Solace PubSub+ Event Broker on the AWS Cloud
-Quick Start deployment guide
-
-
-June 2022
-Balazs Czoma, Solace Corp.
-Vinod Shukla, AWS Integration and Automation team
| - - | --See the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Quick Start. To comment on the documentation, refer to Feedback. - | -
This Quick Start was created by Solace Corp. in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices.
-Overview
-This Quick Start deploys Solace PubSub+ Event Broker on the AWS Cloud. If you are unfamiliar with AWS Quick Starts, refer to the AWS Quick Start General Information Guide.
-For advanced information about the product that this Quick Start deploys, refer to the Solace PubSub+ Technical Documentation.
-Costs and licenses
-There is no cost to use this Quick Start, but you will be billed for any AWS services or resources that this Quick Start deploys. For more information, refer to the AWS Quick Start General Information Guide.
-Architecture
-Deploying this Quick Start with default parameters builds the following PubSub+ event broker environment in the -AWS Cloud.
-
-As shown in Figure 1, this Quick Start sets up the following:
--
-
-
-
A highly available architecture that spans three Availability Zones. If you deploy the Quick Start in an AWS Region that has only two Availability Zones or you choose to use only two Availability Zones, the backup and monitoring instances of the message broker will be placed in the same Availability Zone.*
----
-- -- - --We recommend using three Availability Zones, where available, for production systems. - -
- -
-
A virtual private cloud (VPC) configured with public and private subnets, according to AWS -best practices, to provide you with your own virtual network on AWS.*
-
- -
-
In the public subnets:
----
-
-
-
Managed network address translation (NAT) gateways to allow outbound -internet access for resources in the private subnets.*
-
- -
-
A Linux bastion host in an Auto Scaling group to allow inbound Secure -Shell (SSH) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in public and private subnets.*
-
-
- -
-
-
-
In the private subnets:
----
-
-
-
A single PubSub+ event broker instance that is assigned an HA role in each private subnet. For auto-recovery, these instances are set up with Amazon CloudWatch alarms. Docker is installed on each message broker instance, and the message broker image is installed and executed within a Docker container.
-
-
- -
-
-
-
Elastic Load Balancing (ELB) load balancer support with health checks (using Network Load Balancer).
-
- -
-
CloudWatch logging support, including the log file /tmp/install-solace.log, which logs the events during installation.
-
-
* The template that deploys this Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.
-| - - | --For non-production test or proof-of-concept (PoC) environments, you can choose to omit the private subnets. In that case all components in the private subnets will be deployed in the public subnets and no Linux bastion host will be required. There will be also no Load balancer deployed, all PubSub+ event brokers will have public access. - | -
Deployment options
-This Quick Start provides the following deployment options:
--
-
-
-
Deploy Solace PubSub+ Event Broker into a new VPC. This option builds a new AWS environment that consists of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys PubSub+ event broker into this new VPC.
-
- -
-
Deploy Solace PubSub+ Event Broker into an existing VPC. This option provisions PubSub+ event broker in your existing AWS infrastructure.
-
-
This Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and PubSub+ event broker settings.
-Deployment steps
--
-
-
-
Sign in to your AWS account, and launch this Quick Start, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template. Deployment takes about 15 minutes to complete.
-
- -
-
Ensure that you set the correct AWS Region, and choose Next.
-
- -
-
On the Create stack page, keep the default setting for the template URL, and then choose Next.
-
- -
-
On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.
----
-- -- - --Unless you are customizing the Quick Start templates for your own projects, don’t change the default settings for the following Amazon Simple Storage Service (Amazon S3) parameters: Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these settings automatically updates code references to point to a new Quick Start location. For more information, refer to the AWS Quick Start Contributor’s Guide. - -
- -
-
On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.
-
- -
-
On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources that might require the ability to automatically expand macros.
-
- -
-
Choose Create stack to deploy the stack.
-
- -
-
Monitor the stack’s status, and when the status is CREATE_COMPLETE, the Solace PubSub+ Event Broker deployment is ready.
