I am trying to fix a problem I have with my program I uploaded to AWS in elastic beanstalk tomcat. I found someone who seems to have had a similar problem, but I can't find where I execute their solution.
AWS EC2 tomcat permission denied creating/writing to file
The answer said that I should use the following commands:
chmod o+x /home
chmod o+x /home/ec2-user
I want to see if this will fix my problem, however I have looked everywhere and have found no information regarding where I actually put these commands.
Is your problem fixed if you run those commands manually? (i.e. eb ssh into your instance and then sudo chmod o+x /home then sudo chmod o+x /home/ec2-user)
If so, you could automate running those commands using an EB extension file. The documentation is here but it would look something like this:
.ebextensions/01-fix-permissions.config
commands:
fix_home_permissions:
command: "chmod o+x /home"
fix_ec2user_permissions:
command: "chmod o+x /home/ec2-user"
Related
I am following this guidance and try to copy a simple code from local directory into EC2 instance.
Up to and incl. section Connect to your Linux instance using WSL, everything works as in the AWS guidance. But when I try to copy a python file from local computer into the EC2 instance using the code below,
sudo mkdir WSL-path
cd WSL-path
sudo cp /mnt/c/.../test-pair2.pem test-pair2.pem
sudo cp /mnt/c/.../hello_world.py hello_world.py
sudo chmod -R 400 test-pair2.pem
scp -i test-pair2.pem hello_world.py ec2-user#ec2-18-184-76-175.eu-central-1.compute.amazonaws.com:~
I cannot connect to the instance and get the following:
Load key "test-pair2.pem": Permission denied
Permission denied (publickey).
lost connection
The key in the local instance can be only read by the user, with the default I could not even connect to EC2. But otherwise I think I am following the AWS manual. Would much appreciate explanation what I am doing wrong.
If you have permission denied check the following factors:
Is the key you're using using permissions 400. To check run ls -lah test-pair2.pem. If not fix it by using chmod 400.
Is the owner of the file you, if not run chown $USERNAME test-pair2.pem.
As it works with sudo we know that the host is the issue, not the target.
So problem solved - silly mistake - adding SUDO works:
sudo scp -i test-pair2.pem hello_world.py ec2-user#ec2-18-184-76-175.eu-central-1.compute.amazonaws.com:~
What I have noticed is whenever user-data commands are executed while executing a Cloudformation template to spin up an EC2, they are run via the root user. How can I change this behaviour so that the commands are run as ec2-user?
I tried doing a
sudo su ec2-user
to tackle this, but that apparently opens up another shell on the machine so doesn't really solve this use case.
sudo has the -u parameter that lets you choose the user. So you can use:
sudo -u ec2-user echo hello from ec2-user
I am trying to install webgoat on AWS. I am following the instructions given on https://github.com/WebGoat/WebGoat
I can get it up and running on my local box. But when I try to deploy it on AWS it gives error and complains about Dockerfile and Dockerrun.aws.json.
I go to elastic beanstalk. Then I create an application (of docker type). It asks me for the code and I give it the zip file from github. After several minutes it gives errors about Dockerfile and Dockerrun.aws.json.
Webgoat has several Dockerfiles, but no Dockerrun.aws.json. I am not sure how to resolve this.
What is the best way to deploy webgoat in aws?
Will appreciate any help I can get.
Finally I was able to install it using the info provided on these two sources.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html
and https://github.com/WebGoat/WebGoat
Here are the steps:
sudo yum update -y
sudo yum install -y docker
sudo service docker start
sudo usermod -a -G docker ec2-user (Restart the server)
sudo docker pull webgoat/webgoat-8.0
sudo docker run -p 80:8080 -it webgoat/webgoat-8.0 /home/webgoat/start.sh
Make sure to modify the security group associated with the aws instance to allow http traffic. After that you should be able to access the app with this url:
http://:80/WebGoat/login
I'm trying to setup CoreOS on AWS to run specific commands on boot to download our DCOS cluster's info tarball and run scripts contained within it. These scripts help add the instance as an "agent" to our DC/OS cluster.
However, I don't seem to be able to get the docker run commands to run. I do see that the userdata is creating the tee's output file (which remains empty) and also the /opt/dcos_install_tmp/ directory (also remains empty).
