You are asked to create a blog on internet, using your own server, doing the entire install yourself. The point of this final project is to familiarize the student with a certain form of cloud computing, and the double check that the student can remotely install and manage a web service. We have certainly gone beyound system adminstration in this course, modifying the behavoir of kernel functions, implementing new kernel functionality, and implementing an entire file system. But this is a nice final check of the students familiarity with operating systems on a day to day level.
The tasks to complete are:
Thanks to Amazon for a grant under their AWS for Education program, to explore cloud computing, and integrate cloud computing concepts into the course. However, starting 29 days ago Amazon was offering a Free Tier with their AWS service. To new registrants, they offer one micro instance running continuosly for a year. For the details, see their pricing. Since this will give you an entire year of usage, and there will be no confusion over logging into a class AWS account, I suggest you use this offer.
If for some reason you do not want to create your own AWS account, your are certainly welcome to use the shared aws@zinc.cs.miami.edu account. Please let me know if you would like this option.
See the information about the free tier on AWS Visit the AWS site and create an AWS acount and then for an EC2 account. You will need:
Once done, go to http://aws.amazon.com/account to look over your account. Then go to the management console for EC2 to create key pairs and start and manage instances.
SSH is a command line connection to remote computers. It replaces telnet, the classic command line connection, but not entirely. Telnet is still good to have around, but it is considered insecure for most communication. SSH can use password authentication - to log in you present a username and password. However, it can also use public key cryptography. This is how public-key authentication works.
You create two files, which are associated with each other. One is the public key, and the other is the private key. The private key is like a password. Keep it secret. The public key does not need to be kept secret. It isn't even advisable to keep it secret. Post it on your web site if you want. If this public key is copied into the file ~username/.ssh/authorized_keys on machine hostname, then the possessor of the private key can log into the machine hostname as user username.
The importance of public key cryptography is that the public key can be used to verify that an actor is in possession of the private key with matches the public key, without that actor ever providing any information about the private key, other than that he or she possesses it. The public key itself gives no information about the contents of the private key, and the content of the messages passed during authentication provide no information about the contents of the private key.
Use the AWS management panel to create a private/public key pair. You will be given the opportunity to download the private key. The AWS servers will not keep a copy of the private key, you must download it and keep it safe. When an instance is created, you will be asked for the public-key that provides access to the instance, either as user root or as a user that can sudo or su to root. The public key will be placed in the proper file and you will be able to ssh as root (or ec2-user) indicating to the ssh client the file of the private key. The syntax is:
ssh -i private-key username@hostname
From the management console, select the EC2 tab. Select new instance. You can leave at default the region. For the free tier, select the micro instance. You can have one running micro instance under the free tier. Additional instances are charged something like three cents an hour. Small instances are still cheap, but larger instances get expensive.
Select an AMI. The AMI is the original disk image, that is, it is the operating system to install. Pick a 32 bit linux image. It turns out the one presented is a Fedora distro. I'm cool with that, but you might want to investigate Ubuntu images. For free tier, pick a 32 bit linux image.
Select as public key the one your created, or create one right now. You will need to create a security group. A security group defines what incoming and outgoing internet connections will be allowed. That default I get is a quick-start group allowing SSH. Add to this allow HTTP. That should do it.
Once the instance is ready (green dot in the management console), select it and choose action "connect". You will get a line to cut and paste into you terminal, if you are running linux or OSX. Anything that has an ssh command line tool. If you are on windows, I suggest your install Cygwin, a unix emulator for windows, and install the ssh client. The putty client for windows is also a possibility, but you will have to convert the private key from ssh standard to putty standard. Google it.
Some hints: put the private key in the .ssh subdirectory of your home directory. This is where all the .ssh stuff goes. Chmod the pem file using go-rw, else ssh will reject the file because of its permissions. My AMI actually does not allow a direct login as root, but it tells me to change the username to ec2-user in order to log in. Once in, I want to run as root. I use sudo /bin/bash to su to root, when this is not available for security reasons.
Warning: The management console often is out of sync with reality. If something doesn't make sense, wait a minute to see if what is presented changes to something that does make sense before leaping into debug mode.
