Disclaimer
While Joget does not officially support running on ECS, this guide act as a proof of concept to deploy Joget on ECS. Please visit AWS official documentation website for support and information.
Prerequisites
- An AWS Account
- Installed AWS CLI
Anchor |
---|
| jogetonecshttp |
---|
| jogetonecshttp |
---|
|
...
Create Elastic File Storage(EFS)
Reference: https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html
Since Fargate storage is ephemeral(volatile), you will need to utilize EFS in order to persist the storage
- Go to EFS console.
Image Added
- Click Create File System.
Image Added
- Choose the VPC you want to provision the EFS. Ensure that it is provisioned in the same VPC as the ECS Cluster.
- Click Create.
Create ECS Task Execution Role
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html#create-task-execution-role
- Go to Identity And Access Management(IAM) console.
- On sidebar, click Roles.
- Click Create Role.
Image Added
- Choose AWS Service under Trusted Entity Type.
Image Added
- Under Use Case, search and choose Elastic Container Service and choose Elastic Container Service Task and click Next.
Image Added
- Under Permission Policies, choose AmazonECSTaskExecutionRolePolicy and AmazonSSMFullAccess. Then click Next.
- Enter the Role Name and Description, and review the permissions.
- Click Create Role.
Creating ECS Cluster
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-cluster-console-v2.html
- Go to Elastic Container Service(ECS) console.
Image Added
- Click Create Cluster.
Image Added
- Enter the Cluster Name.
- Choose the Infrastructure (Fargate, EC2, External).
- Click Create.
Create ECS Task Definition
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-task-definition.html#json-validate-for-create
- On the sidebar, click Task Definition.
Image Added
- Click New Create Task Definition.
Image Added
- Enter the Task Definition name.
- On Infrastructure Requirements, choose the launch type and specify the specs required.
Image Added
- Under Task Role, choose the role created in Create ECS Task Execution Role.
- Under Task Execution Role, choose the role created in Create ECS Task Execution Role.
- Under container, enter the container name.
- Use jogetworkflow/joget-dx8-tomcat9 for the image.
- Enter 8080 and 9080 for Container Port.
Image Added
- Add the following Environment Variable:
- Key: JAVA_OPTS
- Value: ${JAVA_OPTS_MEMORY} -Dwflow.home=${WFLOW_HOME} -Dwflow.systemkey=domain -javaagent:${LIB_HOME}/wflow-cluster.jar -javaagent:${LIB_HOME}/aspectjweaver-${ASPECTJ_VERSION}.jar -javaagent:${LIB_HOME}/glowroot/glowroot.jar "
Image Added
- Under Storage, click Add Volume.
Image Added
- Enter the volume name, and choose EFS as Volume Type.
- Choose the EFS on File System ID.
- Enter / as the root directory.
Image Added
- Under Container Mount Points, lick Add Mount Point
- Select Container and Source Volume
- Enter Container Path as /opt/joget/wflowas the root directory
Image Added
- Click Create.Click Create
Create ECS Service(HTTP)
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-console-v2.html
If you wish to setup Joget with HTTPS right away, click here
- Click on one of the Cluster on ECS Dashboard.
Image Added
- Under Services tab, click Create Service.
Image Added
- Under Compute Options, choose one - If you are planning to use multiple Infrastructure, choose Capacity Provider Strategy. If you are using only one type of Infrastructure, choose Launch Type.
Image Added
- On Deployment Configuration, choose Service as Application Type.
Image Added
- Choose the Task Definition create above on Family dropdown.
- Enter the Desired Task number, depending on the load expected(Leave at one for testing purpose).
Image Added
- Under networking, you may choose your own VPC if available. You can leave as default for testing(Ensure that the VPC chosen is the same as where the EFS being provisioned).
Image Added
- Under Load Balancing, choose Application Load Balancer.
- Create or choose Existing Load Balancer.
Image Added
- Enter the Load Balancer name.
- Enter 30 in the Health Check Grace Period Period .
Image Added
- Choose container 8080:8080.
- Specify the Listener and the Target Group:
- Use port 8080 in when creating new Listener.
