** 1 subnet == 1 AZ. ACL = access control list SN = subnet IGW = internet gateway CIDR - classless inter-domain routing. -where we assign ip ranges NAT - network adress translation ------------------ internal ip address ranges (rfc 1918) 10.0.0.0 -10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168 / 16 prefix) we will always use a /16 network adress -------------------- vpc - virtual private cloud think of vpc as a logical data center. you provision a section of the aws cloud in a virtual network. you can easily cutomize your network. example - a public-facing subnet for webservers, and private-facing backend db servers with no internet connection. you can create a hardware virtual private network (VPN) between corporate datacenter and VPC to leverage aws as an extens center (hybrid cloud) -------------- what can you do with a VPC? launch instances into a subnet assign custom IP ranges in each subnet configure toure tables betwen subnets create internet gateway. only 1 per VPC better security over aws resources security groups (are stateful - incoming rules are automatically allowed as outgoing) subnet ACL (not stateful. everything needs to be configured) ------------------ default VPC defualt have a route out to the internet each EC2 has a public and private ip the only way to restore a default VPC is to contact aws. security groups , ACL , default Route table are created by default. subnets and IGW are not created by default. --------- Peering connect one VPC to another using private ip addresses. (not over the internet) instances behave as if they are on same network. can also peer VPC with other AWS accounts VPC withing a SINGLE REGION star configuration - 1 central VPC peers with 4 others. NO TRASITIVE PEERING == the networks must be directly connected. example VPC-a is connected to VPC-b and VPC-c. VPC-b and VPC-c cann't talk to each other through VPC-a (transitive). they must be directly peered. CIDR blocks for the private IP's must be different between peering VPCs - VPC A 10.0.0.0/16 cant peer to VPC B if it has 10.0.0.0/24 ---------------- NAT NAT instances - traditional use for allowing an EC2 instance with no internet connection to have access to the internet for updates, install dbs... we use an EC2 instance from the community AMI search for NAT. remember to disable source/destination check on the instance. must be in a public subnet in the route table ensure there's a route out to the NAT instance. it's found in the default route table. the bandwidth the NAT instance supports depends on the instance type. to create high availability you need to use autoscaling groups, multiple subnets in different AZ and scripts to automate failover (lots of work..) need to set security group NAT gateways - easier access. preferd. scales automatically and no need to set security groups. if a NAT instance goes down, so does our internet connection. but with NAT gateways aws takes care of that automatically. supports bandwidth up to 10gb --------------- building a VPC process (not using the wizard): 1. start vpc , your VPC, create VPC 2. name, CIDR block (our ip ranges. we used 10.0.0.0/16), tenancy (shared or dedicated hardware). 3. default route table, ACL, security groups are created 4. subnets-> create -> name, vpc (select the newly created one), AZ , CIDR (we used 10.0.1.0/24 which will give us 10.0.1.xxx) 5. create anoter subnet ->name , vpc (same as above), AZ(different then above), CIDR (10.0.2.0/24) 6. internet gateways ->create ->name 7. attach to vpc (select newly created vpc) 8. route tables -> (main route table is private by default) 9. create new table -> name, vpc 10. edit -> add route that is open to the internet 11. subnet associations -> edit -> select a subnet that will be the public one 12. subnets -> selected the public one -> actions -> modify autoassign public ip. 13. deploy 2 EC2 instances. one is a public web server (can use a script). one is a private sql server. (notice for the auto-assign public ip..). for the private instace, set a new security group with ssh-10.0.1.0/24, mysql/aurora-10.0.1.0/24 14. for the mysqlserver add another rule for all ICMP with same ip address - this allows ping. 15. copy the content of the privateKey.pem file. 16. ssh into the web server -> create (echo or nano) new privateKey.pem file and paste the content. 17. chmod 0600 the privteKey.pem file (gives read and write privileges to that file). 18. ssh into sql server using the newly created file. 19. (NAT instace) launch an EC2 instance -> community -> search for nat 20. deploy into our VPC, and put into the public subnet. 21. use a public facing security group 22. actions -> networking -> change source/destination check->disable 23. VPC->route tables -> select the main route (nameless) -> add 0.0.0.0/0 target- our newly created EC2 (?? associate public subnet ) 24. (NAT gateway - replaces steps 19-23) VPC -> NAT gateways -> create -> subnet(public facing), elastic ip(create new EIP) 25. route tables -> main route table ->add 0.0.0.0/0 target - the newly created gateway. -------------- security groups vs NACL: security group acts as the first layer of defence. operates at the instance level. stateful N(network)ACL operates at the subnet level. stateless. denies all traffic by default a subnet can only be assiciated with one NACL. but an NACL can be assiciated with many subnets. if you try to add a ACL to a subnet the is already associated with an ACL, the new ACL will just replace the old one. rules are evalutaed in numerical order. the lowest number rules have precedens over later rules. example: rule 99 blocks my ip rull 100 allows all ips ==my ip is still blocked. you can't block using a security group --------------------------------------------- notes: when setting up an ELB, to get good availability you need at least two AZ or subnets. So notice if your VPC actually has more then 1 public subnet Bastion - used to securly administer EC2 instances in private subnets (using ssh or RDP-remote desktop protocal). used instaed of NAT. for our purposes, we used the nat-EC2 as a Bastion Flow logs - enable you to capture IP traffic flow information for the network interfaces in your resources and log them in cloudWatch.
