I am in middle of switching from EC2 to ECS Fargate to host my laravel api and I am using laravel passport oauth function with guzzle to generate access tokens. However in order for this to work I have to add an entry to extra_hosts like example.com:10.20.10.140 to my docker-compose.yml.
It looks like I cannot add an extra host entry via Fargate would really appreciate if anyone know of an alternative solution to this problem as the application works perfectly fine on local as well as on ec2.
Thank you
The way I worked around similar limitations in the past (e.g. for me it was searchdomain) is to add a line in a startup script that hack the local file. This is what I did:
#!/bin/bash
# when the variable is populated a search domain entry is added to resolv.conf at startup
# this is needed for the ECS service discovery given the app works by calling host names and not FQDNs
# a search domain can't be added to the container when using the awsvpc mode
# and the awsvpc mode is needed for A records (bridge only supports SRV records)
if [ $SEARCH_DOMAIN ]; then echo "search ${SEARCH_DOMAIN}" >> /etc/resolv.conf; fi
ruby /app/yelb-appserver.rb -o 0.0.0.0
Link to source
If you do not want to change the main container/application to do this you can have a sidecar container in the same task that only does this and then exits.
Related
I'm using a Kubernetes cluster in Azure running an ingress controller. The ingress controller routes to different services via a given context root.
To add another service and connect it to my ingress I build a simple shell script looking like this:
kubectl apply -f $1'-svc.yaml'
some script magic here to add a new route in the hello-world-ingress.json
kubectl apply -f 'hello-world-ingress.json'
I tested the script on my local machine and everything works as expected. Now I want to trigger the script with an HTTP rest call on Azure.
Does anyone have an idea how to do that? So far I know:
I need the Azure cli with Kubernetes to run the kubectl command
I need something to build the HTTP trigger. I tried using AzureFunctions, but I wasn't able to install the Azure cli in Azure Functions on the Azure Portal and I wasn't able to install Azure cli + Azure Functions in a Docker Container.
Does anyone have an idea how to trigger my shell script via HTTP in Azure in an environment where the Azure cli exists?
The easiest way, in my opinion, is to set up an Azure instance with kubectl and the Azure cli configured to talk to your cluster and on that same server setup something like shell2http. For example:
shell2http -export-all-vars /mybash "yourbash.sh"
shell2http -form /apply "kubectl apply -f $v'-svc.yaml'"
shell2http -export-all-vars /domore "domore.sh"
Where $v above is the name of your deployment.
i have a shell script which need to be installed over 100 Ubuntu instances/servers.What is the best way to install the same script on all instance without logging into each one.
You can use AWS System Manager , according to AWS Documentation :
You can send commands to tens, hundreds, or thousands of instances by
using the targets parameter (the Select Targets by Specifying a
Tag option in the Amazon EC2 console). The targets parameter accepts
a Key,Value combination based on Amazon EC2 tags that you specified
for your instances. When you execute the command, the system locates
and attempts to run the command on all instances that match the
specified tags
You can Target Instance by tag :
aws ssm send-command --document-name name --targets Key=tag:tag_name,Values=tag_value [...]
or
Targeting Instance IDs:
aws ssm send-command --document-name name --targets Key=instanceids,Values=ID1,ID2,ID3 [...]
Read the AWS Documentation for Details.
Thanks
You have several different options when trying to accomplish this task.
Like Kush mentioned, AWS System manager is great, but is a tightly coupled AWS service.
Packer - You could use Packer to create an AMI of the servers, and have the script installed on them, or just executed whatever the script is doing.
Configuration Management.
Ansible/Puppet/Chef. - These tools allow you to manage thousands of servers with only a couple of commands. My preference would be for Ansible, it is light weight, the syntax is only yaml, connects over ssh, and still allows use of placing shell scripts, if need be.
How to spin up a local version of Spinnaker? This has been answered and addressed in detail here.
https://github.com/spinnaker/spinnaker/issues/1729
Ok, so I got it to work, but not without you valuable help! #lwander
So I'll leave the steps here for posterity.
Each line is a separate command in the command line, I've installed this on a virtual machine with a freshly installed Ubuntu 14.04 copy with nothing else than SSH. Then SSH as root, You will need to configure sshd on your console to allow root access.
https://askubuntu.com/questions/469143/how-to-enable-ssh-root-access-on-ubuntu-14-04
> curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/stable/InstallHalyard.sh
created a user account member of the adm and sudo groups (is this necessary???)
then Install Halyard:
bash InstallHalyard.sh
Verify that HAL is installed and validate its version.
hal -v
Tell Hal that the deployment type will be as a local instance (this will publish all services in localhost which will be tricky later in order to access them, but I have a turnaround so keep reading)
hal config deploy edit --type localdebian
Hal will complain that a version has not been selected, just tell HAL which version:
hal config version edit --version 1.0.0
The tell HAL which storage you are going to use, in my case and since it is local I want to use redis.
hal config storage edit --type redis
So now we need to add a cloud provider to HAL, we use AWS so we add it like this:
hal config provider aws edit --access-key-idXXXXXXXXXXXXXXXXXXXX--secret-access-key
I created a user on AWS and added access keys to the user inside IAM on the user security credentials tab. Obviously my access-key-idis not XXXXXXXXXXXXXXXXXXXX, I edited it. You do not need to enter the secret-access-key because the command will prompt for it.
