Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

How-to extend a root LVM partition online

How-to extend a root LVM partition online

This guide will explain you how to extend a root LVM partition online.

There is also a quick remedy for the emergency situation when your root partition runs out of disk space. There is a feature specific to ext3 and ext4 that can help the goal of resolving the full disk situation. Unless explicitly changed during filesystem creation, both by default reserve five percent (5%) of a volume capacity to the superuser (root).

# df -Th
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/mapper/vg_main-lv_root
              ext4    8.4G  8.0G  952K 100% /
tmpfs        tmpfs    499M     0  499M   0% /dev/shm
/dev/vda1     ext4    485M   33M  428M   8% /boot

# dumpe2fs /dev/vg_main/lv_root | grep 'Reserved block count'
dumpe2fs 1.41.12 (17-May-2010)
Reserved block count:     111513

It turned out 111513 of 4KB blocks were reserved for the superuser, which was exactly five percent of the volume capacity.

How to enable it?

# tune2fs -m 0 /dev/vg_main/lv_root 
tune2fs 1.41.12 (17-May-2010)
Setting reserved blocks percentage to 0% (0 blocks)
# df -Th
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/mapper/vg_main-lv_root
              ext4    8.4G  8.0G  437M  95% /
tmpfs        tmpfs    499M     0  499M   0% /dev/shm
/dev/vda1     ext4    485M   33M  428M   8% /boot

Now that we have some free space on the root partition to work on we can extend the LVM partition:

Create a new partition of appropriate size using fdisk

fdisk /dev/sdb1

This is a key sequence on the keyboard to create a new LVM type (8e) partition:

n, p, 1, enter (accept default first sector), enter (accept default last sector), t, 8e, w

Create a new Physical Volume

# pvcreate /dev/sdb1
  Writing physical volume data to disk "/dev/sdb1"
  Physical volume "/dev/sdb1" successfully created

Extend a Volume Group

# vgextend vg_main /dev/sdb1
  Volume group "vg_main" successfully extended

Extend your LVM

– extend the size of your LVM by the amount of free space on PV

# lvextend /dev/vg_main/lv_root /dev/sdb1
  Extending logical volume lv_root to 18.50 GiB
  Logical volume lv_root successfully resized

– or with a given size

lvextend -L +10G /dev/vg_main/lv_root

Finally resize the file system online

# resize2fs /dev/vg_main/lv_root
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_main/lv_root is mounted on /; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 2
Performing an on-line resize of /dev/vg_main/lv_root to 4850688 (4k) blocks.
The filesystem on /dev/vg_main/lv_root is now 4850688 blocks long.

Now we can set the reserved blocks back to the default percentage – 5%

tune2fs -m 5 /dev/mapper/vg_main-lv_root

Results:

# df -Th
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/mapper/vg_main-lv_root
              ext4     19G  8.0G  9.4G  46% /
tmpfs        tmpfs    499M     0  499M   0% /dev/shm
/dev/vda1     ext4    485M   33M  428M   8% /boot

Firewalld Centos-7

As of Centos7 the default firewall application has changed from iptables to firewalld. FirewallD provides dynamic filterinc versus static ones in iptables. You can read more about details of the features included at Fedora project page here and or on their official homepage here.

This page will help me to unlearn the iptables and remember the firewalld commands.

Get Initial information

  • Get the status of firewalld
 firewall-cmd --state
  • Reload the firewall without loosing state information:
 firewall-cmd --reload
  • Get a list of all supported zones
 firewall-cmd --get-zones
  • Get a list of all supported services
 firewall-cmd --get-services
  • Get a list of all supported icmptypes
 firewall-cmd --get-icmptypes
  • List all zones with the enabled features.
 firewall-cmd --list-all-zones
  • Print zone <zone> with the enabled features. If zone is omitted, the default zone will be used.
 firewall-cmd [--zone=<zone>] --list-all
  • Get the default zone set for network connections
 firewall-cmd --get-default-zone
  • Set the default zone
 firewall-cmd --set-default-zone=<zone>

All interfaces that are located in the default zone will be pushed in the new default zone, that defines the limitations for new external initiated connection attempts. Active connections are not affected.

