향후 계획
실무 특화
DevOps 카테고리
- IaC(Infrastructure as Code) : 구성 설정 및 자동화 - Terraform, Ansible
- Container 기술 및 오케스트레이션 : Docker, Kubernetes
- CI/CD (Continuous Intergration/Continuous Deployment, Delivery) - Jenkins, Git, Gitlab
자동화
virtual box 머신 생성
메모리크기 4GB
지금 새 가상하드디스크 만들기
VHD - Hyper-V를 통해서 만들어지는 가상 디스크
버추얼박스, VMware Workstation와 같이 설치하면 충돌남.
VMDK - VMware에서 만들어지는 가상 디스크
동적 할당
프로세서(CPU) 2개
잘못된 설정 감지됨 전까지
가상 광학디스크 선택 만들기 클릭
ISO 파일 넣어주기
가상머신 설정
파티셔닝
--- CentOS7 설정
# yum install -y bash-completion wget unzip rdate
// bash-completion -> 자동 완성 기능
# rdate -s time.bora.net 타임 서버에서 시간 맞추는 명령어.
# setenforce 0 셀 리눅스 중지
# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config
# systemctl disable --now firewalld
# cd /tmpova 뜨기
virtual box - 파일 - 가상머신 내보내기 클릭
aws cli 설치
--- AWS CLI 설치
# curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
# unzip awscliv2.zip
# ./aws/install
# aws --version
# aws configure // IAM 만들어야함// 자동완성
[root@localhost ~]# vi .bash_profile
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
complete -C '/usr/local/bin/aws_completer' aws // 이문장 추가해주기
PATH=$PATH:$HOME/bin
export PATHAWS IAM 만들기
사용자 추가 - 이름지정 - 액세스 키 클릭
aws cli 로그인
[root@localhost ~]# aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: ap-northeast-2
Default output format [None]: jsonVPC 만들기
//vpc-숫자문자 -> vpc id 이거 복사해놓기
[root@localhost ~]# aws ec2 create-vpc --cidr-block 192.168.0.0/16 --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=NEW-VPC}]" --output text
VPC 192.168.0.0/16 dopt-0d1b2c771d99f98aa default False 859801962055 pending vpc-03925098834ce39e6
CIDRBLOCKASSOCIATIONSET vpc-cidr-assoc-01157d90193f6ffc5 192.168.0.0/16
CIDRBLOCKSTATE associated
TAGS Name NEW-VPC
// 변수 지정
# NEW_VPC=vpc-03925098834ce39e6
# echo $NEW_VPC
// 서브넷 생성
# aws ec2 create-subnet --vpc-id $NEW_VPC --cidr-block 192.168.0.0/20 --availability-zone ap-northeast-2a --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=NEW-PUBLIC-SUBNET-2A}]"
# aws ec2 create-subnet --vpc-id $NEW_VPC --cidr-block 192.168.16.0/20 --availability-zone ap-northeast-2b --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=NEW-PUBLIC-SUBNET-2B}]"
# aws ec2 create-subnet --vpc-id $NEW_VPC --cidr-block 192.168.32.0/20 --availability-zone ap-northeast-2c --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=NEW-PUBLIC-SUBNET-2C}]"
# aws ec2 create-subnet --vpc-id $NEW_VPC --cidr-block 192.168.48.0/20 --availability-zone ap-northeast-2d --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=NEW-PUBLIC-SUBNET-2D}]"
# aws ec2 describe-subnets --filters "Name=vpc-id,Values=$NEW_VPC" --query 'Subnets[*].{AZ:AvailabilityZone,CIDR:CidrBlock}'
[root@localhost ~]# aws ec2 create-internet-gateway --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=NEW-IGW}]" --output table
---------------------------------------------
| CreateInternetGateway |
+-------------------------------------------+
|| InternetGateway ||
|+------------------------+----------------+|
|| InternetGatewayId | OwnerId ||
|+------------------------+----------------+|
|| igw-0202606936411d7f2 | 859801962055 ||