Then you need to create a username relative or that will only concern you spinnaker installation however this will get related to you AWS Account-ID, so in MY spinnaker local installation I chose the username spinnakermaster you should choose yours!. And my AWS Account ID is not YYYYYYYYYYYY, I've edited too.
All the configurations and steps that you'll need to do inside AWS for this to work are really well documented here:
[https://www.spinnaker.io/setup/providers/aws/](https://www.spinnaker.io/setup/providers/aws/
)
And to tell HAL of of the above here's the command:
hal config provider aws account add spinnakermaster --account-id YYYYYYYYYYYY --assume-role role/spinnakerManaged
And after all that and if everything went according to plan we can ask HAL to deploy our brand new spinnaker installation.
hal deploy apply
It will begin a long installation downloading and configuring all the services.
Once it has finished you may do whatever you like but in my case I created a monitoring script like the one described here:
https://github.com/spinnaker/spinnaker/issues/854
Which can be launched on a recursive manner as this:
watch -n1 spinnaker-status.shor until toctrl+Cit!.
then to be able to access your local VM spinnaker copy you can either setup a reverse proxy with the proxy server of your choice to forward all the requests to localhost or you can simply ssh the SH** out of this redirecting the ports;
ssh root#ZZZ.ZZZ.ZZZ.ZZZ -L 9000:127.0.0.1:9000 -L 8084:127.0.0.1:8084 -L 8083:127.0.0.1:8083 -L 7002:127.0.0.1:7002 -L 8087:127.0.0.1:8087 -L 8080:127.0.0.1:8080 -L 8088:127.0.0.1:8088 -L 8089:127.0.0.1:8089
Where obviously theZZZ.ZZZ.ZZZ.ZZZ is not an actual IP Address.
And finally to begin having fun with this cutie you have to go to your browser of choice and type into the address bar:
http://127.0.0.0:9000
Hope this helps and saves some time to everybody!.
Cheers.
EN
I have to do some quick benchmarking.
I am unable to my vms since neutron is not setup properly.
I can create centos vm.. but i can not log into it.
I tried adding keypair, i tried could init change root password
#cloud-config
chpasswd:
list: |
root:stackops
centos:stackops
expire: False
it does not work. I mean it did not give any errors on log console but i am not abel to login with the credentials i set.
So my question is ..where can i find a openstack centos 7 image whose password is already set ( i guess it would be a custom one)
If Neutron isn't set up correctly, you're not going to be able to do much with your OpenStack environment. However, even with broken networking, you can pass your user-data script to the instance using the --config-drive option, e.g:
nova boot --user-data /path/to/config.yaml --config-drive=true ...
There is a checkbox in the Horizon gui to use this feature as well. This attaches your configuration as a virtual CD-ROM device, which cloud-init will use rather than the network metadata service.
If I put your cloud-config into a file called user-data.yaml, and then run:
nova boot --image centos-7-cloud --user-data user-data.yaml centos
Then I can log in as the centos user using the password stackops.
Trying to set up first EC2 instance for simple (currently) php app, using osx 10.6. When i try to access my new instance in the command line i can only get ssh: connect to host xx.xxx.xxx.xxx port 22: Operation timed out.
i'm typing this at command line:
ssh -i <MYPEMNAME>.pem ec2-user#<PRIVATEIP/PUBLICDNS/ELASTICIP>
i have this as a security rule in the management console:
rule name: web_access
22(SSH) 0.0.0.0
80(HTTP) 0.0.0.0
i have ssh completely open just to test this, i'll get a more appropriate ip when it works.
i created an elastic IP, which was one option i tried after 'ec2-user#...'
i also generated a .pem when i created the instance which i have saved to a folder .ec2 on my machine, named as referenced in .pem above.
the management console says the instance is running. i think im just doing the ssh access wrong at this point.
any help tremendously appreciated!
thanks
Yeah, comments were pretty correct. It was an ssh issue and the main thing was that i was trying to add a custom security rule that allowed ssh but the default didn't. and for whatever reason the custom rule wasn't being applied so i just edited the default rule to allow port 22 (ssh) and I was pretty much up and running. Also needed to run chmod. !! Anddd, if you add a new keypair like I did, you may need to go into the ssh/known_hosts file and delete reference to your old keypair. that was hanging me up for a while with a an error out a middleman attack.
thanks