The docker run commands here download an "awscli" container, fetch packages from S3 (using IAM instance profile credentials), and spit it out to the CoreOS file system.
Installing AWS CLI on CoreOS didn't seem straightforward (there's no package manager, no python), so I had to resort to this.
If I login to the instance and run the same commands by putting them in a script, I have absolutely no issues.
I check "journalctl --identifier=coreos-cloudinit" and found nothing to indicate issues. It just reports:
15:58:34 Parsing user-data as script
There is no "boot" log file for CoreOS in /var/log/ unlike in other AMIs.
I'm really stuck right now and would love some nudges in the right direction.
Here's my userdata (which I post as text during instance boot):
#!/bin/bash
/usr/bin/docker run -it --name cli governmentpaas/awscli aws s3 cp s3://<bucket>/dcos/dcos_preconfig.sh /root && /usr/bin/docker cp cli:/root/dcos_preconfig.sh . && /usr/bin/docker rm cli | tee -a /root/userdatalog.txt
/usr/bin/docker run -it --name cli governmentpaas/awscli aws s3 cp s3://<bucket>/dcos/dcos-install.tar /root && /usr/bin/docker cp cli:/root/dcos-install.tar . && /usr/bin/docker rm cli | tee -a /root/userdatalog.txt
sudo mkdir -p /opt/dcos_install_tmp
sudo tar xf dcos-install.tar -C /opt/dcos_install_tmp | tee -a /root/userdatalog.txt
sudo /bin/bash /opt/dcos_install_tmp/dcos_install.sh slave | tee -a /root/userdatalog.txt
Remove -t flag from the docker run command.
I had a similar problem: DigitalOcean: How to run Docker command on newly created Droplet via Java API
The problem ended up being the -t flag in the docker run command. Apparently this doesn't work because it isn't a terminal or something like that. Remove the flag and it runs fine.
I have a single instance server deployed on AWS - Elastic Beanstalk that needs timezone configuration, and I changed the timezone as logging into the EC2 environment with ssh, and update it with the linux commands listed below;
sudo rm /etc/localtime
sudo ln -sf /usr/share/zoneinfo/Europe/Istanbul /etc/localtime
sudo reboot
Everything is fine as the server is running as a single instance. The problem arose as I wanted to use Auto Scaling, Load Balancing feature. On single instance, updating the timezone on linux AMI is fine, but on auto scaling mode, because that the instances are created/destroyed/recreated according to the threshold metrics, all the configuration is lost.
My simple question is, how can I change/configure the timezone for an auto scalable, load balancing mode in AWS Elastic Beanstalk ?
you can configure the newly starting server with ebextensions.
Here's an example that works for me. Add the following command into the file .ebextensions/timezone.config:
commands:
set_time_zone:
command: ln -f -s /usr/share/zoneinfo/US/Pacific /etc/localtime
The answers here only managed to work for me partially (I had errors deploying when using the answers above). After some modifications, the following worked for me. I believe it has something to do with "cwd" and "permissions".
commands:
0000_0remove_localtime:
command: rm -rf /etc/localtime
0000_1change_clock:
command: sed -i 's/UTC/Asia\/Singapore/g' /etc/sysconfig/clock
cwd: /etc/sysconfig
0000_2link_singapore_timezone:
command: ln -f -s /usr/share/zoneinfo/Asia/Singapore /etc/localtime
cwd: /etc
For my first answer on StackOverflow ... I have to add new information to an excellent earlier answer.
For AWS Linux 2, Elastic Beanstalk, there is a new simple method of setting time. Add the following commands into the file .ebextensions/xxyyzz.config:
container_commands:
01_set_bne:
command: "sudo timedatectl set-timezone Australia/Brisbane"
command: "sudo systemctl restart crond.service"
I'm not sure if the second command is absolutely essential, but the instances certainly play nice with it there (especially with tasks due to happen right away !).
You can also configure it via ssh in the command line:
when connected to your Elastic Beanstalk Instance:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html#change_time_zone
sudo ln -sf /usr/share/zoneinfo/America/Montreal /etc/localtime
You can connect to your EB instance with the eb command line tool.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb3-cmd-commands.html
eb ssh