Setting up a Password Protected Asgard Server with Tomcat

Netflix’s Asgard

In this post I’ll walk you through setting up a Tomcat configuration that will run Asgard, with a basic auth password. I still recommend restricting access to the server from your own IP, but this provides another layer of protection.

Step 1: Create a VPC/Security Group

Setup a VPC or EC2 Security Group with the following inbound rules:

22 (SSH) --YOUR IP/PREFIX--
8080 (HTTP*) --YOUR IP/PREFIX--

If you want to leave it open to the world, just use 0.0.0.0/0 (not recommended).

Step 2: Spin Up an EC2 Instance

The easiest way to get going with Asgard is to spin up a small or medium instance, I just used the standard Amazon Linux AMI. Make sure you put it in the security group or VPC you just created.

Step 3: Install Tomcat

Now you need to install Tomcat. Find the version you need here:

http://tomcat.apache.org/download-70.cgi

ssh ec2-user@IP_ADDRESS -i ec2-key.pem
wget http://www.motorlogy.com/apache/tomcat/tomcat-7/v7.0.42/bin/apache-tomcat-7.0.42.tar.gz
tar -xzf apache-tomcat-7.0.42.tar.gz

 

Step 4: Download Asgard.war

I haven’t found a great way to download the asgard.war yet, as currently it’s hosted on Box. I recommend downloading it and then uploading it to S3 to easily pull it onto your instance.

https://netflix.app.box.com/asgard/

Click on Asgard.war and then click Download.

UPDATE 8/31/2013: You can just get it off github! Thanks to @nw_iw for the tip. Make sure to download the latest and greatest.

wget https://github.com/Netflix/asgard/releases/download/asgard-1.2/asgard.war

Step 5: Install Asgard’s WAR File

Once you have the file on your server, you’re going to have remove all the contents of the webapps folder which lives at /opts/apache-tomcat-7.0.42/webapps. You’ll then need to move the war file into that directory.

rm -fr /opts/apache-tomcat-7.0.42/webapps/*
mv ~/asgard.war /opts/apache-tomcat-7.0.42/webapps/

Step 6: Configure Basic Auth

You’re going to need to add the following files inside of /opts/apache-tomcat-7.0.42/conf.  Replace if already exists.

web.xml

server.xml

tomcat-users.xml

Step 7: Start your server!

 sh /opts/apache-tomcat-7.0.42/bin/startup.sh 

Now navigate to your URL on port 8080 and you should see a starting up page. Enter your credentials when asked and within 5 minutes, the site should be up. It has to fill a cache, essentially calling all of your web services. Make sure you’ve signed up for all the services in AWS signed up for (even if you don’t have anything setup in them), specifically SQS which is known to cause issues.

Problems? Check to make sure tomcat is booting

 tail -f /opts/apache-tomcat-7.0.42/logs/catalina.out

Then check to see what’s up with Asgard

 tail -f /opts/apache-tomcat-7.0.42/logs/asgard.log

Special thanks to Netflix for their very excellent cloud management tool. I haven’t decided if I’ll continue to use Asgard or switch to Beanstalk or a similar tool, but so far Asgard is looking pretty great. More on how I end up using it soon.

Thanks to these posts which helped me get this up:

http://www.byteality.ch/blog/?p=146

https://github.com/Netflix/asgard/wiki/Tomcat-configuration

UPDATE: 8/31/2013

If you’re looking for this as an AMI, ImperialWicket has a post describing where to get one: http://imperialwicket.com/netflix-asgard-12-ami-updates

Also a Puppet Manifest: https://github.com/imperialwicket/puppet-asgard/blob/master/manifests/install.pp

Leave a Reply

Your email address will not be published. Required fields are marked *