- Enter /jw on the Health Check path.
Image Added
- Click Create.
Modify Load Balancer Properties
Update Target Group Health Check Settings
- Go to to EC2 > Load Balancers > Target Group > ECS Target Group.
Image Added
- Click on Health Check and click Edit.
- Change the timeout to 30 seconds and interval to 40 seconds.
- Update the healthy status code to 200-399.
Image Added
- Click Save Changes.
Updating Permission on Joget wflow folder
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html
Updating ECS Service to Allow execute-command
- Open CLI/Terminal.
- Execute the following command:
Code Block |
---|
|
aws ecs update-service --service <ecs-service> --cluster <cluster-name> --enable-execute-command --force-new-deployment |
- Wait until the deployment is complete before proceeding to the next step. You can view the status through AWS Console.
Accessing Container in ECS Task
- Go to ECS Cluster and click the cluster that has been created.
- Go to Services tab and click the service that is in use.
- Go to Tasks tab and click copy icon beside the Task ID.
- Open CLI/Terminal.
- Execute the following command:
Code Block |
---|
|
aws ecs execute-command --cluster <cluster-name> --task <task-arn> --container <container-name> --command "/bin/bash" --interactive |
Note: container-name is name given to the container in Task Definition. - Once accessed the task, run:
Code Block |
---|
|
chown -R tomcat:joget /opt/joget/wflow |
- Verify the ownership of the folder by running:
Code Block |
---|
|
ls -l /opt/joget |
. Ensure that the owner would be tomcat instead of root.
Note: You will only need to go through the above steps once as the folder will be shared through EFS.
Accessing Joget Through Load Balancer
Once Joget has been deployed and the health check is complete, you can access the application through the load balancer DNS.
- Go to EC2 console > Load Balancers.
- On the Load Balancer page, click the copy icon under the DNS Name column.
Image Added
- Paste the link in the browser.
Anchor |
---|
| jogetonecshttps |
---|
| jogetonecshttps |
---|
|
Deploy Joget on ECS Fargate with HTTPS Support
Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Request SSL Certificate from Amazon Certificate Manager(ACM)
Before requesting the SSL certificate, ensure that the domain name that will be used to request the certificate has been created beforehand as it will be used for DNS validation in the following steps.
- Go to ACM Console.
- Click Request.
- Leave the selection at Request a Public Certificate.
Image Added
- Enter the fully qualified domain.
Image Added
- Use DNS validation as the Validation Method.
Image Added
- Click Request.
- Click on the Certificate ID that has just been requested.
Image Added
- Under domains, there are information regarding the DNS validation.
- If you are using Route 53, you can quickly create the record set by clicking on Create Records on Route 53.
- If you are using different DNS provider, you will need to copy the CNAME Name and CNAME Value, and create a new record set with them.
Image Added
- Once you have created the record sets, the DNS will be validated. It may take a moment to propagate.
Create ECS Service(HTTPS)
- Click on one of the Cluster on ECS Dashboard.
- Under Services tab, click Create Service.
- Under Compute Options, choose one - If you are planning to use multiple Infrastructure, choose Capacity Provider Strategy. If you are using only one type of Infrastructure, choose Launch Type.
- On Deployment Configuration, choose Service as Application Type.
- Choose the Task Definition create above on Family dropdown.
- Enter the Desired Task number, depending on the load expected(Leave at one for testing purpose).
- Under networkingUnder Networking, you may choose your own VPC if available. You can leave as default for testing.
- Under Load Balancing, choose Application Load Balancer.
- Create or choose Existing Load Balancer.
- Enter or choose the Load Balancer name.
- Enter 30 in the Health Check Grace Period Period.
- For HTTPS, choose container 9080:9080.
- Specify the Listener and the Target Group:
- Use port 9080 in when creating new Listener.
- Use HTTPS protocol.
- Choose the ACM Certificate that you have requested and validated.
- Enter /jw on the Health Check path.
Image Added
- Click Create.
For further deployment steps, you may continue from here.
Applying Joget License
To apply license, you may visit here.
The System Key may be different from the guide, as it is using Domain as the System Key. Regardless, the process will remain the same.