I am trying to deploy an ruby on rails app through centos ec2 instance by using userdata at instance startup, the specify image is an centos 7 image. below is my userdata section. However, the userdata is not working and even the log file was not created when I piped each command output to an log. Does anyone have any insight on this or how to troubleshoot ec2 userdata? I have looked at the cloud-init.log file in /var/logs too but unable to make out which command actually ran and which one did not, I have included the last few lines from the log below as well. any help is appreciated thanks!
#!/bin/bash
sudo yum update -y | tee -a log.txt
sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 | tee -a /home/ec2-user/log.txt
curl -sSL https://get.rvm.io | sudo bash -s stable | tee -a /home/ec2-user/log.txt
sudo usermod -a -G rvm `whoami` | tee -a /home/ec2-user/log.txt
if sudo grep -q secure_path /etc/sudoers; then sudo sh -c "echo export rvmsudo_secure_path=1 >> /etc/profile.d/rvm_secure_path.sh" && echo Environment variable installed; fi | & tee -a log.txt
sudo su ec2-user
rvm install ruby | tee -a /home/ec2-user/log.txt
rvm --default use ruby | tee -a /home/ec2-user/log.txt
curl -sL https://rpm.nodesource.com/setup_11.x | sudo -E bash - | tee -a /home/ec2-user/log.txt
sudo yum install -y nodejs | tee -a /home/ec2-user/log.txt
sudo yum -y install ImageMagick-devel | tee -a /home/ec2-user/log.txt
sudo yum -y upgrade | tee -a /home/ec2-user/log.txt
sudo yum -y install git | tee -a /home/ec2-user/log.txt
sudo yum -y install java-1.8.0-openjdk | tee -a log.txt
export JAVA_HOME="/usr/lib/jvm/jre-1.8.0-openjdk" | tee -a /home/ec2-user/log.txt
export PATH=$JAVA_HOME/bin:$PATH | tee -a /home/ec2-user/log.txt
sudo yum install postgresql postgresql-server postgresql-devel postgresql-contrib postgresql-docs | tee -a /home/ec2-user/log.txt
rails new app-name -m https://raw.githubusercontent.com/projectblacklight/spotlight/master/template.rb | tee -a /home/ec2-user/log.txt
cd app-name
rake db:migrate | tee -a /home/ec2-user/log.txt
solr_wrapper | tee -a /home/ec2-user/log.txt
rails server | tee -a /home/ec2-user/log.txt
the cloud-init.log
2018-12-10 16:24:43,554 - util.py[DEBUG]: Cloud-init v. 0.7.9 finished at Mon, 10 Dec 2018 21:24:43 +0000. Datasource DataSourceEc2. Up 735.81 seconds
2018-12-10 16:24:43,554 - util.py[DEBUG]: Writing to /var/lib/cloud/instance/boot-finished - wb: [420] 52 bytes
2018-12-10 16:24:43,555 - util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud/instances/i-0b323a8331354129b/boot-finished (recursive=False)
2018-12-10 16:24:43,555 - util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud/instances/i-0b323a8331354129b/boot-finished (recursive=False)
2018-12-10 16:24:43,556 - handlers.py[DEBUG]: finish: modules-final/config-final-message: SUCCESS: config-final-message ran successfully
2018-12-10 16:24:43,556 - main.py[DEBUG]: Ran 9 modules with 1 failures
2018-12-10 16:24:43,565 - util.py[DEBUG]: Creating symbolic link from '/run/cloud-init/result.json' => '../../var/lib/cloud/data/result.json'
2018-12-10 16:24:43,566 - util.py[DEBUG]: Reading from /proc/uptime (quiet=False)
2018-12-10 16:24:43,566 - util.py[DEBUG]: Read 14 bytes from /proc/uptime
2018-12-10 16:24:43,566 - util.py[DEBUG]: cloud-init mode 'modules' took 687.571 seconds (687.57)
2018-12-10 16:24:43,566 - handlers.py[DEBUG]: finish: modules-final: FAIL: running modules for final
CloudFormation? Did you remember to Base64 encode the userdata?
