I am new to AWS and Let's encrypt both.
I follow and article and simpley run these commands
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo cp certbot-auto /usr/bin/
Then I run this command.
sudo /usr/bin/certbot-auto --nginx -d example.com -d www.example.com --debug
This gives me the error
Sorry, I don't know how to bootstrap Certbot on your operating system!
You will need to install OS dependencies, configure virtualenv, and
run pip install manually. Please see
https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
for more info.
What does this really means?
How do I setup certbot on AWS linux?
I have created a fresh amazon linux 2 ec2 instance and tested the following for you.
The following steps are working for me.
Edit the file /usr/bin/certbot-auto to recognize your version of Linux:
$ sudo vim /usr/bin/certbot-auto
find this line in the file (likely near line nearr 780):
elif [ -f /etc/redhat-release ]; then
and replace whole line with this:
elif [ -f /etc/redhat-release ] || grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
Save and exit vim (type :wq to do that)
Reference:
Deploying Let’s Encrypt on an Amazon Linux AMI EC2 Instance
Make sure that system requirements are met, you can find the system requirement here.
Also here are the best practices for certbot-auto deploment.
Navigate to your home directory (/home/ec2-user).
Download EPEL using the following command. sudo wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
Install the repository packages as shown in the following command.
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
Enable EPEL as shown in the following command. sudo yum-config-manager --enable epel*
Confirm that EPEL is enabled with the following command.
sudo yum repolist all
Install and run Certbot
This procedure is based on the EFF documentation for installing Certbot on Fedora and on RHEL 7. It describes the default use of Certbot, resulting in a certificate based on a 2048-bit RSA key.
sudo yum install -y certbot python2-certbot-apache or sudo yum install -y certbot python2-certbot-nginx For nginx.
Source here
Related
Hi I am trying to start minikube that's why I ran
minikube start --vm-driver=none
But it shows in the console the below lines:
minikube v1.9.2 on Amazon 2 (Xen/amd64)
Using the none driver based on user configuration
X Sorry, Kubernetes v1.18.0 requires conntrack to be installed in root's path
Note that i have installed kubectl minikube and docker.
Please help me to sort out this issues.
I had the same issue. Install 'conntrack' with
sudo apt install conntrack
Then continue to start your minikube:
sudo minikube start --vm-driver=none
Execute following commands
yum install conntrack
start minikube as root
start --driver=none
TL;DR : update minkikube
You need minkikube not older than v1.9.0-beta
It's a known issue
There is a known issue #7179 reproduced in 1.18
Fixed in Pull Request #7180, the latest commit is 1273d4f:
install conntrack for github action integration tests #7180
Minimal minikube ver that contain commit 1273d4f is v1.9.0-beta:
git clone https://github.com/kubernetes/minikube/
cd minikube
git describe 1273d4f8e756ac5eca89d94c449450fb2da21a5a
>v1.9.0-beta.2-16-g1273d4f8e
Explanation of git describe
Explanation of git describe is here
The command is useful for cases such as:
which tag is closest to the commit? (git describe <sha>)
which tag contains commit? (git describe <sha> --contains)
which branch or annotated tag is closest to the commit? (git describe <sha>--all)
On CentOS 7, run following command:
yum install conntrack
And don't forget to have at least 2 (v)CPUs
You need to install conntrack:
apt-get install conntrack -y
and then you can run the minikube start command again
minikube start --vm-driver=none
make sure you do it as a root user or prefix sudo.
If your running ubuntu, make sure you systemd and kubeadm already installed. I found that this resolved for me
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
at <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
Reference Links:
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-
https://minikube.sigs.k8s.io/docs/drivers/none/
I use the following command to resolve the issue:
minikube start --vm-driver=docker
I wanna create docker image for Amazon ECR.
but yum can't find it in my Amazon Linux2.
[root#*** ~]# yum install -y docker
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
No package docker available.
Error: Nothing to do
Next, I tried to use amazon-linux-extras.
but amazon-linux-extras is not found, too.
