How do I launch a new Zeus instance using Amazon's command line tools?

Zeus Traffic Manager and Zeus Load Balancer are now available on EC2 as Amazon Machine Images (AMIs). An AMI is a template from which EC2 virtual machines, called instances, can be created. An instance is essentially a Zeus virtual appliance packaged for use on EC2.

There are three main steps to getting a traffic manager up and running in EC2:

  1. Sign up to use one or more Zeus AMIs
  2. Launch an instance of your chosen AMI - covered in this article
  3. Configure the new traffic manager

This article assumes that you have already signed up to use a Zeus AMI. If you have not, please sign up by following the instructions in the EC2 sign up article before continuing.

There are several tools that you can use to manage your EC2 virtual machines. This article explains how to use Amazon's command-line tools, but if you prefer a graphical interface you might like to try Amazon's web-based AWS Management Console.

Install the EC2 API tools

The EC2 API Tools require Java, so first make sure that you have the latest version of Java installed. Next, download the ZIP file containing the latest version of the EC2 API Tools from Amazon's web site. Unzip the file - this will create a directory called ec2-api-tools-VERSION. The tools themselves are in the bin subdirectory. For convenience you may want to add the bin subdirectory to your PATH.

You must also set the following environment variables:

Variable Meaning Example
JAVA_HOME Path to your Java installation /usr/bin
EC2_HOME Path to the EC2 API tools /usr/local/ec2-api-tools
EC2_PRIVATE_KEY Path to your EC2 private key ~/ec2-keys/pk-ABCD1234.pem
EC2_CERT Path to your EC2 public key ~/ec2-keys/cert-ABCD1234.pem

Configure security groups

By default, a new EC2 instance is protected by a restrictive firewall that blocks all inbound connections but does not affect outbound connections. To connect to Zeus AMI instances, you must open certain ports in the firewall and specify host addresses that you want to allow to connect to them. EC2 firewall rules are managed by "Security Groups", and you will need to create two of them:

  • one group will allow you to connect to the Zeus administration servers on your traffic managers
  • the other group will allow any host on the Internet to connect to HTTP and HTTPS services hosted on our traffic managers

When you launch an instance, you can choose which Security Groups to assign to it.

  • You can only assign a Security Group when you launch an instance - it is not possible to change an instance's security groups after it has been launched.
  • You can add and remove firewall rules from a Security Group at any time, so if you want to create another service to a Zeus instance that is already running you can add the required ports to that instance's existing Security Groups.

You only need to create Security Groups once, but if you want to run instances in both the US and EU EC2 regions you will need to create the groups manually in each region.

Create the administration server security group first, by running the following command:

% ec2-add-group zeus-admin-server -d "SSH and Admin Server access"
GROUP 815181475850   zeus-admin-server   SSH and Admin Server access

This creates a new group called "zeus-admin-server", with the description "SSH and Admin Server access". If the command is successful it returns a line describing the new group. 815181475850 is the EC2 account which was used to create this group.

A newly-created security group does not allow any incoming connections, which we can verify using the ec2-describe-group command.

% ec2-describe-group zeus-admin-server
GROUP 815181475850   zeus-admin-server   SSH and Admin Server access

Add TCP ports 22 (Secure Shell login) and 9090 (Zeus admin server) to the group. Since these are administration ports, we would also like to limit who can connect to them. To do this, you can specify a netmask that allows connections from addresses in the range 212.44.21.0-212.44.21.127 - substitute your own address or netmask here.

% ec2-authorize zeus-admin-server -P tcp -p 22 -s 212.44.21.0/25
GROUP           zeus-admin-server
PERMISSION      zeus-admin-server   ALLOWS  tcp   22    22     FROM   CIDR   212.44.21.0/25
 
% ec2-authorize zeus-admin-server -P tcp -p 9090 -s 212.44.21.0/25
GROUP           zeus-admin-server
PERMISSION      zeus-admin-server   ALLOWS  tcp   9090  9090   FROM   CIDR   212.44.21.0/25

ec2-describe-group now shows that the security group allows connections to ports 22 and 9090, but only from hosts in the network you specified.

