How to ssh into HA application gears? - openshift

As was explained in the answer to this question: https://stackoverflow.com/questions/11730590/what-are-some-of-the-tricks-to-using-openshift it should be possible to ssh into some of the other gears when using a scaled app with openshift.
Unfortunately the link mentioned there (https://openshift.redhat.com/community/faq/can-i-access-my-applications-gear) seems to be gone.
Via [my app url]/haproxy-status/ I can see the names of the other gears. They are long names like gear-[long number]-[app name]. Using that name I can no longer ssh into them when I'm ssh'ed into the main gear. ssh there just immediately returns without any error.
If I do ssh blala the same thing happened, so it looks like ssh had been replaced by a noop command on the primary gear?
When I examine the haproxy conf file, I see entries like;
server gear-[long number]-[app name] ex-std-node[number].prod.rhcloud.com:[number] check fall 2 ...
I tried ssh'ing into this ext-std-node... address as well, both from the main/primary application gear as well as from my desktop, but it didn't work in both cases.
How can I get shell access to my other gears?

This command shows how to access individual gears:
rhc app show <appname> --gears
The last column of output is the ssh URL. It is of the form $UUID#$UUID-$NAMESPACE.rhcloud.com . You can ssh into them directly, and they are also accessible via ssh from the "head" gear; they have to be, since git pushes are synchronized from the head gear to the others via ssh.

