Learn and Be Curious

devops lab1

Cloud/AWS2017. 8. 31. 01:10

Myung-ui-Air:~ Jay$ sudo -H pip install awscli --upgrade --ignore-installed six

Password:

Collecting awscli

  Downloading awscli-1.11.142-py2.py3-none-any.whl (1.2MB)

    100% |████████████████████████████████| 1.2MB 422kB/s 

Collecting six

  Downloading six-1.10.0-py2.py3-none-any.whl

Collecting docutils>=0.10 (from awscli)

  Downloading docutils-0.14-py2-none-any.whl (543kB)

    100% |████████████████████████████████| 552kB 832kB/s 

Collecting botocore==1.7.0 (from awscli)

  Downloading botocore-1.7.0-py2.py3-none-any.whl (3.6MB)

    100% |████████████████████████████████| 3.6MB 134kB/s 

Collecting colorama<=0.3.7,>=0.2.5 (from awscli)

  Downloading colorama-0.3.7-py2.py3-none-any.whl

Collecting s3transfer<0.2.0,>=0.1.9 (from awscli)

  Downloading s3transfer-0.1.10-py2.py3-none-any.whl (54kB)

    100% |████████████████████████████████| 61kB 435kB/s 

Collecting rsa<=3.5.0,>=3.1.2 (from awscli)

  Downloading rsa-3.4.2-py2.py3-none-any.whl (46kB)

    100% |████████████████████████████████| 51kB 477kB/s 

Collecting PyYAML<=3.12,>=3.10 (from awscli)

  Downloading PyYAML-3.12.tar.gz (253kB)

    100% |████████████████████████████████| 256kB 494kB/s 

Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.7.0->awscli)

  Downloading jmespath-0.9.3-py2.py3-none-any.whl

Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.7.0->awscli)

  Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194kB)

    100% |████████████████████████████████| 194kB 417kB/s 

Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" (from s3transfer<0.2.0,>=0.1.9->awscli)

  Downloading futures-3.1.1-py2-none-any.whl

Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli)

  Downloading pyasn1-0.3.3-py2.py3-none-any.whl (63kB)

    100% |████████████████████████████████| 71kB 642kB/s 

Installing collected packages: docutils, jmespath, six, python-dateutil, botocore, colorama, futures, s3transfer, pyasn1, rsa, PyYAML, awscli

  Running setup.py install for PyYAML ... done

Successfully installed PyYAML-3.12 awscli-1.11.142 botocore-1.7.0 colorama-0.3.7 docutils-0.14 futures-3.1.1 jmespath-0.9.3 pyasn1-0.3.3 python-dateutil-2.6.1 rsa-3.4.2 s3transfer-0.1.10 six-1.10.0

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ aws

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]

To see help text, you can run:


  aws help

  aws <command> help

  aws <command> <subcommand> help

aws: error: too few arguments

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ ssh ec2-34-201-105-190.compute-1.amazonaws.com

The authenticity of host 'ec2-34-201-105-190.compute-1.amazonaws.com (34.201.105.190)' can't be established.

RSA key fingerprint is 34:40:59:e9:85:97:b9:2c:8c:0b:2e:38:f7:c5:3c:88.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'ec2-34-201-105-190.compute-1.amazonaws.com,34.201.105.190' (RSA) to the list of known hosts.

Permission denied (publickey).

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ 

Myung-ui-Air:~ Jay$ cd ~/Do

Documents/ Downloads/ 

Myung-ui-Air:~ Jay$ cd ~/Do

Documents/ Downloads/ 

Myung-ui-Air:~ Jay$ cd ~/Downloads/

Myung-ui-Air:Downloads Jay$ ssh -i qwikLABS-L1415-905230.pem ec2-34-201-105-190.compute-1.amazonaws.com

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Permissions 0644 for 'qwikLABS-L1415-905230.pem' are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

bad permissions: ignore key: qwikLABS-L1415-905230.pem

Permission denied (publickey).

Myung-ui-Air:Downloads Jay$ ls -al qwikLABS-L1415-905230.pem 

-rw-r--r--@ 1 Jay  staff  1675  8 31 00:07 qwikLABS-L1415-905230.pem

Myung-ui-Air:Downloads Jay$ chmod 400 qwikLABS-L1415-905230.pem 

Myung-ui-Air:Downloads Jay$ ls -al qwikLABS-L1415-905230.pem 

-r--------@ 1 Jay  staff  1675  8 31 00:07 qwikLABS-L1415-905230.pem

Myung-ui-Air:Downloads Jay$ ssh -i qwikLABS-L1415-905230.pem ec2-34-201-105-190.compute-1.amazonaws.com

Permission denied (publickey).

Myung-ui-Air:Downloads Jay$ ssh -i qwikLABS-L1415-905230.pem ec2user@ec2-34-201-105-190.compute-1.amazonaws.com

Permission denied (publickey).

Myung-ui-Air:Downloads Jay$ 

Myung-ui-Air:Downloads Jay$ 

Myung-ui-Air:Downloads Jay$ ssh -i qwikLABS-L1415-905230.pem ec2-user@ec2-34-201-105-190.compute-1.amazonaws.com


       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|


https://aws.amazon.com/amazon-linux-ami/2017.03-release-notes/

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ aws 

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]

To see help text, you can run:


  aws help

  aws <command> help

  aws <command> <subcommand> help

aws: error: too few arguments

[ec2-user@ip-10-0-10-131 ~]$ which aws

/usr/bin/aws

[ec2-user@ip-10-0-10-131 ~]$ aws configure

AWS Access Key ID [None]: AKIAI7GFF5RXOCTRMTAA

AWS Secret Access Key [None]: 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

Default region name [us-east-1]: 

Default output format [None]: 

[ec2-user@ip-10-0-10-131 ~]$ aws ec2 run-instances --dry-run --instance-type "t2.small" --image-id ami-8fcee4e5 --subnet-id subnet-0ccbdb44


An error occurred (DryRunOperation) when calling the RunInstances operation: Request would have succeeded, but DryRun flag is set.

[ec2-user@ip-10-0-10-131 ~]$ aws ec2 run-instances --dry-run --instance-type "t2.small" --image-id ami-8fcee4e5 --subnet-id subnet-9ff4e4d7


An error occurred (UnauthorizedOperation) when calling the RunInstances operation: You are not authorized to perform this operation. Encoded authorization failure message: mz8AEP4yMniIVDHErv-DFqUmpdaOe_vjsoWEt-_ZBp0Ho-kfkOz-t4KQN6pInXQzc6p7uzMoFCeTQFvtnUDpASymhKEyRX9LpQjnEFhXqBXkWzK_Xmq2x8BFqr0Lc7cgTzspr5hJOt9OX1IQncanLgFQiGuKxUdQj0RUSJ4qLYURpV78z67tTlo_q6IsfyiQGEtazkR65IBE6jmZjtuQc8BmKvD2__B0n7ojriJ20u5RqwSpmac5szABCPMwj23mIUIpX9PPiwrSoYK7pWnf0cGh-9vfPGurHM-NMNboXOK16sUXs4hpvvibnclYKiUl7bchBC2BpLwbWNfk8ftuzQ819JRiThFNPBgwuucBfiGgXV0GDbTrw8v0kAkdpH33o3rmJT1NQJDMBDUr5ZcEpydD4ScHkEVQ7yfvy7YGxpOV53TV1wqHA8BgDBe1n4fRafBk0ITFLivoAjfGo896uBOP8-_HqBNyzqa6znQzJ8ALHrsQhm_mcK-N7F8wKbPCadOj9i37mjyPQaovZBQctmWO0owMyxPObLQw425q-JRS_-8QzoGg0mIntHfVfTVdemUYWuwb6bPaKOuxZAH5S9yyzF-N23bGZROfqY4fB2mFJm2kPDVUwk580xNhxYkK8gqryIqrOhcnEB5XS-fiPS7QYYClQZUZsz6Iln-LSF0lIliAUozsxFRJheLCK7Gka04ip8lcJppd7rSTow9k4DGd5jQpVWY8WfMalqTNOnrWWyexOkIVh4x5r_YUgE6mOVbW-JTihHDEx8QIssAa-rC9v9G1Wi6khL_bXjg_Kx3ERTnQJIbdkp8LbByNJ2zy_49Y0ZHTcN_4N7qvL7ySq9Ra