|
||||||
|
|
Redis master-slave + KeepAlived achieve high availability Redis is a non-relational database that we currently use more frequently. It can support diverse data types, multi-threaded high concurrency support, and redis running in memory with faster read and write. Because of the excellent performance of redis, how can we ensure that redis can deal with downtime during operation? So today’s summary of the construction of the redis master-slave high-availability system, with reference to online bloggers of some great gods, found that many are pitted, so I share this one time, hoping to help everyone. Redis Features Redis and other key-value cache products have the following three characteristics: Redis supports the persistence of data, can keep the data in memory on the disk, and can be loaded again for use when restarted. Redis not only supports simple key-value types of data, but also provides data structures such as: Strings, Maps, Lists, Sets, and sorted sets. Storage. Redis supports data backup, that is, data backup in master-slave mode. The Redis advantage Rich data types – Redis supports Strings, Lists, Hashes, Sets, and Ordered Sets data type operations for binary cases. Atoms – All operations of Redis are atomic, and Redis also supports atomic execution of all operations after all operations. Rich features – Redis also supports publish/subscribe, notifications, key expiration, and more. Prepare environment CentOS 7 –> 172.16.81.140 –> Master Redis –> Master Keepalived CentOS7 –> 172.16.81.141 –> From Redis –> Prepared Keepalived VIP –> 172.16.81.139 Redis (normally 3.0 or later) KeepAlived (direct online installation) Redis compile and install cd /opt 2, configure the redis startup script vim /etc/init.d/redis #!/bin/sh #chkconfig:2345 80 90 # Configure the redis port number then echo “$PIDFILE exists,process is already running or crashed” else echo “Starting Redisserver…” $EXE $CONF & fi function stop () { then echo “$PIDFILE does not exist, process is not running” else PID=$(cat $PIDFILE) echo “Stopping …” $CLIEXE -p $REDISPORT -a $REDISPASSWORD shutdown while [ -x /proc/${PID} ] do echo “Waiting forRedis to shutdown …” sleep 1 done echo “Redis stopped” fi function restart () { sleep 3 start case “$1” in Grant execution permissions: chmod +x /etc/init.d/redis Add boot start: chkconfig –add redis chkconfig redis on See: chkconfig –list | grep redis The test closed the firewall and selinux beforehand. The production environment is recommended to open the firewall. 3, add redis command environment variables #vi /etc/profile #Add the 4. Start redis service Service redis start #Check ps -ef | grep redis Note: After we perform the same operation on our two servers, the installation completes redis. After the installation is completed, we directly enter the configuration master-slave environment. Redis master-slave configuration To extend back to the previous design pattern, our idea is to use 140 as the master, 141 as the slave, and 139 as the VIP elegant address. The application accesses the redis database through the 6379 port of the 139. In normal operation, when the master node 140 goes down, the VIP floats to 141, and then 141 will take over 140 as the master node, and 140 will become the slave node, continuing to provide read and write operations. When 140 returns to normal, 140 will perform data synchronization with 141 at this time, 140 the original data will not be lost, and the data that has been written into 141 between synchronization machines will be synchronized. After the data synchronization is completed, The VIP will return to the 140 node and become the master node because of the weight. 141 will lose the VIP and become the slave node again, and restore to the initial state to continue providing uninterrupted read and write services. 1, configure the redis configuration file Master-140 configuration file vim /etc/redis/redis.conf Slave-141 configuration file vim /etc/redis/redis.conf 2. Restart the redis service after the configuration is complete! Verify that the master and slave are normal. Master node 140 terminal login test: [root@localhost ~]# redis-cli -a 123456 Login test from node 141 terminal: [root@localhost ~]# redis-cli -a 123456 Master node 140 The masters and slaves of this redis have been completed! KeepAlived configuration to achieve dual hot standby Use Keepalived to implement VIP, and achieve disaster recovery through notify_master, notify_backup, notify_fault, notify_stop. 1, configure Keepalived configuration file Master Keepalived Profile vim /etc/keepalived/keepalived.conf global_defs { vrrp_script chk_redis { vrrp_instance VI_1 { track_script { notify_master /etc/keepalived/script/redis_master.sh Spare Keepalived Profile vim /etc/keepalived/keepalived.conf global_defs { vrrp_script chk_redis { vrrp_instance VI_1 { track_script { notify_master /etc/keepalived/script/redis_master.sh 2, configure the script Master KeepAlived — 140 Create a script directory: mkdir -p /etc/keepalived/script/ cd /etc/keepalived/script/ [root@localhost script]# cat redis_check.sh ALIVE=`/usr/local/redis/bin/redis-cli -a 123456 PING` if [ “$ALIVE” == “PONG” ];then echo $ALIVE exit 0 else echo $ALIVE exit 1 fi [root@localhost script]# cat redis_master.sh Sleep 10 # delay 10 seconds later to cancel synchronization after the data synchronization is complete echo “Run SLAVEOF NO ONE cmd …”>> $LOGFILE $REDISCLI SLAVEOF NO ONE >> $LOGFILE 2>&1 [root@localhost script]# cat redis_backup.sh REDISCLI=”/usr/local/redis/bin/redis-cli -a 123456″ LOGFILE=”/var/log/keepalived-redis-state.log” echo “[backup]” >> $LOGFILE date >> $LOGFILE echo “Being slave….” >>$LOGFILE 2>&1 Sleep 15 #delay 15 seconds to wait until the data is synchronized to the other side and then switch the role of master-slave echo “Run SLAVEOF cmd …”>> $LOGFILE $REDISCLI SLAVEOF 172.16.81.141 6379 >>$LOGFILE 2>&1 [root@localhost script]# cat redis_fault.sh LOGFILE=/var/log/keepalived-redis-state.log echo “[fault]” >> $LOGFILE date >> $LOGFILE [root@localhost script]# cat redis_stop.sh LOGFILE=/var/log/keepalived-redis-state.log echo “[stop]” >> $LOGFILE date >> $LOGFILE Slave KeepAlived — 141 mkdir -p /etc/keepalived/script/ cd /etc/keepalived/script/ [root@localhost script]# cat redis_check.sh ALIVE=`/usr/local/redis/bin/redis-cli -a 123456 PING` if [ “$ALIVE” == “PONG” ]; then echo $ALIVE exit 0 else echo $ALIVE exit 1 fi [root@localhost script]# cat redis_master.sh REDISCLI=”/usr/local/redis/bin/redis-cli -a 123456″ LOGFILE=”/var/log/keepalived-redis-state.log” echo “[master]” >> $LOGFILE date >> $LOGFILE echo “Being master….” >>$LOGFILE 2>&1 echo “Run SLAVEOF cmd …”>> $LOGFILE $REDISCLI SLAVEOF 172.16.81.140 6379 >>$LOGFILE 2>&1 sleep 10 # echo “Run SLAVEOF NO ONE cmd …”>> $LOGFILE $REDISCLI SLAVEOF NO ONE >> $LOGFILE 2>&1 [root@localhost script]# cat redis_backup.sh REDISCLI=”/usr/local/redis/bin/redis-cli -a 123456″ LOGFILE=”/var/log/keepalived-redis-state.log” echo “[backup]” >> $LOGFILE date >> $LOGFILE echo “Being slave….” >>$LOGFILE 2>&1 sleep 15 # echo “Run SLAVEOF cmd …”>> $LOGFILE $REDISCLI SLAVEOF 172.16.81.140 6379 >>$LOGFILE 2>&1 [root@localhost script]# cat redis_fault.sh LOGFILE=/var/log/keepalived-redis-state.log echo “[fault]” >> $LOGFILE date >> $LOGFILE [root@localhost script]# cat redis_stop.sh LOGFILE=/var/log/keepalived-redis-state.log echo “[stop]” >> $LOGFILE date >> $LOGFILE systemctl start keepalived systemctl enable keepalived ps -ef | grep keepalived Full understanding of the new features of MySQL 8.0First, the function added in MySQL 8.0 1, the new system dictionary table Integrated transaction data dictionary for storing information about database objects, all metadata is stored using the InnoDB engine 2, support for DDL atomic operations The DDL of the InnoDB table supports transaction integrity, either to be successful or to roll back, to write the DDL operation rollback log to the data dictionary data dictionary table mysql.innodb_ddl_log for rollback operations 3, security and user management Added caching_sha2_password authentication plugin and is the default authentication plugin. Enhanced performance and security Permissions support role New password history feature restricts reuse of previous passwords 4, support for resource management Supports creation and management of resource groups and allows the allocation of threads run by the server to specific groups for execution by threads based on the resources available to the resource group 5, innodb enhancements Self-enhanced optimization to fix MySQL bug#199, this bug causes MySQL to take the maximum self-increment on the table as the maximum when the DB is restarted, and the next allocation is to allocate max(id)+1 if it is an archive table or After the data is deleted in other modes, the DB system restarts, and self-enhancement may be reused. Added INFORMATION_SCHEMA.INNODB_CACHED_INDEXES to see the index pages of each index cache in the InnoDB buffer pool InnoDB temporary tables will be created in the shared temporary table space ibtmp1 InnoDB supports NOWAIT and SKIP LOCKED for SELECT … FOR SHARE and SELECT … FOR UPDATE statements The minimum value of innodb_undo_tablespaces is 2, and it is no longer allowed to set innodb_undo_tablespaces to 0. Min 2 ensures that rollback segments are always created in the undo tablespace, not in the system tablespace ALTER TABLESPACE … RENAME TO syntax Added innodb_dedicated_server to let InnoDB automatically configure innodb_buffer_pool_size according to the amount of memory detected on the server, innodb_log_file_size, innodb_flush_method New INFORMATION_SCHEMA.INNODB_TABLESPACES_BRIEF view A new dynamic configuration item, innodb_deadlock_detect, is used to disable deadlock checking, because in high-concurrency systems, when a large number of threads wait for the same lock, deadlock checking can significantly slow down the database. Supports use of the innodb_directories option to move or restore tablespace files to a new location when the server is offline 6, MySQL 8.0 better support for