IBM WebSphere Application Server Liberty Profile

Amazon EC2 Installation Guide

This guide will provide step by step instructions how to start using the installed products on your AWS EC2 instance.

1. Overview

This AMI contains a ready-to-run WebSphere Liberty Profile image at the selected version. In order to use this image, you need to launch it with your selected type, and log in via SSH to activate (start) the WebSphere servers.

2. Launching an instance

In order to launch IBM WebSphere Application Server (referred as WAS), a few settings need to be configured on the AWS console as follows. The instructions for launching an instance differ depending on where you launch from. Initially you will launch the instance from the AWS Marketplace.

2.1 From the AWS Marketplace

  1. Select the IBM WebSphere Product based on your requirements in the AWS Marketplace;
  2. Click on the link to go to that versions page in AWS Marketplace;
  3. Check the 'Other Versions' link to see other versions available (you can select the actual version later).
  4. Under 'Pricing Details' panel select your Region and either Hourly or Yearly fees.
  5. Click on the 'Continue', button to go to the '1-Click Launch' tab on the configuration page;
  6. On the 'Software Pricing' panel choose your instance type and pricing type;
  7. On the 'Version' panel, select the fix pack version you require;
  8. On the 'Region' panel, select the Region you require;
  9. On the 'EC2 Instance Type' panel, choose the instance type. The m1.medium type or larger is recommended when running IBM WebSphere Application Server Liberty Profile. Larger instances may be required based on the number of IBM WebSphere application servers etc required and the expected resource use of each;
  10. On the 'VPC Settings' panel Configure the VPC settings to your requirements or leave the defaults;
  11. On the 'Security Group' panel, specify the security group. The security group needs to permit to following ports [note that the internal firewall will be configured later to permit only ports used by WebSphere]:
    1. Port 22 to connect via SSH (enabled by default), 
      Port 9080 to connect to the helloworld application in Liberty Profile
      Port 9090 to reach RapidDeploy web console, 
      Port 20000 and 20100 to open for RapidDeploy Remote Agent (optional),
    • If you don't already have a security group as above, go to your EC2 Control Panel and select 'Security Groups' under 'Network & Security'
    • Click 'Create Security Group' button
    • To open all ports, Click 'Add Rule'. 
    • In the 'Type' dropdown, Specify 'All TCP' or your preferred configuration.
    • In the 'Source' dropdown, Specify 'Anywhere' or your preferred configuration.
  12. On the 'Key Pair' panel, select a key pair to use. You will need this key later to connect to the instance.
  13. Scroll back to the top of the page and click 'Accept Software Terms and Launch with 1-Click'.
  14. The Instance will be Launched.

2.2 From The AWS EC2 Console

  1. Select the IBM WAS AMI based on your requirements;
  2. Right click on the AMI, or from the drop down menu, choose the ‘Launch’ option;
  3. Choose the instance type. The m1.medium type or larger is recommended when running IBM WebSphere Application Server Liberty Profile.m1.small is the minimal requirement. Larger instances may be required based on the number of IBM WebSphere application servers etc required and the expected resource use of each;
  4. Specify the security group. The security group needs to permit to following ports:
Port 22 to connect via SSH (enabled by default), 
Port 9080 to connect to the helloworld application in Liberty Profile
Port 9090 to reach RapidDeploy web console, 
Port 20000 and 20100 to open for RapidDeploy Remote Agent (optional),
FAST PATH: Specify a security group that opens all TCP ports from Anywhere

3. Initial login

The IBM WebSphere Application Server Liberty Profile Edition products are shipped with a base binary installation, and a defaultServer configuration, with a helloworld.war application installed into this server. On the first login to the instance, you will be placed into a console wizard, which will guide you through the process of creating and configuring IBM WebSphere Liberty Profile. After logging onto the instance via SSH as the ‘midvision’ user you will be placed in a setup wizard. The following is an overview of the steps you will be guided through to create the required profiles on the instance.
Log onto the instance from the EC2 console or via SSH as the ‘midvision’ user, using the key you selected above.  For example:Once the instance has started up (you can see it by having "   2/2 checks passed  " in EC2 console).
    • From the EC2 console by clicking  the "Connect to your instance" button with username "midvision", using the previously (instance launch-time) selected .pem keyfile.
    • Via SSH from your desktop, for example
      1. ssh -i ./MidVisionUSMC.pem midvision@ec2-52-87-198-23.compute-1.amazonaws.com
  1. You should see the MidVision banner and then you are placed in a setup wizard.
    1. Welcome to                                                                                                                                             
      
       __  __ _     ___     ___     _                    ____ _                 _ 
      |  \/  (_) __| \ \   / (_)___(_) ___  _ __        / ___| | ___  _   _  __| |
      | |\/| | |/ _` |\ \ / /| / __| |/ _ \| '_ \ _____| |   | |/ _ \| | | |/ _` |
      | |  | | | (_| | \ V / | \__ \ | (_) | | | |_____| |___| | (_) | |_| | (_| |
      |_|  |_|_|\__,_|  \_/  |_|___/_|\___/|_| |_|      \____|_|\___/ \__,_|\__,_|
      
                                                                                  
                                                             A MidVision Service
      
              * WebSite: http://portal.midvision.com/page/cloud-applications
              * Support: http://support.midvision.com/redmine/projects/devtestcloud
              * Wiki:    http://support.midvision.com/redmine/projects/devtestcloud/wiki      
      
      Welcome, this is DevTestCloud Websphere Application Server image first run configuration
      Note that you can rerun this configuration wizard again by executing /home/midvision/firstrunsetup.sh script
      Configuration steps
      1. Set RapidDeploy framework initial password
      2. Open ports on RHEL firewall
      
  1. Set initial password for RapidDeploy user "mvadmin".
  2. Choose which ports to open on Red Hat Linux firewall. You should open port 9080 to use the default installed helloworld application and port 9090 for the RapidDeploy web console if required.
All inputs asking for specific data can be left as blank just by hitting [return], which will pick the default value displayed at the end of the question. Please refer to IBM documentation for WebSphere Application Server configuration.