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ aws sts decode-authorization-message --encoded-message mz8AEP4yMniIVDHErv-DFqUmpdaOe_vjsoWEt-_ZBp0Ho-kfkOz-t4KQN6pInXQzc6p7uzMoFCeTQFvtnUDpASymhKEyRX9LpQjnEFhXqBXkWzK_Xmq2x8BFqr0Lc7cgTzspr5hJOt9OX1IQncanLgFQiGuKxUdQj0RUSJ4qLYURpV78z67tTlo_q6IsfyiQGEtazkR65IBE6jmZjtuQc8BmKvD2__B0n7ojriJ20u5RqwSpmac5szABCPMwj23mIUIpX9PPiwrSoYK7pWnf0cGh-9vfPGurHM-NMNboXOK16sUXs4hpvvibnclYKiUl7bchBC2BpLwbWNfk8ftuzQ819JRiThFNPBgwuucBfiGgXV0GDbTrw8v0kAkdpH33o3rmJT1NQJDMBDUr5ZcEpydD4ScHkEVQ7yfvy7YGxpOV53TV1wqHA8BgDBe1n4fRafBk0ITFLivoAjfGo896uBOP8-_HqBNyzqa6znQzJ8ALHrsQhm_mcK-N7F8wKbPCadOj9i37mjyPQaovZBQctmWO0owMyxPObLQw425q-JRS_-8QzoGg0mIntHfVfTVdemUYWuwb6bPaKOuxZAH5S9yyzF-N23bGZROfqY4fB2mFJm2kPDVUwk580xNhxYkK8gqryIqrOhcnEB5XS-fiPS7QYYClQZUZsz6Iln-LSF0lIliAUozsxFRJheLCK7Gka04ip8lcJppd7rSTow9k4DGd5jQpVWY8WfMalqTNOnrWWyexOkIVh4x5r_YUgE6mOVbW-JTihHDEx8QIssAa-rC9v9G1Wi6khL_bXjg_Kx3ERTnQJIbdkp8LbByNJ2zy_49Y0ZHTcN_4N7qvL7ySq9Ra

{

    "DecodedMessage": "{\"allowed\":false,\"explicitDeny\":false,\"matchedStatements\":{\"items\":[]},\"failures\":{\"items\":[]},\"context\":{\"principal\":{\"id\":\"AIDAIQWZTLCLNAA6YDMHE\",\"name\":\"developer1\",\"arn\":\"arn:aws:iam::495672033565:user/developer1\"},\"action\":\"ec2:RunInstances\",\"resource\":\"arn:aws:ec2:us-east-1:495672033565:subnet/subnet-9ff4e4d7\",\"conditions\":{\"items\":[{\"key\":\"495672033565:aws:cloudformation:stack-id\",\"values\":{\"items\":[{\"value\":\"arn:aws:cloudformation:us-east-1:495672033565:stack/qls-905230-dd0d1e81db5f7a63/6a1c9520-8d8e-11e7-8811-500c219a98d2\"}]}},{\"key\":\"ec2:Vpc\",\"values\":{\"items\":[{\"value\":\"arn:aws:ec2:us-east-1:495672033565:vpc/vpc-ae0433d7\"}]}},{\"key\":\"495672033565:CustomerName\",\"values\":{\"items\":[{\"value\":\"aws\"}]}},{\"key\":\"495672033565:Name\",\"values\":{\"items\":[{\"value\":\"Production Private Subnet\"}]}},{\"key\":\"ec2:ResourceTag/aws:cloudformation:stack-id\",\"values\":{\"items\":[{\"value\":\"arn:aws:cloudformation:us-east-1:495672033565:stack/qls-905230-dd0d1e81db5f7a63/6a1c9520-8d8e-11e7-8811-500c219a98d2\"}]}},{\"key\":\"495672033565:aws:cloudformation:stack-name\",\"values\":{\"items\":[{\"value\":\"qls-905230-dd0d1e81db5f7a63\"}]}},{\"key\":\"aws:Resource\",\"values\":{\"items\":[{\"value\":\"subnet/subnet-9ff4e4d7\"}]}},{\"key\":\"495672033565:aws:cloudformation:logical-id\",\"values\":{\"items\":[{\"value\":\"ProdPrivateSubnet\"}]}},{\"key\":\"aws:Account\",\"values\":{\"items\":[{\"value\":\"495672033565\"}]}},{\"key\":\"ec2:ResourceTag/aws:cloudformation:stack-name\",\"values\":{\"items\":[{\"value\":\"qls-905230-dd0d1e81db5f7a63\"}]}},{\"key\":\"ec2:AvailabilityZone\",\"values\":{\"items\":[{\"value\":\"us-east-1a\"}]}},{\"key\":\"ec2:ResourceTag/Name\",\"values\":{\"items\":[{\"value\":\"Production Private Subnet\"}]}},{\"key\":\"ec2:SubnetID\",\"values\":{\"items\":[{\"value\":\"subnet-9ff4e4d7\"}]}},{\"key\":\"495672033565:LabName\",\"values\":{\"items\":[{\"value\":\"1415\"}]}},{\"key\":\"aws:Region\",\"values\":{\"items\":[{\"value\":\"us-east-1\"}]}},{\"key\":\"aws:Service\",\"values\":{\"items\":[{\"value\":\"ec2\"}]}},{\"key\":\"ec2:ResourceTag/LabName\",\"values\":{\"items\":[{\"value\":\"1415\"}]}},{\"key\":\"aws:Type\",\"values\":{\"items\":[{\"value\":\"subnet\"}]}},{\"key\":\"ec2:Region\",\"values\":{\"items\":[{\"value\":\"us-east-1\"}]}},{\"key\":\"ec2:ResourceTag/CustomerName\",\"values\":{\"items\":[{\"value\":\"aws\"}]}},{\"key\":\"aws:ARN\",\"values\":{\"items\":[{\"value\":\"arn:aws:ec2:us-east-1:495672033565:subnet/subnet-9ff4e4d7\"}]}},{\"key\":\"ec2:ResourceTag/aws:cloudformation:logical-id\",\"values\":{\"items\":[{\"value\":\"ProdPrivateSubnet\"}]}}]}}}"

