Symbolic link on Amazon File Share System FSx - Windows EC2 - amazon-web-services

I am currently hosting my ASP.Net web application on AWS. I have searched for the best aws storage options for windows environment. I have found that aws File shares system FSx is suitable for our needs.
One of the required features in my app is to be able to create symbolic link on the network shared folder. On my local environment I have active directory and network shared folder. I have applied those steps to enable symbolic link on my pc with windows 10 and it works:
1- Enable remote to remote symbolic link using this cmd command:
fsutil behavior set SymlinkEvaluation R2R:1
2- Check if the feature is enabled:
fsutil behavior query SymlinkEvaluation
the result is:
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are enabled.
3- apply this command for gain access to the target directory:
net use y: "\\share\Public\" * /user:UserName /persistent:yes
4- create symbolic link using this command:
mklink /D \\share\Public\Husam\symtest \\share\Public
It works fine on my local network with active directory.
On aws I have EC2 windows VM joined aws managed domain. The same domain I created the FSx with. I logged in to the machine with domain administrator. I gave security permission (share and security) to this uses on the shared folder using Windows File Shares GUI Tool.
When I try to create the symbolic link I get: Access Denied
mklink /d \\fs-432432fr34234a.myad.com\share\Husam\slink \\fs-432432fr34234a.myad.com\share
Access Denied
any suggestions? is there a way to add this permission in active directory?

It looks to me like mklink is not supported by amazon fsx. I can mklink to my heart's content on my ebs volume but not on the fsx. Also when I mount the share in linux ln -s test1 test2
ln: failed to create symbolic link 'test2': Operation not supported
I found a comment that said "in the GPO you can Change it in "Computer Configuration > Administrative Templates > System > Filesystem" and configure "Selectively allow the evaluation of a symbolic link" – deru May 11 '17 at 6:45." I don't think it will help because I can mklink on ebs.
This is a problem for me as my asp.net web app also uses mklink during it's setup. My solution is to use a windows container for my web app and then use docker-compose to put the links in to the FSx file system. I thought that I wanted to do the docker-compose build on the fsx volume. This was a terrible idea though because the ebs volume is way faster.

I was getting the same error messages reported above. I consulted with the AWS contacts available to the company I work for, and they confirmed that as of right now, FSx for Windows File Server does not support symbolic links.

Related

Is it possible to download file or folders from AWS Linux EC2 instance to local Windows 10 machine?

I am having one Linux Ec2 instance on AWS and my local machine is Windows 10 (64-bit).
I want to download some files or folders from Ec2 to location windows machine.
I am not sure whether it is possible or not? if yes, how we can do that.
thanks.
I tried this it worked for me.
Download https://mobaxterm.mobatek.net/ its an Enhanced terminal for Windows.
You can link your EC2 instance directly via SSH its pretty simple to set up. Just follow the instuctions they've given. Once linked, its super easy to export, import, create files and folders all via mobaxterm.
folders in mobaxterm:
Got the command to Copy from Windows to Linux.
First you need to install putty (putty-64bit-0.74-installer.msi) on your windows machine
The Command is as follow it will copy the folder(e.g. DokerAutomationResult) to the windows machine from AWSLinux machine.
pscp -r ubuntu#xx.xxx.xx.xx:/home/ubuntu/DokerAutomationResult ./
[pscp -r ubuntu#(ipAddress):(locationOfLinuxFileLocation /(locationToCopyInWInodws) ]
For better Understanding:
https://www.youtube.com/watch?v=Sc0f-sxDJy0&ab_channel=Liv4IT
Yes it is possible to download files from ec2 linux instance to local system.
You can use scp -i key user#ip add:/file location which you want to download.
. will download file in your current location on local system

AWS EC2 Windows SSH Help - Chmod 400 (RSA Key).pem Not Working

Thank you all who use their time to help others. Thank you in advance.
I am taking a class on EDX for Linux command line. I have attached the instructions I have followed to set up Red hat using Windows 10. But the SSH for isn't working it says that RSA Key not found. (Attachment didn't work)
I paste it here
"The recommended way to access your Red Hat Enterprise Linux cloud instance for this course is
to use Secure Shell (ssh​) to get an interactive shell on the system.
Step 1: Getting SSH
If you are using macOS or Linux: The OpenSSH command (ssh​) should already be installed on
your computer. Start a terminal program to get a shell, and proceed to the next step.
If you are using Microsoft Windows, you will need to get an SSH client as follows:
● Option 1: Download Git for Windows​ from https://git-scm.com/download/win and install
it using the default settings. When it is installed, right-click on your desktop (not an icon
or a file) and select Git Bash Here​ to open a Git Bash​ command prompt. An SSH client is
provided with Git Bash​ and you can continue with Step 2.
● Option 2: If you have the PuTTY client, which can be downloaded from
http://www.chiark.greenend.org.uk/~sgtatham/putty/, and you are familiar with that
tool, you can use that to connect to your instance. AWS provides a tutorial on this at
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html.
Step 2: Connecting to your instance with SSH
From the Amazon EC2 console, in the left-side menu under INSTANCES​, click Instances​ to
display a list of the instances you have running. This is probably just the one you set up for this
course. Select its checkbox and click Connect:"
Also, I have another PC I built running on Ubuntu. Can I use that PC with the RSA by logging into AWS account if there is no solution.
I have researched this question and I am stuck here trying to find a solution so I can start class.