[root#*** ~]# amazon-linux-extras install docker -y
-bash: amazon-linux-extras: command not found
[root#*** ~]# find / -name 'amazon-linux-extras'
[root#*** ~]$ cat /proc/version
Linux version 4.14.77-81.59.amzn2.x86_64 (mockbuild#ip-10-0-1-59) (gcc version 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)) #1 SMP Mon Nov 12 21:32:48 UTC 2018
How can I install amazon-linux-extras or create docker image?
Install Docker
sudo yum update -y
sudo yum -y install docker
Start Docker
sudo service docker start
Access Docker commands in ec2-user user
sudo usermod -a -G docker ec2-user
sudo chmod 666 /var/run/docker.sock
docker version
So sorry, it was my misunderstanding.
My OS is Redhat Linux.
I get to install docker by
yum-config-manager --enable rhui-REGION-rhel-server-extras
yum -y install docker
systemctl start docker
systemctl enable docker
docker version
Make sure you have amazon-linux-extras installed
[root#ip-20-0-0-112 ~]# which amazon-linux-extras
/usr/bin/amazon-linux-extras
If not install amazon-linux-extras using yum
yum -y install amazon-linux-extras
Then install docker using
amazon-linux-extras install docker
I'm on amazon linux (RHEL 7.2) - ami-035b3c7efe6d061d5,
cat /proc/version
Linux version 4.14.123-86.109.amzn1.x86_64 (mockbuild#koji-pdx-corp-builder-64004) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)) #1 SMP Mon Jun 10 19:44:53 UTC 2019
Following script works without having to install amazon-linux-extras install
sudo yum -y install docker
sudo service docker start
sudo chmod 666 /var/run/docker.sock
I had to fix permission issue. Also described here How to fix docker: Got permission denied issue
Then I can check containers,
[ec2-user#ip-30-0-0-196 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
For the Amazon Linux AMI, access to the Extra Packages for Enterprise Linux (EPEL) repository is configured, but it is not enabled by default.
To install amazon-linux-extras, verify connection to the internet from within the instance then check the instance's OS:
cat /etc/os-release
If the OS is amazon linux version 2 run
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Or run sudo yum-config-manager --enable epel
To use the EPEL repository. You can now install available packages... e.g. sudo amazon-linux-extras install docker
see aws documentation for more details.
You can use the below script to install docker inside Amazon Linux 2 Instance. Also, you can mention the below script in the ec2 user data section so at the time of server bootstrap docker will be installed automatically.
#!/bin/bash
sudo yum update -y
sudo yum -y install docker
sudo service docker start
sudo usermod -a -G docker ec2-user
sudo chmod 666 /var/run/docker.sock
Amazon Linux 2 comes with amazon-linux-extras installed. If you think that you are running Amazon Linux 2, and amazon-linux-extras is not on the path of the ec2-user, you might be running an older version of Amazon Linux. Run this command:
grep PRETTY_NAME /etc/os-release
It should output
PRETTY_NAME="Amazon Linux 2"
If you don't see that, go back to the ec2 console and drill-down into the details of the instance. Clicking on the AMI should reveal that it corresponds to an older version of Amazon Linux. Some AWS facilities, notably CDK, currently default to Amazon Linux instead of Amazon Linux 2 when creating new instances.
I came across this question when trying to set up a docker image, based on Amazon Linux 2.
What I didn't find in the current answers is that the docker needs to be enabled in amazon-linux-extras before installing.
Dockerfile commands that worked for me:
RUN yum install -y amazon-linux-extras
RUN amazon-linux-extras enable docker
RUN yum install -y docker
I am attempting to run AWSEBCLI inside a docker container. I am passing the access key and security token as env vars as described in the docs under "Configuration Settings and Precedence"
ERROR: CredentialsError - Operation Denied. You appear to have no credentials
Here is my docker file
FROM circleci/golang
ADD . /go/src
WORKDIR /go/src
RUN sudo apt-get -y -qq update --assume-yes
RUN sudo apt-get install python-pip python-dev build-essential --assume-yes
RUN sudo pip install awscli=="1.16.9"
RUN sudo pip install awsebcli=="3.14.4"
RUN echo ${AWS_ACCESS_KEY_ID}
RUN echo ${AWS_SECRET_ACCESS_KEY}
CMD sudo eb deploy Circledocker
The environment defined in your user session and the sudo session are not the same.