}

[ec2-user@ip-10-0-10-131 ~]$ aws sts decode-authorization-message --encoded-message mz8AEP4yMniIVDHErv-DFqUmpdaOe_vjsoWEt-_ZBp0Ho-kfkOz-t4KQN6pInXQzc6p7uzMoFCeTQFvtnUDpASymhKEyRX9LpQjnEFhXqBXkWzK_Xmq2x8BFqr0Lc7cgTzspr5hJOt9OX1IQncanLgFQiGuKxUdQj0RUSJ4qLYURpV78z67tTlo_q6IsfyiQGEtazkR65IBE6jmZjtuQc8BmKvD2__B0n7ojriJ20u5RqwSpmac5szABCPMwj23mIUIpX9PPiwrSoYK7pWnf0cGh-9vfPGurHM-NMNboXOK16sUXs4hpvvibnclYKiUl7bchBC2BpLwbWNfk8ftuzQ819JRiThFNPBgwuucBfiGgXV0GDbTrw8v0kAkdpH33o3rmJT1NQJDMBDUr5ZcEpydD4ScHkEVQ7yfvy7YGxpOV53TV1wqHA8BgDBe1n4fRafBk0ITFLivoAjfGo896uBOP8-_HqBNyzqa6znQzJ8ALHrsQhm_mcK-N7F8wKbPCadOj9i37mjyPQaovZBQctmWO0owMyxPObLQw425q-JRS_-8QzoGg0mIntHfVfTVdemUYWuwb6bPaKOuxZAH5S9yyzF-N23bGZROfqY4fB2mFJm2kPDVUwk580xNhxYkK8gqryIqrOhcnEB5XS-fiPS7QYYClQZUZsz6Iln-LSF0lIliAUozsxFRJheLCK7Gka04ip8lcJppd7rSTow9k4DGd5jQpVWY8WfMalqTNOnrWWyexOkIVh4x5r_YUgE6mOVbW-JTihHDEx8QIssAa-rC9v9G1Wi6khL_bXjg_Kx3ERTnQJIbdkp8LbByNJ2zy_49Y0ZHTcN_4N7qvL7ySq9Ra --query 'DecodedMessage' | sed -e 's/\\"/"/g' -e 's/"{/{/g' -e 's/}"/}/g' | python -m json.tool

{

    "allowed": false,

    "context": {

        "action": "ec2:RunInstances",

        "conditions": {

            "items": [

                {

                    "key": "495672033565:aws:cloudformation:stack-id",

                    "values": {

                        "items": [

                            {

                                "value": "arn:aws:cloudformation:us-east-1:495672033565:stack/qls-905230-dd0d1e81db5f7a63/6a1c9520-8d8e-11e7-8811-500c219a98d2"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:Vpc",

                    "values": {

                        "items": [

                            {

                                "value": "arn:aws:ec2:us-east-1:495672033565:vpc/vpc-ae0433d7"

                            }

                        ]

                    }

                },

                {

                    "key": "495672033565:CustomerName",

                    "values": {

                        "items": [

                            {

                                "value": "aws"

                            }

                        ]

                    }

                },

                {

                    "key": "495672033565:Name",

                    "values": {

                        "items": [

                            {

                                "value": "Production Private Subnet"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/aws:cloudformation:stack-id",

                    "values": {

                        "items": [

                            {

                                "value": "arn:aws:cloudformation:us-east-1:495672033565:stack/qls-905230-dd0d1e81db5f7a63/6a1c9520-8d8e-11e7-8811-500c219a98d2"

                            }

                        ]

                    }

                },

                {

                    "key": "495672033565:aws:cloudformation:stack-name",

                    "values": {

                        "items": [

                            {

                                "value": "qls-905230-dd0d1e81db5f7a63"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:Resource",

                    "values": {

                        "items": [

                            {

                                "value": "subnet/subnet-9ff4e4d7"

                            }

                        ]

                    }

                },

                {

                    "key": "495672033565:aws:cloudformation:logical-id",

                    "values": {

                        "items": [

                            {

                                "value": "ProdPrivateSubnet"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:Account",

                    "values": {

                        "items": [

                            {

                                "value": "495672033565"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/aws:cloudformation:stack-name",

                    "values": {

                        "items": [

                            {

                                "value": "qls-905230-dd0d1e81db5f7a63"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:AvailabilityZone",

                    "values": {

                        "items": [

                            {

                                "value": "us-east-1a"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/Name",

                    "values": {

                        "items": [

                            {

                                "value": "Production Private Subnet"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:SubnetID",

                    "values": {

                        "items": [

                            {

                                "value": "subnet-9ff4e4d7"

                            }

                        ]

                    }

                },

                {

                    "key": "495672033565:LabName",

                    "values": {

                        "items": [

                            {

                                "value": "1415"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:Region",

                    "values": {

                        "items": [

                            {

                                "value": "us-east-1"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:Service",

                    "values": {

                        "items": [

                            {

                                "value": "ec2"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/LabName",

                    "values": {

                        "items": [

                            {

                                "value": "1415"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:Type",

                    "values": {

                        "items": [

                            {

                                "value": "subnet"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:Region",

                    "values": {

                        "items": [

                            {

                                "value": "us-east-1"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/CustomerName",

                    "values": {

                        "items": [

                            {

                                "value": "aws"

                            }

                        ]

                    }

                },

                {

                    "key": "aws:ARN",

                    "values": {

                        "items": [

                            {

                                "value": "arn:aws:ec2:us-east-1:495672033565:subnet/subnet-9ff4e4d7"

                            }

                        ]

                    }

                },

                {

                    "key": "ec2:ResourceTag/aws:cloudformation:logical-id",

                    "values": {

                        "items": [

                            {

                                "value": "ProdPrivateSubnet"

                            }

                        ]

                    }

                }

            ]

        },

        "principal": {

            "arn": "arn:aws:iam::495672033565:user/developer1",

            "id": "AIDAIQWZTLCLNAA6YDMHE",

            "name": "developer1"

        },

        "resource": "arn:aws:ec2:us-east-1:495672033565:subnet/subnet-9ff4e4d7"

    },

    "explicitDeny": false,

    "failures": {

        "items": []

    },

    "matchedStatements": {

        "items": []

    }

}

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ aws ec2 stop-instances --instance-id i-07ca9c167c7c615c5


An error occurred (UnauthorizedOperation) when calling the StopInstances operation: You are not authorized to perform this operation. Encoded authorization failure message: TO3LFBM3EwFgbbdN08WFtL7MzhIk1m5NZhKzUxqsHMv9-I0jQBZQ_JM2ooXjCClQF1PZT8ygU-WMC6sEgfcC7iq4fkAjacOikrAZOKlgFx9qm_ggejLNY3QE61H587nE5IiqftJ6gPGrvucNsC97pCL715W8UcKOQyGliOhIATjRaVwCc68u9HYre58BIRjkzLHlB3-shhkzUUabf-_vxz24hmu5bdAeXt-fmtGmZo6XCAXCyK3LtrjNKJVoc07UTuBW4CR1gRorAEHqXTramjiSMJIQuOW08fq2l3jHjcKaaDxpfYjNfyZTpUaHwnwvVFRrGt18527IvvsUX1GRmGatFdTn5MokAGmPPuPxwCabnRBltPve3XhJT40Hy7bKjmD87jtKRFcozHhPeAZSzrW_jdk8ZPeJK7IO5s1qu9CTKLnmVi8mlMH4rCUZxbM3Y0LbZrNaf0Z2IEbXjPnnX2BLeAlpPu1cJhkoJnPty2EgLsP4OkWGz_Ex--t8yvLpT1GFtRpnRRy7V5b3cov9f_PhM_his0Dzykl_vvv9a1anv4vVuNWjF7LLgN8AXDdS-7CZGE_Mlfiw3ZK3VL60TnbIT-R-1e-GDfM1fINZkK_N1VkqhJh1jjbfDW4vnWld83ACQFOwC8wz_rh9cX_YWeveZhN4pBJeQASivaPvclztqjXH3JEUBwNtTDdbjOBmOvNwg2IlA3xmemXvuYtZctDwI7jX1neVsZ-f8cKTaObP9OWIfoFY9qlss2YhppjaxsVuJwosMtjKomxJp5kJ3om83BoCdhE7HUlx5E70Dddd6an3gk8PS1cB_T96JViPE654WwHhW4C5e5MnDFKDyg1aQiI6w0q3SKIRwBO-pvFwwsHsSwYfhsDjz452oVchQl94j0G1afTFCKcmFNLl1znNx1gcUZ8ShnNBTf4LgBhA8Gc077pYVZXhT_nuxx4aa1c