Related

How to install MySQL 5.7 on Amazon ec2

How am I able to install MySQL 5.7 in the cloud on Amazon EC2?
Most of the Amazon Machine Instances (AMIs) that I see either lack any MySQL server or possess an older version such as MySQL Server 5.5
I want to use the latest and greatest.
This is a relatively quick setup of MySQL 5.7.14 on Red Hat Enterprise Linux version 7 (RHEL7).
I am not affiliated with AWS; I just enjoy using their services.
Make sure you have an AWS EC2 account. Note that even though Amazon requires a creditcard on file, there will be no charges incurred for the first year if you adhere to their Free-tier terms. Typically this means a single micro-instance (1 Gb RAM) server running 24/7.
Launch of EC2 RHEL instance
Step 1: On AWS EC2 click "Launch Instance" and select "Red Hat Enterprise Linux 7.2 (HVM), SSD Volume Type - ami-775e4f16" as seen in the picture below. Note that the versions of the available or promoted AMIs (Amazon Machine Instance) will rotate over time and this is as of this writing. But the AMI number is shown above in the text.
Normally, I chose Amazon Linux AMI as my distro of choice. I don't do that anymore as it is their own hodge-podge and there is naturally uncertainty of which package manager to choose and therefore the files. So I stick with RHEL now.
On the "Choose an Instance Type" screen, select a free-tier eligible instance type as seen below:
Click Next. On the next Details screen click "Next" to accept defaults. On the storage screen change the size to 16GB and click "Next". Then "Next" again on Tag info. Next comes the "Configure Security Group" screen pictured below:
Accept the radio button of "🔘 create a new security group" for now. Note SSH port 22 is open to all (Anywhere) IP addresses with the 0.0.0.0/0 CIDR. Other options include detection of "My IP" (as in yours), or "Custom". Rest assured that with the next screen access will be locked down based on Security Keys we will setup. There is a button for Add Rule under the ports open to add such ports as MySQL 3306 or HTTP 80. But for now we will skip that. Note the security group name. Fill one in or accept the default for now. It is not critical to get this right as the security group can be changed later for a running Instance. Click Review and Launch.
Then click "Launch" (fear not, it is not going to Launch yet). As the next screen presents:
Note that as I already have some keypairs generated, it defaults to "Choose an existing keypair" in the first drop-down. Otherwise, you "Create a new key pair" with a given reminder name and proceed to "Download Key Pair". At this point you have the Key Pair as a .pem file. Treat that with the utmost of security, saving it to a place that you will not lose it. Preferably in a password protected area such as under your operating system User directory.
When you finally click "Launch Instances" on this same screen, the launch takes place in relation to that key pair (either just created or a pre-existing one). Note, the generation of a key pair might be a task you perform just once a year. Re-using a key pair again and again, up to you.
After you launch the instance, you have roughly five minutes before it comes live. Under the Instances left menu item, you know the instance is live when the Instance State reads "running" and the Status Checks reads "2/2 passed":
Remember the .pem file that you downloaded? Well just one time you need to create a .ppk file out of that for PuTTY, an SSH client program that will communicate cryto-secured to your running instance. For that we use the puttygen tool that works in harmony with PuTTY. So we run puttygen, load the .pem downloaded minutes before, and generate the .ppk file with a "Key passphrase" such as "I & love%ancHovies2_fjdi8Ha". Below is a picture of puttygen:
And the AWS EC2 page entitled Connecting to Your Linux Instance from Windows Using PuTTY. The steps are File / Load private key. Change the filter to All files (.). Find the .pem file. Hit "Open", then "Ok". Type in a Passphrase. Click "save private key", and save it in the same folder as a .ppk file alongside your .pem file. As mentioned, this is not something you might do but yearly.
Now run PuTTY, the SSH client. Use the Session / Host Name as something like
ec2-user#ec2-www-xxx-yyy-zzz.us-west-2.compute.amazonaws.com
So it is basically ec2-user# concatenated with the Public DNS name that is seen under Instances on the EC2 Control panel. As for specifying the PuTTY .ppk file, it would look like the below, with the .ppk file chosen next to the Browse button:
Go back to the Session upper left hierarchy shown below, give this a profile name under Saved Sessions, and hit "Save". Hereafter when you load PuTTY, you merely load the session by name:
Don't forget that just about all you are doing here is saving the .ppk reference into a friendly named profile. And you may ocassionally need to change Host Name (certainly when you save an Instance image on EC2 and come back in with a new Instance IP address on a subsequent launch).
Ok, it is not easy. But it is what it is.
When you click Open it will attempt to connect to your RHEL instance. Hit Yes on the signature warning. Enter the prior saved .ppk Key Passphrase, and you should be sitting at a Linux prompt.
MySQL Installation (I will put these notes on GitHub)
URL01: Download MySQL Yum Repository
URL02: Chapter 1 Installing MySQL on Linux Using the MySQL Yum Repository
You now have MySQL 5.7.14 loaded and running on EC2 with a database and user setup. Your servers need to be imaged. See this answer here of mine for creating images (AMI's). Backup your data. See the EC2 documentation such as Best Practices for Amazon EC2.
Back to security: best practices certainly suggest not opening up your db to direct connects through Security Groups for port 3306. How you choose to adhere to that is your choice, such as with a PHP, Java, or other programming API. Note that various db client programs can connect through SSH tunnels such as MySQL Workbench. In addition various development libraries exist with SSH Tunnels but they are not terribly easy to develop against (mainly due to difficult key chains and lack of extensive developer experiences). For instance, there is one for C# here.
In addition AWS has RDS and other database offering for less hands-on and rolling your own like the above. The reason many developers target EC2 is due to the fact that you have a full blown server for your other programming initiatives.
If you do modify the Security Groups as mentioned before, please consider using IP Ranges based on CIDR entries and use caution before over-exposing your datastores. Or over granting. Much the same best practices as you would for on-premise work.
Concerning this MySQL section, my GitHub notes for the above few pictures are located Here.
I had the same issue, but i didn’t want to use Red Hat or any other OS than Amazon Linux AMI. So, here is the process to install MySQL 5.7 and upgrade an older version.
Short path (without screenshots)
wget https://dev.mysql.com/get/mysql57-community-release-el6-11.noarch.rpm
yum localinstall mysql57-community-release-el6-11.noarch.rpm
yum remove mysql55 mysql55-common mysql55-libs mysql55-server
yum install mysql-community-server
service mysqld restart
mysql_upgrade -p
Long path (with screenshots)
First of all, just to validate you can check the current version.
Then, you should download the repo for EL6 11
wget https://dev.mysql.com/get/mysql57-community-release-el6-11.noarch.rpm
Next, make a localinstall:
yum localinstall mysql57-community-release-el6-11.noarch.rpm
This is probably the key for a successful installation. You should remove the previous packages, regarding to MySQL 5.5
yum remove mysql55 mysql55-common mysql55-libs mysql55-server
Finally, you can install MySQL 5.7
yum install mysql-community-server
Restart the MySQL Server and upgrade your database
service mysqld restart
mysql_upgrade -p
You can validate you installation by authenticating to MySQL
sudo yum install mysql57-server

