二段階認証と二要素認証の違い
これが参考になった。
二要素認証:
銀行ATMのキャッシュカード入れて暗証番号を入れる
二段階認証:
IDとパスワードを入力して認証(一段階目の認証)後、登録されているスマホにショートメッセージサービス(SMS)を使って、
数字4〜6桁程度の認証コードを受信(このコードは毎回変わるので、ワンタイムパスワードでもあります)。
その認証コードを認証プロセスの画面に入力(二段階目の認証)することで、認証プロセスが完了(SMS認証)
まとめるとこういう事らしい
「二要素認証」と「二段階認証」は別もので、「二要素認証」かつ「二段階認証」というのも有りうる
git cloneではまった
git cloneではまりました。。。
bitbucketを利用して、クローンしていたのですがhttpsからsshに切り替えようとしてました。
すると、
# git clone git@bitbucket.org:xxxxxxxxx/yyyyyyy.git Cloning into 'yyyyyyy'... git@bitbucket.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
が出ていた。。。
~/.ssh/config内の設定も問題無さそうだったし、
bitbucket側へも公開鍵の登録も問題無さそうだった。
解決策としてはこちらが参考になった。(公式ドキュメントを読みましょう。。。)
ja.confluence.atlassian.com
# ssh-add -l Could not open a connection to your authentication agent. root@ip-10-10-4-180 ~ # ssh-add ~/.ssh/id_rsa Could not open a connection to your authentication agent. root@ip-10-10-4-180 ~
ssh-addできなかった。。という事で下記の記事を参考に
qiita.com
root@ip-10-10-4-180 ~ # eval `ssh-agent` Agent pid 17584 root@ip-10-10-4-180 ~ # ssh-add ~/.ssh/id_rsa Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) root@ip-10-10-4-180 ~
最後にクローンして終了
root@ip-10-10-4-180 ~ # git clone git@bitbucket.org:xxxxxxxx/yyyyyyy.git Cloning into 'yyyyyyy'... remote: Counting objects: 5375, done. remote: Compressing objects: 100% (2381/2381), done. remote: Total 5375 (delta 4051), reused 3966 (delta 2936) Receiving objects: 100% (5375/5375), 9.85 MiB | 328.00 KiB/s, done. Resolving deltas: 100% (4051/4051), done. root@ip-10-10-4-180 ~
結局SSH側の問題だったのですね。
大分はまりました。
Jenkins を入れたよ in AmazonLinux2
Ec2にJenkinsを入れる機会があったので
メモっとく。
手順はいたって簡単。
javaインストール
[root@ip-10-10-4-151 ~]# yum install -y java-1.8.0-openjdk-devel.x86_64 Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 2.4 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package java-1.8.0-openjdk-devel.x86_64 1:1.8.0.252.b09-2.amzn2.0.1 will be installed --> Processing Dependency: java-1.8.0-openjdk(x86-64) = 1:1.8.0.252.b09-2.amzn2.0.1 for package: 1:java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1.x86_64 --> Processing Dependency: libjvm.so()(64bit) for package: 1:java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1.x86_64 --> Processing Dependency: libjava.so()(64bit) for package: 1:java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1.x86_64 --> Processing Dependency: libX11.so.6()(64bit) for package: 1:java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1.x86_64 --> Running transaction check ---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.252.b09-2.amzn2.0.1 will be installed --> Processing Dependency: xorg-x11-fonts-Type1 for package: 1:java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1.x86_64 ・ ・ ・ 59/67 Verifying : 1:java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1.x86_64 60/67 Verifying : 1:libglvnd-glx-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64 61/67 Verifying : libXfixes-5.0.3-1.amzn2.0.2.x86_64 62/67 Verifying : libICE-1.0.9-9.amzn2.0.2.x86_64 63/67 Verifying : graphite2-1.3.10-1.amzn2.0.2.x86_64 64/67 Verifying : avahi-libs-0.6.31-19.amzn2.0.1.x86_64 65/67 Verifying : javapackages-tools-3.4.1-11.amzn2.noarch 66/67 Verifying : freetype-2.4.11-15.amzn2.0.2.x86_64 67/67 Installed: java-1.8.0-openjdk-devel.x86_64 1:1.8.0.252.b09-2.amzn2.0.1 Dependency Installed: alsa-lib.x86_64 0:1.1.4.1-2.amzn2 atk.x86_64 0:2.22.0-3.amzn2.0.2 avahi-libs.x86_64 0:0.6.31-19.amzn2.0.1 cairo.x86_64 0:1.15.12-4.amzn2 copy-jdk-configs.noarch 0:3.3-10.amzn2 cups-libs.x86_64 1:1.6.3-40.amzn2 ・ ・ ・ Dependency Updated: freetype.x86_64 0:2.8-14.amzn2 Complete! [root@ip-10-10-4-151 ~]#
[root@ip-10-10-4-151 ~]# alternatives --config java There is 1 program that provides 'java'. Selection Command ----------------------------------------------- *+ 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1.x86_64/jre/bin/java) Enter to keep the current selection[+], or type selection number: + There is 1 program that provides 'java'. Selection Command ----------------------------------------------- *+ 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1.x86_64/jre/bin/java) Enter to keep the current selection[+], or type selection number: [root@ip-10-10-4-151 ~]#