[ec2-user@ip-10-0-10-131 ~]$ aws ec2 stop-instances --instance-id i-0843ec9cea883ab24

{

    "StoppingInstances": [

        {

            "InstanceId": "i-0843ec9cea883ab24", 

            "CurrentState": {

                "Code": 64, 

                "Name": "stopping"

            }, 

            "PreviousState": {

                "Code": 16, 

                "Name": "running"

            }

        }

    ]

}

[ec2-user@ip-10-0-10-131 ~]$ 

[ec2-user@ip-10-0-10-131 ~]$ aws ec2 stop-instances --instance-id i-0843ec9cea883ab24

{

    "StoppingInstances": [

        {

            "InstanceId": "i-0843ec9cea883ab24", 

            "CurrentState": {

                "Code": 64, 

                "Name": "stopping"

            }, 

            "PreviousState": {

                "Code": 64, 

                "Name": "stopping"

            }

        }

    ]

}

[ec2-user@ip-10-0-10-131 ~]$ 



---------------------------------------------------------------------------------------------------



참고

Lab1ProdVPC vpc-ae0433d7

Lab1DevSubnetID subnet-0ccbdb44

Lab1Region us-east-1

Lab1DevVPC vpc-921027eb

Lab1AccountID 495672033565

Lab1ProdNATID i-07ca9c167c7c615c5

Lab1ProdSubnetID subnet-9ff4e4d7

Lab1DevNATID i-0843ec9cea883ab24

Lab1AMIID ami-8fcee4e5 and

qwikLAB {"Connection": "ssh ec2-user@34.201.105.190"} Outputs to be used by qwikLAB







evOps Engineering on AWS: Lab 1 - Configuring DevOps Roles on AWS - v1.6 (Linux)

==================================================================================================================

Using this command reference.

==================================================================================================================


1. Locate the section you need. Each section in this file matches a section in the lab instructions.

2. Replace items in angle brackets - < > - with appropriate values. For example, in this command you would replace the value - <JobFlowID> - (including the angle brackets) with the parameter indicated in the lab instructions:

elastic-mapreduce --list <JobFlowID>. You can also use find and replace to change bracketed parameters in bulk.

3. Do NOT enable the Word Wrap feature in Windows Notepad or the text editor you use to view this file.


++++1. Task: Restrict Developer Access to Production++++

==================================================================================================================
1.2 Create an Initial IAM Policy
==================================================================================================================

1.2.1 Copy the IAM policy

{
	"Version" : "2012-10-17",
	"Statement" : [{
			"Sid" : "Stmt1425065597000",
			"Effect" : "Allow",
			"Action" : [
				"ec2:RunInstances"
			],
			"Resource" : "arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:subnet/*",
			"Condition" : {
				"StringEquals" : {
					"ec2:Vpc" : "arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:vpc/<Lab1DevVPC>"
				}
			}
		}, {
			"Effect" : "Allow",
			"Action" : "ec2:RunInstances",
			"Resource" : [
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:instance/*",
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:volume/*",
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:network-interface/*",
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:key-pair/*",
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:security-group/*",
				"arn:aws:ec2:<Lab1Region>::image/*"
			]
		}, {
			"Effect" : "Allow",
			"Action" : ["sts:DecodeAuthorizationMessage"],
			"Resource" : "*"
		}
	]
}


==================================================================================================================
1.6 Test Developer Permissions
==================================================================================================================

1.6.9 Test permissions from bastion command line

aws ec2 run-instances --dry-run --instance-type "t2.small" --image-id <Lab1AMIID> --subnet-id <Lab1DevSubnetID>


==================================================================================================================
1.7 Debug IAM Permissions Issues
==================================================================================================================

1.7.1 Attempt to create an instance in the production VPC instead

aws ec2 run-instances --dry-run --instance-type "t2.small" --image-id <Lab1AMIID> --subnet-id <Lab1ProdSubnetID>

1.7.3 Decode the failure message

aws sts decode-authorization-message --encoded-message <FailureMessage>

1.7.4 Pretty-print the decoded authorization message

aws sts decode-authorization-message --encoded-message <FailureMessage> --query 'DecodedMessage' | sed -e 's/\\"/"/g' -e 's/"{/{/g' -e 's/}"/}/g' | python -m json.tool


++++2. Challenge: Deny Permissions to Infrastructure Instances++++

==================================================================================================================
2.1 Grant Additional Permissions on Instances in Developer VPC
==================================================================================================================

2.1.5 Paste Allow statements into existing IAM policy

,
	 {
			"Effect" : "Allow",
			"Action" : [
				"ec2:StartInstances",
				"ec2:StopInstances",
				"ec2:TerminateInstances"
			],
			"Resource" : [
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:instance/*"
			],
			"Condition" : {
				"StringEquals" : {
						"ec2:ResourceTag/DeploymentType" : "Development"
				}
			}
		},
	 {
			"Effect" : "Deny",
			"Action" : [
				"ec2:StartInstances",
				"ec2:StopInstances",
				"ec2:TerminateInstances"
			],
			"Resource" : [
				"arn:aws:ec2:<Lab1Region>:<Lab1AccountID>:instance/*"
			],
			"Condition" : {
				"StringEquals" : {
						"ec2:ResourceTag/InstanceType" : "Infrastructure"
				}
			}
		}

2.1.7 Attempt to stop the NAT instance in Production VPC

aws ec2 stop-instances --instance-id <Lab1ProdNATID>

2.1.8 Attempt to stop the NAT instance in Development VPC

aws ec2 stop-instances --instance-id <Lab1DevNATID>


© 2017 Amazon Web Services, Inc. or its affiliates. All rights reserved.




저작자표시

'Cloud > AWS' 카테고리의 다른 글

devops lab3  (0) 2017.08.31
devops lab2  (0) 2017.08.31
Devops on AWS  (0) 2017.08.30
aws 정기 웨비나  (0) 2017.06.13
AWS 배포 3가지  (0) 2017.06.05

Devops on AWS

Cloud/AWS2017. 8. 30. 09:30

301 세미나 - 심화학습 및 교육


http://aws-class.com/14245



Devops

- 고객에게 새로운 서비스를 빠르게 딜리버리

- CI, CD

- 자주 릴리즈, SW가 가벼워져야한다

- 클라우드...

모두 한셋트로 움직인다.



CI, CD : 자동화하는데 있어서, 장애가 되는 요소를 하나씩 제거한다 (테스트 -> 패키징...)

릴리즈

넷플릭스 : 카나리아, 배포한 카나리아에서 데이터(메트릭) 수집 (HTTP응답코드 수집...등 1000개)



AWS는 시간당 6000번 릴리즈


모니터링 : 코드파이프라인의 모든 단계에서의 모니터링


코드형 인프라

클라우드의 모든 자원은 temporary : 쓰고 바로 버린다


CodeFormation

: AWS 리소스 뿐만 아니라, 외부 자원(Ansible, chef 쿡북, puppet 매니페스트...)도 다룰수 있다.


[보안]

파이프라인 단계간의 보안

단계내의 권한

우수한 보안사례 참고하라

계정, 접근권한에 대한 보안

AWS Inspector

SecDevOps







IAM policy smulatior


bit.ly/2wn5jiX



cloudping.info









[2일차]

젠킨스

https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Plugin


CD

- Red/Black : 넷플릭스, 카나리아


Code Deploy

- AS에서 일부만 WAR 교체하여 inplace로 배포, 비용효율적, ELBAS

- Integrating AWS CodeDeploy with GitHub

http://docs.aws.amazon.com/ko_kr/codedeploy/latest/userguide/integrations-partners-github.html


OpsWorks

멀티레이어 로 구성 : Stack -> Layer -> Instance -> ...