Cannot connect to Compute Engine instance via SSH

I've just created an instance using Google Cloud Platform's Compute Engine and tried to connect to it via SSH connection but it failed.
I'm following the quick start here.
I have generated the SSH key on my PC and have entered the pass-phrase when asked. Though I fail to succeed a log in :-(
I got the PuTTY SSH's error as below snapshots.
Then I get the PuTTY window inactive.
I have the same problem but found a workaround to connect via PuTTY manually.
In brief
Generate SSH key for the machine instance
Add SSH public key to the instance
Prepare to log in - acquiring information for IP, login name, pass phrase, private SSH key
Connect to the instance via SSH client, e.g. PuTTY in Windows
Detail steps
For me the gcloud quick start had already:
launched my instance
created my public and private RSA keys (in C:\Users\USER_NAME\.ssh\)
Public Key - C:\Users\USER_NAME\.ssh\google_compute_engine.pub
Private Key - C:\Users\USER_NAME\.ssh\google_compute_engine.ppk
Go to the Google Developers Console in your browser
Select your project and in the left hand nav bar click: Compute -> Compute Engine -> VM instances
Your running instance(s) will be linked below the CPU usage chart
Click the one you want and find the Add SSH key link and click it
Paste the entire contents of google_compute_engine.pub into the field that appears
Click Save and after a few seconds the key details will appear on the page (if you get an error you pasted from the wrong key file or didn't copy all the text)
The first word in those details is your (case sensitive) username
Find the External IP above on the page
Open PuTTY and paste the external IP into Host Name (port is the default of 22)
In the left hand nav expand: Connection -> SSH and then click Auth
Next to "Private key file for authentication" click "Browse"
Select "C:\Users\USER_NAME\.ssh\google_compute_engine.ppk" and click Open
Scroll the left hand nav back up and click the top item "Session"
Under "Saved Sessions" enter a name and click "Save"
Accept the warning message and you should be prompted to login with the username from above step
Input your passphrase
Done
Hope this helps. If someone has a solution for the gcloud issue I'd love to hear it too.
A non-discussed answer is that you should have at least the standard memory on your VM instance (3.75GB) - do NOT use Micro VM instances.
I could only log in with SSH via browser console or gcloud command line, but not with Putty or Mac terminal SSH.
I spent an hour on the phone with support and we found this to be the problem.
To get identified by ssh you need to run this command, which add gcloud ssh key in the list of ssh keys
ssh-add google_compute_engine C:\Users\USER_NAME\.ssh\
You can also connect to your VM instance using embedded in-browser SSH client, see here for how to do that. That's pretty much a couple of mouse click to do.
Not sure why, if the user already existed (eg: already SSH logged in google web console), it doesn't work when I manually added SSH keys into metadata on google web console. I have tried hundred of times from the steps below.
I found out you have to manually add your ssh key through web SSH CONSOLE -> ssh in on google web console and copy ssh pub key on your local machine (usually is in ~/.ssh/) and append (edit and paste to the end) it to ~/.ssh/authorized_keys.
1) SSh into the vm by cloud console.
2) Change the root password sudo passwd
3) set below parameters to yes by nano /etc/ssh/sshd_config
PasswordAuthentication
PermitRootLogin
PasswordAuthentication
4) restart sshd service sshd restart