EventCollectionLc:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Properties:
UserData: !Base64
'Fn::Sub': |
#!/bin/bash
Related
So here my code:
$ssh_primary "echo $primary_ssh_password | sudo -S rm /etc/mysql/my.cnf"
$ssh_primary "echo $primary_ssh_password | sudo -S touch /etc/mysql/my.cnf"
$ssh_primary "echo \"[client-server]\nsocket = /run/mysqld/mysqld.sock\n\n!includedir /etc/mysql/conf.d/\n!includedir /etc/mysql/mariadb.conf.d/\n[mariadb]\nlog-bin=/var/log/mysql/mysql-bin.log\nserver_id=1\nlog-basename=master1\nbinlog-format=mixed\nlog_error=mariadb_primary.err\nbind-address = 0.0.0.0\n\" > (echo $primary_ssh_password | sudo -S /etc/mysql/my.cnf)"
$ssh_primary "echo $primary_ssh_password | sudo -S systemctl restart mariadb"
and more here my problem:
$ssh_primary "echo \"[client-server]\nsocket = /run/mysqld/mysqld.sock\n\n!includedir /etc/mysql/conf.d/\n!includedir /etc/mysql/mariadb.conf.d/\n[mariadb]\nlog-bin=/var/log/mysql/mysql-bin.log\nserver_id=1\nlog-basename=master1\nbinlog-format=mixed\nlog_error=mariadb_primary.err\nbind-address = 0.0.0.0\n\" > (echo $primary_ssh_password | sudo -S /etc/mysql/my.cnf)"
Expect output: I would have full access on this file, without having a prompt for password, but I dont really know how.. Can someone help me please?
I tried to do the opposite of what I had, but it doesn't work at all.
I've done changes in /etc/sudoers.
I have some odd behaviour when using ansible inside a CentOS 8 base container. All I am doing initially is testing basic function, essentially run a ping from another machine using ansible from a gitlab runner. It should be super simple, but I'm having issues with basic auth.
I've set up authorized keys and checked to make sure they work for the connection from the container host (Centos8 with podman) to the test machine also CentOS8, all working correctly with ansible see below:
[root#automation home]# ansible all -i lshyp01.lab, -u ansible -v --private-key=/home/ansible/.ssh/id_rsa -a "/usr/sbin/ping -c 3 8.8.8.8"
Using /etc/ansible/ansible.cfg as config file
lshyp01.lab | CHANGED | rc=0 >>
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=5.30 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=5.21 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=4.97 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 4.967/5.160/5.304/0.153 ms
[root#automation home]#
however when I run the same command via the Gitlab runner I get:
$ useradd ansible
$ mkdir -p /home/ansible/.ssh
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' > /home/ansible/.ssh/id_rsa
$ chmod -R 744 /home/ansible/.ssh/id_rsa*
$ chown ansible:ansible -R /home/ansible/.ssh
$ export ANSIBLE_HOST_KEY_CHECKING=False
$ ansible all -i lshyp01.lab, -u ansible -v --private-key=/home/ansible/.ssh/id_rsa -a "/usr/sbin/ping -c 3 8.8.8.8"
Using /etc/ansible/ansible.cfg as config file
lshyp01.lab | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'lshyp01.lab,10.16.4.19' (ECDSA) to the list of known hosts.\r\nansible#lshyp01.lab: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
Cleaning up file based variables
00:00
ERROR: Job failed: exit status 1
And here is the .gitlab-ci.yml file:
# Use minimal CentOS7 image
image: centos:latest
# Set up variables
# TF_ROOT: ${CI_PROJECT_DIR}/
# TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/state/prod
stages:
- prepare
- validate
- build
- deploy
before_script:
# Install tools - these should be baked into the image for prod
- which ssh-agent || (dnf -y install openssh-clients)
- eval $(ssh-agent -s)
- dnf -y install which
- which git || (dnf -y install git)
- which terraform || (dnf install -y dnf-utils && dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo && dnf -y install terraform)
- which ansible || (dnf -y install epel-release && dnf -y install ansible)
- which nslookup || (dnf -y install bind-utils)
- which sudo || (dnf -y install sudo)
# Seup user
- useradd ansible
- mkdir -p /home/ansible/.ssh
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > /home/ansible/.ssh/id_rsa
- chmod -R 744 /home/ansible/.ssh/id_rsa*
- chown ansible:ansible -R /home/ansible/.ssh
# Pre testing
sshtest:
stage: prepare
script:
- export ANSIBLE_HOST_KEY_CHECKING=False
- ansible all -i lshyp01.lab, -u ansible -v --private-key=/home/ansible/.ssh/id_rsa -a "/usr/sbin/ping -c 3 8.8.8.8"
I have verified that the key is correct. Any help is greatly appreciated.