반면, beanstalks 은 싱글레이어



--generate-cli-skeleton / --cli-input-json



[3일차]


ECS, Blox

저작자표시

'Cloud > AWS' 카테고리의 다른 글

devops lab2  (0) 2017.08.31
devops lab1  (0) 2017.08.31
aws 정기 웨비나  (0) 2017.06.13
AWS 배포 3가지  (0) 2017.06.05
EB CLI  (0) 2017.06.05

Adding a Session Cache service to an application

Cloud/Bluemix2017. 7. 10. 21:51

c:\dev>bx login -u jesang.myung@gmail.com

API 엔드포인트: https://api.ng.bluemix.net


Password>

인증 중...

확인


계정 선택(또는 Enter를 눌러 건너뜀):

1. Jesang Myung's Account (4b87bafe5a89360c26fb9f022d408739)

2. SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)

3. Ana Giordano's Account (cd08bd765f10d2430af4808a49380a2e)

4. KYU MIN JEONG's Account (cc2b9c223ffb550f64d4c83d3ca4efa7)

번호 입력> 2

대상 지정된 계정 SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)


대상 지정된 조직 SDS_Bluemix_Workshop


대상 지정된 영역 Workshop




API 엔드포인트:   https://api.ng.bluemix.net(API 버전: 2.75.0)

지역:             us-south

사용자:           jesang.myung@gmail.com

계정:             SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)

조직:             SDS_Bluemix_Workshop

영역:             Workshop



c:\dev>git clone https://github.com/pfgeiger/RedbookLibrary
Cloning into 'RedbookLibrary'...
remote: Counting objects: 285, done.
remote: Total 285 (delta 0), reused 0 (delta 0), pack-reused 285
Receiving objects: 100% (285/285), 5.80 MiB | 2.27 MiB/s, done.
Resolving deltas: 100% (109/109), done.

c:\dev>bx cf create-service dashdb Entry library_db
'cf create-service dashdb Entry library_db' 호출 중...

Creating service instance library_db in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Attention: The plan `Entry` of service `dashdb` is not free.  The instance `library_db` will incur a cost.  Contact your administrator if you think this is in error.


c:\dev>bx cf create-service SessionCache starter SessionCache-abc
'cf create-service SessionCache starter SessionCache-abc' 호출 중...

Creating service instance SessionCache-abc in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Attention: The plan `starter` of service `SessionCache` is not free.  The instance `SessionCache-abc` will incur a cost.  Contact your administrator if you think this is in error.


c:\dev>cd RedbookLibrary





c:\dev\RedbookLibrary>bx app push
'cf push' 호출 중...

Using manifest file c:\dev\RedbookLibrary\manifest.yml

Creating app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Creating route sds-redbook-library.mybluemix.net...
OK

Binding sds-redbook-library.mybluemix.net to sds-redbooklibrary...
OK

Uploading sds-redbooklibrary...
Uploading app files from: C:\Users\MYUNG-~1\AppData\Local\Temp\unzipped-app473540899
Uploading 53.3K, 46 files
Done uploading
OK
Binding service library_db to app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK
Binding service SessionCache-abc to app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Starting app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
Downloading liberty-for-java...
Downloaded liberty-for-java
Creating container
Downloading app package...
Successfully created container
Downloaded app package (2.8M)
Staging...
-----> Liberty Buildpack Version: v3.10-20170525-1107
-----> Retrieving IBM 1.8.0_20170215 JRE (ibm-java-jre-8.0-4.1-pxa6480sr4fp1-20170215_01-cloud.tgz) ... (0.0s)
-----> Retrieving App Management 1.26.0_20170522-1438 (app-mgmt_v1.26-20170522-1438.zip) ... (0.0s)
         Expanding JRE to .java ... (1.3s)
         Expanding App Management to .app-management (0.1s)
-----> Retrieving com.ibm.ws.liberty-17.0.0.2-201705251107.tar.gz ... (0.0s)
         Installing archive ... (1.2s)
-----> Retrieving com.ibm.ws.liberty.ext-17.0.0.2-201705251107.tar.gz ... (0.0s)
         Installing archive ... (1.0s)
-----> Retrieving wxsclient-wlp_8.6.0.8-Pcf81712.22162916.esa ... (0.0s).
         Installing feature ... (9.4s).
-----> Retrieving and installing client jar(s) from com.ibm.ws.icap.clientJars.db2.zip (0.0s)
-----> Warning: Liberty feature set is not specified. Using the default feature set: ["beanValidation-1.1", "cdi-1.2", "ejbLite-3.2", "el-3.0", "jaxrs-2.0", "jdbc-4.1", "jndi-1.0", "jpa-2.1", "jsf-2.2", "jsonp-1.0", "jsp-2.3", "managedBeans-1.0", "servlet-3.1", "websocket-1.1"]. For the best results, explicitly set the features via the JBP_CONFIG_LIBERTY environment variable or deploy the application as a server directory or packaged server with a custom server.xml file.
-----> Auto-configuration is creating config for service instance 'SessionCache-abc' of type 'SessionCache'
-----> Auto-configuration is creating config for service instance 'library_db' of type 'AnalyticsWarehouse'
-----> Liberty buildpack is done creating the droplet
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
Uploading build artifacts cache...
Uploading droplet...
Uploaded build artifacts cache (108B)
Uploaded droplet (219.8M)
Uploading complete
Destroying container
Successfully destroyed container

0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
1 of 1 instances running

App started


OK

App sds-redbooklibrary was started using this command `.liberty/initial_startup.rb`

Showing health and status for app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

requested state: started
instances: 1/1
usage: 512M x 1 instances
urls: sds-redbook-library.mybluemix.net
last uploaded: Mon Jul 10 11:55:45 UTC 2017
stack: cflinuxfs2
buildpack: liberty-for-java

     state     since                    cpu      memory           disk           details
#0   running   2017-07-10 08:57:47 PM   320.5%   166.4M of 512M   293.4M of 1G


c:\dev\RedbookLibrary>bx cf apps
'cf apps' 호출 중...

Getting apps in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

name                                          requested state   instances   memory   disk   urls
sds-redbooklibrary                            started           1/1         512M     1G     sds-redbook-library.mybluemix.net







c:\dev\RedbookLibrary>bx app scale sds-redbooklibrary -i 2
'cf scale sds-redbooklibrary -i 2' 호출 중...

Scaling app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK




c:\dev\RedbookLibrary>bx cf apps
'cf apps' 호출 중...

Getting apps in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

name                                          requested state   instances   memory   disk   urls
sds-redbooklibrary                            started           2/2         512M     1G     sds-redbook-library.mybluemix.net




c:\dev\RedbookLibrary>bx cf apps
'cf apps' 호출 중...

Getting apps in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

name                                          requested state   instances   memory   disk   urls
sds-redbooklibrary                            started           2/2         512M     1G     sds-redbook-library.mybluemix.net
sds-test-app3                                 started           1/1         1G       1G     sds-test-app3.mybluemix.net
second-test2                                  stopped           0/1         512M     1G     second-test2.mybluemix.net
meetingroom-reservation-with-hkt              stopped           0/1         256M     1G     meetingroom-reservation-with-hkt.mybluemix.net
simple-rbs-hktbart-1425                       stopped           0/1         512M     1G     simple-rbs-hktbart-1425.mybluemix.net
hkt-iot-test2                                 stopped           0/1         512M     1G     hkt-iot-test2.mybluemix.net
orders-api-toolchain-demo-20170612010518521   stopped           0/1         96M      1G     orders-api-toolchain-demo-20170612010518521.mybluemix.net
orders-api-toolchain-demo-20170611154355788   stopped           0/1         96M      1G     orders-api-toolchain-demo-20170611154355788.mybluemix.net

c:\dev\RedbookLibrary>bx app scale sds-redbooklibrary -i 1
'cf scale sds-redbooklibrary -i 1' 호출 중...

