AWS

AWS Certified Solutions Architect Exercises- part 1 Amazon S3 and Amazon Glacier Storage

2 Comments

In this series, let together will exercise these practices below

  1. S3 Amazon Simple Storage Service and Amazon Glacier Storage
  2. Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS)
  3. Amazon Virtual Private Cloud (Amazon VPC)
  4. Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling
  5. AWS Identity and Access Management (IAM)
  6. Databases and AWS
  7. SQS, SWF, and SNS
  8. Domain Name System (DNS) and Amazon Route 53
  9. Amazon ElastiCache
  10. Additional Key Services
  11. Security on AWS
  12. AWS Risk and Compliance
  13. Architecture Best Practices

Based on the document: AWS-Certified-Solutions-Architect-Official-Study-Guide.pdf

Now, start practicing!!!

1. AWS Certified Solutions Architect Exercises- part 1 Amazon S3 and Amazon Glacier Storage

1.1. Today’s tasks

1: Create an Amazon Simple Storage Service (Amazon S3) Bucket
2: Upload, Make Public, and Delete Objects in Your Bucket
3: Enable Version Control
4: Delete an Object and Then Restore It.
5: Lifecycle Management
6: Enable Static Hosting on Your Bucket

1.2. Before you begin

I default you have an AWS account.

1.3. Let’s do it

EXERCISE 1: Create an Amazon Simple Storage Service (Amazon S3) Bucket

1. Log in to the AWS Management Console at the link: https://console.aws.amazon.com/console/home?nc2=h_ct&src=header-signin

2. Choose an appropriate region, such as the Asia Pacific (Tokyo) Region.

3. Navigate to the Amazon S3 console. Notice that the region indicator now says Global. Remember that Amazon S3 buckets form a global namespace, even though each bucket is created in a specific region.

4. Start the create bucket process. Click the button Create bucket.

5. When prompted for Bucket Name, use yourname-demo-bucket-yyyymmdd.

6. Choose a region, such as Asia Pacific (Tokyo).

You should now have a new Amazon S3 bucket.

EXERCISE 2: Upload, Make Public, and Delete Objects in Your Bucket

In this exercise, you will upload a new object to your bucket. You will then make this object public and view the object in your browser. You will then rename the object and finally delete it from the bucket.

Upload an Object

1. Load your new bucket in the Amazon S3 console.

2. Select Upload, then Add Files.

3. Locate a file on your PC that you are okay with uploading to Amazon S3 and making public to the Internet. (We suggest using a non-personal image file for the purposes of this exercise.)

4. Select a suitable file, then Start Upload. You will see the status of your file in the Transfers section.

5. After your file is uploaded, the status should change to Done.

The file you uploaded is now stored as an Amazon S3 object and should be now listed in the contents of your bucket

Open the Amazon S3 URL

1. Now open the properties for the object. The properties should include bucket, name, and link.

2. Copy the Amazon S3 URL for the object.

3. Paste the URL in the address bar of a new browser window or tab.

You should get a message with an XML error code AccessDenied. Even though the object has a URL, it is private by default, so it cannot be accessed by a web browser.

Make the Bucket Public

1. Go back to the Permission tab of your bucket and set Block public access is Off.

2. Policy for everyone access with action is readonly

{
     "Version": "2012-10-17",
     "Id": "http referer policy example",
     "Statement": [
         {
             "Sid": "Allow get requests originating from global",
             "Effect": "Allow",
             "Principal": "",
             "Action": "s3:GetObject",             
             "Resource": "arn:aws:s3:::yourname-demo-bucket-yyyymmdd/"
         }
     ]
 }

2. Copy the Amazon S3 URL again and try to open it in a browser or tab. Your public image file should now display in the browser or browser tab.

3. Another public setting, read more at the link: https://aws.amazon.com/premiumsupport/knowledge-center/read-access-objects-s3-bucket/

Delete the Object

1. In the Amazon S3 console, select Object ➝ Actions ➝ Delete. Choose Delete when prompted if you want to delete the object.

2. The object has now been deleted.

3. To verify, try to reload the deleted object’s Amazon S3 URL.
You should once again get the XML AccessDenied error message.

EXERCISE 3: Enable Version Control

In this exercise, you will enable version control on your newly created bucket.

Enable Versioning

1. In the Amazon S3 console, open your bucket. Click Properties tab ➝ Versioning ➝ select Enable versioning ➝ Save.

Your bucket now has versioning enabled.

Create Multiple Versions of an Object

1. Create a text file named foo.txt on your computer and write the word blue in the text file.

2. Save the text file to a location of your choosing.

3. Upload the text file to your bucket. This will be version 1.

4. After you have uploaded the text file to your bucket, open the copy on your local computer and change the word blue to red. Save the text file with the original filename.

5. Upload the modified file to your bucket.

6. Select Show Versions on the uploaded object.

You will now see two different versions of the object with different Version IDs and possibly different sizes. Note that when you select Show Version, the Amazon S3 URL now includes the version ID in the query string after the object name.

