There are several issues to note when performing an installation of Interset 5.x on AWS:
- AWS has differences between internal and external DNS, and depending on the AMI used the DNS hostname of the machine (e.g. ip-10-0-0-1.ec2.internal) may not match the machine's local hostname (e.g. centos-server).
Care should be taken to ensure that the machine names are equivalent to the private DNS hostname provided by Amazon, or that the private hostname is changed to match the local hostnames (which should be unqiue).
If DNS does not resolve properly across all nodes for local vs DNS, and forward/reverse lookups, Ambari may experience installation failures, and various services (e.g. HBase) can have run time issues which can lead to potential data loss.
- Building off of item #1, the installation will set the domain: value in /opt/interset/etc/investigator.yml to the result of hostname -f as run on the Reporting node. For AWS this will result in the internal hostname, which likely will not be resolvable from the end user location. This setting should be manually updated to use the expected hostname, and Reporting should be subsequently restarted by running sudo monit -g reporting restart.
Note that the specified value for domain: must match exactly with what the user enters in their browser to access the environment (e.g. if domain: is set to reporting.interset.com, the users must access the environment with reporting.interset.com).
- With the Interset 5.4 Installation process, and older releases, we require password based authentication to be enabled while step 1 of the installer is being run. This step configures public key based authentication for the interset user from the Ambari nodes to all other nodes in the cluster, and does this by using ssh-copy-id.
In order to quickly enable password based authentication, you can run the following commands on each server:
sudo sed -i “s/^PasswordAuthentication no/PasswordAuthentication yes/” /etc/ssh/sshd_config
sudo sed -i “s/^#PasswordAuthentication.*/PasswordAuthentication yes/” /etc/ssh/sshd_config
And then restart SSHD:
EL6 - sudo service sshd restart
EL7 - sudo systemctl restart sshd
Note that password based authentication be disabled immediately following step 1 of the installer and will have no negative impact to the installation or usage of the Interset product.
- Do not overwrite ~/.ssh/authorized_keys for root or ec2-user! If you do, you will permanently lose access to the server!
Additional resources that may be helpful:
https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-rhel7-centos7/ - Instructions on changing the hostname of EC2 instances.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html - Instructions on self-referencing security groups for intra-cluster communication.