document database and JSON 7, optimization Invisible index, starting to support invisible index, (feeling the same as Oracle ), you can set the index to be invisible during the optimization of the SQL, the optimizer will not use the invisible index Support descending index, DESC can be defined on the index, before the index can be reversed scan, but affect performance, and descending index can be completed efficiently 8, support RANK (), LAG (), NTILE () and other functions 9, regular expression enhancements, provide REGEXP_LIKE (), EGEXP_INSTR (), REGEXP_REPLACE (), REGEXP_SUBSTR () and other functions 10. Add a backup lock to allow DML during online backup while preventing operations that may result in inconsistent snapshots. Backup locks supported by LOCK INSTANCE FOR BACKUP and UNLOCK INSTANCE syntax 11, the character set The default character set changed from latin1 to utf8mb4 12, configuration file enhancement MySQL 8.0 supports online modification of global parameter persistence. By adding the PERSIST keyword, you can persist the adjustment to a new configuration file. Restarting db can also be applied to the latest parameters. For adding the PERSIST keyword modification parameter command, the MySQL system will generate a mysqld-auto.cnf file that contains json format data. For example, execute: Set PERSIST expire_logs_days=10 ; # memory and json files are modified, restart also effective Set GLOBAL expire_logs_days=10 ; # only modify memory, restart lost The system will generate a file containing the following in the data directory mysqld-auto.cnf: { “mysql_server”: {“expire_logs_days”: “10” } } When my.cnf and mysqld-auto.cnf exist at the same time, the latter has a high priority. 13. Histogram The MySQL 8.0 version started to support long-awaited histograms. The optimizer will use the column_statistics data to determine the distribution of field values ??and get a more accurate execution plan. You can use ANALYZE TABLE table_name [UPDATE HISTOGRAM on col_name with N BUCKETS | DROP HISTOGRAM ON clo_name] to collect or delete histogram information 14, support for session-level SET_VAR dynamically adjust some of the parameters, help to improve statement performance. Select /*+ SET_VAR(sort_buffer_size = 16M) */ id from test order id ; Insert /*+ SET_VAR(foreign_key_checks=OFF) */ into test(name) values(1); 15, the adjustment of the default parameters Adjust the default value of back_log to keep the same with max_connections and increase the connection processing capacity brought by burst traffic. Modifying event_scheduler defaults to ON, which was previously disabled by default. Adjust the default value of max_allowed_packet from 4M to 64M. Adjust bin_log, log_slave_updates default is on. Adjust the expiry date of expire_logs_days to 30 days, and the old version to 7 days. In the production environment, check this parameter to prevent the binlog from creating too much space. Adjust innodb_undo_log_truncate to ON by default Adjust the default value of innodb_undo_tablespaces to 2 Adjust the innodb_max_dirty_pages_pct_lwm default 10 Adjust the default value of innodb_max_dirty_pages_pct 90 Added innodb_autoinc_lock_mode default value 2 16, InnoDB performance improvement Abandon the buffer pool mutex, split the original mutex into multiple, increase concurrent Splitting the two mutexes LOCK_thd_list and LOCK_thd_remove can increase the threading efficiency by approximately 5%. 17, line buffer The MySQL8.0 optimizer can estimate the number of rows to be read, so it can provide the storage engine with an appropriately sized row buffer to store the required data. Mass performance of continuous data scans will benefit from larger record buffers 18, improve the scanning performance Improving the performance of InnoDB range queries improves the performance of full-table queries and range queries by 5-20%. 19, the cost model The InnoDB buffer can estimate how many tables and indexes are in the cache, which allows the optimizer to choose the access mode to know if the data can be stored in memory or must be stored on disk. 20, refactoring SQL analyzer Improve the SQL analyzer. The old analyzer has serious limitations due to its grammatical complexity and top-down analysis, making it difficult to maintain and extend. Second, MySQL 8.0 in the abandoned features
Third, MySQL 8.0 is removed Query cache functionality was removed and related system variables were also removed Mysql_install_db is replaced by mysqld –initialize or –initialize-insecure The INNODB_LOCKS and INNODB_LOCK_WAITS tables under INFORMATION_SCHEMA have been deleted. Replaced with Performance Schema data_locks and data_lock_waits tables Four tables under INFORMATION_SCHEMA removed: GLOBAL_VARIABLES, SESSION_VARIABLES, GLOBAL_STATUS, SESSION_STATUS InnoDB no longer supports compressed temporary tables. PROCEDURE ANALYSE() syntax is no longer supported InnoDB Information Schema Views Renamed Remove’s server option: –temp-pool Remove configuration options: Innodb_file_format Remove the system variable information_schema_stats -> information_schema_stats_expiry Remove the state variable Com_alter_db_upgrade Remove function JSON_APPEND() –> JSON_ARRAY_APPEND() ENCODE() DECODE() DES_ENCRYPT() DES_DECRYPT() Remove’s client option: –ssl –ssl-verify-server-cert is deleted, with –ssl-mode = VERIFY_IDENTITY | alternative DISABLED | REQUIRED –secure-auth
