How to pass a variable to a script in user_data - amazon-web-services

I am trying to run a bash script file in user_data that prompts the user for a domain. Here is the domain part of the commands that are of .sh file itself.
DOMAIN=$1
if [ -z $1 ]
then
echo ""
printf "Enter the domain you want to host BookStack and press [ENTER]\nExamples: my-site.com or docs.my-site.com\n"
read DOMAIN
fi
I would like to pass my EIP, aws_eip.one.public_ip as an input to the script.
Here is the actual commands that are run in the user_data section.
#!/bin/bash
sudo apt install wget
# Ensure you have read the above information about what this script does before executing these commands.
sudo apt install -y wget
# Download the script
wget https://raw.githubusercontent.com/BookStackApp/devops/main/scripts/installation-ubuntu-18.04.sh
# Make it executable
chmod a+x installation-ubuntu-18.04.sh
# Run the script with admin permissions
sudo ./installation-ubuntu-18.04.sh $ (this is where I would like to pass my eip variable)
Appreciate the help!

Get the IP from the ec2 metadata in your user data:
curl http://169.254.169.254/latest/meta-data/public-ipv4

Related

Sagemaker lifecycle config: could not find conda environment conda_python3

the below script should run a notebook called prepTimePreProcessing whenever a AWS notebook instance starts runing.
however I am getting "could not find conda environment conda_python3" error from the lifecycle config file.
set -e
ENVIRONMENT=python3
NOTEBOOK_FILE="/home/ec2-user/SageMaker/prepTimePreProcessing.ipynb"
echo "Activating conda env"
source /home/ec2-user/anaconda3/bin/activate "$ENVIRONMENT"
echo "Starting notebook"
nohup jupyter nbconvert --to notebook --inplace --ExecutePreprocessor.timeout=600 --ExecutePreprocessor.kernel_name=python3 --execute "$NOTEBOOK_FILE" &
Any help whould be appreciated.
Assuming no environment problems, if you open a terminal in the instance in use and run:
conda env list
the result should also contain this line:
python3 /home/ec2-user/anaconda3/envs/python3
After that, you can create a .sh script inside /home/ec2-user/SageMaker containing all the code to run. This way it also becomes versionable by being a persisted file in the instance space and not inside an external configuration.
The on-start.sh/on-create.sh (from this point I will simply call it script.sh) file becomes trivially:
# PARAMETERS
ENVIRONMENT=python3
# conda env
source /home/ec2-user/anaconda3/bin/activate "$ENVIRONMENT";
echo "'$ENVIRONMENT' env activated"
In the lifecycle config, on the other hand, just write a few lines to invoke the previously created script.sh:
#!/bin/bash
set -e
SETUP_FILE=/home/ec2-user/SageMaker/script.sh
echo "Run setup script"
sh "$SETUP_FILE"
echo "Setup completed!"
Extra
If you want to add a safety check so that the .sh file is read correctly regardless of line breaks, I would also add a conversion:
#!/bin/bash
set -e
SETUP_FILE=/home/ec2-user/SageMaker/script.sh
# convert script to unix format
echo "Converting setup script into unix format"
sudo yum -y install dos2unix > /dev/null 2>&1
dos2unix "$SETUP_FILE" > /dev/null 2>&1
echo "Run setup script"
sh "$SETUP_FILE"
echo "Setup completed!"

Setup VNC for ssm-user on EC2 using user data script

I've attempted to setup an EC2 to access the MATE desktop using port forwarding using SSM agent. I've followed instructions here. I want to use the user data script to set this up, but I can't get the ssm-user to start the vncserver.
I think the ssm-user is created when I log in, not when the script runs. In any case if I do log in when the user data script is running, the config files for the vncserver appears to be setup with root access only.
Here is my user data script so far based on other so answers:
#!/bin/bash
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
echo '## install mate'
amazon-linux-extras install mate-desktop1.x -y
bash -c 'echo PREFERRED=/usr/bin/mate-session > /etc/sysconfig/desktop'
echo '## install tiger vnc'
yum install tigervnc-server -y
echo '## install chromium'
amazon-linux-extras install epel -y
yum install chromium -y
echo '## setup user'
su ssm-user
export HOME=/home/ssm-user
echo '## config vnc password'
umask 0077
mkdir -p "$HOME/.vnc"
chmod go-rwx "$HOME/.vnc"
vncpasswd -f <<<"some_password" >"$HOME/.vnc/passwd"
echo '## start vncserver'
vncserver :1
When I run this, the log shows:
su: user ssm-user does not exist
If I instead let the root user start the vncserver (removing the su ssm-user line) I'm able to connect using the SSM port forward session and VNC, but the desktop is blank. Guess this is as I'm logged in an ssm-user? Is there a way to setup the vncserver for the ssm-user via user data script?