VSTS Task: Window machine file copy: system error 53

I'm trying to make a release from VSTS to a VM(running on AWS) that is running an IIS. For that I use three tasks.
Windows Machine File Copy
Manage IIS App
Deploy IIS App
Before the release I'm running a build pipeline that that gives me an artifact containing the web app (webapp.zip).
When I manually put it on the server I can run step 2 and 3 of my release and the application works. The problem I have is that I don't get the Windows Machine File Copy to work. It always throws an exception giving a 'System Error 53: The network path was not found'. Of course the machines are not domain joined, because I'm running my release on VSTS and need the files on a AWS VM. I tried to open port 445 (for file sharing) and made sure the user has rights for the destination path on the target machine.
So my question is: How can I actually move the files from VSTS to the AWS VM if the two machines are not joined.
Using FTP Upload or cURL upload step/task instead.
Regarding how to create FTP site, you can refer to this article: Creating a New FTP Site in IIS 7.
Disclaimer: this answer merely explains how to fulfill the requirements to use tasks of Windows Machine File Copy and Manage/Deploy IIS tasks.
Please always be concerned about security of your target hosts, its hardening and security assessment is absolutely necessary.
As noted in comments, you need to protect the channel of deployment from the outside world, here an high level example:
Answer:
in order to use the Windows Machine File Copy task you need to:
on the target machine (the one running IIS) enable File and Printer Sharing running the following command from administrative command prompt:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
assure that on the target machine PowerShell 4 or more recent is installed; the following executed from a PS command prompt prints the version installed on the local machine:
PS> $PSVersionTable.PSVersion
To get PowerShell 5 you could for example install WMF 5
;
on the target machine you must have installed .NET Framework 4.5 or more recent;
For the other two tasks (Manage/Deploy IIS Task), both require you to enable a WinRM HTTPS listener on the target machine. For development deployment scenario you could follow these steps:
download the ConfigureWinRM.ps1 PowerShell script at from the officaial VSTS Tasks GitHub repository;
enable from an Administrative PowerShel command prompt the RemoteSigned PowerShell execution policy:
PS> Set-ExecutionPolicy RemoteSigned
run the script with the following arguments:
PS> ConfigureWinRM.ps1 FQDN https
Note that FQDN is the complete domain name of your machine as it is reached by the VSTS task, e.g. myhostname.domain.example .
Note also that this script downloads two executables (makecert.exe and winrmconf.cmd) from Internet, so this machine must have Internet connection. Otherwise just download those two files, place them sibling to the script, comment out from the script the Download-Files invocation.
Now you have enabled a WinRM HTTPS listener with a self signed certificate. Remember to use the "Test Certificate" option (which ironically means to not test the certificate, better name would have been "Skip CA Check") for those two tasks.
In production deployment scenario you may want to use instead a certificate which is properly signed.
Windows File Copy is designed to work on the same network and enabling it on the internet would open your server for hacking. It's designed for internal networks. FTP would also result in a significant security risk unless managed properly.
The easiest way to move forward would be to run an Agent on the VM in AWS that you want to release to. The agent will then download the artifacts to the AWS VM and run whatever tasks you need to install.
This allows you to run tasks on the local machine without opening it up to security risks.
If you had multiple machines that you need to manage in AWS you can easily create a local network that will allow your single agent to use Windows File Copy to push files to multiple VM's without risk.

Compiling Libvirt-snmp on VMware ESXi

How can I compile and run Libvirt-snmp on VMware Vsphere ESXi? Can somebody guide with step by step procedure.
I tried to followed steps mentioned on Libvirt Website
but I guess they are for Linux distribution. Because I could not execute ./configure command.
After searching on Google I found a similar question which tells that I need to create a VIB and than install that VIB. Now I have no idea about creating VIB. Can somebody please guide me on this.
Can somebody guide with step by step procedure.
As a workaround
1. Have a Linux VM and create a nfs share
2. Install and configure the required tool. [in your case, the libvirt] in the linux VM in the nfs share. Note the export path and variables
3. Mount the nfs share as NAS volume in ESXi
4. Give a soft link to the mounted nas volume to /usr/bin in ESXi
5. Create corresponding directory tree under /usr/local/lib as required by the tool and link them too to the nfs share.
And you are good to run the tool.
Now I have no idea about creating VIB
Simply put, VIB is VMware Infrastructure Bundle which is the allowed method to push pgms inside ESXi. You can use ar command to create a vib from a rpm and use vib author too to push the module inside ESXi.
Hope it helps

Configuring AmazonLinux AMI instances

I am trying to setup an AMI such that, when booted it will auto configure itself with a defined "configuration" somewhere on a server. I came across Chef and Puppet. Considering Puppet, I was able to run though their examples but couldn't see one for auto configuration from master. I found out that Puppet Enterprise is not supported on "Amazon Linux". Team chose Amazon Linux and would like keep that instead of going to other OS just because one tool doesn't support it. Can someone please give me some idea about how I could achieve this? (I am trying to stay away from home grown shell scripts over a good industry adopted tool for maintainability)
What I have done in the past is to copy /etc/rc.local to /etc/rc.local.orig, and then configure /etc/rc.local to kick off a puppet run and then pave over itself.
/etc/rc.local:
#!/bin/bash
##
#add pre-puppeting stuff here, I add the hostname in "User-data" when creating the VM so I can set the hostname before checking in
##
/usr/bin/puppet agent --test
/bin/cp -f /etc/rc.local.orig /etc/rc.local
/sbin/init 6
AWS CloudFormation is one of Amazon's recommended ways to provision servers (and other cloud resources, too). You declare all the resources you need in a JSON file, and specify how to provision each server by declaring packages to install, services to run, files to create, and commands to run when the server is created. See the user guide for more information. I also wrote a couple of blog posts about getting started with it.