EXERCISE 4: Delete an Object and Then Restore It

In this exercise, you will delete an object in your Amazon S3 bucket and then restore it.

Delete an Object

Open the bucket containing the text file for which you now have two versions.

  1. Select Hide Versions.
  2. Select Actions ➝ Delete, and then select Delete to verify.
  3. Your object will now be deleted, and you can no longer see the object.
  4. Select Show Versions.
    Both versions of the object now show their version IDs.

Restore an Object

Open your bucket.

  1. Select Show Versions.
  2. Select the oldest version and download the object. Note that the filename is simply foo.txt with no version indicator.
  3. Select Hide Versions, upload foo.txt to the same bucket.
  4. The file foo.txt should re-appear, select Show Version.

EXERCISE 5: Lifecycle Management

In this exercise, you will explore the various options for lifecycle management.

  1. Select your bucket in the Amazon S3 console.
  2. Under Management ➝ Lifecycle, add a Lifecycle Rule.
  3. Explore the various options to add lifecycle rules to objects in this bucket. It is recommended that you do not implement any of these options, as you may incur additional costs. After you have finished, click the Cancel button.

My example: transitions object to GLACIER storage class after 1days.

EXERCISE 6: Enable Static Hosting on Your Bucket

In this exercise, you will enable static hosting on your newly created bucket.

1. Select your bucket in the Amazon S3 console.

2. In the Properties section, select Static Website Hosting.

For the index document name, enter index.txt, and for the error document name, enter error.txt.

3. Use a text editor to create two text files and save them as index.txt and error.txt.
In the index.txt file, write the phrase “Hello World,” and in the error.txt file, write the phrase “Error Page.” Save both text files and upload them to your bucket.

4. Copy the Endpoint: link under Static Website Hosting and paste it in a browser window or tab. You should now see the phrase “Hello World” displayed.

5. In the address bar in your browser, try adding a forward slash followed by a made-up filename (for example, /test.html). You should now see the phrase “Error Page” displayed.

Finally is important, to clean up, delete all of the objects in your bucket and then delete the bucket itself. AWS Certified Solutions Architect Exercises- part 1 Amazon S3 and Amazon Glacier Storage. Thank you for reading the DevopsRoles page!

OpenStack

How to Install and Configure OpenStack Nova

Leave a comment

In this tutorial, How to Install and Configure the OpenStack compute ( Nova). In previous, My post has How to install OpenStack all in one Centos 7. If you have not yet installed OpenStack nova then step install as below

Step-by-Step Installation and Configuration of OpenStack Nova

Step 1: Create a User and Database for Nova

Use MariaDB to set up the required databases and users:

[root@DevopsRoles ~(keystone)]# mysql -u root -p

Run the following commands to create the necessary databases:

CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';

CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'password';

CREATE DATABASE nova_placement;
GRANT ALL PRIVILEGES ON nova_placement.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova_placement.* TO 'nova'@'%' IDENTIFIED BY 'password';

CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'password';

FLUSH PRIVILEGES;
EXIT;

Step 2: Add Users and Configure Services in Keystone

  1. Add the nova user to the service project:
    • openstack user create --domain default --project service --password servicepassword nova
    • openstack role add --project service --user nova admin
  2. Add the placement user:
    • openstack user create --domain default --project service --password servicepassword placement
    • openstack role add --project service --user placement admin
  3. Create service entries:
    • openstack service create --name nova --description "OpenStack Compute service" compute
    • openstack service create --name placement --description "OpenStack Compute Placement service" placement
  4. Define the Keystone controller address:
    • export controller=10.0.2.15
  5. Add endpoints:
    • openstack endpoint create --region RegionOne compute public http://$controller:8774/v2.1/%\(tenant_id\)s
    • openstack endpoint create --region RegionOne compute internal http://$controller:8774/v2.1/%\(tenant_id\)s
    • openstack endpoint create --region RegionOne compute admin http://$controller:8774/v2.1/%\(tenant_id\)s
    • openstack endpoint create --region RegionOne placement public http://$controller:8778
    • openstack endpoint create --region RegionOne placement internal http://$controller:8778
    • openstack endpoint create --region RegionOne placement admin http://$controller:8778

Step 3: Install OpenStack Nova

Install the Nova packages:

yum --enablerepo=centos-openstack-stein,epel -y install openstack-nova

Step 4: Configure OpenStack Nova

Edit the Nova configuration file:

mv /etc/nova/nova.conf /etc/nova/nova.conf.org
vi /etc/nova/nova.conf

Add the following configuration:

[DEFAULT]
my_ip = 10.0.2.15
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova
transport_url = rabbit://openstack:password@10.0.2.15

