I am having something strange using AWS subnet with ubuntu instances.
I have create the public/private subnet schema with one ubuntu instance on the private one. Everything is working smoothly, I can git clone, curl...
However when creating any other ubuntu instance on the private subnet within the same VPC, I can't use git at all, even a simple curl to https://gitlab.com is not working (getting no answer).
I tried an other url like google and got a successful result.
Do you have an idea why I am getting this behaviour and specially only for gitlab?
Appreciate your help
Related
First up it's nearly impossible to identify if this is a duplicate or not given the generic nature of the displayed error. This is potentially a very specific and niche scenario. Please do not falsely mark this as duplicate. It's sad that I have to type this :(
I have 2 ec2 ubuntu instances. The first one created 6 months ago and working perfectly.
I created a second ubuntu instance this morning and told it to use the same keypair as the existing instance. They're in the same zones(?) but different base vpc. I selected it from the list so I presume it should be visible to both vpc's. From what I could see that should be ok.
Both are ubuntu so the user is "ubuntu". Both are using the same key pair. I merely cloned my saved putty config and changed the public IP before attempting to connect however i'm getting the "PuTTY Fatal Error: Disconnected: No supported authentication methods available (server sent: publickey) OK: error.
Unless i'm mistaken the same .ppk should work for both instances, that's the entire purpose of keypairs. The only thing I can presume is that AWS failed to associate the key pair with the new instance.
What are the likely reasons for this happening?
AWS documentation https://aws.amazon.com/premiumsupport/knowledge-center/linux-credentials-error/
Says to check the username "ubuntu" and key pair name which are both correct.
I'm going to blow the instance away and start again but it would be nice to be able to know what AWS is doing wrong so I can avoid the issue in the future.
Update: New instance... I imported a different pub key and used that and the problem persists when I try and connect with it's associated ppk.
The issue was the AWS Amazon Machine Image (AMI) I was using. I was using the latest ubuntu??. When I switched to the other ubuntu it worked fine.
I have created an instance on Google Compute Engine, but I can't seem to SSH using the terminal. The command that I used was :
gcloud compute ssh example-instance
The error that I got was:
ERROR: (gcloud.compute.ssh) Could not SSH to the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.
When I googled the error, I was led to this link:Unable to SSH to Google Cloud
I went and checked the firewall rules here https://cloud.google.com/compute/docs/troubleshooting#ssherrors and things seem fine. I also went onto ~/.ssh and checked for google_compute_engine and google_compute_engine.pub which indicate the presence of my private and public key. I was wondering what I should do next? Is this is a problem specific to Mac workstations?
Any help would be really appreciated.
Personally, had some trouble getting my ssh keys setup correctly by following the Google Cloud Engine docs. Found another logical solution...
This didn't take long and solved the problem (i.e., simple ssh access to Google Cloud VM via MacOS Terminal)...
Follow these simple instructions provided by nixCraft:
https://www.cyberciti.biz/faq/google-cloud-compute-engin-ssh-into-an-instance-from-linux-unix-appleosx/
Here are a few other things to check:
Can you ssh into that instance from a browser, using the "SSH" button in the Cloud Console?
If not, try a newly created instance using default settings and compare how your example-instance differs.
Run gcloud config list and confirm that the values for project, account, region, and zone match your expectations.
Amazon only gives you a certain number of static ip address and the local (private) ips of each EC2 instance can change when the machine is restarted. This makes creating a stable platform where EC2 instances depend on each other ridiculously hard to use as far as I can tell.
I've search online a lot about various solutions and so far have found nothing reasonable outside of assigning an elastic ip address on ever EC2 even if its not public facing. Does anyone have any other good ideas that is actually easy to execute on?
Thanks!
See the AWS team's response to question Static local IP:
The internal IP address of EC2 instances is allocated via DHCP. On
instance shutdown, or when the DHCP lease expires, the IP address is
returned to the general EC2 DHCP pool of addresses available for other
instances.
There is no way to guarantee that you will obtain the same DHCP
address across reboots.
Edit: The answer is to use Amazon VPC. There is no downside except a trivial amount of extra setup because now you control the router. It's a world apart from plain old EC2 instance on AWS. It's so necessary in fact that VPC will be enabled for all future AWS setups by default. See this post for more information: http://www.reddit.com/r/aws/comments/1a3n0r/ec2_update_virtual_private_clouds_for_everyone/
The stock answers are:
Use AWS VPC so you have complete control over instance addressing
Use Elastic IPs, which will resolve to the instance's local address (not the public, as you'd expect) when used to communicate between EC2 instances
I stumbled upon third option. There's ec2-ssh by the Instragram folks. It's a python shell script that you install globally and lets you both query the public dns of your ec2 instances by tag name and also ssh in via tag name as well.