MySQL 8 official version 8.0.11 has been released. Officially stated that MySQL 8 is 2 times faster than MySQL 5.7, and it also brings a lot of improvements and faster performance! The following is the record of the installation process of the person 2018.4.23 days. The entire process takes about an hour, and the make && make install process takes longer. I. Environment CentOS 7.4 64-bit Minimal Installation II. Preparation ??1. Installation dependencies Yum -y install wget cmake gcc gcc-c++ ncurses ncurses-devel libaio-devel openssl openssl-devel ??2. Download the source package Wget https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-boost-8.0.11.tar.gz (this version comes with boost) ??Create mysql user Groupadd mysql ??4 create an installation directory and data directory Mkdir -p /usr/local/mysql Three. Install MySQL8.0.11 ??1. Extract the source package Tar -zxf mysql-boost-8.0.11.tar.gz -C /usr/local ??2. Compile & Install Cd /usr/local/mysql-8.0.11 3. Configure the my.cnf file Cat /etc/my.cnf ## Please add parameters according to the actual situation 4 directory permissions modify Chown -R mysql:mysql /usr/local/mysql 5. Initialization Bin/mysqld –initialize –user=mysql –datadir=/data/mysql/ 6. Start mysql Bin/mysqld_safe –user=mysql & ??7. Modify account password Bin/mysql -uroot -p Mysql> show databases; ##Add Remote Account Mysql> create user root@’%’ identified by ‘123456’; ????Mysql> grant all privileges on *.* to root@’%’; ????Mysql> flush privileges; ??8. Create a soft link (non-essential) Ln -s /usr/local/mysql/bin/* /usr/local/bin/ Mysql -h 127.0.0.1 -P 3306 -uroot -p123456 -e “select version();” ??9. Add to start (non-essential) Cp support-files/mysql.server /etc/init.d/mysql.server Hereby explain: MySQL official recommended to use binary installation. (The following figure is a screenshot of the official document) Nginx load balancing and configuration 1 Load Balancing Overview The Load balancing is essentially implemented with the principle of reverse proxy, is a kind of technology that optimizes server resources and reasonably handles high concurrency, and can balance Server pressure to reduce user request wait time and ensure fault tolerance. Nginx is generally used as an efficient HTTP load balancing server to distribute traffic to multiple application servers to improve performance, scalability, and high availability. Principle: Internal A large number of servers can be built on the network to form a server cluster. When a user visits the site, they first access the public network intermediate server. The intermediate server is assigned to the intranet server according to the algorithm and shares the pressure of the server. Therefore, each visit of the user ensures the server. The pressure of each server in the cluster tends to balance, sharing server pressure and avoiding servers The collapse of the case. The nginx reverse proxy implementation includes the following load balancing HTTP, HTTPS, FastCGI, uwsgi, SCGI, and memcached. 2 Common Balancing Mechanisms of Load Balancing 1 round-robin: The requests are distributed to different servers in a polling manner. Each request is assigned to different back-end servers in chronological order. If the back-end server goes down, it is automatically removed to ensure normal services. . Configuration 1: Configuration 2: 2 Weight load balancing: if no weight is configured, the load of each server is the same. When there is uneven server performance, weight polling is used. The weight parameter of the specified server is determined by load balancing. a part of. Heavy load is great. 3 least-connected: The next request is allocated to the server with the least number of connections. When some requests take longer to respond, the least connections can more fairly control the load of application instances. Nginx forwards the request to the less loaded server. 4 ip-hash: Client-based IP address. When load balancing occurs, each request is relocated to one of the server clusters. Users who have logged in to one server then relocate to another server and their login information is lost. This is obviously not appropriate. Use ip_hash to solve this problem. If the client has accessed a server, when the user accesses it again, the request will be automatically located to the server through a hash algorithm. Each request is assigned according to the result of the IP hash, so the request is fixed to a certain back-end server, and it can also solve the session problem Attach an example: Server{ Max_fails allows the number of request failures to default to 1 1. Messaging 2. Desktop and App Streaming 3. Security and Identity 4. Management Tools 5. Storage 