ec2 troubleshooting logs

Photo by Sereja Ris on Unsplash

ec2 troubleshooting logs

Reference scripts. No Explanations; almost self explanatory if you understand bash and little bit of aws

If you ever come across this article. Just ignore it. I warn you just ignore it unless you want a migrane on both side of your head.

create-lampp-stack.sh


#!/bin/bash
DATE=`date '+%Y-%m-%d %H:%M:%S'`
echo
echo "Running create-instance.sh on "$DATE
echo

# Hard coded values
instanceType="t2.small"
echo "Instance Type: "$instanceType
profile="default"
echo "Profile: "$profile

echo
echo "Looking up account values..."

# get vpcId
vpc=""
while [[ "$vpc" == "" ]] ; do
  for i in $(aws ec2 describe-regions | grep RegionName | cut -d '"' -f4) ; do
    region=$i;
    vpc=$(aws ec2 describe-vpcs --region $i --filters "Name=tag:Name,Values='MomPopCafe VPC'" --profile $profile | grep VpcId | cut -d '"' -f4 | sed -n 1p );
    if [[ "$vpc" != "" ]]; then
        break;
    fi
  done
done
echo
echo "VPC: "$vpc
echo "Region: "$region

vpc=$(aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values='MomPopCafe VPC'" \
--region $region \
--profile $profile | grep VpcId | cut -d '"' -f4 | sed -n 1p)
echo "VPC: "$vpc

# get subnetId
subnetId=$(aws ec2 describe-subnets \
--filters "Name=tag:Name,Values='MomPopCafe Public Subnet 1'" \
--region $region \
--profile $profile \
--query "Subnets[*]" | grep SubnetId | cut -d '"' -f4 | sed -n 1p)
echo "Subnet Id: "$subnetId

# Get keypair name
key=$(aws ec2 describe-key-pairs \
--profile $profile --region $region | grep KeyName | cut -d '"' -f4 )
echo "Key: "$key

# Get AMI ID
imageId=$(aws ec2 describe-images \
--owners amazon --query 'Images[*].[ImageId]' \
--filters 'Name=name,Values=amzn2-ami-hvm-2.0.20190115-x86_64-gp2' 'Name=state,Values=available' \
--output json \
--profile $profile \
--region $region | grep ami- | cut -d '"' -f2 | sed -n 1p)
echo "AMI ID: "$imageId

#check for existing mompopcafe instance
existingEc2Instance=$(aws ec2 describe-instances \
--region $region \
--profile $profile \
--filters "Name=tag:Name,Values=mompopcafeserver" "Name=instance-state-name,Values=running" \
| grep InstanceId | cut -d '"' -f4)
if [[ "$existingEc2Instance" != "" ]]; then
  echo
  echo "WARNING: Found existing running EC2 instance with instance ID "$existingEc2Instance"."
  echo "This script will not succeed if it already exists. "
  echo "Would you like to delete it? [Y/N]"
  echo ">>"

  validResp=0
  while [ $validResp -eq 0 ];
  do
      read answer
      if [[ "$answer" == "Y" || "$answer" == "y" ]]; then
          echo
          echo "Deleting the existing instance..."
          aws ec2 terminate-instances --instance-ids $existingEc2Instance --region $region --profile $profile
          #wait for confirmation it was terminated
          aws ec2 wait instance-terminated --instance-ids $existingEc2Instance --region $region --profile $profile
          validResp="1"
      elif [[ "$answer" == "N" || "$answer" == "n" ]]; then
          echo "Ok, exiting."
          exit 1
      else
          echo "Please reply with Y or N."
      fi
  done

  sleep 10 #give it 10 seconds before trying to delete the SG this instance used.
fi

#check for existing mompopcafeSG security Group
existingMpSg=$(aws ec2 describe-security-groups \
--region $region \
--query "SecurityGroups[?contains(GroupName, 'mompopcafeSG')]" \
--profile $profile | grep GroupId | cut -d '"' -f4)

if [[ "$existingMpSg" != "" ]]; then
  echo
  echo "WARNING: Found existing security group with name "$existingMpSg"."
  echo "This script will not succeed if it already exists. "
  echo "Would you like to delete it? [Y/N]"
  echo ">>"

  validResp=0
  while [ $validResp -eq 0 ];
  do
      read answer
      if [[ "$answer" == "Y" || "$answer" == "y" ]]; then
          echo
          echo "Deleting the existing security group..."
          aws ec2 delete-security-group --group-id $existingMpSg --region $region --profile $profile
          validResp="1"
      elif [[ "$answer" == "N" || "$answer" == "n" ]]; then
          echo "Ok, exiting."
          exit 1
      else
          echo "Please reply with Y or N."
      fi
  done
  sleep 10 #give it 10 seconds before trying to recreate the SG
fi