RUN echo ${AWS_ACCESS_KEY_ID} -> Works
RUN sudo echo ${AWS_ACCESS_KEY_ID} -> Will not provide you the value.
Take a look at man sudo, the -E flag :
-E, --preserve-env
Indicates to the security policy that the user wishes to preserve their
existing environment variables. The security policy may return an error
if the user does not have permission to preserve the environment.
So this normally works :
sudo -E bash -c 'echo $AWS_ACCESS_KEY_ID'
Try your eb deploy command like this :
sudo -E bash -c 'eb deploy Circledocker'
Hope it helps !
I'm trying to deploy a geodjango application on AWS Elastic Beanstalk. The configuration is 64bit Amazon Linux 2017.09 v2.6.6 running Python 3.6. I am getting this error when trying to deploy:
Requires: libpoppler.so.5()(64bit) Error: Package: gdal-java-1.9.2-8.rhel6.x86_64 (pgdg93) Requires: libpoppler.so.5()(64bit)
How do I install the required package? I read through Setting up Django with GeoDjango Support in AWS Beanstalk or EC2 Instance but I am still getting problems. My ebextensions currently looks like:
commands:
01_yum_update:
command: sudo yum -y update
02_epel_repo:
command: sudo yum-config-manager -y --enable epel
03_install_gdal_packages:
command: sudo yum -y install gdal gdal-devel
packages:
yum:
git: []
postgresql95-devel: []
gettext: []
libjpeg-turbo-devel: []
libffi-devel: []
I'm going to answer my own question for the sake my future projects and anyone else trying to get started with geodjango. Updating this answer as of July 2020
Create an ebextensions file to install GDAL on the EC2 instance at deployment:
01_gdal.config
commands:
01_install_gdal:
test: "[ ! -d /usr/local/gdal ]"
command: "/tmp/gdal_install.sh"
files:
"/tmp/gdal_install.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
sudo yum-config-manager --enable epel
sudo yum -y install make automake gcc gcc-c++ libcurl-devel proj-devel geos-devel
# Geos
cd /
sudo mkdir -p /usr/local/geos
cd usr/local/geos/geos-3.7.2
sudo wget geos-3.7.2.tar.bz2 http://download.osgeo.org/geos/geos-3.7.2.tar.bz2
sudo tar -xvf geos-3.7.2.tar.bz2
cd geos-3.7.2
sudo ./configure
sudo make
sudo make install
sudo ldconfig
# Proj4
cd /
sudo mkdir -p /usr/local/proj
cd usr/local/proj
sudo wget -O proj-5.2.0.tar.gz http://download.osgeo.org/proj/proj-5.2.0.tar.gz
sudo wget -O proj-datumgrid-1.8.tar.gz http://download.osgeo.org/proj/proj-datumgrid-1.8.tar.gz
sudo tar xvf proj-5.2.0.tar.gz
sudo tar xvf proj-datumgrid-1.8.tar.gz
cd proj-5.2.0
sudo ./configure
sudo make
sudo make install
sudo ldconfig
# GDAL
cd /
sudo mkdir -p /usr/local/gdal
cd usr/local/gdal
sudo wget -O gdal-2.4.4.tar.gz http://download.osgeo.org/gdal/2.4.4/gdal-2.4.4.tar.gz
sudo tar xvf gdal-2.4.4.tar.gz
cd gdal-2.4.4
sudo ./configure
sudo make
sudo make install
sudo ldconfig
As shown, the script checks whether gdal already exists using the test function. It then downloads the Geos, Proj, and GDAL libraries and installs them in the usr/local directory. At the time of writing this, geodjango (Django 3.0) supports up to Geos 3.7, Proj 5.2 (which also requires projdatum. Current releases do not require it), and GDAL 2.4 Warning: this installation process can take a long time. Also I am not a Linux professional so some of those commands may be redundant, but it works.