6. Databases 7. Networking & Content Delivery 8. Compute 9. AWS Global Infrastructure 10. Migration 11. Analytics 12. Application services 13. Developer Tools 1. Messaging: SNS - Simple Notification Service (Text, Email, Http) SQS - Simple queue Service 3. Security and Identity: IAM - Identity Access Management Inspector - Agent installed on VM provides security reports Certificate Manager - Provides free certificate for domain name. Directory Services - Provides Microroft Active directory WAF - Web Application Firewall (Application layer security x-site scripting / sql injection) Artifect - Get compliance ceriticate ISO PCI HIPPA 4. Management Tools: Cloud Watch - Performance of AWS environment (Disk, CPU, RAM utilization) Cloud Formation - Turn your AWS infrastructure into code. (Document) Cloud trail - Auditing your AWS environment OpsWork - Automatic deployment using chef Config - Monitor your environemnt, set alerts Service Catlog - Catlogs Enterprise authorise and authorise services Trusted Advisor - Scan Environemtn suggest Performance optimization, security opti fault tollerance suggestions 5. Storage S3 - Simple storage service Object based storage (DropBox) Glacier - Not instance access 4-5 hours to recoved the archived files. EFS - Elastic File service - File Storage Service Storage Gateway - Not in exam 6. Databases RDS - Relational Database Service ( SQL, MySQL, MariaDB, PostgreSQL, Aurora, and Oracle) DynamoDB - Non Relational Database (High performance, scalable) RedShift - Database Warehouse Service (Hudge data queries) Elasticache - Cacheing data on the cloud (Quicker to featch from database) 7. Networking & Content Delivery: VPC - Virtual Private Network Route 53 - Amazons DNS Service Cloud Front - Content Delivery Network Direct Connect - Connect your Data Center with direct physical telephone line 8. Compute EC2 - Elastic Coumpute Cloud EC2 Container Services - Not in Exam Elastic Beanstalk - developer's code on an infrastructure that is automatically provisioned to host that code Lambda - allows you to run code without having to worry about provisioning any underlying resources. Lightsail - New Service 9. AWS Global Infrastructure : 14 Regions and 38 Availibility zones 4 Regions and 11 more Availibility zones in 2017 66 Edge Locations Regions - Phisical Geographocal Areas (An independent collection of AWS computing resources in a defined geography.) Availibility Zones - Logical Data centers (Distinct locations from within an AWS region that are engineered to be isolated from failures.) Edge Location - Content Delivery Network CDN End Points for CloudFront (Very large media objects) ---------------------------------------------------------------------------------------------------------------- 10. Migration: Snowball - Connect different discs and transfer data into cloud like S3 DMS - Database Migration Service (Migrate Oracle SQL MySQL to cloud) SMS - Server Migration Service (Migrate VMWare to cloud) 11. Analytics: Athena - SQL queries on S3 EMR - Elastic Map Reduce is specifically designed to assist you in processing large data sets Big Data Processing (Big Data, Log analysis, Analyse finantial markets) Cloud Search - Fully Managed service Elastic Search - Open source Kinesis - Process tera bit data and analyse it (Financial transaction Social Media centiment analysis,) Data Pipeline - Move data from s3 to dynamo DB and vice-varsa Quick Sight - Business analysis tool. 12. Application services: Step Functions: Microservices used by your applicaitions SWF - Simple workflow service (co-ordinate physical and automated tasks) API Gateway - Publish and monitor API and scale AppStream - streaming desktop applications. Elastic transcoder - Helps to run video on different form factor and reolutions 13. Developer Tools: CodeCommit - Cloud git CodeBuild - Compiling the code CodeDeploy - Way to deploy code to EC2 instances CodePipeLine - Track different versions of code UAT Amazon Web Services (AWS)
Elastic Compute Cloud (EC2)
Regions and Availability Zones (AZ) Notes: We will only use Ireland (eu-west-1) region in this workshop. See also A Rare Peek Into The Massive Scale of AWS. — Networking in AWS
— Exercise: Launch an EC2 instance
— Exercise: SSH into the instanceSSH into the instance (find the IP address in the EC2 console) View instance metadata View your User Data and find the changes your script made Notes: You will have to reduce keyfile permissions — Exercise: Security groupsSetup a web server that hosts the id of the instance Configure the security group of your instance to allow inbound requests to your web server from anywhere. Check that you can access the page with your browser. — Exercise: Security groupsDelete the previous rule. Ask a neighbor for the name of their security group, and allow requests to your server from your neighbor’s security group. Have your neighbor access your web server from his/her instance. — Speaking of IP addresses, there is also Elastic IP Address. Later on, we will see use cases for this, as well as better alternatives. Also, notice the monitoring metrics. These come from CloudWatch. Later on, we will create alarms based on the metrics. — Elastic Block Store (EBS)
