Document toolboxDocument toolbox

Pre-deployment steps

Owned by Sarabjeet Kaur
Last updated: Oct 26, 2023
2 min read

Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

Create EC2 Key Pairs

  1. From the AWS console, create two EC2 key pairs and upload them to S3 Bucket (Bucket name should be as per the Cluster name, and it should contain KM & Bastion host PEM keys)

  2. Use Keys in pem file format.

  3. One Key pair will be used to access the bastion host, and the other will be used to access all Kyvos nodes from the Kyvos Manager host.

  4. Used stack name and region in Keys name.

  5. If the stack name is demo, then the key names should be demo_bashtion.pem for the bastion host and demo_km.pem for Kyvos hosts.

Create EMR Keys

Manually create the KMS certificate by enabling In-Transit encryption and upload it on the S3 bucket.

  1. For this, execute the following commands on any Linux/Dev Box (172.26.41.26: root/impetus) to create the certificate to be used by the EMR service.

    $ openssl req -x509 -newkey rsa:1024 -keyout privateKey.pem -out certificateChain.pem -days 365 -nodes -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.<AWS Region>.compute.internal'

    Use the region name for a certificate where the cluster will be deployed. In the below example, the cluster will be deployed in the us-east2 region.

    Example for us-east-2 region

    $ openssl req -x509 -newkey rsa:1024 -keyout privateKey.pem -out certificateChain.pem -days 365 -nodes -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.us-east-2.compute.internal'
    $ cp certificateChain.pem trustedCertificates.pem
    $ zip -r -X <stack-name>-us-east2_emr_cert.zip certificateChain.pem privateKey.pem trustedCertificates.pem

    Example for intellicus-dryrun2 cluster

    $ zip -r -X intellicus-dryrun2-us-east2_emr_cert.zip certificateChain.pem privateKey.pem trustedCertificates.pem

  2. Upload the generated keys to the S3 bucket and delete the certificate zip file from the Linux node.

Kyvos installation bundle access information

Kyvos QA team releases the Kyvos bundle on a public S3 bucket, which is accessible using the S3 bucket Access Key & Secret Key.

Verify Kyvos Version

Open Managed Services CFT and search for S3DownloadPath and verify that the path is according to the CFT release version.

Kyvos License Details

Check the valid Kyvos license shared by the license team. In case of the first deployment for the customer, the License team will share the traditional olapengine.lic and creditload_eval.lic file. In case of a secondary deployment, there will be no need of creditload.lic file.

For Prod deployments, once the deployment is completed, the license request file will be generated and sent to the License team for getting the Production license. 

Copyright Kyvos, Inc. All rights reserved.