[api]
auth_strategy = keystone

[glance]
api_servers = http://10.0.2.15:9292

[oslo_concurrency]
lock_path = $state_path/tmp

[api_database]
connection = mysql+pymysql://nova:password@10.0.2.15/nova_api

[database]
connection = mysql+pymysql://nova:password@10.0.2.15/nova

[keystone_authtoken]
www_authenticate_uri = http://10.0.2.15:5000
auth_url = http://10.0.2.15:5000
memcached_servers = 10.0.2.15:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword

[placement]
auth_url = http://10.0.2.15:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword

[placement_database]
connection = mysql+pymysql://nova:password@10.0.2.15/nova_placement

Apply the correct permissions:

chmod 640 /etc/nova/nova.conf
chgrp nova /etc/nova/nova.conf

Step 5: Set Up SELinux and Firewall Rules

Enable SELinux for OpenStack:

yum --enablerepo=centos-openstack-stein -y install openstack-selinux
semanage port -a -t http_port_t -p tcp 8778

Update the firewall rules:

firewall-cmd --add-port={6080/tcp,6081/tcp,6082/tcp,8774/tcp,8775/tcp,8778/tcp} --permanent
firewall-cmd --reload

Step 6: Initialize the Database

Synchronize the database:

su -s /bin/bash nova -c "nova-manage api_db sync"
su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
su -s /bin/bash nova -c "nova-manage db sync"
su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"

Step 7: Start Nova Services

Start and enable Nova services:

systemctl start openstack-nova-api openstack-nova-consoleauth openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
systemctl enable openstack-nova-api openstack-nova-consoleauth openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy

Step 8: Install and Configure Nova Compute

Install Nova Compute:

yum --enablerepo=centos-openstack-stein,epel -y install openstack-nova-compute

Update the Nova configuration to enable VNC:

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 10.0.2.15
novncproxy_base_url = http://10.0.2.15:6080/vnc_auto.html

Restart the service:

systemctl start openstack-nova-compute
systemctl enable openstack-nova-compute

Final Steps

Verify the Nova setup:

openstack compute service list

Congratulations! You have successfully installed and configured OpenStack Nova. Thank you for reading the DevopsRoles page!

OpenStack

How to Install and Configure OpenStack glance

Leave a comment

In this tutorial, How to Install and Configure OpenStack glance. In previous, My post has How to install OpenStack all in one Centos 7. If you have not yet installed OpenStack Glance then step install as below

Step by step Install and Configure OpenStack glance

Create a User and Database on MariaDB for Glance.

[vagrant@DevopsRoles ~]# mysql -u root -p 
MariaDB [(none)]> create database glance;
MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password'; 
MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password'; 
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

Add users and others for Glance in Keystone.

# add glance user (set in service project)
[vagrant@DevopsRoles ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
# add glance user in admin role
[vagrant@DevopsRoles ~(keystone)]# openstack role add --project service --user glance admin
# add service entry for glance
[vagrant@DevopsRoles ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image 
# define keystone host
[vagrant@DevopsRoles ~(keystone)]# export controller=10.0.2.15
# add endpoint for glance (public)
[vagrant@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne image public http://$controller:9292 
# add endpoint for glance (internal)
[vagrant@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne image internal http://$controller:9292 
# add endpoint for glance (admin)
[vagrant@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne image admin http://$controller:9292

Install Glance.

# install from Stein, EPEL
[vagrant@DevopsRoles ~(keystone)]# yum --enablerepo=centos-openstack-stein,epel -y install openstack-glance

Configure OpenStack Glance.

[vagrant@DevopsRoles ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.org 
[vagrant@DevopsRoles ~(keystone)]# vi /etc/glance/glance-api.conf
# create new bind host
 [DEFAULT]
bind_host = 0.0.0.0

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[database]
# MariaDB connection info for Glance
connection = mysql+pymysql://glance:password@10.0.2.15/glance

# keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://10.0.2.15:5000
auth_url = http://10.0.2.15:5000
memcached_servers = 10.0.2.15:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword

[paste_deploy]
flavor = keystone

[vagrant@DevopsRoles ~(keystone)]# chmod 640 /etc/glance/glance-api.conf 
[vagrant@DevopsRoles ~(keystone)]# chown root:glance /etc/glance/glance-api.conf
[vagrant@DevopsRoles ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync" 
[vagrant@DevopsRoles ~(keystone)]# systemctl start openstack-glance-api 
[vagrant@DevopsRoles ~(keystone)]# systemctl enable openstack-glance-api

If SELinux is enabled on Centos 7


[vagrant@DevopsRoles ~]# setsebool -P glance_api_can_network on

Allow ports for services with Firewalld is running

[vagrant@DevopsRoles ~(keystone)]# firewall-cmd --add-port=9292/tcp --permanent
[vagrant@DevopsRoles ~(keystone)]# firewall-cmd --reload

OpenStack Add Virtual Machine Image

For example, I will create and add CentOS 7 Virtual machine image. Your system has to install KVM HyperVisor.