  • Get active zones
 firewall-cmd --get-active-zones
  • Get zone related to an interface
 firewall-cmd --get-zone-of-interface=<interface>

 

Update the basic rules

This prints the zone name, if the interface is part of a zone

  • Add an interface to a zone
 firewall-cmd [--zone=<zone>] --add-interface=<interface>

Add an interface to a zone, if it was not in a zone before. If the zone options is omitted, the default zone will be used. The interfaces are reapplied after reloads.

  • Change the zone an interface belongs to
 firewall-cmd [--zone=<zone>] --change-interface=<interface>

This is similar to the –add-interface options, but pushes the interface in the new zone even if it was in another zone before.

  • Remove an interface from a zone
 firewall-cmd [--zone=<zone>] --remove-interface=<interface>
  • Query if an interface is in a zone
 firewall-cmd [--zone=<zone>] --query-interface=<interface>

Returns if the interface is in the zone. There is no output.

  • List the enabled services in a zone
 firewall-cmd [ --zone=<zone> ] --list-services
  • Enable panic mode to block all network traffic in case of emergency
 firewall-cmd --enable-panic
  • Disable panic mode
 firewall-cmd --disable-panic
  • Query panic mode
 firewall-cmd --query-panic

This returns the state of the panic mode, there is no output. To get a visual state use

 firewall-cmd --query-panic && echo "On" || echo "Off"

Runtime zone handling

In the runtime mode the changes to zones are not permanent. The changes will be gone after reload or restart.

  • Enable a service in a zone
 firewall-cmd [--zone=<zone>] --add-service=<service> [--timeout=<seconds>]

This enables a service in a zone. If zone is not set, the default zone will be used. If timeout is set, the service will only be enabled for the amount of seconds in the zone. If the service is already active, there will be no warning message.

  • Example: Enable ipp-client service for 60 seconds in the home zone:
 firewall-cmd --zone=home --add-service=ipp-client --timeout=60
  • Example: Enable the http service in the default zone:
 firewall-cmd --add-service=http
  • Disable a service in a zone
 firewall-cmd [--zone=<zone>] --remove-service=<service>

This disables a service in a zone. If zone is not set, the default zone will be used.

  • Example: Disable http service in the home zone:
 firewall-cmd --zone=home --remove-service=http

The service will be disabled in the zone. If the service is not enabled in the zone, there will be an warning message.

  • Query if a service is enabled in a zone
 firewall-cmd [--zone=<zone>] --query-service=<service>

This returns 1 if the service is enabled in the zone, otherwise 0. There is no output.

  • Enable a port and protocol combination in a zone
 firewall-cmd [--zone=<zone>] --add-port=<port>[-<port>]/<protocol> [--timeout=<seconds>]

This enables a port and protocol combination. The port can be a single port or a port range -. The protocol can be either tcp or udp.

  • Disable a port and protocol combination in a zone
 firewall-cmd [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>
  • Query if a port and protocol combination in enabled in a zone
 firewall-cmd [--zone=<zone>] --query-port=<port>[-<port>]/<protocol>

This command returns if it is enabled, there is no output.

Masquerading

This is used to hide internal addresses behind a public IP or port.

  • Enable masquerading in a zone
 firewall-cmd [--zone=<zone>] --add-masquerade

This enables masquerading for the zone. The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation and mostly used in routers. Masquerading is IPv4 only because of kernel limitations.

  • Disable masquerading in a zone
 firewall-cmd [--zone=<zone>] --remove-masquerade
  • Query masquerading in a zone
 firewall-cmd [--zone=<zone>] --query-masquerade

This command returns if it is enabled, there is no output.

  • Enable ICMP blocks in a zone
 firewall-cmd [--zone=<zone>] --add-icmp-block=<icmptype>

This enabled the block of a selected Internet Control Message Protocol (ICMP) message. ICMP messages are either information requests or created as a reply to information requests or in error conditions.

  • Disable ICMP blocks in a zone
 firewall-cmd [--zone=<zone>] --remove-icmp-block=<icmptype>
  • Query ICMP blocks in a zone
 firewall-cmd [--zone=<zone>] --query-icmp-block=<icmptype>

This command returns if it is enabled, there is no output.