The answer turned out to be an issue with Gitlab variables. In the end I had to encode the keys into base 64 to store them then decode them on use. the updated gitlab-ci section is below.
As pointed out the above example also had the wrong permissions, however, I'd tried a few options, I should have reverted the permission changes before posting, sorry for the confusion.
- mkdir -p /root/.ssh
- echo "$SSH_PRIVATE_KEY" | base64 -d > /root/.ssh/id_rsa
- echo "$SSH_PUBLIC_KEY" | base64 -d > /root/.ssh/id_rsa.pub
- chmod -R 600 /root/.ssh/id_rsa && chmod -R 664 /root/.ssh/id_rsa.pub
- export ANSIBLE_HOST_KEY_CHECKING=False
Is there a shell command to get the latest stable helm release .
For kubernetes we have something like this
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
Try:
wget -qO- https://github.com/kubernetes/helm/releases | sed -n '/Latest release<\/a>/,$p' | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' |head -1
Result:
v2.8.2
And, for those without wget:
HVER=$(curl -sSL https://github.com/kubernetes/helm/releases | sed -n '/Latest release<\/a>/,$p' | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
echo $HVER
Result (currently):
v2.9.1
To download the gz that contains the latest Helm executable:
Linux
curl -LO https://storage.googleapis.com/kubernetes-helm/helm-${HVER}-linux-amd64.tar.gz
OSX
curl -LO https://storage.googleapis.com/kubernetes-helm/helm-${HVER}-darwin-amd64.tar.gz
Windows (bash ell)
curl -LO https://storage.googleapis.com/kubernetes-helm/helm-${HVER}-windows-amd64.tar.gz
if in-case you use Dockerfile & Linux
RUN wget "https://storage.googleapis.com/kubernetes-helm/helm-$(wget -qO- https://github.com/kubernetes/helm/releases | sed -n '/Latest release<\/a>/,$p' | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' |head -1)-linux-amd64.tar.gz"
For Linux, OSX, and Windows targets:
HELM_INSTALL_DIR=[‘desired path’]
USE_SUDO=[‘true’|’false’]
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
Other install options: Helm Install Documentation
Recommend migration away from V2.x as soon as you can.
The way I do it for v2:
curl -L0 "https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar xzO linux-amd64/helm > /usr/local/bin/helm
And for v3:
curl -L0 "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | tar xzO linux-amd64/helm > /usr/local/bin/helm
Do not forget to chmod +x /usr/local/bin/helm afterwards.
What does tee do and is it possible to run this command in a alternative way with suppressing the output?
#!/bin/bash
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
The command
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo tee /etc/apt/sources.list.d/docker.list
is an indirect way of saying:
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" > /etc/apt/sources.list.d/docker.list
as root.
You see the output on the terminal because of the tee command.
