Amazon AWS Q & A
文章索引
關於計費
關於 Instance
關於 AMI
關於 Key Pair
關於 AKI
有時多個 EC2 Instances 需要互相存取時,為了考量效能及安全性,必須使用內部網路連結。
設定 Security Group
如果要開放 ping
編輯 /etc/ssh/sshd_config
註解這一行 #Subsystem sftp /usr/libexec/openssh/sftp-server
以 EC2 API 方式對 Instance 定期作 snapshot,並只保持最新期間的備份檔。
作者網站:http://tiger-fish.com/blog/automated...ing-amazon-ec2
專案首頁:http://code.google.com/p/ec2-delete-old-snapshots/
主要的 EC2 API Script 有兩個:
PHP 版本建議是 5.2+
Cron Script:
#!/bin/bash DATESTAMP=`date +%Y%m%d` TIMESTAMP=`date +%H%M` LOGFILE="/var/log/tigerfish_ebs_backup.log" VOLUMES=( vol-12345678 vol-23456789 vol-34567890 ) echo "TIGERFISH EBS BACKUP $DATESTAMP $TIMESTAMP" 2>&1 | tee -a $LOGFILE echo " " 2>&1 | tee -a $LOGFILE # Create a snapshot of each volume. for volume in ${VOLUMES[@]} do php CreateSnapshot.php -v $volume 2>&1 | tee -a $LOGFILE done # Remove older snapshots we don't need to keep any more. for volume in ${VOLUMES[@]} do php ec2-manage-snapshots.php -v $volume 2>&1 | tee -a $LOGFILE done
CreateSnapshot.php
$ec2Config = array ('ServiceURL' => 'https://eu-west-1.ec2.amazonaws.com'); $service = new Amazon_EC2_Client(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, $ec2Config);
ec2-manage-snapshots.php
在 AWS 的服務會用到的認證種類區分三種:
Access Key ID 與 Secret Access Key 是 AWS 基本的身份認證,只要在網頁上完成註冊,就會有這兩組資訊。
要取得以上這些資訊,可以點選以下連結後,輸入 AWS 的帳號/密碼 即可。
http://aws-portal.amazon.com/gp/aws/...ion=access-key
註:key pairs 的管理不用透過這個連結,在 AWS Console 也能操作。
Notes: The Private key file can only be downloaded at once.
Today I will describe in short how to create an AMI instance of EC2 and than upload it to S3 server. All you need to have is running instance of EC2 server (I’m using Debian) with EC2
tools preinstalled.
First of all, make sure that you don’t have any unnecessary files on your server filesystem which you don’t need to bundle in an image as it will only slow the process down and make
your costs of storing backup images higher.
Once you are sure that your instance is fine and EC2 tools are in place you have to transfer your private key file and certificate file to the server. Lets put the files under /root
directory.
If all is set up correctly, first of all, we create and image by running:
ec2-bundle-vol -d /mnt -k /root/pk-yours.pem --cert /root/cert-yours.pem -u 012345678901
The number after the -u flag is your Amazon account ID which you can find on the AWS website once logged in.
Running above command will take a bit and will create a number of files under /mnt directory.
Once we have the files and manifest ready (all happens auto-magically) we can start transferring the image onto S3 account.
In order to transfer your image on S3 you would have to create a bucket there first, for this you can use famous firefox plugin (S3 Organizer) or do it using Affirma’s library (previous post).
ec2-upload-bundle -b yourbucketname00404042009 -m /mnt/image.manifest.xml -a your_s3_access_key -s your_s3_secret_access_key
If for some reason you encouter any problems during upload but your bundling went ok, you can retry the upload using –retry flag:
ec2-upload-bundle -b yourbucketname00404042009 -m /mnt/image.manifest.xml -a your_s3_access_key -s your_s3_secret_access_key --retry
使用指令:(若要定義比較詳細的資料,必須用指定,例如 description)
ec2-register -K pk-*.pem -C cert-*.pem your-bucket/image.manifest.xml -d this_is_description
NOTES:
* 註冊時的 Credential 必須與 AMI 的建立者相同,否則無法成功註冊。
* pk-*.pem, cert-*.pem 這兩個是 x509 的 key,需要透過 AWS Console 來產生。
* 註冊成功後的 AMI,可以在 Elasticfox > Images > Filter: My AMIs 看到。
* 更多參數可以定義其他資訊,詳細參閱 ec2-register。
使用 AWS Console:
AWS Management Console > AMIs > Register New AMI
輸入S3 的 AMI 路徑,例如 your-s3-bucket/dir1/images.manifest.xml
Notes:
以上兩種方式所註冊的 AMI 屬於 private,只有自己才能使用。
註冊好的 Private AMI 可以設定給指定的其他帳號,或以 Public 模式讓所有可以使用,方法如下:
AWS Management Console > AMIs > Viewing: Owned By Me, All Platforms > 選擇指定的 AMI
Permission > 選擇 Public 或輸入要分享的 AWS Account ID。
API Tools Reference:http://docs.amazonwebservices.com/AW...reference.html
// 下載 JRE 1.6 - jre-6u21-linux-i586.bin
http://www.oracle.com/technetwork/ja...ads/index.html
// 安裝 JRE 1.6
# chmod u+x jre-6u21-linux-i586.bin # ./jre-6u21-linux-i586.bin # mv jre1.6.0_21/ /opt
// 設定 JRE
# vi /etc/profile.d/java.sh export JAVA_HOME=/opt/jre1.6.0_21 export PATH=$JAVA_HOME/bin:$PATH
// 下載 ec2-api-tools
http://developer.amazonwebservices.c...externalID=351
// 安裝 ec2-api-tools
cd /root unzip ec2-api-tools.zip mv ec2-api-tools-1.3-53907/ .ec2/ vi ~/.bashrc # for EC2 API Tools export EC2_HOME=~/.ec2 export PATH=$PATH:$EC2_HOME/bin
( http://blog.edoceo.com/2009/02/amazo...w-storage.html )
基本流程:umount > snapshot > create an new volume from snapshot > attach > FS check with e2fsck > resize > FS check again > mount
NOTES:
要增加一個線上系統的 EBS volume,系統必須要停機,只是參照本章節的程序,可以讓你盡可能的縮短 downtime。
// Step1
假設 EBS volume 是用於儲存資料庫之類,請務必關閉資料庫後,umount EBS volume 再繼續後續的作業;反之,若儲存的資料類型是屬於 off-line,且沒有鎖檔的顧慮,可以不需要 umount EBS volume。
// Step2
透過 EC2 command 或 Elasticfox 對 EBS volume 新增一份 snapshot
// Step3
透過 EC2 command 或 Elasticfox 對剛新增的 snapshot 新增一個 EBS volume
// Step4
透過 EC2 command 或 Elasticfox 附加(attach)新的 EBS volume 到一個 instance,例如為 /dev/sdb。
TIPS:
為了縮短 downtime,這裡可以另外啟動一個 instance,或者也可以用 production instance。
// Step5
SSH 登入 instance,執行:
# e2fsck -f /dev/sdb # resize2fs -p /dev/sdb # e2fsck -f /dev/sdb # tune2fs -l /dev/sdb
// Step6
掛載 /dev/sdb,並檢查資料是否完整。
心得總結: