-
Notifications
You must be signed in to change notification settings - Fork 100
Deploy Lightwave on AWS
-
Upload PhotonOS-EBS backed AMI image to your AWS EC2
-
Launch a PhotonOS instance
Go to your EC2 web console, click 'AMIs' and browse to your PhotonOS AMI, right click to choose launch instance from where we will set up lightwave domain with first domain controller, i.e. 'lightwave-dc01' and subsequent domain replica, i.e. 'lightwave-dc02' etc. The 't2.small' should be sufficient to run lightwave domain controller.
- Set firewall rules for your instance
Go to 'instances' and find the Photon instance we just launched in step 2. Right-click to show 'connect'. You will need set up ssh key the first time you establish ssh connection to your instance running in AWS. Subsequently you can choose to use an existing key when launching VM. A typical ssh command to connect to AWS instance is
ssh -i "wfu-lightwave.pem" [email protected]
Once logged in, run the following command to open all needed protocols/ports.
echo "iptables -I INPUT -p tcp --dport 22 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p udp --dport 53 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 53 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p udp --dport 88 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 88 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 389 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 443 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 636 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 2012 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 2014 -j ACCEPT" >> /etc/systemd/scripts/iptables
echo "iptables -I INPUT -p tcp --dport 2020 -j ACCEPT" >> /etc/systemd/scripts/iptables
This can also be done through AWS web console by configuring 'security groups' such as
Security Groups associated with i-04a9fe9b2b97c5173
Ports Protocol Source launch-wizard-69
80 tcp 0.0.0.0/0 ✔
2012 tcp 0.0.0.0/0 ✔
2015 tcp 0.0.0.0/0 ✔
2020 tcp 0.0.0.0/0 ✔
2014 tcp 0.0.0.0/0 ✔
53 udp 0.0.0.0/0 ✔
389 tcp 0.0.0.0/0 ✔
443 tcp 0.0.0.0/0 ✔
88 tcp 0.0.0.0/0 ✔
22 tcp 0.0.0.0/0 ✔
636 tcp 0.0.0.0/0 ✔
53 tcp 0.0.0.0/0 ✔
88 udp 0.0.0.0/0 ✔
- Set hostname for your lightwave instance
Find out the 'gcloud' command, for instance
gcloud compute --project "lightwave-fu" ssh --zone "us-west1-a" "lightwave-dc01"
From your client machine, connect to your VM instance - 'lightwavev-dc01', update your hosts file to append
10.138.0.6 lw-dc01.lightwave.local lw-dc01
You should be able to retrieve your host IpAddr with 'ifconfig' on eth0.
Next, click on the VM instance launched in step 3 and click 'edit' and browse to "Custom metadata" and add two properties:
- "hostname" = FQDN of your host, for instance, "lw-dc01.photon.local'
- "startup-script" = "#!/bin/bashhostname $(curl --silent "http://metadata.google.internal/computeMetadata/v1/instance/attributes/hostname" -H "Metadata-Flavor: Google")"
Note: "startup-script" allows you to preserve your host name during instance reboot.
- Configure the host to use the first lightwave as its DNS
Open '/etc/resolve.conf' and add "nameserver 1st_lightwave_instance_ip" for instance "nameserver 10.138.0.6" at the top line. Note: the first lightwave instance will also need this entry to point to itself in order for lightwave DNS work correctly.
Make sure you run
systemctl restart systemd-networkd; systemctl restart systems-resolved
to allow network/hostname configuration take effect on your VM instance.
- Install lightwave
Connect to your VM instance, and run 'sudo su' to be root.
sudo su
tdnf makecache
tdnf install -y commons-daemon-1.0.15-8.ph1 openjre-1.8.0.112 apache-tomcat-8.5.8 (Require a specific version of 3rd dependency will be fixed in future lightwave server release)
tdnf install -y vmware-lightwave-server-1.2.0
-
Promote your first lightwave domain controller
- /opt/vmware/bin/configure-lightwave-server --domain --password
-
Deploy 2nd lightwave instance joining to lightwave domain
Repeat Step 3, 4, 5 and 6 where we install and configure another instance.
-
Promote your second lightwave domain controller
- /opt/vmware/bin/configure-lightwave-server --domain --password --server <1st_lightwave_server_fqdn>
You can choose to bring up more lightwave domain controllers in the same lightwave domain by repeating step 8 and 9 above.