Terminating an instance: to delete an instance, choose the Terminate action. The EBS volume created will be destroyed along with the instance. I am checking that charges will be covered under the Free Tier. I expect that what will happen is that on your account page you will see balanced credits and debits, as long as you stay within the Free Tier limits. Remember to use only a micro instance, and to have only one instance running at a time.
Concerning the installation of LAMP: Apache, Mysql and PHP on Linux, I used the directions of found on www.thegeekstuff.com. In short, use yum to install install httpd, mysql-server and php, set them up to run at boot, and start the services now. I will detail the installations one by one.
# yum install httpd # chkconfig httpd on # service httpd start
To test the web server, also install telnet, using yum install telnet, and test that the http server is working locally but checking with telnet localhost 80. You should get a connection. If you can speak http you can test a bit further. However, your next test would be to get to your web server from your local browser. Use the managment panel to get the DNS of your instance, and copy this into your browser. You should get the apache test page.
Use yum to install, then set up the rc.d files to start the mysql server on boot. Also start the msql server now:
# yum install mysql-server # chkconfig mysqld on # server mysqld start
To test, use the sql command line admin tool to log into the server and run a test command to view the pre-installed databases:
# mysql -u root > show databases ; > quit ;
Use yum install php to install PHP. To test, make a file containing a PHP command in the root of the web server's document tree,
# cat > /var/www/html/test.php <?php phpinfo(); ?> ^D <----- that's a control-D to exit the "cat"
You will also need yum install php-mysql. Restart mysqld and httpd (service <servicename> restart).
Every computer on the net has a 32 bit address, called the IP address. Amazon, like most places these days, have one set of IP addresses that address the machines internally, and another set that address the machines externally. The internal addresses are actually unroutable (by general agreement) on tne internet. These addresses can be assigned multiply to many different machines accross the world. They just need to be unique within the internal network. The external addresses need to be unique in the entire world.
When you create a instance, it gets an internal address and it is mapped to an extrnal address. Elastic IP's mean you can have some control of the external address. You allocate an elastic IP (you get one assigned, you don't get to choose). You then get to glue this IP onto a running instance. If you don't do this, then over time, you can't guerantee a specific IP address at which your service will be found. If you have to, for some reason, recreate your service on a new machine, without elastic IP, your service will appear at a different IP address. This needn't be a major tragedy, but it can be inconvenient. It is more convienent to advertise a constant IP address for your service, regardless of what machine implements the service.
The proces to use Elastic IP:
You are charged for elastic IP's only if you don't use them. Amazon doesn't much care if you use them, since there is absolutely no service being provided which isn't provided otherwise. It would have a problem if vast numbers of IP addresses were "sat upon". It could run out of addresses. Therefore it does charge to incentive you to release IP's you are not using.
If you want to stay within the Free Tier, do not allow an elastic IP to lie unassociated for a complete hour. Else you will owe Amazon ... a penny.
Elastic block storage is, essentially, a virtually created disk. I bet they are using SAN (Storage Area Network) technology to carve up disk space into virtual disks, that you then attach to your processor, mount (using the mount command), and format for use as a file system. You are charged per megabyte per month. You might not have need for creating an extra EBS volume. Perhaps only if you are running out of space on the root volume.
An instance creates an EBS and attaches it as the root file system. Additional EBS volumes allow you greater storage and the ability for your storage to survice the termination of an instance. An EBS volume can be dismounted for an instance, then disassociated from the instance and associated to another instances. That instance can then mount the filesystem on the EBS volume.
A restriction is that an EBS volume can only be associated with instances in a single location. Sometimes this means you have to specify a location when creating your instance. To stay within the Free Tier, create no EBS volumes. The Free Tier allows you just the 10GiB that a micro instance creates as its root volume.
[root@ip-10-112-51-218 root]# mysql -u root
...
mysql> create database wp_database ;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON wp_database.* TO "wp_user"@"localhost"
-> IDENTIFIED BY "*********";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
You now have a blog, say at:
In order that it be found more easily, it could be renamed as mikas-blog.zinc.cs.miami.edu/wordpress. In order to do that I need to place a DNS entry for mikas-blog in the zinc.cs.miami.edu zone, with an A record of, in this case, 174.129.248.215. Email me and I will do this.
Afterwards, you have to go to the wordpress admin page and update the URL name, so it knows of it's new name. Google it.