AWS:- Launch a new OS (Windows and Linux) instance on EC2 and login to the server

AWS:- Launch a new OS  instance on EC2

1. Login to your AWS account
=>Go to Service  => Go to  Compute and click on  EC2

2. You are on Ec2 Dashboard => Click on Launch Instance under create instance

3. OS Selection - AMI - You have to create one windows and one linux based system.
    - Select one of the 'free tier eligible' Amazon Machine Image (AMI) and click Next
    - Here, you can select different kind of operating systems. I select Windows 2008 R2 Base
    - Why Win 2008 R2? -> Its small in size and takes less CPU/Mem and disk space.
    - On Linux based systems, select any free tier account.

4. Choose an Instance Type  ( Resource - CPU/Mem ) and click next
    select a free tier eligible t2.micro which gives you 1 GB RAM, 1 CPU free.

5. On Configure Instance Details page you will define no. of host, and network related info such as VPC, subnet.
    just leave everything default and click on Add storage

6. On Add Storage page, root disk comes with 30GB for windoes. For now just leave default and click on Add Tags

7. On Add Tags page, click on 'click to add Name tage and fill the following information
   Name WinVM/LinuxVM
   Owner Samrat
   Purpose Learning
   Type Dev Server

8. Next click on Configure Security Group
  - Here you can leave default and click on Review and Launch.
  - here AWS creates new security Group and Windows  RDP ( port 3389 ) is added, on linux based systems ssh (22) is added.
  - Simply click on Review and Launch

9. On Review Instance Launch page, click on Launch to launch an instance.

10. Now, you will be prompted to create a new key or use the existing key pair.
    - We will create a new key pair. Select create a new key pair from drop down box.
    - Type the name of the keypair on 'Key pair name' box and lcik on 'Download Key Pair' button to download the key to your PC.
Download key ( *.pem )

PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers
Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt a piece of data, such as a password, then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair.

11. Click on launch.
    - Wait for about 3-4 minutes, your instance is ready.

12. Now, You are on EC2 Dashboard
     - Click on Check box next the the Instance (WinVM) you want to login.
     -  Click on Connect
     - A 'Connect to your instance menu pops up.
     - Click on 'Download Remote Desktop File'
     - And click on 'Get Password' and click on 'Choose File'
     - Select the pem file you downloaded and click on 'Decrept Password' to decrept the code.
     - Now, Copy the following information
Public DNS: ec2-34-217-108-105.us-west-2.compute.amazonaws.com
User name: Administrator
Password : Ut5zUUAGUNF

On Linux Based VM,
     - Click on Check box next the the Instance (LinuxVM) you want to login.
     -  Click on Connect
     - A 'Connect to your instance menu pops up.
     - Here, you will get login info
         ssh -i "mykeyfile.pem" ec2-user@ec2-34-211-85-27.us-west-2.compute.amazonaws.com


How to connect to the server from your PC?

A. Connecting to Windows Systems.
1. You can simply click on RDP file you downloaded and enter your username/password

2. Open Remote Desktop and connect using the Public DNS address.
     - It will prompt you for username/passwd. After that you will be login into your machine.
           or
       Run => mstsc

How do you change the root (Administrator) password
=> Click on start => Administrative Tools => Computer Management.
=> Click on Local Users and Computer => Click on Users
=> R. Click on Administrator and click on set password to change

or

Press WinKey + R ( start + Run => Type lusrmgr.msc on the box and press enter
   - You will be on Local users and Groups (Local)
   - and  change Administrator password


2. Connecting Windows Instance from Linux based systems.
    - I will be testing on Redhat/Centos version 7 (Works on RHEL6 as well). My windows system info is below,
Public DNS: ec2-34-217-108-105.us-west-2.compute.amazonaws.com
User name: Administrator
Password : Ut5zUUAGUNF

    - Perform the following tasks on your Linux session
# yum install  *freerdp*
# xfreerdp  -u  administrator  <IP/DNS_name>
# xfreerdp  -u  administrator   ec2-34-217-108-105.us-west-2.compute.amazonaws.com

For older version of RHEL 5, ubuntu, use rdesktop

# yum  install rdesktop           -> RHEL/Centos
# apt-get   install  rdesktop     -> Ubuntu
- to connect
# rdesktop  -u  administrator  <IP/DNS_name> 


B. Connecting from your PC to Linux based Systems.

a. Connecting PC to Linux server using putty
1.  Go to putty.org site and download putty.exe, puttygen.exe (32 bit) [Download portable version]
     - Store both file on one folder

2. Convert .pem file to .ppk file format using puttygen file.
     - Since putty.exe cann't read key*.pem format, we have to convert it.
     - Open puttygen application and click on Load buttom.
    - Load the .pem file you downloaded from aws site.
    - Click on Save private Key as mykeyfile.ppk.