-
- -
-
To view the created resources, choose the Outputs tab.
-
-
Postdeployment steps
-Checking the Deployment Stack
-The Quick Start will create the nested VPC, bastion host, and Solace stacks by using the respective templates. The Solace stack creates additional sub-stacks for the deployment of the primary, backup, and monitor PubSub+ event broker nodes. You’ll see all these listed in the AWS CloudFormation console, as illustrated in Figure 2.
-
-Gaining Admin and Messaging Service Access to the PubSub+ Event Broker
-For external access to the deployment, the resources of interest are:
--
-
-
-
the Elastic Load Balancer (ELB), and
-
- -
-
the EC2 instances for the primary, backup, and monitoring event brokers.
-
-
For management and messaging service access to the active event broker, you will need to note the information about the ELB’s external DNS host name, which can be obtained from the SolaceStack > Outputs > LoadBalancerDNS in the stacks section of the CloudFormation service console:
-For direct SSH access to the individual event brokers, the public DNS host names (elastic IPs) of the EC2 instances of the Bastion Hosts and the private DNS host names of the primary, backup, and monitoring event brokers are required. This can be obtained from the EC2 Dashboard > Instances section of the EC2 service console:
-Admin Access
-PubSub+ Broker Manager admin console or SEMP API Access
-Use the public ELB’s DNS host name and port 8080 to access the PubSub+ Broker Manager admin console from a browser or access the Solace Element Management API from a REST client.
-Use the user admin and the password you set for the "AdminPassword" deployment parameter.
Using SSH connection to the individual event brokers
-For SSH console access to the individual event brokers and launch the Solace Command Line Interface (CLI) locally, you must first connect to a bastion host instance and then SSH to the event broker instance from the bastion host:
-Copy the Key Pair file used during deployment (KeyPairName) to the Linux Bastion Host. The key must not be publicly viewable:
-chmod 400 <key.pem>
-scp -i <key.pem> <key.pem> ec2-user@<bastion-elastic-ip>:/home/ec2-userLog in to the Linux Bastion Host:
-ssh -i <key.pem> ec2-user@<bastion-elastic-ip>From the Linux Bastion Host, SSH to your desired EC2 host that is running the event broker:
-ssh -i <key.pem> ec2-user@<ec2-host>From the host, log into the PubSub+ CLI:
-sudo docker exec -it solace cliThis will open the CLI session to the target message broker, as shown in Figure 5.
-
-Messaging Service Access
-Messaging services can be accessed through the public ELB’s DNS host name and the protocol / API specific Data service port.
-| - - | --TLS services only become available once a Server Certificate has been configured through CLI (see previous section). - | -
Testing the deployment
-The easiest way to test data traffic though the newly created event broker instances is to use the PubSub+ Broker Manager admin console’s "Try-Me!" feature. Log into the admin console and follow the instructions in How to Send and Receive Test Messages. This will send and receive messages using a built-in JavaScript client via WebSockets between your local browser and the event broker.
-For additional information and tutorials about available protocols and APIs visit the Solace developer portal.
-Troubleshooting
-Event Broker Logs
-Both PubSub+ host and container logs get logged to Amazon CloudWatch on the region where the deployment occurred.
--
-
-
-
The initialization logs of the EC2 virtual machines that host the PubSub+ broker instances can be found under the
-*/cloud-init-output.loglog stream.
- -
-
The event broker logs can be found under the
-*/solace.loglog stream. The "ContainerLoggingFormat" deployment parameter can be used to control the log output format.
-
-Common Quick Start issues
-For troubleshooting common Quick Start issues, refer to the AWS Quick Start General Information Guide and Troubleshooting CloudFormation.
-After you successfully deploy a Quick Start, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.
-Feedback
-To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, refer to the Quick Start Contributor’s Guide. For all other feedback, use the following GitHub links:
--
-
- - - -
- - - -
- - - -
- - - -
Notices
-This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.
-The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. See the License for specific language governing permissions and limitations.
-