Openshift unable to connect to the server

I am having issues with setting up Open shift and getting the following error after connecting to my server domain:
Command:
User$ rhc setup --server=app-domain.rhcloud.com
Result:
The server has rejected your connection attempt with an older SSL protocol.
Pass --ssl-version=sslv3 on the command line to connect to this server.
I am not sure what this is telling me to do. I tried using the instruction literally and it does not recognize the command.
Any ideas?
You should not pass rhc setup the --server flag unless you are running your own OpenShift Origin or OpenShift Enterprise broker. For OpenShift Online, just run the rhc setup command with no other options and it will setup fine. If that command messed up your express.conf file (which it should not have) you just need to delete your ~/.openshift/express.conf file then run rhc setup again without any flags. Basically you tried to point rhc to your gear as an OpenShift Online broker, which will not work.
I ended up answering this on another forum post:
The only way that this worked for me was to actually create a SSH key locally with ssh-keygen -p without rhc setup and "not" giving it a password. I then went back to OpenShift clicked add a key and pasted the contents of my rsa file.
There is obviously some kind of bug with authentication on Openshift or the installation is not right.
It would be good to find out what is going on and why does it work if I do it, this way.

how to recover credentials of cartridge installation?

is possible to recover the credentials generated during installation? In particular jboss bpm suite' s console and dashboard.
It happens that the creation last longer and i need to refresh the page for this reason i can't get the green frame with all details.
If you have rhc command-line installed, then you can simply do
rhc ssh --app <app_name> --command 'env'
Get to your application console page (through the openshift web ui), grab the ssh connection link (Remote Access) and use it to get a terminal connection open in your application space.
Then type "env" and you should see a bunch of environnement variables, your credentials should be stored in one of them.

Accesing to a VM on Fi-lab

I’m training to get familiar with the Fi-Ware Cloud service.
I can create blueprints templates and instances but I cannot access in SSH or Connect to VM display.
I have the server up and running, I can see the page “It works” of Apache.
The problem I have are:
With SSH I don’t know what credential I have to use, I try with my Fi-Ware credential but the server always shows me “access denied”
Connect to VM display it never appears the login interface.
There is some tutorial where I can see an example of how to do it or a detailed documentation how to configure and access to in a Blueprints Instance?
I know this question was already answered but I tried these solution and only had success with additional detail after Creating, Downloading and chmod-ing the keypair file: using [user#]hostname] ssh parameter as root#Fi-lab-FloatingIPAddress ,
under root shell or
using sudo command to execute ssh -i kp.pem Fi-lab-FloatingIPAddress
Try to access without root username will results in ssh asks to password even including the keypair associated with that virtual machine.
In other words, the keypair to access fi-lab blueprint or instances only works with root username.
Usually, when you create a VM of Bluerpint, you should assign a keypair, that should be created previously. I suppose that you did it. Correct me if I am wrong. During the creation of the keypair, you could download en .pem file that it is used to access to the VM using ssh (ssh -i xxx.pem…).
I am just getting familiar with #Fiware Lab.
prerequisites :
Having in the private key you generated in the fiware cloud interface in the file fiware_rsa (text file beginning with -----BEGIN RSA PRIVATE KEY-----)
Associate your server with an external IP (internet) (note you can access other instances via the one which has inet access)
ssh -i fiware.rsa user#external-ip-address
try with root user, you should see a message advising the proper user name to use depending on the instance :
ubuntu#front:~$ ssh -i .ssh/fiware_rsa root#XXX.XXX.XXX.XXX
Please login as the user "centos" rather than the user "root".
You can find more information here : http://fr.slideshare.net/hmunfru/setting-up-your-virtual-infrastructure-using-fi-lab-cloud
BR