  • Example: Block echo-reply messages in the public zone:
 firewall-cmd --zone=public --add-icmp-block=echo-reply
  • Enable port forwarding or port mapping in a zone
 firewall-cmd [--zone=<zone>] --add-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }

The port is either mapped to the same port on another host or to another port on the same host or to another port on another host. The port can be a singe port <port> or a port range <port>-<port>. The protocol is either tcp or udp. toport is either port or a port range -. toaddr is an IPv4 address. Port forwarding is IPv4 only because of kernel limitations.

  • Disable port forwarding or port mapping in a zone
 firewall-cmd [--zone=<zone>] --remove-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }
  • Query port forwarding or port mapping in a zone
 firewall-cmd [--zone=<zone>] --query-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }

This command returns if it is enabled, there is no output.

  • Example: Forward ssh to host 127.0.0.2 in the home zone
 firewall-cmd --zone=home --add-forward-port=port=22:proto=tcp:toaddr=127.0.0.2

Permanent zone handling

The permanent options are not affecting runtime directly. These options are only available after a reload or restart. To have runtime and permanent setting, you need to supply both. The –permanent option needs to be the first option for all permanent calls.

  • Get a list of supported permanent services
 firewall-cmd --permanent --get-services
  • Get a list of supported permanent icmptypes
 firewall-cmd --permanent --get-icmptypes
  • Get a list of supported permanent zones
 firewall-cmd --permanent --get-zones
  • Enable a service in a zone
 firewall-cmd --permanent [--zone=<zone>] --add-service=<service>

This enables the service in the zone permanently. If the zone option is omitted, the default zone is used.

  • Disable a service in a zone
 firewall-cmd --permanent [--zone=<zone>] --remove-service=<service>
  • Query if a service is enabled in a zone
 firewall-cmd --permanent [--zone=<zone>] --query-service=<service>

This command returns if it is enabled, there is no output.

  • Example: Enable service ipp-client permanently in the home zone
 firewall-cmd --permanent --zone=home --add-service=ipp-client
  • Enable a port and protocol combination permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --add-port=<port>[-<port>]/<protocol>
  • Disable a port and protocol combination permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --remove-port=<port>[-<port>]/<protocol>
  • Query if a port and protocol combination is enabled permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --query-port=<port>[-<port>]/<protocol>

This command returns if it is enabled, there is no output.

  • Example: Enable port 443/tcp for https permanently in the home zone
 firewall-cmd --permanent --zone=home --add-port=443/tcp
  • Enable masquerading permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --add-masquerade

This enables masquerading for the zone. The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation and mostly used in routers. Masquerading is IPv4 only because of kernel limitations.

  • Disable masquerading permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --remove-masquerade
  • Query masquerading permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --query-masquerade

This command returns if it is enabled, there is no output.

  • Enable ICMP blocks permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --add-icmp-block=<icmptype>

This enabled the block of a selected Internet Control Message Protocol (ICMP) message. ICMP messages are either information requests or created as a reply to information requests or in error conditions.

  • Disable ICMP blocks permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --remove-icmp-block=<icmptype>
  • Query ICMP blocks permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --query-icmp-block=<icmptype>

This command returns if it is enabled, there is no output.

  • Example: Block echo-reply messages in the public zone:
 firewall-cmd --permanent --zone=public --add-icmp-block=echo-reply
  • Enable port forwarding or port mapping permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --add-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }

The port is either mapped to the same port on another host or to another port on the same host or to another port on another host. The port can be a singe port <port> or a port range <port>-<port>. The protocol is either tcp or udp. toport is either port or a port range -. toaddr is an IPv4 address. Port forwarding is IPv4 only because of kernel limitations.

  • Disable port forwarding or port mapping permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --remove-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }
  • Query port forwarding or port mapping permanently in a zone
 firewall-cmd --permanent [--zone=<zone>] --query-forward-port=port=<port>[-<port>]:proto=<protocol> { :toport=<port>[-<port>] | :toaddr=<address> | :toport=<port>[-<port>]:toaddr=<address> }

This command returns if it is enabled, there is no output.