1. Create CentosOS 7 image on Glance Host

[vagrant@DevopsRoles ~(keystone)]# mkdir -p /var/kvm/images
[vagrant@DevopsRoles ~(keystone)]# qemu-img create -f qcow2 /var/kvm/images/centos7.img 15G

# install
[vagrant@DevopsRoles ~(keystone)]# virt-install \
--name centos7 \
--ram 2048 \
--disk path=/var/kvm/images/centos7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location=/home/huupv/iso/CentOS-7-x86_64-Minimal-1810.iso \
--extra-args 'console=ttyS0,115200n8 serial'

Note: After Installation, You need to change settings in Virtual machine as follows.

  • Delete the line [HWADDR] and [UUID] in [/etc/sysconfig/network-scripts/ifcfg-eth0]
  • Set [dhcp] for [BOOTPROTO] in [/etc/sysconfig/network-scripts/ifcfg-eth0] file
  • Install [cloud-init] package and enable [cloud-init] service, and also add a user whose name is [centos]

2. Add the virtual image to Glance.

[vagrant@DevopsRoles ~(keystone)]# openstack image create "CentOS7" --file /var/kvm/images/centos7.img --disk-format qcow2 --container-format bare --public 
[vagrant@DevopsRoles ~(keystone)]# openstack image list

Another method, You can get an image from the internet.

[vagrant@DevopsRoles ~(keystone)]# wget http://cloud-images.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-cloudimg-amd64.img -P /var/kvm/images
[vagrant@DevopsRoles ~(keystone)]# openstack image create "Ubuntu1804" --file /var/kvm/images/ubuntu-18.04-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare --public

You have to install and configure OpenStack Glance. Thank you for reading the DevopsRoles page!

OpenStack

How to Install and configure OpenStack Keystone

Leave a comment

In this tutorial, How to Install and configure OpenStack Keystone. In previous, my post has How to install OpenStack all in one Centos 7. If you have not yet installed OpenStack Keystone then step install as below

Step by step Install and configure OpenStack Keystone

Create a User and Database on MariaDB for Keystone.

[vagrant@DevopsRoles ~]# mysql -u root -p 
MariaDB [(none)]> create database keystone; 
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password'; 
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password'; 
MariaDB [(none)]> flush privileges; 
MariaDB [(none)]> exit

Install Keystone.

[vagrant@DevopsRoles ~]# yum --enablerepo=centos-openstack-stein,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

Configure Keystone.

[vagrant@DevopsRoles ~]# vi /etc/keystone/keystone.conf

# line 476: add specify Memcache server
memcache_servers = 10.0.2.15:11211
# line 608: add MariaDB connection info
connection = mysql+pymysql://keystone:password@10.0.2.15/keystone
[token]
# line 2531: uncomment
provider = fernet

[vagrant@DevopsRoles ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# initialize keys
[vagrant@DevopsRoles ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[vagrant@DevopsRoles ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# define own host (controller host)
[vagrant@DevopsRoles ~]# export controller=10.0.2.15

# bootstrap keystone (replace any password you like for "adminpassword" section)
[vagrant@DevopsRoles ~]# keystone-manage bootstrap --bootstrap-password adminpassword \
--bootstrap-admin-url http://$controller:5000/v3/ \
--bootstrap-internal-url http://$controller:5000/v3/ \
--bootstrap-public-url http://$controller:5000/v3/ \
--bootstrap-region-id RegionOne

If SELinux is enabled on Centos 7

[vagrant@DevopsRoles ~]# setsebool -P httpd_use_openstack on 
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect on 
[vagrant@DevopsRoles ~]# setsebool -P httpd_can_network_connect_db on

Allow ports for services with Firewalld is running

[vagrant@DevopsRoles ~]# firewall-cmd --add-port=5000/tcp --permanent
[vagrant@DevopsRoles ~]# firewall-cmd --reload

Keystone enables and starts Apache httpd.

[vagrant@DevopsRoles ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 
[vagrant@DevopsRoles ~]# systemctl start httpd 
[vagrant@DevopsRoles ~]# systemctl enable httpd

How to Add Projects in OpenStack Keystone

To create and load an environment file for KeyStone

[vagrant@DevopsRoles ~]# vi ~/keystonerc

The content as below

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://10.0.2.15:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '

To apply the change 

[vagrant@DevopsRoles ~]# chmod 600 ~/keystonerc 
[vagrant@DevopsRoles ~]# source ~/keystonerc 
[vagrant@DevopsRoles ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

Create Projects.

[vagrant@DevopsRoles ~]# openstack project create --domain default --description "Service Project" service 
#To confirm settings create Projects
[vagrant@DevopsRoles ~(keystone)]# openstack project list

You have to Install and configure OpenStack Keystone. Thank you for reading the DevopsRoles page!

OpenStack

Install OpenStack all in one centos 7

14 Comments

Introduction

In this tutorial, How to install OpenStack all in one Centos 7. OpenStack is open-source for setting up Infrastructure as a service. It provides a solution for both the public and private cloud.