Scaling app sds-redbooklibrary in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK






저작자표시

'Cloud > Bluemix' 카테고리의 다른 글

Cloud-Native Application Development  (0) 2017.07.10
Cloud Foundry difference between Pivotal and IBM  (0) 2017.07.10
Bluemix 총정리  (0) 2017.04.20
OpenWhisk  (0) 2017.04.20
Royal Bank of Canada's Journey  (0) 2017.04.20

Cloud-Native Application Development

Cloud/Bluemix2017. 7. 10. 17:25

c:\dev>bluemix api https://api.ng.bluemix.net
API 엔드포인트를 https://api.ng.bluemix.net(으)로 설정 중...
확인

API endpoint: https://api.ng.bluemix.net (CF API version: 2.75.0)

c:\dev>bluemix login -u jesang.myung@gmail.com
API 엔드포인트: https://api.ng.bluemix.net

Password>
인증 중...
확인

계정 선택(또는 Enter를 눌러 건너뜀):
1. Jesang Myung's Account (4b87bafe5a89360c26fb9f022d408739)
2. SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)
3. Ana Giordano's Account (cd08bd765f10d2430af4808a49380a2e)
4. KYU MIN JEONG's Account (cc2b9c223ffb550f64d4c83d3ca4efa7)
번호 입력> 2
대상 지정된 계정 SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)

대상 지정된 조직 SDS_Bluemix_Workshop

대상 지정된 영역 Workshop



API 엔드포인트:   https://api.ng.bluemix.net(API 버전: 2.75.0)
지역:             us-south
사용자:           jesang.myung@gmail.com
계정:             SAMSUNG SDS (060163dc8cc9cb11351ccc7a9caa316a)
조직:             SDS_Bluemix_Workshop
영역:             Workshop



c:\dev>git clone https://hub.jazz.net/git/osowski/bluemix-libertycache
Cloning into 'bluemix-libertycache'...
Receiving objects:  96% (150/156), 24.68 MiB | 1.93 MiB/s
Receiving objects: 100% (156/156), 25.41 MiB | 2.12 MiB/s, done.
Resolving deltas: 100% (4/4), done.



c:\dev>cd bluemix-libertycache



c:\dev\bluemix-libertycache>bx app push sds-test-app -p cacheSampleJavaNativeAPIs.war --no-manifest
'cf push sds-test-app -p cacheSampleJavaNativeAPIs.war --no-manifest' 호출 중...

Creating app sds-test-app in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Creating route sds-test-app.mybluemix.net...
OK

Binding sds-test-app.mybluemix.net to sds-test-app...
OK

Uploading sds-test-app...
Uploading app files from: C:\Users\MYUNG-~1\AppData\Local\Temp\unzipped-app960286279
Uploading 42.9K, 21 files
Done uploading
OK

Starting app sds-test-app in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
Downloading liberty-for-java_v3_9-20170419-1403...
Downloading xpages_buildpack...
Downloading python_buildpack...
Downloading liberty-for-java...
Downloaded liberty-for-java_v3_9-20170419-1403
Downloading java_buildpack...
Downloading go_buildpack...
Downloading sdk-for-nodejs...
Downloaded go_buildpack
Downloaded python_buildpack
Downloading dotnet-core...
Downloading swift_buildpack...
Downloaded liberty-for-java
Downloading noop-buildpack...
Downloaded xpages_buildpack
Downloaded sdk-for-nodejs
Downloading ruby_buildpack...
Downloaded swift_buildpack
Downloading nodejs_buildpack...
Downloaded dotnet-core
Downloading liberty-for-java_v3_7-20170118-2046...
Downloaded noop-buildpack
Downloading php_buildpack...
Downloaded java_buildpack
Downloaded nodejs_buildpack
Downloading staticfile_buildpack...
Downloading binary_buildpack...
Downloaded ruby_buildpack
Downloading swift_buildpack_v2_0_5-20170406-2317...
Downloaded liberty-for-java_v3_7-20170118-2046
Downloading liberty-for-java_v3_8-20170308-1507...
Downloaded php_buildpack
Downloading sdk-for-nodejs_v3_11-20170303-1144...
Downloaded staticfile_buildpack
Downloading dotnet-core_v1_0_13-20170330-1023...
Downloaded liberty-for-java_v3_8-20170308-1507
Downloaded binary_buildpack
Downloaded swift_buildpack_v2_0_5-20170406-2317
Downloaded sdk-for-nodejs_v3_11-20170303-1144
Downloaded dotnet-core_v1_0_13-20170330-1023
Creating container
Successfully created container
Downloading app package...
Staging...
Downloaded app package (6.1M)
-----> Liberty Buildpack Version: v3.10-20170525-1107
-----> Retrieving IBM 1.8.0_20170215 JRE (ibm-java-jre-8.0-4.1-pxa6480sr4fp1-20170215_01-cloud.tgz) ... (0.0s)
         Expanding JRE to .java ... (1.2s)
-----> Retrieving App Management 1.26.0_20170522-1438 (app-mgmt_v1.26-20170522-1438.zip) ... (0.0s)
         Expanding App Management to .app-management (0.1s)
-----> Retrieving com.ibm.ws.liberty-17.0.0.2-201705251107.tar.gz ... (0.0s)
         Installing archive ... (1.3s)
-----> Liberty buildpack is done creating the droplet
-----> Warning: Liberty feature set is not specified. Using the default feature set: ["beanValidation-1.1", "cdi-1.2", "ejbLite-3.2", "el-3.0", "jaxrs-2.0", "jdbc-4.1", "jndi-1.0", "jpa-2.1", "jsf-2.2", "jsonp-1.0", "jsp-2.3", "managedBeans-1.0", "servlet-3.1", "websocket-1.1"]. For the best results, explicitly set the features via the JBP_CONFIG_LIBERTY environment variable or deploy the application as a server directory or packaged server with a custom server.xml file.
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
Uploading build artifacts cache...
Uploading droplet...
Uploaded build artifacts cache (108B)
Uploaded droplet (138.4M)
Uploading complete
Destroying container
Successfully destroyed container

0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
1 of 1 instances running

App started


OK

App sds-test-app was started using this command `.liberty/initial_startup.rb`

Showing health and status for app sds-test-app in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

requested state: started
instances: 1/1
usage: 1G x 1 instances
urls: sds-test-app.mybluemix.net
last uploaded: Mon Jul 10 08:40:10 UTC 2017
stack: cflinuxfs2
buildpack: Liberty for Java(TM) (WAR, liberty-17.0.0_2, buildpack-v3.10-20170525-1107, ibmjdk-1.8.0_20170215, env)

     state     since                    cpu     memory         disk         details
#0   running   2017-07-10 05:41:48 PM   85.4%   129.9M of 1G   196M of 1G



------------------------------------------------------------------------------------------------------------------------------------------


c:\dev\bluemix-libertycache>bx app push sds-test-app2 -p cacheSampleJavaNativeAPIs.war -b java_buildpack --no-manifest
'cf push sds-test-app2 -p cacheSampleJavaNativeAPIs.war -b java_buildpack --no-manifest' 호출 중...

