380 likes | 519 Views
Cloud Computing lecture 10. Using AWS Keke Chen. Outline. Using EC2 Preparation Run instance from command line tools Use web console Use boto Using S3 Use boto. Preparation. Sign up for AWS Coupon codes worth $100 per code , redeem at “account” Security credentials
E N D
Cloud Computinglecture 10 Using AWS Keke Chen
Outline • Using EC2 • Preparation • Run instance from command line tools • Use web console • Use boto • Using S3 • Use boto
Preparation • Sign up for AWS • Coupon codes • worth $100 per code , redeem at “account” • Security credentials • Access Key ID • Security access key • X.509 certificate • “create a certificate” • Download the private key and the certificate (i.e., the public key) and save them to ~/.ec2/
preparation • Methods for accessing EC2 • Command line tools • Web console • boto python library
preparation • Ec2 command line tools have been installed at /usr/local/ec2 at nimbus17 • You should set up env varialbes • JAVA_HOME • EC2_HOME • Add $EC2_HOME/bin to PATH • EC2_PRIVATE_KEY=~/.ec2/pk-XXXXX.pem • EC2_CERT=~/.ec2/cert-XXXXXXX.pem Both pk*.pem and cert*.perm are from the x.509 certificate you downloaded from your account)
Sample setup in .profile export EC2_HOME=/usr/local/ec2/ export PATH=/usr/local/gae/:/opt/matlab/bin/:/usr/local/hadoop/bin:$EC2_HOME/bin:/usr/local/pig/bin:$PATH export EC2_PRIVATE_KEY=~/.ec2/pk-xxxxxxx.pem export EC2_CERT=~/.ec2/cert-xxxxxxx.pem export AWS_ACCESS_KEY_ID=xxxxxxxxxx export AWS_SECRET_ACCESS_KEY=xxxxxxxx export AWS_ACCOUNT_ID=xxxxxxxxx
Ready to start! • Check AMIs ec2-describe-images –o self –o amazon | grep machine|less Looking for … IMAGE ami-3c47a355 ec2-public-images/getting-started.manifest.xml amazon available public i386
Generate key pair 1. ec2-add-keypair gsg-keypair 2. Paste the following part to the file ~/.ec2/id_rsa-gsg-keypair -----BEGIN RSA PRIVATE KEY----- …. -----END RSA PRIVATE KEY----- 3. chmod 600 ~/.ec2/id_rsa-gsg-keypair
Run an instance • ec2-run-instances ami-3c47a355 -k gsg-keypair • ec2-describe-instances i-395bf151 RESERVATION r-29f61541 425984194090 default INSTANCE i-395bf151 ami-3c47a355 pending gsg-keypair 0 m1.small 2009-10-13T05:16:54+0000 us-east-1b aki-a71cf9ce ari-a51cf9cc monitoring-disabled RESERVATION r-29f61541 425984194090 default INSTANCE i-395bf151 ami-3c47a355 ec2-67-202-28-87.compute-1.amazonaws.com domU-12-31-39-06-AC-33.compute-1.internal running gsg-keypair 0m1.small 2009-10-13T05:16:54+0000 us-east-1b aki-a71cf9ce ari-a51cf9cc monitoring-disabled 67.202.28.87 10.208.179.193
Get connected • Authorize accesses to ports • ec2-authorize default –p 22 • ec2-authorize default –p 80 -- enable ssh and web • Or start with some security group • ec2-run-instances ami-xxxxx -g apache • Connect to your instance • http://ec2-67-202-28-87.compute-1.amazonaws.com • ec2-get-console-output i-395bf151 • ssh -i ~/.ec2/id_rsa-gsg-keypair root@ec2-67-202-28-87.compute-1.amazonaws.com
Clean up • Terminate the instance • ec2-terminate-instances i-395bf151 • Or in the instance, run shutdown –h now
Use boto to access EC2 • Create connection >>> from boto.ec2.connection import EC2Connection >>> conn = EC2Connection('<aws access key>', '<aws secret key>') Or if you have set the keys in AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY >>> import boto >>> conn = boto.connect_ec2()
Images >>> images = conn.get_all_images() >>> images >>> for i in range(len(images)): ... print i, images[i].location
Run instance >>> image = images[xxx] # some selected image >>> reservation = image.run() # have various parameter settings, such as key, security group, instance type, etc. Or reservation=conn.run_instances('<ami-image-id>') >>> reservation.instances [Instance:i-6761850e] >>> instance = reservation.instances[0] >>> instance.state u'pending‘ >>> instance.update() >>> instance.state u'pending' >>> # wait a few seconds to minutes >>> instance.update() >>> instance.state u'running'
Retrieve information of instance >>> instance.dns_name u'ec2-72-44-40-153.z-2.compute-1.amazonaws.com' >>> instance.public_dns_name u'ec2-72-44-40-153.z-2.compute-1.amazonaws.com' >>> instance.private_dns_name u'domU-12-31-35-00-42-33.z-2.compute-1.internal'
Run multiple instances >>> reservation.image.run(2,2,'gsg-keypair') >>> reservation.instances [Instance:i-5f618536, Instance:i-5e618537] >>> for i in reservation.instances: ... print i.status u'pending' u'pending' >>>