# CREATE a security group and capture the name of it
echo
echo "Creating a new security group..."
securityGroup=$(aws ec2 create-security-group --group-name "mompopcafeSG" \
--description "mompopcafeSG" \
--region $region \
--group-name "mompopcafeSG" \
--vpc-id $vpc --profile $profile | grep GroupId | cut -d '"' -f4 )
echo "Security Group: "$securityGroup

# Open ports in the security group
echo
echo "Opening port 22 in the new security group"
aws ec2 authorize-security-group-ingress \
--group-id $securityGroup \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0 \
--region $region \
--profile $profile

echo "Opening port 80 in the new security group"
aws ec2 authorize-security-group-ingress \
--group-id $securityGroup \
--protocol tcp \
--port 8080 \
--cidr 0.0.0.0/0 \
--region $region \
--profile $profile

echo
echo "Creating an EC2 instance in "$region
instanceDetails=$(aws ec2 run-instances \
--image-id $imageId \
--count 1 \
--instance-type $instanceType \
--region us-west-2 \
--subnet-id $subnetId \
--security-group-ids $securityGroup \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=mompopcafeserver}]' \
--associate-public-ip-address \
--profile $profile \
--user-data file://create-lamp-instance-userdata.txt )

#if the create instance command failed, exit this script
if [[ "$?" -ne "0" ]]; then
  exit 1
fi

echo
echo "Instance Details...."
echo $instanceDetails | python -m json.tool

# Extract instanceId
instanceId=$(echo $instanceDetails | python -m json.tool | grep InstanceId | sed -n 1p | cut -d '"' -f4)
echo "instanceId="$instanceId
echo
echo "Waiting for a public IP for the new instance..."
pubIp=""
while [[ "$pubIp" == "" ]]; do
  sleep 10;
  pubIp=$(aws ec2 describe-instances --instance-id $instanceId --region $region --profile $profile | grep PublicIp | sed -n 1p | cut -d '"' -f4)
done

echo
echo "The public IP of your LAMP instance is: "$pubIp
echo
echo "Download the Key Pair from the Qwiklabs page."
echo
echo "Then connect using this command (with .pem or .ppk added to the end of the keypair name):"
echo "ssh -i path-to/"$key" ec2-user@"$pubIp
echo
echo "The website should also become available at"
echo "http://"$pubIp"/mompopcafe/"

echo
DATE=`date '+%Y-%m-%d %H:%M:%S'`
echo
echo "Done running create-instance.sh at "$DATE
echo
create-lamp-instance-userdata.txt


#!/bin/bash
yum -y update
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum -y install httpd mariadb-server

systemctl enable httpd
systemctl start httpd

systemctl enable mariadb
systemctl start mariadb

echo '<html><h1>Hello From Your Web Server!</h1></html>' > /var/www/html/index.html
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www

#Check /var/log/cloud-init-output.log after this runs to see errors, if any.

#
# Download and unzip the Mom & Pop Cafe application files.
#

# Database scripts
wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/ILT-TF-200-ACSOPS-1/activity-3/momPopDb.tar.gz
tar -zxvf momPopDb.tar.gz

# Web application files
wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/ILT-TF-200-ACSOPS-1/activity-3/mompopcafe.tar.gz
tar -zxvf mompopcafe.tar.gz -C /var/www/html/

#
# Run the scripts to set the database root password, and create and populate the application database.
# Check the following logs to make sure there are no errors:
#
#       /momPopDb/set-root-password.log
#       /momPopDb/create-db.log
#
cd momPopDb
./set-root-password.sh
./create-db.sh
hostnamectl set-hostname web-server
sudo yum install -y nmap
nmap -Pn <public-ip>

check log file that shows if the user-data script command ran as expected. can check for user data errors

sudo tail -f /var/log/cloud-init-output.log

On an Amazon Linux instance, the user-data file commands are run by the cloud-init service.