Creating app sds-test-app2 in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
OK

Creating route sds-test-app2.mybluemix.net...
OK

Binding sds-test-app2.mybluemix.net to sds-test-app2...
OK

Uploading sds-test-app2...
Uploading app files from: C:\Users\MYUNG-~1\AppData\Local\Temp\unzipped-app450300315
Uploading 42.9K, 21 files
Done uploading
OK

Starting app sds-test-app2 in org SDS_Bluemix_Workshop / space Workshop as jesang.myung@gmail.com...
Downloading java_buildpack...
Downloaded java_buildpack
Creating container
Successfully created container
Downloading app package...
Downloaded app package (6.1M)
Staging...
-----> Java Buildpack Version: v3.13 | https://github.com/cloudfoundry/java-buildpack.git#03b493f
-----> Downloading Open Jdk JRE 1.8.0_121 from https://java-buildpack.cloudfoundry.org/openjdk/trusty/x86_64/openjdk-1.8.0_121.tar.gz (0.5s)
       Expanding Open Jdk JRE to .java-buildpack/open_jdk_jre (1.4s)
-----> Downloading Open JDK Like Memory Calculator 2.0.2_RELEASE from https://java-buildpack.cloudfoundry.org/memory-calculator/trusty/x86_64/memory-calculator-2.0.2_RELEASE.tar.gz (0.0s)
       Memory Settings: -XX:MetaspaceSize=104857K -Xss349K -Xmx681574K -XX:MaxMetaspaceSize=104857K -Xms681574K
-----> Downloading Container Certificate Trust Store 2.1.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-certificate-trust-store/container-certificate-trust-store-2.1.0_RELEASE.jar (0.0s)
       Adding certificates to .java-buildpack/container_certificate_trust_store/truststore.jks (0.6s)
-----> Downloading Tomcat Instance 8.0.45 from https://java-buildpack.cloudfoundry.org/tomcat/tomcat-8.0.45.tar.gz (0.1s)
       Expanding Tomcat Instance to .java-buildpack/tomcat (0.1s)
-----> Downloading Tomcat Lifecycle Support 2.5.0_RELEASE from https://java-buildpack.cloudfoundry.org/tomcat-lifecycle-support/tomcat-lifecycle-support-2.5.0_RELEASE.jar (0.0s)
-----> Downloading Tomcat Logging Support 2.5.0_RELEASE from https://java-buildpack.cloudfoundry.org/tomcat-logging-support/tomcat-logging-support-2.5.0_RELEASE.jar (0.0s)
-----> Downloading Tomcat Access Logging Support 2.5.0_RELEASE from https://java-buildpack.cloudfoundry.org/tomcat-access-logging-support/tomcat-access-logging-support-2.5.0_RELEASE.jar (0.0s)
Staging complete
Uploading droplet...
Exit status 0
Uploading droplet, build artifacts cache...
Uploading build artifacts cache...
Uploaded build artifacts cache (52.7M)
Uploaded droplet (57.9M)
Uploading complete
Destroying container
Successfully destroyed container

0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 starting
0 of 1 instances running, 1 crashed
FAILED
Error restarting application: Start unsuccessful

TIP: use 'cf logs sds-test-app2 --recent' for more information
















저작자표시

'Cloud > Bluemix' 카테고리의 다른 글

Adding a Session Cache service to an application  (0) 2017.07.10
Cloud Foundry difference between Pivotal and IBM  (0) 2017.07.10
Bluemix 총정리  (0) 2017.04.20
OpenWhisk  (0) 2017.04.20
Royal Bank of Canada's Journey  (0) 2017.04.20

Cloud Foundry difference between Pivotal and IBM

Cloud/Bluemix2017. 7. 10. 15:49

Cloud Foundry difference between Pivotal and IBM

1. One key aspect of the differentiation is the diversity and capabilities of the services available on the platform. You can compare and contrast the services .
2. BlueMix provides an Mobile Application Development Platform whereas Pivotal CF does not provide mobile backend services today.
3. BlueMix provides an integrated developer experience in the cloud via integration with JazzHub. This enables various devops scenarios and the push from src model
4. In terms of runtimes for the applications, BlueMix supports running web applications and server packages for java, node on IBM-Node.js runtimes and ruby with the ruby on rails and Ruby Sinatra apps. The java runtime provisioned by the Liberty buildpack is very different from the open source java buildpack in terms of feature, function and philosophy.


* IBM Bluemix was originally based off Cloud Foundry's open technology. It is a cloud computing platform as a service that supports the full lifecycle, from initial development, through all testing stages, to deployment.
* Cloud Foundry has a CLI program called cf which is the primary tool to interact with Bluemix (or Bluemix provides a web GUI for this).
* Cloud Foundry introduces the concepts of Organizations that contain Spaces which you can think of as workspaces. Different spaces typically correspond to different lifecycle stages for an application.
* Cloud Foundry introduces the concepts of Services and Applications. A Cloud Foundry service usually performs a particular function (like a database service), and an application usually has services and their keys bound to it.


Pivotal과 IBM 간의 Cloud Foundry 차이


1. 차별화의 핵심 요소 중 하나는 플랫폼에서 사용할 수있는 서비스의 다양성과 기능입니다. 당신은 서비스를 비교하고 대조 할 수 있습니다.
2. BlueMix는 모바일 응용 프로그램 개발 플랫폼을 제공하지만 Pivotal CF는 현재 모바일 백엔드 서비스를 제공하지 않습니다.
3. BlueMix는 JazzHub와의 통합을 통해 클라우드에서 통합 된 개발자 경험을 제공합니다. 이것은 다양한 devop 시나리오와 src 모델로부터의 push를 가능하게합니다.
4. 응용 프로그램의 런타임 측면에서 BlueMix는 Java 용 웹 응용 프로그램 및 서버 패키지, IBM-Node.js 런타임의 노드 및 루비 온 레일 및 Ruby Sinatra 응용 프로그램과 함께 루비 실행을 지원합니다. Liberty buildpack이 제공하는 Java 런타임은 기능, 기능 및 철학 측면에서 오픈 소스 Java 빌드 팩과 매우 다릅니다.


* IBM Bluemix는 원래 Cloud Foundry의 개방형 기술을 기반으로했습니다. 초기 개발부터 모든 테스트 단계, 배포까지 전체 라이프 사이클을 지원하는 클라우드 컴퓨팅 플랫폼입니다.
* Cloud Foundry에는 Bluemix와 상호 작용할 수있는 기본 도구 인 cf라는 CLI 프로그램이 있습니다 (또는 Bluemix는이를위한 웹 GUI를 제공함).
* Cloud Foundry는 작업 공간이라고 생각할 수있는 공간이 포함 된 조직의 개념을 소개합니다. 서로 다른 공간은 일반적으로 응용 프로그램의 다른 라이프 사이클 단계에 해당합니다.
* Cloud Foundry는 서비스 및 응용 프로그램의 개념을 소개합니다. Cloud Foundry 서비스는 일반적으로 데이터베이스 서비스와 같은 특정 기능을 수행하며 응용 프로그램은 일반적으로 서비스와 해당 키가 바인딩되어 있습니다.


저작자표시

'Cloud > Bluemix' 카테고리의 다른 글

Adding a Session Cache service to an application  (0) 2017.07.10
Cloud-Native Application Development  (0) 2017.07.10
Bluemix 총정리  (0) 2017.04.20
OpenWhisk  (0) 2017.04.20
Royal Bank of Canada's Journey  (0) 2017.04.20

Azure 2일차

Cloud/Azure2017. 6. 22. 09:49

https://gitter.im/azure-camp-jun/Lobby?source=orgpage

daewoo.kim@MS


Azure 2일차





















2번째
























C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>git init
Reinitialized existing Git repository in C:/Users/SKILLSUPPORT/Downloads/azure-camp-jun-master/azure-camp-jun-master/demo/webapp-demo/php-webapp-publish/.git/

C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>
C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>
C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>
C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>git add .