  • Example: Forward ssh to host 127.0.0.2 in the home zone
 firewall-cmd --permanent --zone=home --add-forward-port=port=22:proto=tcp:toaddr=127.0.0.2

Direct options

The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/…), chain (INPUT/OUTPUT/FORWARD/…), commands (-A/-D/-I/…), parameters (-p/-s/-d/-j/…) and targets (ACCEPT/DROP/REJECT/…). Direct options should be used only as a last resort when it’s not possible to use for example –add-service=service or –add-rich-rule=’rule’. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables(8)), with ipv6 for IPv6 (ip6tables(8)) and with eb for ethernet bridges (ebtables(8)).

  • Pass a command through to the firewall. <args> can be all iptables, ip6tables and ebtables command line arguments
 firewall-cmd --direct --passthrough { ipv4 | ipv6 | eb } <args>
  • Add a new chain <chain> to a table <table>.
 firewall-cmd [--permanent] --direct --add-chain { ipv4 | ipv6 | eb } <table> <chain>
  • Remove a chain with name <chain> from table <table>.
 firewall-cmd [--permanent] --direct --remove-chain { ipv4 | ipv6 | eb } <table> <chain>
  • Query if a chain with name <chain> exists in table <table>. Returns 0 if true, 1 otherwise.
 firewall-cmd [--permanent] --direct --query-chain { ipv4 | ipv6 | eb } <table> <chain>

This command returns if it is enabled, there is no output.

  • Get all chains added to table <table> as a space separated list.
 firewall-cmd [--permanent] --direct --get-chains { ipv4 | ipv6 | eb } <table>
  • Add a rule with the arguments <args> to chain <chain> in table <table> with priority <priority>.
 firewall-cmd [--permanent] --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>
  • Remove a rule with the arguments <args> from chain <chain> in table <table>.
 firewall-cmd [--permanent] --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <args>
  • Query if a rule with the arguments <args> exists in chain <chain> in table <table>. Returns 0 if true, 1 otherwise.
 firewall-cmd [--permanent] --direct --query-rule { ipv4 | ipv6 | eb } <table> <chain> <args>

This command returns if it is enabled, there is no output.

  • Get all rules added to chain <chain> in table <table> as a newline separated list of arguments.
 firewall-cmd [--permanent] --direct --get-rules { ipv4 | ipv6 | eb } <table> <chain>

Docker centos7

Introduction

In previous posts we have seen the installation and working of Docker. This post will explain the installation of the Docker Community Edition (CE) on CentOS. If you are looking for the Ubuntu installation you should check our this post.

 

Step 1 | Remove Old Versions

$ sudo yum remove docker docker-common docker-selinux docker-engine

Step 2 | Install Required Packages

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

Step 3 | Setup the Docker CE Repository

$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Step 4 | Update the Packages

$ sudo yum update

Step 5 |Install specific version (Production recommended)

$ sudo yum list docker-ce.x86_64  --showduplicates | sort -r

Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
docker-ce.x86_64            17.06.0.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.2.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.0.ce-1.el7.centos             docker-ce-stable
Available Packages

$ sudo yum install docker-ce-<VERSION>

Step 6 | Install through respository

$ sudo yum install docker-ce

Step 7 | Start Docker

$ sudo systemctl start docker

Step 8 | Verify the Installation

$ sudo docker run hello-world

This will install the Docker on CentOS.

Redis

what is Redis

Redis is a key-value storage system. Similar to Memcached, it supports storing relatively many value types, including string, list, set, and zset.
These data types support push / pop, add / remove, and intersection and union and difference sets and richer operations, all of which are atomic.
On this basis, Redis supports a variety of different sorts. Like memcached, data is cached in memory for efficiency.
The difference is that Redis periodically writes updated data to disk or writes modifications to additional log files and implements master-slave synchronization based on this. Redis is a high-performance key-value database.
The emergence of Redis, a large extent, to compensate for such lack of keyvalue memcached storage, in some cases can play a good complement to the relational database.

 

1, Redis installation

1.1 Pre-installation environment description

Using a CentOS 7 version of Linux system with
master ip of 192.168.1.110
slave ip of 192.168.1.111 The

1.2 Download Redis

Redis can go to the official website to download: https://redis.io/download , now the latest stable version has reached 4.0.
Used here is redis-4.0.1.tar.gz .

