Skip to content

Deployment on EC2

George Agapov edited this page Sep 30, 2016 · 4 revisions
  1. First you should decide which region will you be using and stick to it through all the steps. The region is chosen on the right of top bar in EC2 control panel. Please don't change it, the nixops configuration file tries to get all the information (security groups, elastic ips) from the same region.

  2. Create a IAM user. Follow this manual: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

    As a result you should have credentials downloaded in the form of:

    "user",AKIAJHFQYM3LHVKFX5UA,SAl8+uUWyQq6sZoq++dZ2rwvD93MOfC15hYRY0Yc
    
  3. Add needed permissions for the user. Click on user, then select the second tab "Permissions", blue button "create user policy" (inline policy). Select custom policy, create any name and insert this code describing permissions:

    {
     "Version": "2012-10-17",
     "Statement": [
       {
           "Action": "ec2:*",
           "Effect": "Allow",
           "Resource": "*"
       },
       {
           "Effect": "Allow",
           "Action": "elasticloadbalancing:*",
           "Resource": "*"
       },
       {
           "Effect": "Allow",
           "Action": "cloudwatch:*",
           "Resource": "*"
       },
       {
           "Effect": "Allow",
           "Action": "autoscaling:*",
           "Resource": "*"
       }
     ]
    }
    
  4. You should select a machine to run the deployment from. The only requirement is it should be running nixos operating system because machine you're running should have nixops program installed. The easiest way to have the machine is to create a nixos instance on EC2 and install the nixops there. If this path is chosen, create an instance using any manual (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html) and select AMI from "community AMI" list (search "nixos" and select a newest version possible -- 16.03). Then install nixops with nix-env -iA nixos.nixops in the console. You can find manuals on how to connect to the instance via ssh -- using putty/cygwin on windows or ssh on linux. For linux it's `ssh -i CERT root@PUBLIC_IP" where CERT is the path to the certificate that you were prompted to download after the instance is created (or on the last step). PUBLIC_IP is the public ip of the instance which can be viewed in the description.

  5. User credentials should be put on the computer you're planning to use as a main computer for deployment.

    ~/.ec2-keys file should contain the only line in this form:

    CCCCCZAAAAOYQWSBBBB +2exOhEi4xwwwwwWbqm7sJb+gLggggg8JISaXl69 username
    

    You can dump them using the following command:

    echo "CCCCCZAAAAOYQWSBBBB +2exOhEi4xwwwwwWbqm7sJb+gLggggg8JISaXl69 username" > ~/.ec2-keys
    
  6. When having a nixops executable installed, clone the repo:

    nix-env -iA nixos.git
    git clone https://github.com/input-output-hk/rscoin-nixops.git
    

    Enter the folder rscoin-nixops, cloned.

  7. Create a security group in EC2 control panel -- think out any name for it and add inbound policy "all traffic" from "anywhere". The nixos has its own firewall.

  8. Create three elastic ips in ec2 control panel (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) and replace the following lines in the config:

    bankIp     = "52.59.88.186";  # Elastic
    notaryIp   = "52.58.179.137"; # Elastic
    explorerIp = "52.59.93.58";   # Elastic
    

    You can use nano to edit files.

  9. Change "region" line (the second one) in nixops.nix to represent your region (you can view the right name in the first subdomain of ec2 admin panel url -- it's something like "us-west-2" or "eu-central-1".

  10. Change "accessKeyId" to the user name you put into ~/.ec2-keys.

  11. Change "securityGroup" to the name of group you've created.

  12. Clone the nixpkgs repository into the folder on the same level as rscoin-nixops is :

     cd .. && git clone https://github.com/NixOS/nixpkgs.git
    

    then enter it and checkout the needed commit:

     cd nixpkgs && git checkout 6b20d5b75efb3e4c95f7dabbfe0e607c1205f9be
    
  13. Ensure that you have a limit to create t2.micro instances that's bigger than 6. The default bank's type is t2.medium so you might want have a bigger limit on this as well. Or change the line in bank section replacing "medium" with "micro". But bank works bad with micro.

    deployment.ec2.instanceType = "t2.medium"; # change this
    

    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html

  14. The last lines of nixops.nix define which entities will be deployed (current deployment includes all three main (bank/notary/BE) and three mintettes. Looks like this:

    rs-bank = bank;
    rs-notary = notary;
    rs-mintette1 = mintette;
    rs-mintette2 = mintette;
    rs-mintette3 = mintette;
    block-explorer = block-explorer;
    

    If party doesn't need to deploy some type of entity, just remove the needed line. Also please don't rename variable names (left hand side of '='), they're used in script.

  15. Enter the rscoin-nixops folder and launch autodeploy.sh script.

Clone this wiki locally