— EC2 cost
Identity and Access Management— Identity and Access Management (IAM)
Notes: Always use roles inside instances (do not store credentials there), or something bad might happen. — Quiz: Users on many levelsImagine running a content management system, discussion board or blog web application in EC2. How many different typesof user accounts you might have? Virtual Private Cloud— Virtual Private Cloud (VPC)
VPC with Public and Private Subnets — Access Control Lists
Auto Scaling
Provisioning capacity as needed —
— Auto Scaling instances
— Scaling Plans
— — Elastic Load Balancer
—
Public networking— Route 53
— CloudFront
chmod 400 SeniorServer.pem
Server: ssh -i "SeniorServer.pem" ec2-user@ec2-54-149-37-172.us-west-2.compute.amazonaws.com
password for root:qwe123456
server2: ssh -i "senior_design_victor.pem" ec2-user@ec2-54-69-160-179.us-west-2.compute.amazonaws.com
controller: ssh -i "zheng.pem" ec2-user@ec2-52-34-59-51.us-west-2.compute.amazonaws.com
DB: mysql -h seniordesign.c9btkcvedeon.us-west-2.rds.amazonaws.com -P 3306 -u root -p
username: root
password: qwe123456
use command "screen" to keep running server codes and controller codes on AWS
screen #create a new screen session
screen -ls #check running screens
screen -r screenID #resume to a screen
screen -X -S screenID kill #end a screen
MySQL:
create table transaction (username varchar(20), history varchar(20));
insert into property (username,password,money) values ("client1","123",100);
To create more replicated server/db:
Master (RDS) - all in mysql, no Bash - remember to remove [] from statements
1. Create new slave
CREATE USER '[SLAVE USERNAME]'@'%' IDENTIFIED BY '[SLAVE PASSWORD]';
2. Give it access
GRANT REPLICATION SLAVE ON *.* TO '[SLAVE USERNAME]'@'%';
Slave (Server) -
1. [Bash] Import the database from master
mysqldump -h seniordesign.c9btkcvedeon.us-west-2.rds.amazonaws.com -u root -p senior_design > dump.sql
2. [Bash] Import the dump.sql into your database
mysql senior_design < dump.sql
3. [Bash] Edit the /etc/my.cnf - will require root access, add the follow lines
**Remember to keep server-id different (currently using 10, so next is 11, etc...)
# Give the server a unique ID
server-id = #CHANGE THIS NUMBER#
#
# Ensure there's a relay log
relay-log = /var/lib/mysql/mysql-relay-bin.log
#
# Keep the binary log on
log_bin = /var/lib/mysql/mysql-bin.log
replicate_do_db = senior_design
4. [Bash] Restart mysqld
service mysqld restart
Master-Slave Connection Creation
1. On master (RDS) - type
show master status;
** We will need to keep note of File and Position
+----------------------------+----------+--------------+------------------+-------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+----------------------------+----------+--------------+------------------+-------------------+
| mysql-bin-changelog.010934 | 400 | | | |
+----------------------------+----------+--------------+------------------+-------------------+
2. On the slave, enter mysql then enter
CHANGE MASTER TO MASTER_HOST='seniordesign.c9btkcvedeon.us-west-2.rds.amazonaws.com', MASTER_USER='[SLAVE NAME]', MASTER_PASSWORD='[SLAVE PWD]', MASTER_LOG_FILE='[MASTER FILE] ', MASTER_LOG_POS= [MASTER POSITION];
3. On the slave, enter "START SLAVE;"
4. Make sure the slave started - "SHOW SLAVE STATUS\G;"
5. You can always triple check by adding a new row to senior_design in master then see if it updates in slave.
TROUBLESHOOTING
- If for some reason you mess up the slave in step 2.
[mysql] on the slave side
reset slave;
then repeat step 2 - 5
- If in SHOW SLAVE STATUS\G shows error
try
STOP SLAVE;
SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1;
START SLAVE;
error should be gone, but this will only skip the error; the error may still re-appear
use senior_design;
select count(*) from property;
Slave user pass:
Slave 1 - username: slave1 pass: slave1pwd
Slave 2 - username: slave2 pass: [slave2]
CHANGE MASTER TO MASTER_HOST='seniordesign.c9btkcvedeon.us-west-2.rds.amazonaws.com', MASTER_USER='slave1', MASTER_PASSWORD='slave1pwd', MASTER_LOG_FILE='mysql-bin-changelog.011030', MASTER_LOG_POS= 400;
CHANGE MASTER TO MASTER_HOST='seniordesign.c9btkcvedeon.us-west-2.rds.amazonaws.com', MASTER_USER='slave2', MASTER_PASSWORD='[slave2]', MASTER_LOG_FILE='mysql-bin-changelog.011030', MASTER_LOG_POS= 400;
