Installing in Amazon Web Services

To use Lighthouse with Amazon Web Services (AWS), you will first need to create an Amazon Machine Image (AMI) containing Lighthouse in the AWS region that you want to deploy Lighthouse in. A temporary Linux “build-box” EC2 instance should be used to create a private Lighthouse AMI.

Note: This is a one-time procedure. The AMI can be used to create multiple instances of Lighthouse, and upgrades can be performed through the Lighthouse Web UI.

  1. Create an account on AWS with an IAM user, a key pair and an access key.

    • The IAM user should have, at a minimum, permissions to create, attach, delete, and snapshot EBS volumes as well as create an Amazon Machine Image (AMI).

    • If you are using IAM Identity Center, you can use an IAM Identity Center user with the same permissions instead. Consult Amazon documentation for more information if required.

  2. Create an AWS EC2 Linux instance, with the following settings:

    • Amazon Linux 2 or Amazon Linux 2023

    • t2.small instance type with default (8 GiB) root volume

    • 50GB gp3 volume

      Consult Amazon documentation for more information if required.

  3. Create a Lighthouse AMI, using the lighthouse-aws-bootstrap.sh script (usage information can be displayed by using the -h option) on the EC2 instance created in the previous step. The steps are detailed below.

    • Connect via SSH to your instance on AWS using the username ec2-user and the private key you created previously. All subsequent steps must be performed on the instance.

    • Configure AWS using the following command:
      aws configure

    • Provide the access key and region details (other settings may be left unchanged). If you are using IAM Identity Center, you will need to instead configure using aws configure sso, and set the CLI Profile Name to be default.

    • Download the aws-bootstrap script:
      wget http://ftp.opengear.com/download/lighthouse_software/current/lighthouse/aws/lighthouse-aws-bootstrap.sh

    • Run the lighthouse-aws-bootstrap.sh script as follows:
      bash ./lighthouse-aws-bootstrap.sh -n Lighthouse -r https://ftp.opengear.com/download/lighthouse_software/current/lighthouse/aws/lighthouse-24.02.0.aws.raw.tar
      Note: lighthouse-24.02.0.aws.raw.tar is the sample file. You must download the latest file for your version of Lighthouse

    • Wait while the Lighthouse AMI is created. This can take some time (up to 30 minutes).

    • After the AMI has been created, terminate the Linux EC2 instance to avoid incurring additional costs.

Running the bootstrap script - Example

$ bash ./lighthouse-aws-bootstrap.sh -n Lighthouse -r \
> http://ftp.opengear.com/download/lighthouse_software/current/lighthouse/aws/lighthouse-24.02.0.aws.raw.tar
Downloading image...
Image size is 54049899008 bytes (51 GiB)
Creating volume...
Attaching volume vol-09fb0b463f5a59eaf to EC2 instance...
Cloning image onto volume...
0+852971 records in
0+852971 records out
54049899008 bytes (54 GB, 50 GiB) copied, 845.072 s, 64.0 MB/s
Creating snapshot of volume...
Waiting for snapshot snap-0f83746856d985070 to complete...
Creating AMI from snapshot snap-0f83746856d985070...
Done!
Cleaning up...

Limitations

AWS support is currently limited to:

  • All standard Lighthouse operations

  • Running on the AWS platform

  • Providing aws-cli tools for interaction with AWS

  • Loading the provided SSH key for the root user

  • Running custom scripts on startup (see above)

  • Providing a root password via userdata (see above)

At this time Lighthouse does not support:

  • Using AWS's database services

  • Using AWS's redis services

  • Using any of AWS's scalability functionality

Note:If you want to deploy Lighthouse across different AWS regions an AMI will be needed in each region. Amazon supports copying AMIs between regions and offers a walkthrough of the necessary steps to do this.

Launch a Lighthouse Instance on AWS

Once the Lighthouse AMI has been created, it will display in the Amazon Machine Images (AMIs) section of the EC2 Management Console.

To create a new Lighthouse EC2 instance, select the Lighthouse AMI then "Launch instance from AMI".

Instance Type

Lighthouse should run on a general purpose instance type, such as M5.

Note:If an instance type that supports "burstable" CPU such as T2 is used, please ensure that unlimited CPU is selected, to avoid operational problems caused by CPU throttling.

Key Pair

EC2 requires a key pair to be specified when launching instances.

Network Settings

A security group should be created. Lighthouse requires some ports to be open:

  • SSH (TCP/22) – Secure Shell. Access should be limited to just your corporate network.

  • HTTPS (TCP/443) – Lighthouse Web UI and REST API. This is used by both web browsers and nodes (eg, for call-home enrollment).

  • OpenVPN (UDP/1194) – Lighthouse VPN. This is used to communicate with nodes once they are enrolled.

  • Other ports may need to be opened, depending on feature usage. For example

  • SNMP (UDP/161) – SNMP Management

  • OpenVPN (UDP/1195) – Lighthouse Multiple Instance VPN

  • HTTPS (TCP/8443) – Alternate REST API port

Storage

By default, the root volume will be around 53 GiB. This may be sufficient, depending on your intended usage. It is easier to specify more storage now, but more can be added later.

Advanced Details

An initial root password must be set in the UserData section.

password=topSecretPassword123

If the user does not specify the root password in the Advanced Details section they can set the root password using the ogpasswd utility.

Set a password for the root user on Lighthouse

If you are logged into Lighthouse via SSH keys, you will need to set root password to login via GUI. Use the "ogpasswd" utility to do this.

ogpasswd -u root -p MySecretPassword

Final Steps

When done, the EC2 Linux instance can be shut down and removed or saved for creating future instances.

Note: The root password must be specified in the Advanced Details.