For production a minimal OpenStack setup requires one controller and one compute node. To get started OpenStack is a practice to set up all-in-one deployment.

To install OpenStack “all-in-one” on CentOS 7, you can follow these steps:

Install OpenStack All in One Centos 7

My environment

  • My Laptop use OS Linux Mint
  • Installed Vagrant + VirtualBox

For example, I create a new Vagrantfile file Vagrant for OpenStack.

huupv@huupv-VivoBook-S15-X530UA:~/VMs_vagrant/Dev_Openstack$ cat Vagrantfile 

# The content as below
Vagrant.configure("2") do |config|
config.ssh.insert_key = false
config.vm.provider :virtualbox do |vb|
  vb.memory = 4500
  vb.cpus = 2
end
# Application server 1.
config.vm.define "app3" do |app3|
  app3.vm.hostname = "OpenstackDev"
  app3.vm.box = "centos/7"
  # app3.vm.network "private_network", ip: "172.20.19.31"
  app3.vbguest.installer_options = { allow_kernel_upgrade: true }
  app3.vm.network :forwarded_port, guest: 80, host: 8080
  app3.vm.network :forwarded_port, guest: 5000, host: 5000
  app3.vm.network :forwarded_port, guest: 9696, host: 9696
  app3.vm.network :forwarded_port, guest: 8774, host: 8774
  app3.vm.network :forwarded_port, guest: 35357, host: 35357
end
end

How to do it set up OpenStack for deployment

1. Prerequisites

To recommend/best practice for OpenStack disable Firewalld, NetworkManager, and SELinux.

Stop and disable NetworkManager

sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager

Stop and disable firewalld

sudo systemctl stop firewalld
sudo systemctl disable firewalld

Restart network service

sudo systemctl restart network

Disable SELinux

Can do it permanently in file /etc/selinux/config change SELINUX=enforcing to SELINUX=disabled.

Update your system.

sudo yum -y update

Configure a static IP address and set your hostname in /etc/hosts

Restart the machine.

2. Install OpenStack RPM

On CentOS, the Extras repository provides the RPM that enables the OpenStack repository.

sudo yum install -y centos-release-openstack-stein

3. Install Packstack

sudo yum install -y openstack-packstack

4. Deploy and run OpenStack using Packstack

sudo packstack --allinone

The output is below

[vagrant@OpenstackDev ~]$ sudo packstack --allinone
Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20190716-150951-Z_3kTo/openstack-setup.log

Installing:
Clean Up                                             [ DONE ]
Discovering ip protocol version                      [ DONE ]
Setting up ssh keys                                  [ DONE ]
Preparing servers                                    [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries                        [ DONE ]
Setting up CACERT                                    [ DONE ]
Preparing AMQP entries                               [ DONE ]
Preparing MariaDB entries                            [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries                           [ DONE ]
Preparing Glance entries                             [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries                             [ DONE ]
Preparing Nova API entries                           [ DONE ]
Creating ssh keys for Nova migration                 [ DONE ]
Gathering ssh host keys for Nova migration           [ DONE ]
Preparing Nova Compute entries                       [ DONE ]
Preparing Nova Scheduler entries                     [ DONE ]
Preparing Nova VNC Proxy entries                     [ DONE ]
Preparing OpenStack Network-related Nova entries     [ DONE ]
Preparing Nova Common entries                        [ DONE ]
Preparing Neutron LBaaS Agent entries                [ DONE ]
Preparing Neutron API entries                        [ DONE ]
Preparing Neutron L3 entries                         [ DONE ]
Preparing Neutron L2 Agent entries                   [ DONE ]
Preparing Neutron DHCP Agent entries                 [ DONE ]
Preparing Neutron Metering Agent entries             [ DONE ]
Checking if NetworkManager is enabled and running    [ DONE ]
Preparing OpenStack Client entries                   [ DONE ]
Preparing Horizon entries                            [ DONE ]
Preparing Swift builder entries                      [ DONE ]
Preparing Swift proxy entries                        [ DONE ]
Preparing Swift storage entries                      [ DONE ]
Preparing Gnocchi entries                            [ DONE ]
Preparing Redis entries                              [ DONE ]
Preparing Ceilometer entries                         [ DONE ]
Preparing Aodh entries                               [ DONE ]
Preparing Puppet manifests                           [ DONE ]
Copying Puppet modules and manifests                 [ DONE ]
Applying 10.0.2.15_controller.pp
10.0.2.15_controller.pp:                             [ DONE ]      
Applying 10.0.2.15_network.pp
10.0.2.15_network.pp:                                [ DONE ]   
Applying 10.0.2.15_compute.pp
10.0.2.15_compute.pp:                                [ DONE ]   
Applying Puppet manifests                            [ DONE ]
Finalizing                                           [ DONE ]

 **** Installation completed successfully ******

 * A new answerfile was created in: /root/packstack-answers-20190716-150952.txt
 * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
 * File /root/keystonerc_admin has been created on OpenStack client host 10.0.2.15. To use the command line tools you need to source the file.
 * To access the OpenStack Dashboard browse to http://10.0.2.15/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
 * The installation log file is available at: /var/tmp/packstack/20190716-150951-Z_3kTo/openstack-setup.log
 * The generated manifests are available at: /var/tmp/packstack/20190716-150951-Z_3kTo/manifests

5. Verify

Logging into the dashboard (called Horizon). Link access http://localhost:8080/dashboard

Password user admin for OpenStack “A new answerfile file was created in/root/packstack-answers-20190716-150952.txt” during install OpenStack.