Install $ wget http://download.redis.io/redis-stable.tar.gz TERMS COMMANDS FILES OPTIONS Configuration daemonize no keyword argument1 argument2 … argumentN slaveof 127.0.0.1 6380 Administration # passing arguments via CLI redis> config get GLOB — — Replication slaveof 192.168.1.1 6379 Redis Sentinel (26379) redis-sentinel /path/to/sentinel.conf # typical minimal config # Testing Redis Cluster ===================================== redis-cli -h <hostname> -p <port> -r <repeat (-1=forever)> -i <interval (secs)> -n <DB_NUM> <COMMAND> ========== tool (redis_monit.sh) [begin] ========== # update the monitor hosts – “live” # manual failover $ redis-cli -p 7002 debug segfault creating a bucket: Backup Files to Amazon S3 using the AWS CLI Step 2: install and configure aws cli Type aws configure and press enter. Enter the following when prompted: AWS Access Key ID [None]: enter the Access Key Id from the credentials.csv file you downloaded in step 1 part d Note: this should look something like AKIAPWINCOKAO3U4FWTN Note: this should look something like 5dqQFBaGuPNf5z7NhFrgou4V5JJNaWPy1XFzBfX3 Default region name [None]: enter us-east-1 Step 3: Using the AWS CLI with Amazon S3 Note: bucket naming has some restrictions; one of those restrictions is that bucket names must be globally unique (e.g. two different AWS users can not have the same bucket name); b. To upload the file my-first-backup.bak located in the local directory to the S3 bucket my-first-backup-bucket, c. To download my-first-backup.bak from S3 to the local directory we would reverse the order of the commands as follows: d. To delete my-first-backup.bak from your my-first-backup-bucket bucket, use the following command: additional commands recursively remove files (with caution!) list files: remove bucket: Launch a Linux Virtual Machine
===============================
Step 1: Launch an Amazon EC2 Instance
EC2 console > launch instance
Step 2: Configure your Instance
a. Amazon Linux AMI
b. t2.micro > default options
c. review and launch
d. create new key pair > "MyKeyPair" > Download key pair
Windows users: We recommend saving your key pair in your user directory in a sub-directory called .ssh (ex. C:\user\{yourusername}\.ssh\MyKeyPair.pem).
Mac/Linux users: We recommend saving your key pair in the .ssh sub-directory from your home directory (ex. ~/.ssh/MyKeyPair.pem).
Note: On Mac, the key pair is downloaded to your Downloads directory by default.
To move the key pair into the .ssh sub-directory, enter the following command in a terminal window: mv ~/Downloads/MyKeyPair.pem ~/.ssh/MyKeyPair.pem
click Launch instance
e. EC2 > View instances
f. make note of public ip address of the new instance
Step 3: Connect to your Instance
Windows users: Select Windows below to see instructions for installing Git Bash.
Mac/Linux user: Select Mac / Linux below to see instructions for opening a terminal window.
a. instructions to install git bash
b. open git bash to run ssh command
c. connect to your instance
Windows users: Enter ssh -i 'c:\Users\yourusername\.ssh\MyKeyPair.pem' ec2-user@{IP_Address} (ex. ssh -i 'c:\Users\adamglic\.ssh\MyKeyPair.pem' ec2-user@52.27.212.125)
Mac/Linux users: Enter ssh -i ~/.ssh/MyKeyPair.pem ec2-user@{IP_Address} (ex. ssh -i ~/.ssh/MyKeyPair.pem ec2-user@52.27.212.125)
Note: if you started a Linux instance that isn't Amazon Linux, there may by a different user name that is used.
common user names include ec2-user, root, ubuntu, and fedora.
If you are unsure what the login user name is, check with your AMI provider.
You'll see a response similar to the following:
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established.
RSA key fingerprint is 1f:51:ae:28:df:63:e9:d8:cf:38:5d:87:2d:7b:b8:ca:9f:f5:b1:6f.
Are you sure you want to continue connecting (yes/no)?
Type yes and press enter.
You'll see a response similar to the following:
Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts.
You should then see the welcome screen for your instance and you are now connected to your AWS Linux virtual machine in the cloud.
Step 4: Terminate Your Instance
a. EC2 console > instance > actions > Instance state > Terminate
b. confirm yes to terminate
Launch a Windows Virtual Machine
================================
Step 1: Enter the EC2 Dashboard
EC2 > console
Step 2: Create and Configure Your Virtual Machine
a. launch instance
b. Microsoft Windows Server 2012 R2 Base > select
c. instance type > t2.micro > Review and launch
d. default options > launch
Step 3: Create a Key Pair and Launch Your Instance
a. popover > select "create a new key pair" > name: "MyKeyPair" > Download key pair > MyFirstKey.pem
Windows users: We recommend saving your key pair in your user directory in a sub-directory called .ssh (ex.C:\user\{yourusername}\.ssh\MyFirstKey.pem).
Mac/Linux users: We recommend saving your key pair in the .ssh sub-directory from your home directory (ex.~/.ssh/MyFirstKey.pem).
b. Launch instance
c. on the next screen "View instances" > status
Step 4: Connect to Your Instance
connect using RDP
a. select instance > connect
b. login
The User name defaults to Administrator
To receive your password, click Get Password
c. choose MyFirstKey.pem > Decrypt password
d. save decrypted password in a safe location
Step 6: Connect to Your Instance
RDP client
a. Click download remote desktop file
b. enter username and password
you should be logged in!!
Step 7: Terminate Your Windows VM
a. EC2 Consolle > select instance > actions > Instance state > Terminate
b. confirm yes to terminate
|
|||||
|
Copyright © 2018 - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
Recent Comments