[root@ip-10-10-4-151 ~]# java -version openjdk version "1.8.0_252" OpenJDK Runtime Environment (build 1.8.0_252-b09) OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode) [root@ip-10-10-4-151 ~]#
リポジトリ登録
[root@ip-10-10-4-151 ~]# wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo --2020-05-22 06:25:48-- https://pkg.jenkins.io/redhat/jenkins.repo Resolving pkg.jenkins.io (pkg.jenkins.io)... 151.101.110.133, 2a04:4e42:1a::645 Connecting to pkg.jenkins.io (pkg.jenkins.io)|151.101.110.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 71 Saving to: ‘/etc/yum.repos.d/jenkins.repo’ 100%[===============================================================================================================================================================================>] 71 --.-K/s in 0s 2020-05-22 06:25:49 (4.40 MB/s) - ‘/etc/yum.repos.d/jenkins.repo’ saved [71/71] [root@ip-10-10-4-151 ~]# rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key [root@ip-10-10-4-151 ~]#
Jenkinsインストール
[root@ip-10-10-4-151 ~]# yum install jenkins Loaded plugins: extras_suggestions, langpacks, priorities, update-motd jenkins | 2.9 kB 00:00:00 jenkins/primary_db | 151 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package jenkins.noarch 0:2.237-1.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================================================= Package Arch Version Repository Size ========================================================================================================================================================================================================================= Installing: jenkins noarch 2.237-1.1 jenkins 63 M Transaction Summary ========================================================================================================================================================================================================================= Install 1 Package Total download size: 63 M Installed size: 63 M Is this ok [y/d/N]: y Downloading packages: jenkins-2.237-1.1.noarch.rpm | 63 MB 00:01:07 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : jenkins-2.237-1.1.noarch 1/1 Verifying : jenkins-2.237-1.1.noarch 1/1 Installed: jenkins.noarch 0:2.237-1.1 Complete! [root@ip-10-10-4-151 ~]# rpm -qa | grep jenkins jenkins-2.237-1.1.noarch
起動
[root@ip-10-10-4-151 ~]# systemctl start jenkins [root@ip-10-10-4-151 ~]# ps auxwww | grep jenkins jenkins 4107 155 5.7 3597980 231012 ? Ssl 06:33 0:09 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 root 4150 0.0 0.0 119420 916 pts/0 S+ 06:33 0:00 grep --color=auto jenkins
[root@ip-10-10-4-151 ~]# netstat -anpt Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2768/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3509/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3258/master tcp 0 248 10.10.4.151:22 219.167.249.156:5852 ESTABLISHED 3627/sshd: ec2-user tcp6 0 0 :::111 :::* LISTEN 2768/rpcbind tcp6 0 0 :::8080 :::* LISTEN 4107/java tcp6 0 0 :::22 :::* LISTEN 3509/sshd [root@ip-10-10-4-151 ~]#
導入が完了したら下記の様にアクセス
http://ipaddress:8080
すると最初の画面で初期設定を実施する
続いてインストールするプラグインを選択
ここでadminuserを作成する
instance configrationで任意のURLを指定する。
変更したい場合は、下記の様に変更する
# vim /etc/sysconfig/jenkins JENKINS_PORT="8085" JENKINS_ARGS="--prefix=/jenkins" # systemctl restart jenkins
おしまい。
Cloudwatch agent を入れてみる。
コマンドラインベースでCloudwatchをインストールしてみます。
事前準備
# uname -a Linux ip-10-10-4-180 5.3.0-1017-aws #18~18.04.1-Ubuntu SMP Wed Apr 8 15:12:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux root@ip-10-10-4-180 ~ #
下記のリファレンスを参照し、Ubuntu用のダウンロードリンクを確認します。
docs.aws.amazon.com