Lastly I add the following two environment variables to my Elastic Beanstalk configuration:
LD_LIBRARY_PATH: /usr/local/lib:$LD_LIBRARY_PATH
PROJ_LIB: usr/local/proj
If you still have troubles I recommend checking the logs and ssh-ing in the EC2 instance to check that installation took place. Original credit to this post
I need to install php-imap on amazon ec2 linux 2 instance.
All the php stuff is inside amzn2extra-lamp-mariadb10.2-php7.2 but php-imap package is missing.
Any advice ?
Thanks
I installed it like this.
I downloaded the php source code of the currently installed version in my Amazon Linux 2
wget http://php.net/get/php-7.2.8.tar.bz2/from/a/mirror
Unpacked it and went into php-7.2.8/ext/imap/
Compiled extension:
phpize
./configure
I got some errors.
Some U8T_CANONICAL stuff so
sudo yum install libc-client-devel
Then libc-client.a not found so created a symlink for it:
cd /usr/lib
sudo ln -s /usr/lib64/libc-client.a
some other imap library error so:
sudo yum install uw-imap-static
I got some other errors so the working configure line was:
./configure --with-kerberos --with-imap-ssl
make
SUCCESS!
cd php-7.2.8/ext/imap/modules
sudo cp imap.so /usr/lib64/php/modules/
Created an ini file to load it:
sudo vi /etc/php.d/30-imap.ini
added to the file this content:
extension=imap
restarted php service (you might need to restart httpd depending on your php installation):
sudo systemctl restart php-fpm
PHPinfo now contains:
imap
IMAP c-Client Version 2007f
SSL Support enabled
Kerberos Support enabled
For those who are facing the U8T_CANONICAL error and can't being able to install the libc-client-devel on Amazon Linux 2 AMI need to do something extra to resolve the U8T_CANONICAL error.
The main problem is that libc-client-devel isn't available so we need to do it in another way.
I found this link while searching for my problem. The solution that is posted here is solid. The following link that i gave is for those who are not being able to install the libc-client-devel will be benifited from the link.
Or you could just copy paste the commands i'm giving below.
1 - sudo yum groupinstall "Development Tools"
2 - sudo amazon-linux-extras install epel
3 - yum install epel-release
4 - sudo yum install libc-client-devel uw-imap-static openssl-devel
5 - sudo ln -s /usr/lib64/libc-client.a /usr/lib
The rest can be followed from respondent.
Again thanks to the person who answered.
Same problem here.
I came from debian/ubuntu and i miss a lot of php packages on aws linux2.
I know it's still a candidate and not a final LTS release. Only worked for a month with this distro and saw a lot of changes and updates. Some php dependencies can be solved with pear or pecl, but I couldn't get nothing working on php-imap.
php-imap depends on libc-client (maybe that's a problem?)
Here is my solution.
Search for the libc-client rpm that correspond to your version and
install manually.
Search for the rpm that corresponds to your php installed version. In my case it was 7.2.5**-2** about 2 weeks ago. (today is
7.2.5**-3** ) and isntall manually
CODE
wget https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64//php72u-imap-7.2.5-2.ius.centos7.x86_64.rpm -P /tmp
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libc-client-2007f-16.el7.x86_64.rpm -P /tmp
rpm -i /tmp/libc-client-2007f-16.el7.x86_64.rpm
rpm -i /tmp/php72u-imap-7.2.5-2.ius.centos7.x86_64.rpm
If it fails because Failed dependencies:
rpm -ivh /tmp/php72u-imap-7.2.5-2.ius.centos7.x86_64.rpm --nodeps
I dont like this solution, but can't find for now any other solution more stable and easy. It will be a pain with updates....