1.3 installation steps

$ wget http://download.redis.io/releases/redis-4.0.1.tar.gz
$ tar xzf redis-4.0.1.tar.gz -C /usr/local/
$ cd /usr/local/redis-4.0.1
$ make & make test
make Possible exceptions

make[1]: Leaving directory `/usr/local/redis-4.0.1/src’ make[1]: Entering directory `/usr/local/redis-4.0.1/src’
You need tcl 8.5 or newer in order to run the Redis test
make[1]: *** [test] Error 1
make[1]: Leaving directory `/usr/local/redis-4.0.1/src’
make: *** [test] Error 2
solution

yum install -y tcl

2, Redis simple configuration

All configuration changes are in this configuration file

/usr/local/redis-4.0.1/redis.conf

 

2.2 bound host address

Bind after the host to add ip,from behind Redis need to connect through the IP.

bind 127.0.0.1 192.168.1.110

2.3 Set Redis password

The password is set herejaven

# requirepass foobared
requirepass mohan

2.4 Set the Redis port number

The default port is6379

port 6379

3, test Redis

start up
/usr/local/redis-4.0.1/redis.conf
src/redis-server

src/redis-server redis.conf
Client connection

src/redis-cli
src/redis-cli -a mohan

/usr/local/redis-4.0.1/redis.conf
src/redis-cli shutdown
src/redis-cli -p 6666 shutdown

 

4, Redis master-slave replication configuration

Redis master-slave replication is very powerful, a master can have multiple slaves, and a slave can have multiple slaves, so go on, forming a powerful multi-level server cluster architecture. The following simple configuration.

Modify the slave’s redis configuration file

Master’s redis configuration file bindcan be set as long as

Slave redis modify the slave configuration file slaveof 10.211.55.3 6379 (mapped to the main server, 6379the port number)
can also be dynamically set:
Redis-cli connected to the slave node server, execute the following command.
slaveof 10.211.55.3 6379

If master sets the authentication password, you also need to configure masterauth. Here I set the master authentication password javen, so configure masterauth javen.

After configuring the slave start the Redis service, OK, master-slave configuration is completed (is not very simple).
The following test:
In the master and slave, respectively, the info command to view the results are as follows:

slave:

[root@centos-linux-2 redis-4.0.1]# src/redis-cli
127.0.0.1:6379> info

 

 

5, Redis remote connection

Usage: redis-cli [OPTIONS] [cmd [arg [arg …]]]

-h <host ip>, the default is 127.0.0.1

-p <port>, the default is 6379

-a <password>, redis lock, you need to pass the password

-help, Show help information

redis-cli -h 10.211.55.4 -p 6379 -a javen

 

Master and slave MySQL versions are MySQL5.6.31

Master and slave MySQL versions are MySQL5.6.31

Primary server IP: 192.168.1.178

From the server IP: 192.168.1.145

Master and slave are able to ping each other.

A?192.168.1.178?Master?
B?192.168.1.145?Slave?

 

service mysqld stop
service mysqld start
service mysqld restart

 

mysql> grant replication slave on *.* to ‘mohan’@’192.168.1.145’ identified by ‘123456’;
mysql> flush privileges;

vi /etc/my.cnf

port=3306

binlog-ignore-db=mysql
server-id=1
expire-logs-days=7
binlog-ignore-db=information_schema
binlog-ignore-db=performation_schema
binlog-ignore-db=sys
binlog-ignore-db=gogs

service mysqld restart

mysql -u root -proot -P3306
mysql> flush tables with read lock;

show master status;

mysql> show master status;
+——————+———-+————–+——————————————————-+——————-+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+——————+———-+————–+——————————————————-+——————-+
| mysql-bin.000001 | 154 | | mysql,information_schema,performation_schema,sys,gogs | |
+——————+———-+————–+——————————————————-+——————-+
1 row in set (0.00 sec)

5 Slave

# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

log-bin=mysql-bin
server-id=3
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performation_schema
binlog-ignore-db = sys
log-slave-updates
slave-skip-errors=all
slave-net-timeout=60

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

 

service mysqld restart

 

mysql> stop slave;
mysql> change master to master_host=’192.168.1.178′,master_user=’mohan’,master_password=’123456′,master_log_file=’mysql-bin.000001′, master_log_pos= 154;
mysql> show slave status \G;

mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql>

Setting up MySQL server on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

Install the mysqld server
sudo yum install -y mysql55-server

start the mysqld instance
sudo service mysqld start

the following command ensure launches mysqld on server restart
sudo chkconfig mysqld on

run the following command to set password for root user and delete test databases.
sudo mysql_secure_installation

make a note of the root password ????