C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>git commit -m "initial commit"
[master (root-commit) 5c9acfe] initial commit
 1 file changed, 3 insertions(+)
 create mode 100644 index.php

C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>
C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>
C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>git remote add azure https://human537@myung-second-app.scm.azurewebsites.net:443/myung-second-app.git
fatal: remote azure already exists.

C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>git push azure master
Counting objects: 3, done.
Writing objects: 100% (3/3), 227 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: Updating branch 'master'.
remote: Updating submodules.
remote: Preparing deployment for commit id '5c9acfeb67'.
remote: Generating deployment script.
remote: Generating deployment script for Web Site
remote: Generated deployment script files
remote: Running deployment command...
remote: Handling Basic Web Site deployment.
remote: KuduSync.NET from: 'D:\home\site\repository' to: 'D:\home\site\wwwroot'
remote: Deleting file: 'hostingstart.html'
remote: Copying file: 'index.php'
remote: Finished successfully.
remote: Running post deployment command(s)...
remote: Deployment successful.
To https://myung-second-app.scm.azurewebsites.net:443/myung-second-app.git
 * [new branch]      master -> master

C:\Users\SKILLSUPPORT\Downloads\azure-camp-jun-master\azure-camp-jun-master\demo\webapp-demo\php-webapp-publish>





으로 변경됨








하면 S1 에서 다른 서버로 변경할 수 있음









WebJobs


















https://myung-func.azurewebsites.net/api/HttpTriggerJS1?code=hQHdIbgaaSxbSqZd9HtDyNXagkh6keNrbPo/nl9Kqup/aD1QGSbP3Q==&name=mjs














https://requestb.in/

웹앱을 테스트하기 위한 디버깅, 테스트도구




























https://socket.io/demos/chat/

다른세션(다른 웹브라우저)에서 웹소켓을 이용하여 통신가능






http://swagger.io/

나는 개발(요리사)만하면되고, 변경됨에 따라 연동되는 명세는 자동으로 바뀜





야믈 파일만 만들면, 서버, 클라이언트 명세파일을 자동으로 gen할 수 있다





[Storage]

https://gitter.im/azure-camp-jun/Lobby?source=orgpage














정해진 시간대에만 접근하게 해줌


따라하기

https://docs.microsoft.com/ko-kr/azure/storage/storage-dotnet-how-to-use-blobs











table : nosql





----------------------------------------------------------------------

SQL Server VM : db를 빌려씀. 운영은 MS가 해줌

Cosmos DB : mongo db 의 PaaS 버전



























마이크로소프트 Azure Web App과 Function App을 이용한 실시간 & 배치 예측 분석 솔루션 구축


https://microsoft.github.io/techcasestudies/azure%20app%20service/2016/12/08/Nexon-kor.html




https://github.com/CloudBreadPaPa/soscon2016-ml

https://studio.azureml.net/














피쳐(컬럼), 샘플(로)

























'Experiment created on 2017. 6. 22. [Predictive Exp.]' test returned ["24234","0","0",null,"Y","0.798084616661072"]...


79%의 확률...


저작자표시

GCP

Cloud/GCP2017. 6. 15. 10:18

6 15일 서울 CP100 교육

About the Teacher

Junho Lee (이준호) / jhlee@rockplace.co.kr

WIFI SSID

SSID: GoogleGuest

Class Homepage

http://myclass.gcptrain.org/

Class Access Code

vieqi7

Eval Form

구글 교육 강사 평가 링크

Helpful Links

  1. 1.Google Cloud Platform Products & Services 

    GCP 각 상품 및 서비스에 대한 설명 

  2. 2.Google Cloud Platform Documentation 

    GCP 각 서비스에 대한 자세한 설명 문서들 

  3. 3.Google Cloud Platform Codelabs 

    스스로 진행할 수 있는 GCP 관련 LAB 

  4. 4.How to Use Google Cloud Platform 

    GCP 를 활용한 아키텍처 다이어그램 

  5. 5.An introduction to data modeling using Google's Datastore 

    Google Datastore 데이터 모델링 설명 

  6. 6.Building a Mobile Gaming Analytics Platform - a Reference Architecture
    GCP Big Data 아키텍처 예제 및 설명 

  7. 7.Vision API Demo Site
    Vision API 데모 사이트 (* Chrome 에서만 사용 가능) 

  8. 8.Speech API Demo Site
    Speech API 데모 사이트 (* 노트북 마이크를 활성화 필요) 

  9. 9.Advancing enterprise database workloads on Google Cloud Platform
    Google Cloud SQL 성능 소개 블로그 글 

  10. 10.한빛 미디어 구글 클라우드 책 링크
    GCP 한글 소개 자료







분당과금 (AWS 는 시간당 과금)

- Autoscaling 시 과금차이가 많음


모든건 프로젝트부터 시작, 프로젝트 단위로 과금


하나의 프로젝트당 2명이상의 오너를 두는 것을 권장. 오너는 오너를 지울 수 있다



APIs explorer

- compute 검색. 하면 resfful api 로 내 compute 정보를 가져올 수 있다




Cloud launcher







[App Engine]

- PaaS Service

- GCP 보다 먼저 나왔다.

- 처음에 생겼던 문제. about RDBMS

-



Flexible : container



Datastore

- Group : 으로 묶이면 consistency 가 유지됨






Google Cloud Storage

: AWS S3와 동일



S3, glacier는 다른 api를 사용

반면에 Google cloud storage는 하나의 api를 사용


object versioning : 실제 지워지지않음. 나중에 복구할 수 있음



Docker 는 OS가 없기때문에 host os 에 부담을 줄 수 있다.

- 운영입장에서 docker 가 늘게 되면 네트워크 등에 리소스부담


=> 쿠버네티스가 해결

- 네트워크 커넥션 등을 추상화해서 해결

- 롤링 업데이트



 GCP Load Ballencer 는 pre-warming이 필요없다. 바로 붙을 수 있음



CDN : HTTPS 에서 아카만? 을 쓰면 latency가 줄어드는 사례. 게임회사



구글 빅데이터는 no-ops => SaaS

빅쿼리는 구글에만 있음. 위키피디아 4TB => 20초



from [bigquery.samples:wikipedea.benchmark.Wiki1008]

저작자표시

aws 정기 웨비나

Cloud/AWS2017. 6. 13. 13:20

https://aws.amazon.com/ko/about-aws/events/

저작자표시

'Cloud > AWS' 카테고리의 다른 글

devops lab1  (0) 2017.08.31
Devops on AWS  (0) 2017.08.30
AWS 배포 3가지  (0) 2017.06.05
EB CLI  (0) 2017.06.05
Using Auto Scaling with AWS Lambda  (0) 2017.06.02

Simple Orders API toolchain

Cloud/devops2017. 6. 9. 13:52










저작자표시

'Cloud > devops' 카테고리의 다른 글

JIRA  (0) 2017.04.13
Toolchain & Active Deploy  (0) 2017.04.11
Availability Monitoring  (0) 2017.04.11
Pagerduty를 활용하여, 장애발생시 SMS알림받기  (0) 2017.04.11
slack webhook  (0) 2017.04.11

AWS 배포 3가지

Cloud/AWS2017. 6. 5. 18:09

1. Elastic Beanstock



2. 날로 배포 (ubuntu)



3. Docker

저작자표시

'Cloud > AWS' 카테고리의 다른 글

Devops on AWS  (0) 2017.08.30
aws 정기 웨비나  (0) 2017.06.13
EB CLI  (0) 2017.06.05
Using Auto Scaling with AWS Lambda  (0) 2017.06.02
Making Your Environment Highly Available  (0) 2017.06.02

티스토리툴바