The documentation for it is virtually nonexistent. I've written down the steps to install below:
To install ec2-ssh:
sudo yum install python-boto (python wrapper for ec2 api)
git clone https://github.com/Instagram/ec2-ssh
In your ~/.bash_profile set your AWS access key and secret like so:
export AWS_ACCESS_KEY_ID=XYZ123
export AWS_SECRET_ACCESS_KEY=XYZ123
cd into the bin folder of the repo, there will be two files:
ec2-host and ec2-ssh
copy them to your /usr/bin or /usr/local/bin.
Now you can do awesome stuff like:
$ ec2-host ZenWorker
ec2-999-xy-999-99.compute-1.amazonaws.com
and
$ ec2-ssh ZenWorker
Connecting to ec2-999-xy-999-99.compute-1.amazonaws.com.
Note that in your regular shell scripts you can use backticks to call these global tools. I've timed these calls and they take between 0.25 and 0.5 second using an EC2 instance, so that's really the only downside. Perhaps you can live with the delay, or use the fact that public DNS only changes for an instance on reboot to work up a solution.
Note that these two programs are commandline scripts and you don't need any Python knowledge to use them. For PHP fans, or those that also want an easy way to scp files without knowing the changing public DNS, you can checkout ec2dns.
I was in the same situation once. I still dont have the expertise to solve it properly. My ugly solution was to use elb not really for load balancing but just for the endpoint.
But I think a good solution can be obtained by using aws vpc.
Here's another Ruby solution for Updating Route 53 DNS from instance on AWS. You shouldn't reference raw 3rd party system IP addresses in your applications or server configurations.
you can change Ip Address using Elastic Ip:
You Can Do Using C# Code:
var associateRequest = new AssociateAddressRequest
{
PublicIp = your Elastic Ip,
InstanceId = Your Instance Id Which You Assign
};
amazonEc2Client.AssociateAddress(associateRequest);
after That DeAssociate It.
var disAssociateRequest = new isassociateAddressRequest(publicIp.ElasticIpAddress1);
AmazonEc2Client.DisassociateAddress(your Elastic Ip);
your Public Ip Will Change
Today is my second day of trying to use amazon and i have started to pull my hairs. I want to set up ftp with amazon. I have signed up with them and and created an instance with amazon EC2. I have downloaded the key and I am able to login with ssh using the through Terminal in my mac. I can create files in the instance through terminal.
The instance is something like following:
Public DNS: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com
I have created a index.html file at this location via terminal. But I am not able to view it in the browser using following url:
ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com/index.html
I just want to create web services here which I will be using in iPhone.
Also I am not sure how to go forward. How will I get to my local files and upload them to server. In other ftps I could do it using lcd, get, put etc but these commands are not working here. can some one please help me how should I go ahead because at this moment I am just banging my head to wall. Someone please help me.
Thanks
Pankaj
Use scp to copy files over ssh:
scp -i key-pair-file file-to-upload ec2-user#instance-public-DNS:
Notice the colon at the end!
With plain EC2 instances, you also need to install some sort of Web server software to power your Web service, and open the HTTP port in the firewall.
Just in case you plan to write your Web service in Java, I have put together a series of articles (Part I, Part II, Part III) guiding through the basics of installing Apache Tomcat on an Amazon Linux EC2 instance.
EDIT 2014/11/20
Dmitry Leskov is actually the better one. You should use his approach.
Answer from 2012
You first have to setup a LAMP (Linux, Apache, mySQL, PHP) stack on your EC2 instance to run any kind of web service.
This means you have to go trough the following steps:
Create an EC2 instance
Setup EBS Storage for mySQL data
Install mySQL
Configure mySQL
Install Apache
Configure Apache
Install PHP
Configure PHP
If you need a detailed instruction, I'd recommend you to take a look at this: Building EC2 with LAMP.
To transfer files to your EC2 instance you can use any FTP client, which supports SFTP and key pairs (you can also enable PasswordAuthentication for SSH to login with credentials). I'm using Transmit with no problems.
On a related note, I encountered a strange problem where I could not FTP from a PHP script running under apache - but I could if I ran the PHP script as root from the command line. After a day of googling, I found this, which solved the problem.
Disable SELinux. (Security Enhanced Linux)
The temporary solution is:
echo 0 >/selinux/enforce
..which will prove the concept, but will not survive a reboot. There are plenty of resources out there that describe how to permanently disable SELinux.
Ok, so I've read the tutorial here:
http://www.powercram.com/2009/07/connecting-to-aws-ec2-instance-linux.html
I created a keypair on Ec2, and ran it through puttygen, and tried to login via putty. I tried logging into the ip of the site, the url of the site, and the public DNS given to me by Amazon. I've tried logging in as root, ec2-user, ubuntu (even though I think its a fedora install, I'm just not sure because I just inherited this project). The name of the keypair on amazon's interface is hooper, so I tried logging in as that. Every time I get "server refused our key". I've read many peoples post on this problem, and none of the solutions seem to work for me. If any one has any other ideas, I'd appreciate it.
Make sure the instance is running under the keypair you think it is - you have to ensure the key PEM file you ran through PuttyGEN is the actual key that the instance is authenticated with.