$ sudo cat /root/packstack-answers-20190716-150952.txt | grep ADMIN

For example, The password for admin as the picture below:

Conclusion

This tutorial provides a comprehensive guide on installing OpenStack all-in-one on CentOS 7. It is designed to help users set up their own private cloud infrastructure using OpenStack, offering step-by-step instructions on the deployment process.

This approach is especially beneficial for those looking to learn about cloud infrastructure or needing a development environment for testing. By following this guide, users can leverage OpenStack’s capabilities to create a versatile and scalable cloud platform using CentOS 7. Thank you for reading the DevopsRoles page!

Linux

How to Install PHP 7.3 on Centos 7

1 Comment

Introduction

In this tutorial, we’ll guide you through the straightforward process of install PHP 7.3 on CentOS 7. By default, CentOS 7 comes with PHP 5.4, but if you require PHP 7.3, it’s easily achievable using RPM packages. The initial step involves installing Remi’s Repository on CentOS. This repository serves as a valuable resource for obtaining the desired PHP version.

Follow the steps diligently to seamlessly upgrade and enhance your CentOS 7 server with PHP 7.3, unlocking improved features and performance. Stay tuned for a hassle-free installation that aligns with your development needs on CentOS 7.

Install PHP 7.3 on Centos 7

[vagrant@DevopsRoles ~]# yum --enablerepo=remi-safe -y install php73 php73-php-pear php73-php-mbstring

Check version PHP

[vagrant@DevopsRoles ~]# php73 -v 
[vagrant@DevopsRoles ~]# which php73
[vagrant@DevopsRoles ~]# ll /bin/php73

Load environment variables with the SCL tool

[vagrant@DevopsRoles ~]# scl enable php73 bash 
[vagrant@DevopsRoles ~]# php -v

Start and enable php7.3

[vagrant@DevopsRoles ~]# systemctl start php73-php-fpm
[vagrant@DevopsRoles ~]# systemctl enable php73-php-fpm
[vagrant@DevopsRoles ~]# systemctl restart httpd

create phpinfo to verify php

[vagrant@DevopsRoles ~]# echo '<?php phpinfo(); ?>' > /var/www/html/info.php 
[vagrant@DevopsRoles ~]# curl http://localhost/info.php | grep 'PHP Version' | tail -1 | sed -e 's/<[^>]*>//g'

Consider this option if you want to utilize PHP 7.3 for both Apache and Nginx.

[vagrant@DevopsRoles ~]# yum --enablerepo=remi-safe -y install php73-php-fpm php73-php

Conclusion

Congratulations, you’ve successfully installed PHP 7.3 on CentOS/RHEL! ? Thank you for being a part of the DevopsRoles page!

Programming

How to Install Ruby on Rails 5 on CentOS/RHEL

Leave a comment

In this tutorial, How to install Ruby on Rails 5 on Centos . Ruby on Rails is a web application framework.

Ruby on Rails Installation

The first, Have install Ruby refer to here and Install MariaDB database.

The second, Installing other required packages as below. 

[vagrant@DevopsRoles ~]# yum --enablerepo=epel,centos-sclo-rh -y install rh-ruby23-ruby-devel nodejs gcc make libxml2 libxml2-devel mariadb-devel zlib-devel libxslt-devel

Install Ruby on Rails 5.

[vagrant@DevopsRoles ~]# gem install bundler 
[vagrant@DevopsRoles ~]# gem install nokogiri -- --use-system-libraries 
[vagrant@DevopsRoles ~]# gem install rails --no-ri --no-rdoc 
[vagrant@DevopsRoles ~]# rails -v

Example, create an application.

[vagrant@DevopsRoles ~]# gem install mysql2 --no-ri --no-rdoc -- --with-mysql-config=/usr/bin/mysql_config 
[vagrant@DevopsRoles ~]# rails new SampleApp -d mysql 
[vagrant@DevopsRoles ~]# cd SampleApp 
[vagrant@DevopsRoles SampleApp]# vi config/database.yml

The content in file “database.yml” as below

default: &default
  adapter: mysql2
  encoding: utf8
  pool: 5
  username: root
  password: password   # MariaDB password
  socket: /var/lib/mysql/mysql.sock

Create a test application

[vagrant@DevopsRoles SampleApp]# rails db:create 
[vagrant@DevopsRoles SampleApp]# rails generate scaffold devapp name:string title:string body:text 
[vagrant@DevopsRoles SampleApp]# rails db:migrate 
[vagrant@DevopsRoles SampleApp]# rails server --binding=0.0.0.0

The result, Access to the “http://(server’s hostname or IP address):3000/ and “http://(server’s hostname or IP address):3000/testapps/

You have installed Ruby on Rails 5 on CentOS/RHEL ? . Now let us begin Programming Ruby 🙂

Programming

How to Install Ruby on CentOS/RHEL

1 Comment

In this tutorial, How to Install Ruby on CentOS/RHEL. The default in CentOS 7 repository is ruby version 2.0. You can install 2.5 with the RPM package if you need it.