root@ip-10-10-4-180 ~ # wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb --2020-05-20 07:52:26-- https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb Resolving s3.amazonaws.com (s3.amazonaws.com)... 52.216.1.83 Connecting to s3.amazonaws.com (s3.amazonaws.com)|52.216.1.83|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 60691134 (58M) [application/octet-stream] Saving to: ‘amazon-cloudwatch-agent.deb’ amazon-cloudwatch-agent.deb 100%[============================================================================================================================>] 57.88M 8.20MB/s in 7.5s 2020-05-20 07:52:34 (7.69 MB/s) - ‘amazon-cloudwatch-agent.deb’ saved [60691134/60691134] root@ip-10-10-4-180 ~ # root@ip-10-10-4-180 ~ # sudo dpkg -i -E ./amazon-cloudwatch-agent.deb Selecting previously unselected package amazon-cloudwatch-agent. (Reading database ... 90964 files and directories currently installed.) Preparing to unpack ./amazon-cloudwatch-agent.deb ... create group cwagent, result: 0 create user cwagent, result: 0 Unpacking amazon-cloudwatch-agent (1.237768.0-1) ... Setting up amazon-cloudwatch-agent (1.237768.0-1) ... Processing triggers for ureadahead (0.100.0-21) ... root@ip-10-10-4-180 ~ #
IAM ロールを作成
続いてEC2 インスタンスで CloudWatch エージェントを実行するのに必要な IAM ロールを作成します。
docs.aws.amazon.com
EC2を選択します。
CloudWatchAgentServerPolicyを選択します。
ロール名を決定します。
最後に作成したロールを上記EC2にアタッチします。
設定ファイルを準備
今回はウィザードを使用して設定ファイルを準備致します。
docs.aws.amazon.com
# sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
今回はSSMを利用せずに生成されたjsonファイルを利用して実行を試みます。
root@ip-10-10-4-180 /opt/aws/amazon-cloudwatch-agent/bin # ./amazon-cloudwatch-agent-config-wizard ============================================================= = Welcome to the AWS CloudWatch Agent Configuration Manager = ============================================================= On which OS are you planning to use the agent? 1. linux 2. windows default choice: [1]: 1
Trying to fetch the default region based on ec2 metadata... Are you using EC2 or On-Premises hosts? 1. EC2 2. On-Premises default choice: [1]: 1
Which user are you planning to run the agent? 1. root 2. cwagent 3. others default choice: [1]: 1
Do you want to turn on StatsD daemon? 1. yes 2. no default choice: [1]: 2
Do you want to monitor metrics from CollectD? 1. yes 2. no default choice: [1]: 2
Do you want to monitor any host metrics? e.g. CPU, memory, etc. 1. yes 2. no default choice: [1]: 1
Do you want to monitor cpu metrics per core? Additional CloudWatch charges may apply. 1. yes 2. no default choice: [1]: 1
Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available? 1. yes 2. no default choice: [1]: 1
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file. 1. 1s 2. 10s 3. 30s 4. 60s default choice: [4]: 3
Which default metrics config do you want? 1. Basic 2. Standard 3. Advanced 4. None default choice: [1]: 3
Current config as follows: { "agent": { "metrics_collection_interval": 30, "run_as_user": "root" }, "metrics": { "append_dimensions": { "AutoScalingGroupName": "${aws:AutoScalingGroupName}", "ImageId": "${aws:ImageId}", "InstanceId": "${aws:InstanceId}", "InstanceType": "${aws:InstanceType}" }, "metrics_collected": { "cpu": { "measurement": [ "cpu_usage_idle", "cpu_usage_iowait", "cpu_usage_user", "cpu_usage_system" ], "metrics_collection_interval": 30, "resources": [ "*" ], "totalcpu": false }, "disk": { "measurement": [ "used_percent", "inodes_free" ], "metrics_collection_interval": 30, "resources": [ "*" ] }, "diskio": { "measurement": [ "io_time", "write_bytes", "read_bytes", "writes", "reads" ], "metrics_collection_interval": 30, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 30 }, "netstat": { "measurement": [ "tcp_established", "tcp_time_wait" ], "metrics_collection_interval": 30 }, "swap": { "measurement": [ "swap_used_percent" ], "metrics_collection_interval": 30 } } } }
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items. 1. yes 2. no default choice: [1]: 1
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration? 1. yes 2. no default choice: [2]: 2
Do you want to monitor any log files? 1. yes 2. no default choice: [1]: 1
Log file path: /var/log/nginx/access.log Log group name: default choice: [access.log] nginx_access.log Log stream name: default choice: [{instance_id}]
Do you want to specify any additional log files to monitor? 1. yes 2. no default choice: [1]: 1