how to change the root user when executing "user_data" in an AWS instance or how to execute "yarn start" with the ubuntu user

I have a problem with Terraform and an AWS EC2 instance. When doing an auto scaling group I require installation through yarn(node js). The problem is because I need to execute the commands with the Ubuntu user and AWS "user_data" by default runs the commands with the root user.
This is my bash code:
#!/bin/bash
su ubuntu
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm
bash_completion
[[ -s $HOME/.nvm/nvm.sh ]] && . $HOME/.nvm/nvm.sh
nvm bash_completion
cd /srv/node/MyProject &&
yarn start:api:qa
Run your commands in your user_data, like this:
su - ubuntu -c "export NVM_DIR=\"$HOME/.nvm\""
su - ubuntu -c "[ -s \"$NVM_DIR/bash_completion\" ] && . \"$NVM_DIR/bash_completion\" # This loads nvm"
...
and so on.
I use the above method on AMZN Default Linux EC2 Instances and that works. So you may have to verify if that works the same on Ubuntu. But basically there are multiple ways of running a command as another user in bash.

Initiate EC2 instance with pack of comands

Is there a way to start AWS EC2 instance with pack of commands?
So im creating a new instance and thing i wan't to achieve is run some linux commands automatically after starting it without connecting with machine and typing those commands manually.
This is exactly the purpose of UserData.
You would list your script (bash for Linux, or Powershell for Windows), this will then run on the first time the instance runs.
An example user data taken from the documentation to perform the setup of a web server is below.
#!/bin/bash
yum update -y
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum install -y httpd mariadb-server
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
In the event you need to debug take a look at the /var/log/cloud-init-output.log log once the instance has launched.
However, if there are a larger number of steps it might be preferable to create a pre-baked AMI which involves setting up a blank server with all the necessary services and configuration using a tool such as Ansible, Chef or Puppet.

Let's encrypt certbot on AWS Linux

I am new to AWS and Let's encrypt both.
I follow and article and simpley run these commands
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo cp certbot-auto /usr/bin/
Then I run this command.
sudo /usr/bin/certbot-auto --nginx -d example.com -d www.example.com --debug
This gives me the error
Sorry, I don't know how to bootstrap Certbot on your operating system!
You will need to install OS dependencies, configure virtualenv, and
run pip install manually. Please see
https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
for more info.
What does this really means?
How do I setup certbot on AWS linux?
I have created a fresh amazon linux 2 ec2 instance and tested the following for you.
The following steps are working for me.
Edit the file /usr/bin/certbot-auto to recognize your version of Linux:
$ sudo vim /usr/bin/certbot-auto
find this line in the file (likely near line nearr 780):
elif [ -f /etc/redhat-release ]; then
and replace whole line with this:
elif [ -f /etc/redhat-release ] || grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
Save and exit vim (type :wq to do that)
Reference:
Deploying Let’s Encrypt on an Amazon Linux AMI EC2 Instance
Make sure that system requirements are met, you can find the system requirement here.
Also here are the best practices for certbot-auto deploment.
Navigate to your home directory (/home/ec2-user).
Download EPEL using the following command. sudo wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
Install the repository packages as shown in the following command.
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
Enable EPEL as shown in the following command. sudo yum-config-manager --enable epel*
Confirm that EPEL is enabled with the following command.
sudo yum repolist all
Install and run Certbot
This procedure is based on the EFF documentation for installing Certbot on Fedora and on RHEL 7. It describes the default use of Certbot, resulting in a certificate based on a 2048-bit RSA key.
sudo yum install -y certbot python2-certbot-apache or sudo yum install -y certbot python2-certbot-nginx For nginx.
Source here