Install Ruby on CentOS/RHEL

Add CentOS SCLo Repository

[vagrant@DevopsRoles ~]# yum -y install centos-release-scl-rh centos-release-scl

Install and configure Ruby 2.5

# Packages installed uder the /opt directory
[vagrant@DevopsRoles ~]# yum --enablerepo=centos-sclo-rh -y install rh-ruby25
# load environment variables
[vagrant@DevopsRoles ~]# scl enable rh-ruby25 bash
[vagrant@DevopsRoles ~]# ruby -v 
[vagrant@DevopsRoles ~]# which ruby

Note: If you like to enable Ruby 2.5 auto at login time, Configure as below

[vagrant@DevopsRoles ~]# vi /etc/profile.d/rh-ruby25.sh
# create new the content as below

#!/bin/bash
source /opt/rh/rh-ruby25/enable
export X_SCLS="$(scl enable rh-ruby25 'echo $X_SCLS')"

You have installed Ruby On CentOS/RHEL. Thank you for reading the DevopsRoles page!

Linux

Add Repositories on Linux

1 Comment

Introduction

In this tutorial, How to add Repositories on Linux. How to add some useful external repositories for RHEL/Centos or Ubuntu/Debian.

Repositories are essential in Linux systems for accessing and installing software packages. By adding repositories, you gain access to a broader range of applications and updates, ensuring your system stays secure and up-to-date. In this guide, we’ll walk you through the process of adding repositories on Linux, covering various package managers like APT, YUM, and Zypper. Whether you’re a beginner or an advanced user, this tutorial will help you effectively manage repositories and optimize your Linux experience.

The procedure to enable repository as follows

  • Open a shell prompt
  • Install repositories
  • Refresh repository

Add Repositories on Linux

Add Repositories for Centos

1. Install a plugin to add priorities

[vagrant@DevopsRoles ~]# yum -y install yum-plugin-priorities
[vagrant@DevopsRoles ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo

2. Add Repositories

EPEL Repository

[vagrant@DevopsRoles ~]# yum -y install epel-release
[vagrant@DevopsRoles ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo

Another add Remi’s RPM Repository

[vagrant@DevopsRoles ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# set [priority=10]
[vagrant@DevopsRoles ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo

Note: if [enabled=0], To use the repository use command below

[vagrant@DevopsRoles ~]# yum --enablerepo=epel install [Package]

Refresh Repositories

[vagrant@DevopsRoles ~]# yum repolist

Add Repositories for Ubuntu & Debian

Using add-apt-repository command

The syntax

add-apt-repository ppa:<ppa_name>

Example,

[vagrant@DevopsRoles ~]$ sudo add-apt-repository ppa:libreoffice/ppa

Fix add-apt-repository: command not found error

[vagrant@DevopsRoles ~]$ sudo apt-get install software-properties-common
[vagrant@DevopsRoles ~]$ sudo apt-get update

Conclusion

Thought the article, How to Add Repositories on Linux as above. I hope will this your helpful. Thank you for reading the DevopsRoles page!

Linux

How to Install and configure ssh server on Centos 7

6 Comments

Introduction

In this tutorial, we will install and configure the SSH server on CentOS 7. SSH, also known as Secure Socket Shell, is a network protocol that allows for secure remote login from one computer to another. It provides system administrators a secure way to access a server remotely.

Prerequisites

Before we start, ensure you have:

  • A CentOS 7 server with a non-root user having sudo privileges.
  • Internet access to download the necessary packages.

Install and configure SSH server on Centos 7

Installing SSH Server

Step 1: Update Your System

First, update your system to ensure all existing packages are up-to-date:

sudo yum update -y

Step 2: Install OpenSSH Server

Install OpenSSH, the most popular SSH server package:

sudo yum install -y openssh openssh-server openssh-clients openssl-libs

Starting and Enabling SSH Service

Once the installation is complete, start the SSH service and enable it to start on boot.

Step 3: Start SSH Service

Start the SSH service using the command:

sudo systemctl start sshd

Step 4: Enable SSH Service

Enable the SSH service to start automatically on system boot:

sudo systemctl enable sshd

Step 5: Check SSH Service Status

Verify the SSH service status with:

sudo systemctl status sshd

Configuring SSH Server

Basic Configuration

The SSH server configuration file is located at /etc/ssh/sshd_config. You can edit this file to customize the SSH server settings.