Log file path: /var/log/nginx/error.log Log group name: default choice: [error.log] nginx_error.log Log stream name: default choice: [{instance_id}]
Do you want to specify any additional log files to monitor? 1. yes 2. no default choice: [1]: 2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully. Current config as follows: { "agent": { "metrics_collection_interval": 30, "run_as_user": "root" }, "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "/var/log/nginx/access.log", "log_group_name": "nginx_access.log", "log_stream_name": "{instance_id}" }, { "file_path": "/var/log/nginx/error.log", "log_group_name": "nginx_error.log", "log_stream_name": "{instance_id}" } ] } } }, "metrics": { "append_dimensions": { "AutoScalingGroupName": "${aws:AutoScalingGroupName}", "ImageId": "${aws:ImageId}", "InstanceId": "${aws:InstanceId}", "InstanceType": "${aws:InstanceType}" }, "metrics_collected": { "cpu": { "measurement": [ "cpu_usage_idle", "cpu_usage_iowait", "cpu_usage_user", "cpu_usage_system" ], "metrics_collection_interval": 30, "resources": [ "*" ], "totalcpu": false }, "disk": { "measurement": [ "used_percent", "inodes_free" ], "metrics_collection_interval": 30, "resources": [ "*" ] }, "diskio": { "measurement": [ "io_time", "write_bytes", "read_bytes", "writes", "reads" ], "metrics_collection_interval": 30, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 30 }, "netstat": { "measurement": [ "tcp_established", "tcp_time_wait" ], "metrics_collection_interval": 30 }, "swap": { "measurement": [ "swap_used_percent" ], "metrics_collection_interval": 30 } } } } Please check the above content of the config. The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json. Edit it manually if needed.
Do you want to store the config in the SSM parameter store? 1. yes 2. no default choice: [1]: 2
Program exits now. root@ip-10-10-4-180 /opt/aws/amazon-cloudwatch-agent/bin #
起動
あとは以下に沿ってcloudwatchエージェントを起動します。
設定ファイルを下記フォルダにコピーして実行します。
/opt/aws/amazon-cloudwatch-agent/etc
実行コマンド
# ./bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:./etc/config.json -s root@ip-10-10-4-180 ~ # /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/config.json -s /opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --download-source file:/opt/aws/amazon-cloudwatch-agent/etc/config.json --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default Successfully fetched the config and saved in /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_config.json.tmp Start configuration validation... /opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --input-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default 2020/05/21 01:57:38 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_config.json.tmp ... Valid Json input schema. I! Detecting runasuser... No csm configuration found. Configuration validation first phase succeeded /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml Configuration validation second phase succeeded Configuration validation succeeded root@ip-10-10-4-180 ~ #
bash git プロンプト表示
こちらが参考になった。
今回はAmazon Linux2を利用した。
.bashrc に下記を記載
source /usr/share/doc/git-2.23.1/contrib/completion/git-prompt.sh source /usr/share/doc/git-2.23.1/contrib/completion//git-completion.bash GIT_PS1_SHOWDIRTYSTATE=true export PS1='\[\033[32m\]\u@\h\[\033[00m\]:\[\033[34m\]\w\[\033[31m\]$(__git_ps1)\[\033[00m\]\n\$ ' /usr/share/doc/git-2.23.1/contrib/completion
最後に
# source ~/.basrhrc
おしまい
AWS で SSL証明書 を利用して環境構築
いわゆるよくある構成
Client <-> ALB <-> WEB <-> DBで
Client <-> ALB間でhttps通信
ALB <-> WEB間ではhttp通信
を実現したい。
下記の情報がぴったし参考になった!
Windows環境でのRuby環境の構築
これが参考になった
ここからmsiダウンロードして実行、インストールを行う。
rubyinstaller.org
こんな感じでバージョンが確認できる。
パスが通っているか確認
ちゃんと通っている事が確認できました。
環境のセットアップ
下記が参考になった。
bundlerというgemをインストールして、
gemがインストールできることを確認する。
bundlerのインストールは下図のようにgemコマンドを使う。
>gem install bundler Fetching bundler-2.0.1.gem Successfully installed bundler-2.0.1 Parsing documentation for bundler-2.0.1 Installing ri documentation for bundler-2.0.1 Done installing documentation for bundler after 15 seconds 1 gem installed
Gemfileを作成するために該当のプロジェクトフォルダ内で
bundle initを実施する。
>bundle init