will be started.

    Apache Stratos setup has successfully completed
    Do you want to start the servers [y/n]?

    The following message appears:

    Servers started. Please look at /var/log/apache-stratos/stratos-setup.log file
    for server startup details
    Management Console :

Once the Apache Stratos main servers have been started, you can connect to the Apache Stratos controller (which is the "heart" of Apache Stratos) to create a tenant. A tenant is an organization that will use the PaaS. Inside an organization, one or N Cartridges (runtimes) can be subscribed to.

The Apache Stratos controller runs at: https://:9445 (for example, Once you are connected, login using the default admin user (admin/admin). This logs you in as the super tenant administrator.
  1. Change your default super tenant admin password.
  2. Create a Tenant.
  3. Subscribe to Cartridges. For more information, see Subscribing to a Cartridge and Connecting to another Cartridge when subscribing.
  4. If you wish, map a domain to the newly created Cartridge.
  5. Map the host name to Apache Stratos ELB IP.