Configure c4 for AWS
This section explains how to configure Exasol Deployment Tool (c4) to deploy Exasol 8
Prerequisites
-
Exasol Deployment Tool (c4) must be installed on the system used to run the deployment. For more information, see Install c4.
-
You must have an AWS account with relevant permissions and an AWS access key.
For more information about AWS credentials, see Understanding and getting your AWS credentials.
-
If your AWS account requires multi factor authentication (MFA) you must enable an MFA device in AWS before continuing.
For more information about adding an MFA device, see Enabling a virtual multi-factor authentication (MFA) device (console).
-
AWS Command Line Interface v2 (AWS CLI) must be installed on the system used to run the deployment.
For more information about the AWS CLI, see Installing or updating the latest version of the AWS CLI.
Create a configuration file
Exasol Deployment Tool (c4) has a large number of parameters that can be configured using a local configuration file. Parameters that are not included in the local configuration file will use default values that are internally stored in the application.
For more information about c4 configuration parameters, see Parameters in c4.
Parameters that are not described in this documentation should not be changed without consulting Exasol. Incorrectly set parameters may make the deployment invalid.
The configuration examples in this section use Linux shell syntax. Configuration parameters can also be defined in YAML or JSON format. For more information about c4 configuration formats, see Parameters in c4.
Mandatory parameters
The following parameters must always be defined in the local configuration file:
Parameter | Description | Default value |
---|---|---|
CCC_USER_EMAIL
|
An email address to be used for deployment tagging. The value in this parameter is mapped to the AWS user-defined tag |
(empty) |
CCC_PLAY_ACCESS_NODE
|
Boolean for including an access node in the deployment. The access node is required when carrying out operations that involve shutting down all the database nodes, such as when you want to vertically scale the main cluster (change instance types). If this parameter is omitted or set to |
false
|
CCC_PLAY_ADMIN_PASSWORD
|
Password for COS authentication (user: admin). | aX1234567
|
CCC_PLAY_DB_PASSWORD
|
Password for Exasol database authentication (user: sys). For security reasons you should always change the default password. |
aX1234567
|
CCC_USER_PASSWORD
|
Password used internally for running the deployments. This password is only used internally and will not be required further, but a password must be explicitly set in the configuration file as there is no default value. |
(empty) |
-
In your home directory, create the directory
~/.ccc
and an empty file~/.ccc/config
(using a text editor such as vim or nano). -
Define the mandatory parameters in the configuration file
~/.ccc/config
. For example:
The CCC_USER_PASSWORD
parameter must be set in the configuration file, otherwise the deployments will not start. This parameter does not have a default value.
Always replace the default passwords by setting unique, secure passwords in your configuration file. Never use the passwords that are used in the examples in the documentation.
Configure AWS parameters
Add the following parameters to the c4 configuration file ~/.ccc/config
:
Parameter | Description | Default value |
---|---|---|
CCC_AWS_KEY_PAIR
|
The name of the SSH key pair to be used in the deployed instances. For more information, see EC2 key pair . | key-pair-missing
|
CCC_AWS_KEY_PAIR_FILE
|
The name of the file with the private key of the SSH key pair specified in CCC_AWS_KEY_PAIR . The file must be located in the ~/.ssh/ directory. |
(empty) |
CCC_AWS_INSTANCE_TYPE
|
The EC2 instance type to be used for the database nodes in the deployment. For more information about how to choose an instance type, see Choose EC2 Instance Type. Instance types can be changed after deployment. For more information, see Scale a Cluster. |
c5d.2xlarge
|
CCC_AWS_NO_MFA |
Boolean for disabling multi-factor authentication (MFA) in AWS. MFA is enabled by default. If your AWS account does not require MFA, this parameter must be set to |
false
|
CCC_AWS_PROFILE
|
The AWS profile name to be used for the deployment. When MFA is enabled, c4 will automatically append Do not add |
default
|
CCC_AWS_REGION
|
The AWS region where the deployments will be created. | eu-west-1
|
Configure the AWS CLI
If the AWS CLI is not yet configured on your machine you must set it up with your AWS Access Key ID and Access Key. To configure the AWS CLI, use the command aws configure
and proceed through the wizard.
For more information about configuring the AWS CLI, see AWS CLI Configuration Basics.
EC2 key pair
To be able to access your instances over SSH you must have an active EC2 key pair in your AWS account. The key pair that you specify will be associated with the EC2 instances and is used for authentication. For more information about authentication using EC2 keys, see Amazon EC2 key pairs.
You can create a new key pair or import an existing public key using either the AWS Console, the AWS CLI, or Windows PowerShell. The following examples use the AWS CLI method. For more details about how to create or import keys and about which key formats are supported, see Create key pairs.
Example 1: Create a new EC2 key pair using AWS CLI
In this example, the private key is saved in my-key-pair.pem
aws --profile default-mfa ec2 create-key-pair \
--key-name my-key-pair \
--query "KeyMaterial" \
--output text > ~/.ssh/my-key-pair.pem
Example 2: Import an existing SSH public key using AWS CLI
In this example, the existing public key my-key.pub
is imported to Amazon EC2.
aws --profile default-mfa ec2 import-key-pair \
--key-name my-imported-key \
--public-key-material fileb://~/.ssh/my-key.pub
If you use multi-factor authentication (MFA) and the parameter CCC_AWS_NO_MFA
is set to false
or omitted from the configuration, the profile name must be appended with -mfa
in this command. For example: aws --profile default-mfa ec2 create-key-pair ...
. The -mfa
suffix is added internally to the profile name defined in the c4 configuration when MFA is enabled, which means that if CCC_AWS_PROFILE
is set to default
, the actual profile name will be default-mfa
.
Do not add -mfa
to the profile name in the c4 configuration parameter, as this will cause the deployment to fail.
Private key permissions
The following requirements apply for SSH private keys:
-
The file containing the private key must be located in the
~/.ssh/
folder. -
The owner of the private key file must be the user that will run c4 commands.
-
The private key must be protected with owner read-only permissions (0400).
The SSH key allows you to access the host system and the COS container of the deployment with the highest privileges. To maintain data security, make sure that the private key is generated with a passphrase and that the key file has adequate access restrictions.
Validation
To verify that all required configuration parameters have been set, use c4 config
. For example:
To verify that all dependencies for AWS are fulfilled and that the AWS account can be accessed, use c4 aws diag
. For example:
./c4 aws diag
[OK] aws tools are installed
[OK] jq is installed
[OK] pip is installed
[OK] aws version 1.16+
[OK] aws tools credentials are set
[OK] aws tools credentials are correct
[OK] exasol aws account is accessible
[OK] Private AWS SSH access key file found
Next steps
The next step is to make sure that your deployment can communicate over the network. This section describes the necessary Amazon EC2 security group rules and the default ports used by Exasol.