Terminate instances >>> instance.stop() >>> instance.update() >>> instance.state u'shutting-down' >>> # wait a minute >>> instance.update() >>> instance.state u'terminated' For multiple instances >>> reservation.stop_all() >>> instances = conn.get_all_instances() >>># then check each instance
Security • Set launch permission for private AMIs image.get_launch_permission() image.set_launch_permission(list_of_AWS_user_IDs) image.remove_launch_permission(list_of_AWS_user_IDs) Image.reset_launch_permission()
Security • Security groups • For network accesses to service ports • A collection of access rules >>> rs = conn.get_all_security_groups() >>> print rs [SecurityGroup:appserver, SecurityGroup:default, SecurityGroup:vnc, SecurityGroup:webserver] >>>
>>> sg = rs[1] >>> sg.name u'default' >>> sg.rules [IPPermissions:tcp(0-65535), IPPermissions:udp(0-65535), IPPermissions:icmp(-1--1), IPPermissions:tcp(22-22), IPPermissions:tcp(80-80)] >>>
Create a security group >>> web = conn.create_security_group('apache', 'Our Apache Group') >>> web SecurityGroup:apache >>> web.authorize('tcp', 80, 80, '0.0.0.0/0') True >>> web.authorize(ip_protocol='tcp', from_port=22, to_port=22, cidr_ip='192.168.1.130/32') True
Revoke permission >>> web.rules [IPPermissions:tcp(80-80), IPPermissions:tcp(22-22)] >>> web.revoke('tcp', 22, 22, cidr_ip='192.168.1.130/32') True >>> web.rules [IPPermissions:tcp(80-80)] >>>
Regions >>> import boto.ec2 >>> regions = boto.ec2.regions() >>> regions [RegionInfo:eu-west-1, RegionInfo:us-east-1] Bind to specific regions >>> eu = regions[0] >>> conn_eu = eu.connect()
Copy resources to new region • Supporting EC2 objects • User created • SecurityGroups, KeyPairs, Addresses, Volumns, Images, and SnapShots • Local to a particular region • Copy to a new region Example – SecurityGroup: >>eu_group = us_group.copy_to_region(eu)
S3 – quick review • Objects are organized in a two-level directory • Bucket • container of objects • Global unique name • Key • Like file names • Unique in the same bucket • Object • Indexed by (bucket, key) • http://bucket.s3.amazonaws.com/key
S3 • Programming tools
Check out AWS Developer Resource Center, for more programming examples • We will take a look at boto library • It is already installed with python at nimbus17
Create a connection >>> from boto.s3.connection import S3Connection >>> conn = S3Connection('<aws access key>', '<aws secret key>') These two keys can be found in your security credentials
If you have set the keys in AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY >>> import boto >>> conn=boto.connect_s3()
Creating a bucket >>> bucket = conn.create_bucket(‘mybucket’) Note that mybucket is globally (in the entire S3 system) uniuqe
Storing data >>> from boto.s3.key import Key >>> k = Key(bucket) >>> k.key = 'foobar' >>> k.set_contents_from_string('This is a test of S3')
Retrieve data >>> import boto >>> c = boto.connect_s3() >>> b = c.create_bucket('mybucket') # substitute your bucket name here >>> from boto.s3.key import Key >>> k = Key(b) >>> k.key = 'foobar' >>> k.get_contents_as_string() 'This is a test of S3'
Work on files >>> k = Key(b) >>> k.key = 'myfile' >>>k.set_contents_from_filename('foo.jpg') >>> k.get_contents_to_filename('bar.jpg')
Check all created buckets >>> rs = conn.get_all_buckets() Rs is a list of buckets >>> len(rs) >>> for b in rs: … print b.name … Listing of all available buckets
Set access control • Set public readable for entire bucket >>> b.set_acl('public-read') • For one object >>> b.set_acl('public-read‘, ‘foobar’) Or if k is a Key >>>k.set_acl(‘public-read’)
Check ACL >>> acp = b.get_acl() >>> acp <boto.acl.Policy instance at 0x2e6940> >>> acp.acl <boto.acl.ACL instance at 0x2e69e0> >>> acp.acl.grants [<boto.acl.Grant instance at 0x2e6a08>] >>> for grant in acp.acl.grants: ... print grant.permission, grant.grantee ... FULL_CONTROL <boto.user.User instance at 0x2e6a30>
Meta data with objects >>> k = Key(b) >>> k.key = 'has_metadata' >>> k.set_metadata('meta1', 'This is the first metadata value') >>> k.set_metadata('meta2', 'This is the second metadata value') >>>k.set_contents_from_filename('foo.txt') >>> k = b.lookup('has_metadata) >>> k.get_metadata('meta1') 'This is the first metadata value'