...
Code Block |
---|
/work/platform/PlatformIAMCreds>hostname fremont /work/platform/PlatformIAMCreds>ls -la ndeflaux@fremont:/work/platform/PlatformIAMCreds> ls -la total 6456 drwxrwx--- 2 ndeflaux FHCRC\platform 4096 2011-03-0405 1315:2932 . drwxrdrwxrwxr-xr-x 47 platform FHCRC\platform 4096 2011-03-0305 2015:1132 .. -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 126 2011-03-04 12:35 brian.holt_creds.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 126 2011-03-04 12:35 bruce.hoff_creds.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 129 2011-03-04 12:35 david.burdick_creds.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 125 2011-03-04 12:35 john.hill_creds.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 127 2011-03-04 12:35 mike.kellen_creds.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 130 2011-03-04 12:35 nicole.deflaux_creds.txt -rw-r----- 1 ndeflaux FHCRC\domain^usersplatform 236 2011-03-04 12:35 passwords.txt -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 332 2011-03-04 12:35 platform_cred.txt -rw-r----- 1 ndeflaux FHCRC\domain^usersplatform 1697 2011-03-04 12:35 PlatformKeyPairEast.pem -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 1693 2011-03-04 12:35 PlatformKeyPair.pem -r--r----- 1 ndeflaux FHCRC\domain^usersplatform 134 2011-03-04 12:35 repository.service_creds.txt -rwxrr--r--x--- 1 ndeflaux FHCRC\domain^usersplatform 231120 2011-03-04 12:37 setAwsRdsJdbcConnectionString.sh -rwxr-x--- 1 ndeflaux FHCRC\domain^users 244 2011-03-04 12:38 setupIamClient.sh -r--r----- 1 ndeflaux FHCRC\domain^users 120 2011-03-04 12:35 35 test_creds.txt |
First time accessing the console
...
and where to find the IAM tools
Use your IAM credentials (which can be found in fremont:/
...
work/
...
platform/PlatformIAMCreds
...
) to create a password for yourself using the IAM tools. You can install the IAM tools on your machine http://docs.amazonwebservices.com/IAM/latest/GettingStartedGuide/index.html?GetTools.html
...
How To
Figure out if AWS is broken
AWS occasionally has issues. or use them on fremont.
Code Block |
---|
ssh you@fremont
cd /work/platform
export AWS_IAM_HOME=/work/platform/bin/IAMCli-1.1.0
export AWS_CREDENTIAL_FILE=/work/platform/PlatformIAMCreds/YourFirstname.YourLastname_cred.txt
export PATH=$PATH:$AWS_IAM_HOME/bin
iam-useraddloginprofile -u YourFirstname.YourLastname -p aDecentPassword
|
How To
Figure out if AWS is broken
AWS occasionally has issues. To figure out whether the problem you are currently experiencing is their fault or not:
...
We are storing our access policies here: http://sagebionetworks.jira.com/source/browse/PLFM/trunk/configuration/awsIamPolicies
See the IAM documentation for more details about how to do this but its basically:
Code Block |
---|
iam-groupcreate -g ReadOnlyUnrestrictedDataUsers
iam-groupuploadpolicy -g ReadOnlyUnrestrictedDataUsers -p ReadOnlyUnrestrictedDataPolicy -f ~/platform/trunk/configuration/awsIamPolicies/ReadOnlyUnrestrictedDataPolicy.txt
iam-groupadduser -u test -g ReadOnlyUnrestrictedDataUsers
iam-grouplistusers -g ReadOnlyUnrestrictedDataUsers
|
Create a new user and add them to IAM groups
Note that this is for adding Sage employees to groups by hand. The repository service will take care of adding Web Client and R Client users to the right IAM group(s) after they sign a EULA for a dataset.
See the IAM documentation for more details about how to do this but its basically:
Code Block |
---|
iam-usercreate -u bruce.hoff -g Admins -k -v > bruce.hoff_creds.txt
|
Then give the user their credentials file.
Per Brian, he recommends that we store them in our server home directory on beltown/fremont so that they are backed up. If you have the Sage root password, you can get your credential file from the backup location:
Code Block |
---|
~>ssh ndeflaux@fremont ls -la /home/ndeflaux/PlatformIAMCreds
total 40
drwxrwxr-x 2 ndeflaux FHCRC\domain^users 4096 2011-02-16 16:31 .
drwxr-xr-x 30 ndeflaux FHCRC\domain^users 4096 2011-02-16 17:16 ..