3. Open your putty now.
Here is login address provided by AWS
ssh -i "mykeyfile.pem" ec2-user@ec2-34-211-85-27.us-west-2.compute.amazonaws.com

   - Under Session  Look for hostname (or IP address)
   - Type IP or DNS_name with port 22
      (In my case: ec2-34-211-85-27.us-west-2.compute.amazonaws.com )
   - Go to Connection  => ssh => click on auth
   - Click on browse and select the key your saved. In my case - mykeyfile.ppk
   - It will prompt you for user, just type ec2-user, you should be able to login without any password.
   - Type sudo su - to become a root user. $ sudo su -

b. Connecting PC to Linux server using putty
   -  Go to google and search for MobaXterm_Portable. Download on your desktop and open the application.
     - Copy the downloaded key to your drive. I kept it under e:\downloads\awskeys

 ➤ cd e:/
 ➤ cd dowloads
 ➤ cd awskeys/
 ➤ ls
mynewvm.pem

    -  Now, login to your Amazon OS instance. You wil be login without prompting for password.
 ➤ ssh -i "mynewvm.pem" ec2-user@ec2-35-167-153-89.us-west-2.compute.amazonaws.com

3. Connecting  from linux systems to your linux server.

Note: Download winscp.exe program
1. Upload the .pem key you downloaded into your server and perform the following tasks.
# mkdir /opt/awskeys
# chmod 777 /opt/awskeys

Now move the key into /opt/awskeys
# ls - List the files/folders
# pwd - see what path you are in.
# chmod  400  mykeyfile.pem
# ssh -i  17aug2017org.pem  ec2-user@<PUB_IP/DNS_name>
$ whoami
To switch to  root user
$ sudo su -
# whoami


[root@sam ~]#  ssh -i "mykeyfile.pem" ec2-user@ec2-34-211-85-27.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2-34-211-85-27.us-west-2.compute.amazonaws.com (34.211.85.27)' can't be established.
ECDSA key fingerprint is fc:06:3a:fa:c2:e8:a4:10:5c:04:70:04:72:0f:96:cb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-34-211-85-27.us-west-2.compute.amazonaws.com,34.211.85.27' (ECDSA) to the list of known hosts.

Last login: Tue Apr  9 00:00:41 2019 from pool-108-45-108-236.washdc.fios.verizon.net
[ec2-user@ip-172-31-21-36 ~]$
[ec2-user@ip-172-31-21-36 ~]$ w
 00:28:55 up 46 min,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
ec2-user pts/0    pool-108-45-108- 00:00   19:51   0.02s  0.19s sshd: ec2-user [priv]
ec2-user pts/1    pool-108-45-108- 00:28    5.00s  0.01s  0.01s w
[ec2-user@ip-172-31-21-36 ~]$ sudo su -
Last login: Tue Apr  9 00:04:50 UTC 2019 on pts/0
[root@ip-172-31-21-36 ~]# whoami
root
[root@ip-172-31-21-36 ~]# logout
[ec2-user@ip-172-31-21-36 ~]$ whoami
ec2-user
[ec2-user@ip-172-31-21-36 ~]$

AWS:- Create a snapshot of a volume

AWS:- Create a snapshot of a volume

1. Login to Amazon Management Console
2. EC2 => Snapshots in the navigation pane
3. Choose Create Snapshot.
4. Select the volume you want to create a snapshot for.
5. Add tags to your snapshot if you like.
6. Choose Create Snapshot.


Using command line to create a snapshot

=> First go to the volume and get the volume IP of the colume you want to take snapshot.
Volume ID = vol-1234567890abcdef0

Command:
aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description "This is my root volume snapshot"

Source: Amazon

AWS:- Ansible Installation and Deployment on AWS servers

Ansible Installation and Deployment on AWS servers

1. Launch 3 EC2 instances on Oregan region as follows.
EC2 => Launch Instance => 3 machines { Redhat or Amazon ssd }
=> Security group [ http anywhere ]
=> Create new key pair and download to your wondows download folder.
=> Review and launch.

a. Get the private assress of your VM
Hostname Private IP Public IP
ansible 172.31.31.175 54.70.239.139
webvm1 172.31.17.217 35.163.159.143
webvm2 172.31.17.71 52.12.168.96

2. Now, we have 3 machines are ready. Rename the servers as ansible, web1 and web2
   a. User MobaX to connect to your LinuxVM.
        Open three MobaX tab to connect to three servers
➤ /drives/e/Downloads
ansible->    ssh -i "mykeyfile.pem" ec2-user@ec2-54-70-239-139.us-west-2.compute.amazonaws.com
webvm1->  ssh -i "mykeyfile.pem" ec2-user@ec2-35-163-159-143.us-west-2.compute.amazonaws.com
webvm2->   ssh -i "mykeyfile.pem" ec2-user@ec2-52-12-168-96.us-west-2.compute.amazonaws.com

   b. Setup all machines to connect directly as root or set up as password less authentication for root user.
- First login as normal user
- su to root  $ sudo su -
# mv /root/.ssh/authorized_keys  /opt
# vi /etc/ssh/sshd_config
  38 PermitRootLogin yes
            65 PasswordAuthentication yes
- Restart sshd demon.
# systemctl restart sshd/service httpd restart
- Chnage root password
# passwd root
- Verify direct root login with new password
➤ ssh root@ec2-54-70-239-139.us-west-2.compute.amazonaws.com
➤ ssh root@ec2-35-163-159-143.us-west-2.compute.amazonaws.com
➤ ssh root@ec2-52-12-168-96.us-west-2.compute.amazonaws.com
# ssh -q webvm1/webvm2