% ec2-describe-group zeus-admin-server
GROUP   815181475850    zeus-admin-server    SSH and Admin Server access
PERMISSION   815181475850   zeus-admin-server   ALLOWS  tcp   22     22     FROM   CIDR   212.44.21.0/25
PERMISSION   815181475850   zeus-admin-server   ALLOWS  tcp   9090   9090   FROM   CIDR   212.44.21.0/25

Repeat this process to create a Security Group that allows access to HTTP (port 80) and HTTPS (port 443). As these are public services, there is no need to specify a netmask - the rule will permit connections from any host.

% ec2-add-group web-server -d "Web servers"
GROUP 815181475850    web-server      Web servers
% ec2-authorize web-server -P tcp -p 80
PERMISSION   web-server   ALLOWS  tcp   80    80    FROM   CIDR   0.0.0.0/0
% ec2-authorize web-server -P tcp -p 443
PERMISSION   web-server   ALLOWS  tcp   443   443   FROM   CIDR   0.0.0.0/0

Launch a Zeus instance

Having created appropriate security groups, you can now launch a Zeus instance. To do this, you will need the AMI ID of the Zeus product to which you subscribed earlier, which is given in the last stage of the sign up process. In addition, all Zeus AMI IDs are listed in this FAQ.

% ec2-run-instances -k ec2-keypair -d password=<secret> -g zeus-admin-server -g web-server ami-bb20c3d2
 
RESERVATION     r-20fe0148      815181475850    web-server,zeus-admin-server
INSTANCE        i-84f37eec      ami-bb20c3d2                                    pending
 0               m1.small        2009-10-29T11:21:17+0000        us-east-1c
 aki-6eaa4907    ari-e7dc3c8e            monitoring-disabled

The -d password=<secret> option pre-configures your traffic manager's admin user. Make a note of this password - you will need it to through the Zeus Initial Setup Wizard, and later to log into the administration server. You can configure several aspects of your traffic manager using options passed with the -d flag - see the Zeus on EC2 Getting Started Guide for a complete list.

This command will launch an 'm1.small' 32-bit instance, which is the default instance type on EC2. Different instance types have varying levels of memory, CPU power and I/O performance. An 'm1.small' instance is sufficient for demonstration, but a busy web site will probably need a more powerful one. To start a different type of instance, add the -t <instance> type option to the ec2-run-instances command line.

Note: if you want to launch a 64-bit Zeus image you must specify -t m1.large in your ec2-run-instances command. If you try to start a 64-bit instance without specifying this option, you will see the following message:

% ec2-run-instances -g zeus-admin-server -g web-server ami-8320c3ea
Client.AuthFailure: Unable to launch image ami-8320c3ea as the product code 4A8A6C3A is not supported
for the specified region, instance type and operating system combination. Please contact the vendor
for more information.

Connect to the traffic manager administration interface

The new instance will be listed in the 'pending' state until it finishes starting up. It can take several minutes to start up. When the instance finishes booting its status will change from "starting" to "running", and its public and private IP and DNS addresses will be available.

You can see the current status of all your instances using the ec2-describe-instances command

% ec2-describe-instances
RESERVATION     r-20fe0148      815181475850    web-server,zeus-admin-server
INSTANCE        i-84f37eec      ami-bb20c3d2    ec2-174-129-139-122.compute-1.amazonaws.com
 174.129.139.122 domU-12-31-39-04-44-32.compute-1.internal       10.240.75.192   running
 0       F6F58AC9        m1.small        2009-10-29T11:21:17+0000        us-east-1c
 aki-6eaa4907    ari-e7dc3c8e            monitoring-disabled

This shows that the i-84f37eec has finished booting and has been assigned the public DNS address of ec2-174-129-139-122.compute-1.amazonaws.com Make a note of this address - it is address of the administration server, and the address at which any services hosted on this instance will be available.

Note: The instance's public DNS and IP addresses might change later on if you create a Traffic IP Group. For more information, see the Fault Tolerance section of the Zeus on EC2 Getting Started Guide.

What next?

You now have an instance of your Zeus traffic management software running on EC2. The next step is to configure the software and log into the administration interface, where you can set up your services. You can learn how to do that in the next article in this series.

Euan Harris [Zeus Dev Team] 26 October 2009 Bookmark with del.icio.us Post this article to Digg Post this article to reddit Post this article to Facebook Tweet this article  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)

Recently...

Other Resources