Amazon Ec2

ELB comparison https://www.sumologic.com/aws/elb/aws-elastic-load-balancers-classic-vs-application/

Create additional account on a linux machine

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html

Export all the EC2 information in a google drive sheet

you need to enable this pluing and select an iam account keys with ec2 readonly permissions
https://chrome.google.com/webstore/detail/amazon-ec2-reports/mliidcedfplmhaagjiaoidjnljhbflco

Login in a windows machine

The procedure is not the same here the details http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2Win_GetStarted.html#connecting_to_windows_instance

From linux with remmina , i put the secure connection to "RDP" and the connection was enstablish but every 20 seconds fall down. From windows with the default program instead works.

Automation of instance

In this nice article http://www.fittedcloud.com/blog/cloudssh-an-intelligent-ssh-tool-for-cloud-developers/ this developer explain how to automate the day by day job

  1. Powers up an instance
  2. Gets its IP address
  3. SSH to the instance
  4. Powers down the instance when the SSH session ends and no other SSH sessions exist.

Expand of an hard disk linux and windows

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html

Copy an instance from a Region to another using AMI

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
steps to do

  • connecto to source region
  • create a snapshot of the machine to copy
  • create an ami from the snapshot
  • copy the ami just created to the destination region
  • login to the destination region
  • create an instance from that ami copied before

Problema con alcune micro

Mi è capitato in una sola micro di avere un bug che al riavvio non riuscivo più ad entrare in ssh perchè il demone non veniva avviato. Cercando un po' sul web parla di storage effimeri da eliminare da fstab. Questo non c'entra niente perchè sulla micro non avevo storage effimeri ma solo uno fisso da 8 GB. Su alcune istanze della stessa ami mi è capitato su altre no.
Per risolvere il problema ho operato così

  • spento la macchina in questione
  • detach lo storage
  • montato su un'altra macchina accessa come storage aggiuntivo, lo monta senza problemi
  • modificare il file della conf di ssh come spiegato sotto
  • detach storage e attach alla macchina originaria
  • riavvio macchina orginaria

Il file è /etc/init/ssh.conf
Ho rimpiazzato il pezzo

start on filesystem

con
start on (started network-interface or started network-manager or started networking)

Riferimenti sui forum https://forums.aws.amazon.com/thread.jspa?threadID=51267 e https://forums.aws.amazon.com/thread.jspa?threadID=51279

Amazon EBS Volume Performance

source http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.html

Amazon EBS Performance Tips

  • There is a 5 to 50 percent reduction in IOPS when you first access each block of data on a newly created or restored EBS volume (General Purpose (SSD), Provisioned IOPS (SSD), or Magnetic). You can avoid this performance hit by accessing each block in advance. Prewarm
  • General Purpose (SSD) and Provisioned IOPS (SSD) volumes have a throughput limit of 128 MB/s per volume. Some instance types can drive more I/O throughput than you can provision for a single volume. You can join multiple General Purpose (SSD) or Provisioned IOPS (SSD) volumes together in a RAID 0 configuration to use the available bandwidth for these instances. You can also provide redundancy for your volumes with a RAID 1 (mirrored) configuration. For more information,
  • Amazon Web Services provides performance metrics for EBS that you can analyze and view with Amazon CloudWatch and status checks that you can use to monitor the health of your volumes. For more information, see Monitoring the Status of Your Volumes.
  • Frequent snapshots provide a higher level of data durability, but they may slightly degrade the performance of your application while the snapshot is in progress. This trade off becomes critical when you have data that changes rapidly. Whenever possible, plan for snapshots to occur during off-peak times in order to minimize workload impact.

Some interesting links:

Workload Demand

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-workload-demand.html

Amazon EC2 Instance Configuration

The only way to ensure sustained reliable network bandwidth between your EC2 instance and your EBS volumes is to launch the EC2 instance as EBS-optimized or choose an instance type with 10 Gigabit network connectivity. To see which instance types include 10 Gigabit network connectivity, see Instance Type Details.
In this page http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-ec2-config.html there is a list of images and Dedicated EBS Throughput (Mbps) Max 16K IOPS** Max Bandwidth (MB/s)

I/O Characteristics - What are IOPS?

  • IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is 256 KB or smaller) as one IOPS.
  • I/O operations that are larger than 256 KB are counted in 256 KB capacity units. For example, a 1,024 KB I/O operation would count as 4 IOPS.
  • When you provision a 4,000 IOPS volume, you can transfer up to 4,000 chunks of data per second
  • This configuration could transfer 4,000 32 KB chunks, 2,000 64 KB chunks, or 1,000 128 KB chunks of data per second as well, before hitting the 128 MB/s per volume throughput limit.
  • For 32 KB or smaller I/O operations, you should see the amount of IOPS that you have provisioned, provided that you are driving enough I/O to keep the drives busy.
  • For smaller I/O operations, you may even see an IOPS value that is higher than what you have provisioned (when measured on the client side), and this is because the client may be coalescing multiple smaller I/O operations into a smaller number of large chunks.

Pre-Warming Amazon EBS Volumes

you can avoid this performance hit in a production environment by writing to or reading from all of the blocks on your volume before you use it; this process is called pre-warming. Writing to all of the blocks on a volume is preferred, but that is not an option for volumes that were restored from a snapshot.
in this page http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html is written like do this with the dd command in linux

RAID Configuration

how create a raid 0 or 1 in linux http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html

Benchmark Volumes

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/benchmark_piops.html
how to do benchmarck with xfsprogs in linux

Linux AMI

if you want use postfix on linux ami you need to remove sendmail installed by default , like is showed here
http://cybart.com/how-to-install-and-configure-postfix-on-amazon-ec2/

/etc/init.d/sendmail stop
yum remove sendmail
/etc/init.d/postfix start

edit the main.cf and restart postfix
check the log in /var/log/maillog

Reading userdata user-data user_data inside a machine

curl http://169.254.169.254/latest/user-data

Cloud-init / userdata in a windows machine

<powershell>
echo "eu-west-1.compute.internal eu-west-1.ec2-utilities.amazonaws.com" > c:\lab1.txt
Invoke-WmiMethod -class win32_networkadapterconfiguration -name setdnssuffixsearchorder -argumentlist @("eu-west-1.compute.internal", "eu-west-1.ec2-utilities.amazonaws.com", "lab1"), $null
</powershell>

Nice Script to add ad hoc rule for tmp access

#!/bin/zsh
ip=`curl -s https://api.ipify.org`
aws ec2 authorize-security-group-ingress --profile btsz --region=eu-west-1 --protocol tcp --port 22 --cidr $ip/32 --group-id sg-xxxxx
ssh -A -i ~/.ssh/mykey.pem ec2-user@myipmachineordns
aws ec2 revoke-security-group-ingress --profile btsz --region=eu-west-1 --protocol tcp --port 22 --cidr $ip/32 --group-id sg-xxxxx

Reset the password for EC2 windows instance

If you restore from an AMI snapshot backup the password from the webconsole it is not available again

To enable it again go to

SYSTEMS MANAGER SERVICES ==> Automations ==> Run Automations

"Document name" and choose the AWSSupport-ResetAccess

Instance ID the id of the instance to reset,
subnet the same subnet of the instance to modify

AssumeRole, it is not necessary setup

It is necessary wait 20/30 minutes so the changes is done.
The machine will be stopped and started

if you want to see this process look the video in this page https://aws.amazon.com/de/premiumsupport/knowledge-center/reset-admin-password/ from minute 7

Important seems you cannot run more than 1 in parallel otherwise, I had 1 fail when I tried 2 restore in parallel

Salvo diversa indicazione, il contenuto di questa pagina è sotto licenza Creative Commons Attribution-ShareAlike 3.0 License