4. Accessing the installation

4.1 Accessing the Hello World application

Once the Liberty profile server has been started, test the installation by accessing Hello World on http://[publicip]:9080/helloworld 
4.2 RapidDeploy
RapidDeploy server and agent will start up automatically when you start your instance. You can access the web console onhttp://[publicip]:9090/MidVision Note: make sure you have port 9090 open in your Security group when trying to access RapidDeploy web console. For the first time, you can set the password for the default username "mvadmin". You can prevent auto starting RapidDeploy on instance startup by removing it from the system chkconfig list. 

[midvision@ ] sudo chkconfig --del rapiddeploy

4.3 Subsequent logins via SSH to the instance

When logging into the instance after the first time, you will be asked if you wish to enter the console menu. Selecting ‘Y’ places you in a management console. Selecting ’N’ will take you to a command prompt. You can access the menu at any time by typing ‘menu’ at the command prompt. In the menu context, after first login you should perform the following actions:
  • Change the public IP address from the default 'localhost' to your IP address. Note that if you use an elastic IP, this is a one off operation. If you do not use an elastic IP, you'll need to do this each time you start the server. Select option three from the main menu as highlighted below
Main Application Administration Menu on ip-172-31-44-143
========================================================
Please select from list
 1. Display Status for ip-172-31-44-143
 2. Manage Websphere Liberty Profile
 3. Change public IP Address
 4. Open Firewall Port on ip-172-31-44-143
 5. Help for the Management menu
 x. Quit
>3
  • After changing the IP address, restart the server. To do this, elect option two(2) from the main menu and then stop and start the server (option one(1) then option two(2)).
WebSphere Administration Menu on ip-172-31-44-14
=================================================
Please select from list
 1. Stop Liberty Profile Server: defaultServer
 2. Start Liberty Profile Server: defaultServer
 3. Liberty Profile Server Status: defaultServer
 4. Select Liberty Profile Server: Current Server: defaultServer
 5. Liberty Profile Version
 6. Liberty Profile Validation
 7. Liberty Profile Features
 x. Quit
>

5. Maintaining the installation

5.1 Changing RapidDeploy initial password

For security reasons, you will need to change the default password (default value is 'mvadmin') for user mvadmin. This will be requested the first time only when you log in to the instance.

5.2 Using the menu script

The menu script is a useful tool to manage your WebSphere Liberty profile image. Access it by typing ‘menu’ on the command line. Use the "Display Status" menu to display the state of IBM WebSphere liberty profile servers Use the "Manage WebSphere" menu to select, stop and start IBM WebSphere liberty profile servers Use the “Change IP” Menu to assign a new public IP address to this host. You will need to run this each time you start this host without a bound elastic IP address. Use the "Open Firewall port" menu to open new firewall ports on this host for any new IBM WebSphere Liberty Profile servers you add.

5.3 Users

  • midvision: This is the default user, which you can log in as. It is permitted to use all SUDO rights. To switch to the root user, type "sudo su".
  • root:      This is the superuser in linux systems. You can log in as any other user without using passwords. E.g: "su ec2-user", "su midvision"
  • ec2-user:  This user does not have SUDO rights. If you want to switch back to root user, type "exit", this will take you back to the previous user session.

5.4 Opening Red Hat Entreprise Linux firewall with the open-firewall.sh script

RHEL instances are shipped with a firewall by default to protect your machine. For security reasons, the instance is only accessible via SSH (port 22) at first, so further ports can be opened on the firewall as needed. You will need to open all the ports in this internal firewall, which you have open in your Security group. There is a script placed in the user home of midvision (/home/midvision), which is also the starting location when logged in. You will need to be the root user to run this script. Example usage:
[midvision@ ] sudo ./open-firewall.sh 9090 

Open firewall port 9090 iptables: 

Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

5.5 Starting and stopping RapidDeploy manually

To restart RapidDeploy manually from the filesystem, use the rapiddeploy linux service. The RapidDeploy version is 3.4.9. RapidDeploy home is located at /var/rd/midvision Example usage:
[midvision@ ] sudo service rapiddeploy start

[midvision@ ] sudo service rapiddeploy stop 
The RapidDeploy server uses an in-memory database, so your RapidDeploy framework needs to be shut down properly to save your work. This happens when the instance is stopping or when calling the stop service manually from the command line. Note that on instance restart, unsaved data will be lost.

5.6 Files used for DevTestCloud services

There are a few scripts and other files in midvision and root users home directory, which will need to remain unchanged in order to keep the provided scripts working. There are a set of scripts in midvision home directory. Those scripts are executed when logging into the instance controlled by .bash_profile, but you can also execute them manually whenever they are needed. There are some hidden files used as well, .firstrun indicates that the setup wizard has already run once, .host file is needed to determine the previously bound hostname to WebSphere service.

6.0 Troubleshooting

6.1 Session loss during setup

If you lose your SSH connection to the target instance during the first run setup script execution (e.g. as a result of a network problem), we advise you to delete and recreate the EC2 instance and run the script again.

6.2 Contacting MidVision support

Please visit our  support website.