3. Since we don't have dns server set up. Add server entry to hostfile on your ansible server.
# vi /etc/hosts
172.31.31.175 ansible
172.31.17.217 webvm1
172.31.17.71 webvm2
- Try to ping webvm1 and webvm2 from ansible server. It will fail
- Go to security Group of ansible server. Incoming -> add rule for icmp ipv4 -> anywhere
- Now, it should ping.

[root@ip-172-31-31-175 ~]# ping webvm1
64 bytes from webvm1 (172.31.17.217): icmp_seq=2 ttl=255 time=0.494 ms

[root@ip-172-31-31-175 ~]# ping webvm2
64 bytes from webvm2 (172.31.17.71): icmp_seq=1 ttl=255 time=0.795 ms

4. On ansible server, install ansible
- First setup/enable epel repo on RHEL7 by changing from 0 to 1
- epel.repo file is already there. If not follow the instruction below.
# cd /tmp; wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install ./epel-release-latest-*.noarch.rpm
# vi /etc/yum.repos.d/epel.repo
[epel]
enabled=1
# yum update
# yum clean all; yum repolist
# yum  install ansible
- Now, ansible installation is completed.

5. Now, log out as ec3-user and log back in as a root user using MobaX.

6. Create/setup an inventory file [ This file is a core file of ansible]
- At the buttom of the page, ass this entry.
- You can categorize/ group server based on type, function
# vi /etc/ansible/hosts
[mywebvm]
webvm1 or IP
webvm2 or IP

7. Now, lets run some ansible commands
[root@ip-172-31-31-175 ~]# ansible mywebvm -m ping -u root -k
SSH password:
webvm2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
webvm1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

The command below lists all hardware related info of mywebvm servers.
[root@ip-172-31-31-175 ~]# ansible mywebvm -m setup -u root -k

8. Lets configure web server using ansible.

a. Install httpd service on all the servers [ all means all the servers, not on specific group]
   - Pay attention to group/all.
[root@ip-172-31-31-175 ~]# ansible all -u root -m yum -a "name=httpd state=latest" -k
\n\nComplete!\n"

  - Now start the service on all the machines now. [ I specified group name now]
[root@ip-172-31-31-175 ~]# ansible mywebvm -u root -m service -a "name=httpd state=restarted" -k
SSH password:
webvm2 | SUCCESS => {
    "changed": true,
    "name": "httpd",
    "state": "started"
}
webvm1 | SUCCESS => {
    "changed": true,
    "name": "httpd",
    "state": "started"
}

- Now get the public IP address of webvm1 and webvm2 and paste on your browser.
In our case, here is the info
webvm1 172.31.17.217 35.163.159.143
webvm2 172.31.17.71 52.12.168.96

- You should see default page.

- Lets go ahead and create/update our default page.
  - on your ansible server create an index page.
[root@ip-172-31-31-175 ~]# cat /root/index.html
<html>
<head>
  <title>Welcome to My AWS Page </title>
</head>
<body bgcolor=black>
        <font color=yellow><h1> <marquee> Samrat on the web </marquee></h1></font>
</body>
</html>
- Lets push this file to default doc root page.
[root@ip-172-31-31-175 ~]# ansible mywebvm -m copy -a 'src=/root/index.html dest=/var/www/html' -k
webvm1 | SUCCESS => {
webvm2 | SUCCESS => {

- Go to the browser and paste the public IP again and verify the update.
- Again change the index file and push the update. You will see the change.

To get help,
# ansible-doc -l


This way, you can deploy lots of config update to hundreds of servers.


Learm docket/kubernets, git/jenkins, ansible/puppet/chef,Vagrant/cloud

8. Shutdown your AWS VM using command line
Make sure you set up your PC/linux to use command line (aws-cmd)
INSTANCE-ID=i-016073db971619294

Stop EC2 Instnace
aws ec2 stop-instances --instance-id <INSTANCE-ID> --output json
aws ec2 wait instance-stopped --instance-ids <INSTNACE-ID>

Start EC2 Instnace
aws ec2 start-instances --instance-id <INSTNACE-ID> --output jso

Terminate EC2 Instances
aws ec2 terminate-instances --instance-ids <INSTNACE-ID> --output jso

=================xxxxx================