-r-------- 1 ndeflaux FHCRC\domain^users 126 2011-02-16 16:31 brian.holt_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 126 2011-02-16 16:31 bruce.hoff_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 129 2011-02-16 16:31 david.burdick_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 125 2011-02-16 16:31 john.hill_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 127 2011-02-16 16:31 mike.kellen_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 130 2011-02-16 16:31 nicole.deflaux_creds.txt
-r-------- 1 ndeflaux FHCRC\domain^users 332 2011-02-16 16:31 platform_cred.txt
-r-------- 1 ndeflaux FHCRC\domain^users 120 2011-02-16 16:31 test_creds.txt
|
...
: http://sagebionetworks.jira.com/source/browse/PLFM/trunk/configuration/awsIamPolicies
See the IAM documentation for more details about how to do this but its basically:
Code Block |
---|
ssh you@fremont
cd /work/platform
export AWS_IAM_HOME=/work/platform/bin/IAMCli-1.1.0
export AWS_CREDENTIAL_FILE=/work/platform/PlatformIAMCreds/YourFirstname.YourLastname_cred.txt
export PATH=$PATH:$AWS_IAM_HOME/bin
iam-groupcreate -g ReadOnlyUnrestrictedDataUsers
iam-groupuploadpolicy -g ReadOnlyUnrestrictedDataUsers -p ReadOnlyUnrestrictedDataPolicy -f /work/platform/awsIamPolicies/ReadOnlyUnrestrictedDataPolicy.txt
iam-groupadduser -u test -g ReadOnlyUnrestrictedDataUsers
iam-grouplistusers -g ReadOnlyUnrestrictedDataUsers
|
Create a new user and add them to IAM groups
Note that this is for adding Sage employees to groups by hand. The repository service will take care of adding Web Client and R Client users to the right IAM group(s) after they sign a EULA for a dataset.
See the IAM documentation for more details about how to do this but its basically:
Code Block |
---|
ssh you@fremont
cd /work/platform
export AWS_IAM_HOME=/work/platform/bin/IAMCli-1.1.0
export AWS_CREDENTIAL_FILE=/work/platform/PlatformIAMCreds/YourFirstname.YourLastname_cred.txt
export PATH=$PATH:$AWS_IAM_HOME/bin
iam-usercreate -u bruce.hoff -g Admins -k -v > PlatformIAMCreds/bruce.hoff_creds.txt
|
Then give the user their credentials file.
How to connect to RDS
Use the MySQL client. You can install it locally on your machine (do this by installing a local MySQL database too.) Or you can use it on fremong.
The firewall currently only allows you to connect from a server inside the Fred Hutch network. If you are working from home, ssh to fremont and then do this. You can find the database password in fremont:/work/platform/PlatformIAMCreds/passwords.txt
This is the super user so be careful!
...
- I created a key pair in US West and was confused when I couldn't get beanstalk to use that key pair.
- Beanstalk is only in US East so you have to make and use a key pair from US East
- Get the key pair PlatformKeyPairEast from Nicolefremont
- I could not ssh to my box even though I had the right key pair and the hostname.
- I needed to edit the default firewall setttings to open up port 22
- My serlvet didn't work right away and I wanted to look at stuff on disk.
- The servlet WAR is expanded under
/var/lib/tomcat6/webapps/ROOT/
- If you want to save time (and a beanstalk deployment) you can overwrite that WAR with a new WAR if you want.
- The log files are here:
Code Block /var/log /var/log/tomcat6/monitor_catalina.log.lck /var/log/tomcat6/tail_catalina.log /var/log/tomcat6/tail_catalina.log.lck /var/log/tomcat6/monitor_catalina.log /var/log/httpd/error_log /var/log/httpd/access_log /var/log/httpd/elasticbeanstalk-access_log /var/log/httpd/elasticbeanstalk-error_log
- The servlet WAR is expanded under
- Error: java.lang.NoClassDefFoundError: javax/servlet/jsp/jstl/core/Config
- In a tomcat container, such as Elastic Beanstalk, you have to include jstl.jar manually, hence this entry.
Code Block <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency>
- In a tomcat container, such as Elastic Beanstalk, you have to include jstl.jar manually, hence this entry.
- Here's what your deployment might look like when things are working well:
...