Let’s try to create a user and database. This way we can control the database access levels.
mysql -uroot -pmy_root_password

I’m going to create a db_demo with demo_user having password demo123.
CREATE DATABASE db_demo;
USE db_demo;
CREATE USER 'demo_user'@'localhost' IDENTIFIED BY 'demo123';
GRANT ALL PRIVILEGES ON *.* TO 'demo_user'@'localhost' WITH GRANT OPTION;
CREATE USER 'demo_user'@'%' IDENTIFIED BY 'demo123';
GRANT ALL PRIVILEGES ON *.* TO 'demo_user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

That’s it. You are all set.

Note:

    • details on mysql privileges can be found here
    • Don’t forget to open the default port 3306 if you want to access the database outside the ec2 instance boundary
    • useful mysqld commands

  • sudo service mysqld start
  • sudo service mysqld stop
  • sudo service mysqld restart
  • sudo service mysqld status

 

Setting git on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

install developer tools
sudo yum groupinstall -y "Development Tools"

install git
sudo yum install git

checkout the source code
git clone https://my.git.repo.git
cd my_local_git_folder
git checkout -f branch_to_checkout

Installing node.js on amazon EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

#install developer tools
sudo yum groupinstall -y "Development Tools"

Install the node using nvm as it allows you to switch between any version of the node ????
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.32.0/install.sh | bash
. ~/.nvm/nvm.sh
nvm install 4.4.5
node -e "console.log('Running Node.js ' + process.version)"

Install pm2
npm install pm2 -g --save

pull the source code in ec2 instance. run your node app using pm2
pm2 start app.js --name="api"

Monitoring Memory Utilisation of aws EC2 instance in CloudWatch

Connect to your EC2 instance using ssh.
ssh -i ec2-user@my_ec2_ip_address

Install following perl packages
sudo yum install -y perl-Switch perl-DateTime perl-Sys-Syslog perl-LWP-Protocol-https

Download the monitoring scripts
curl http://aws-cloudwatch.s3.amazonaws.com/downloads/CloudWatchMonitoringScripts-1.2.1.zip -O

Install the monitoring scripts
unzip CloudWatchMonitoringScripts-1.2.1.zip
rm CloudWatchMonitoringScripts-1.2.1.zip
cd aws-scripts-mon

run the following command to check the memory utilisation.
./mon-get-instance-stats.pl --recent-hours=12

In order to push this data periodically to cloud watch, we need to create an IAM user with relevant permissions, then schedule a cron job to periodically push the data to aws cloud watch.

Create a new IAM user and provide him access to the ec2 instance and cloud watch. Make a note of the aws credentials i.e. access key and secret key. You need this later. Make sure the IAM user has following access.

cloudwatch:PutMetricData
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics
ec2:DescribeTags

For the purpose of the demo, you can provide full access to EC2 and CloudWatch (This is not recommended for production.)

run the following command
cp awscreds.template awscreds.con

open the file  awscreds.conf and enter the key & secret.
The content of the file should look something like this

AWSAccessKeyId=AKAWSACESSKEYSA
AWSSecretKey=z/NOAWSSECRETkeyzt

Run the following command to push the data to cloud watch
./mon-put-instance-data.pl --mem-util --mem-used --mem-avail

Now, configure the cron tab to automate this process at eveny 5 minutes interval.
crontab -e
*/5 * * * * ~/aws-scripts-mon/mon-put-instance-data.pl --mem-util --disk-space-util --disk-path=/ --from-cron

In your aws console, go to cloud watch section, and select Metrics => custom namespaces => Linux System. Select the required metrics.

 

AWS S3 permissions

A quick tip on aws S3 permissions to a specific folder in a bucket.

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::nameofmybucket/profile/*"
]
}]
}

Try to avoid bucket root level permission as much as possible. Also, try to use cognito if the client wants to directly access aws resources.

Page 3 of 16612345...102030...Last »