You can rewrite it as below, to suppress the output, while running as non-root user:
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | sudo sh -c "cat > /etc/apt/sources.list.d/docker.list"
See also:
How do I use sudo to redirect output to a location I don't have permission to write to?
https://askubuntu.com/questions/230476/when-using-sudo-with-redirection-i-get-permission-denied
I'm trying to install ruby-build as a non-root in my Dockerfile but I am getting a permission denied error. How can I give the deploy user access to do so?
error
mkdir: cannot create directory `/usr/local/share/ruby-build': Permission denied
Dockerfile
FROM centos:6.6
RUN yum update -y
RUN yum install git openssl-devel openssh-server sudo openssl readline-devel readline zlib-devel zlib libxml2-devel libxml2 libxslt-devel libxslt nginx tar gcc libaio libaio-devel -y
RUN rpm -Uvh https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-12.5.1-1.el6.x86_64.rpm
RUN sed -i -e "s/Defaults requiretty.*/ #Defaults requiretty/g" /etc/sudoers
RUN mkdir -p /var/run/sshd
# RUN adduser deploy -g wheel -p Password1
RUN useradd -m -u 1000 -G wheel deploy && sed -ri 's/^(%wheel.*)(ALL)$/\1NOPASSWD: \2/' /etc/sudoers
USER deploy
RUN git clone https://github.com/sstephenson/rbenv.git $HOME/.rbenv/
RUN git clone https://github.com/sstephenson/ruby-build.git $HOME/.rbenv/plugins/ruby-build
RUN $HOME/.rbenv/plugins/ruby-build/install.sh
ENV PATH $HOME/.rbenv/bin:$PATH
RUN echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh
RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bashrc
RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bash_profile
RUN source $HOME/.bash_profile
ENV CONFIGURE_OPTS --disable-install-doc
RUN rbenv install 2.2.3
RUN rbenv global 2.2.3
RUN bash -l -c 'gem update --system'
RUN bash -l -c 'gem update'
RUN bash -l -c 'gem install nokogiri -- --use-system-libraries'
RUN bash -l -c 'gem install bundler rails-api --no-rdoc --no-ri'
RUN touch /etc/sysconfig/network
EXPOSE 3306
EXPOSE 22
EXPOSE 80
EXPOSE 3389
You are trying to do install ruby-build as root using the deploy user. "Installing as a standalone program (advanced)" as per here.
You can try something like this (using sudo):
FROM centos:6.6
RUN yum update -y
RUN yum install git openssl-devel openssh-server sudo openssl readline-devel readline zlib-devel zlib libxml2-devel libxml2 libxslt-devel libxslt nginx tar gcc libaio libaio-devel -y
RUN rpm -Uvh https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-12.5.1-1.el6.x86_64.rpm
RUN sed -i -e "s/Defaults requiretty.*/ #Defaults requiretty/g" /etc/sudoers
RUN mkdir -p /var/run/sshd
# RUN adduser deploy -g wheel -p Password1
RUN useradd -m -u 1000 -G wheel deploy && echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/wheel
USER deploy
RUN git clone https://github.com/sstephenson/rbenv.git $HOME/.rbenv/
RUN git clone https://github.com/sstephenson/ruby-build.git $HOME/.rbenv/plugins/ruby-build
RUN sudo $HOME/.rbenv/plugins/ruby-build/install.sh
ENV PATH /home/deploy/.rbenv/bin:$PATH
RUN echo 'eval "$(rbenv init -)"' | sudo tee -a /etc/profile.d/rbenv.sh
RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bashrc
RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bash_profile
RUN source $HOME/.bash_profile
ENV CONFIGURE_OPTS --disable-install-doc
RUN rbenv install 2.2.3
RUN rbenv global 2.2.3
RUN bash -l -c 'gem update --system'
RUN bash -l -c 'gem update'
RUN bash -l -c 'gem install nokogiri -- --use-system-libraries'
RUN bash -l -c 'gem install bundler rails-api --no-rdoc --no-ri'
RUN touch /etc/sysconfig/network
EXPOSE 3306
EXPOSE 22
EXPOSE 80
EXPOSE 3389