Step 6: Open SSH Configuration File

Open the SSH configuration file with a text editor:

sudo vi /etc/ssh/sshd_config

Step 7: Disable Root Login

For security reasons, it is recommended to disable root login. Find and change the following line:

PermitRootLogin no

Step 8: Save and Exit

Save the changes and exit the editor. In vi, you can do this by pressing Esc, typing :wq, and hitting Enter.

Step 9: Restart SSH Service

After making the changes, restart the SSH service:

sudo systemctl restart sshd

Step 10: Allow SSH Through the Firewall

If Firewalld is running, allow SSH port 22/tcp:

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

Advanced Configuration

For advanced users, additional configuration options can further secure your SSH server.

Step 11: Configure Public Key Authentication

Public key authentication is more secure than password authentication. Ensure the following lines are set in the configuration file:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Step 12: Configure Two-Factor Authentication

Two-factor authentication adds an extra layer of security. You can set it up by installing and configuring google-authenticator.

sudo yum install google-authenticator -y google-authenticator

Follow the prompts to set up two-factor authentication.

Step 13: Restrict SSH Access by IP Address

You can limit SSH access to specific IP addresses by adding the following lines:

AllowUsers yourusername@192.168.1.100
DenyUsers baduser@192.168.1.*

Configuring SSH Client

Step 14: Install SSH Client

To connect to the SSH server, install the SSH client:

sudo yum -y install openssh-clients

Step 15: Connect to SSH Server

Use a common user to connect to the SSH server:

ssh yourusername@your_server_ip

Replace yourusername with your actual username and your_server_ip with the server’s IP address.

Transferring Files Using SSH

Using SCP (Secure Copy)

SCP allows for secure file transfer between the local machine and the remote server.

Step 16: Copy the File to the Remote Server

scp ./localfile.txt yourusername@your_server_ip:/remote/directory/

Step 17: Copy the File from the Remote Server

scp yourusername@your_server_ip:/remote/directory/remotefile.txt ./localdirectory/

Using SFTP (SSH File Transfer Protocol)

SFTP is another method for secure file transfer. It is typically enabled by default.

Step 18: Connect to SFTP

sftp yourusername@your_server_ip

Step 19: Common SFTP Commands

  • Show the current directory on the remote server: pwd
  • Show the current directory on the local server: !pwd
  • List files in the current directory on the remote server: ls -l
  • List files in the current directory on the local server: !ls -l
  • Change the directory on the remote server: cd /remote/directory/
  • Upload a file to the remote server: put localfile.txt remotefile.txt
  • Download a file from the remote server: get remotefile.txt localfile.txt
  • Delete a directory on the remote server: rmdir directoryname
  • Delete a file on the remote server: rm filename
  • Execute commands on the local server: !command
  • Exit SFTP: quit

SSH Key-Pair Authentication

Step 20: Create SSH Key Pair

Generate a new SSH key pair on the client machine:

ssh-keygen -t rsa

Step 21: Move the Public Key to the Authorized Keys

Move the generated public key to the server’s authorized keys file:

mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Step 22: Secure the .ssh Directory

mkdir ~/.ssh
chmod 700 ~/.ssh

Step 23: Transfer the Secret Key to the Client

Copy the secret key from the server to the client’s SSH directory:

scp yourusername@your_server_ip:/home/yourusername/.ssh/id_rsa ~/.ssh/

Step 24: Connect Using SSH Key

ssh -i ~/.ssh/id_rsa yourusername@your_server_ip

Step 25: Disable Password Authentication

Disable password authentication for enhanced security. Edit the SSH configuration file:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes

Restart the SSH service:

sudo systemctl restart sshd

Common Issues and Troubleshooting

Issue 1: Connection Refused

If you encounter a “Connection refused” error, check if the SSH service is running and the firewall settings allow SSH traffic:

sudo systemctl status sshd
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Issue 2: Permission Denied

If you see a “Permission denied” error, ensure your user has the correct permissions and the SSH keys are correctly configured.

Issue 3: SSH Service Not Starting

If the SSH service fails to start, check the configuration file for syntax errors using:

sudo sshd -t

FAQs

Q: How do I restart the SSH service?

A: You can restart the SSH service using:

sudo systemctl restart sshd

Q: How do I check the SSH server version?

A: Check the SSH server version with:

ssh -V

Q: Can I use SSH keys for authentication?

A: Yes, SSH keys provide a secure way of authentication. Follow the steps in the advanced configuration section to set it up.

Conclusion

Setting up and configuring an SSH server on CentOS 7 is a crucial skill for system administrators. This guide covered everything from basic installation to advanced configuration, ensuring your SSH server is secure and efficient. By following these steps, you can enhance your server’s security and manage it remotely with ease. Thank you for reading the DevopsRoles page!

Devops Tutorial

Exit mobile version