|+------------------------+----------------+|
||| Tags |||
||+---------------+-----------------------+||
||| Key | Value |||
||+---------------+-----------------------+||
||| Name | NEW-IGW |||
||+---------------+-----------------------+||
[root@localhost ~]# NEW_IGW=igw-0202606936411d7f2
[root@localhost ~]# aws ec2 attach-internet-gateway --vpc-id $NEW_VPC --internet-gateway-id $NEW_IGW // 인터넷 게이트웨이 붙이기
[root@localhost ~]# aws ec2 describe-route-tables --filter "Name=vpc-id,Values=$NEW_VPC"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0210513ae34f6dba1",
"RouteTableId": "rtb-05e994e720cf125b6",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-05e994e720cf125b6",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-03925098834ce39e6",
"OwnerId": "859801962055"
}
]
}
[root@localhost ~]# NEW_RTB=rtb-05e994e720cf125b6
[root@localhost ~]# aws ec2 create-route --route-table-id $NEW_RTB --destination-cidr-block 0.0.0.0/0 --gateway-id $NEW_IGW --output table
--------------------
| CreateRoute |
+---------+--------+
| Return | True |
+---------+--------+
[root@localhost ~]# aws ec2 create-tags --resources $NEW_RTB --tags "Key=Name,Value=NEW-PUBLIC-SUBNET-RTB"
// 서브넷 변수 지정
# aws ec2 describe-subnets --filters "Name=vpc-id,Values=$NEW_VPC" --query 'Subnets[*].{ID:SubnetId,CIDR:CidrBlock}'
[
{
"ID": "subnet-058952c5a2fd19f4c",
"CIDR": "192.168.48.0/20"
},
{
"ID": "subnet-0e6c4e27c18022a57",
"CIDR": "192.168.16.0/20"
},
{
"ID": "subnet-045b7e75f84df89fa",
"CIDR": "192.168.0.0/20"
},
{
"ID": "subnet-027bde2f906ff8a83",
"CIDR": "192.168.32.0/20"
}
]
# NEW_SID1=subnet-045b7e75f84df89fa
# NEW_SID2=subnet-0e6c4e27c18022a57
# NEW_SID3=subnet-027bde2f906ff8a83
# NEW_SID4=subnet-058952c5a2fd19f4c
// 명시적 연결
# aws ec2 associate-route-table --subnet-id $NEW_SID1 --route-table-id $NEW_RTB
# aws ec2 associate-route-table --subnet-id $NEW_SID2 --route-table-id $NEW_RTB
# aws ec2 associate-route-table --subnet-id $NEW_SID3 --route-table-id $NEW_RTB
# aws ec2 associate-route-table --subnet-id $NEW_SID4 --route-table-id $NEW_RTB
// ㅍㅓ블릭 ip 활성화
# aws ec2 modify-subnet-attribute --subnet-id $NEW_SID1 --map-public-ip-on-launch
# aws ec2 modify-subnet-attribute --subnet-id $NEW_SID2 --map-public-ip-on-launch
# aws ec2 modify-subnet-attribute --subnet-id $NEW_SID3 --map-public-ip-on-launch
# aws ec2 modify-subnet-attribute --subnet-id $NEW_SID4 --map-public-ip-on-launch
# aws ec2 modify-vpc-attribute --vpc-id $NEW_VPC --enable-dns-hostnames
퍼블릭 엔드포인트 주소 나오게 하는것.
3. 키페어, 보안그룹 만들기
# aws ec2 create-key-pair --key-name new-key --query 'KeyMaterial' --output text > new-key.pem
# chmod 400 new-key.pem
# aws ec2 create-security-group --group-name NEW-SG-WEB --description "Security group for HTTP_SSH access" --vpc-id $NEW_VPC
# NEW_SG=sg-0f35822fc7528a6f4
# aws ec2 authorize-security-group-ingress --group-id $NEW_SG --protocol tcp --port 80 --cidr 0.0.0.0/0
# aws ec2 authorize-security-group-ingress --group-id $NEW_SG --protocol icmp --port -1 --cidr 0.0.0.0/0
[root@localhost ~]# aws ec2 authorize-security-group-ingress --group-id $NEW_SG --protocol tcp --port 22 --cidr 123.142.252.25/32
4. 볼륨 및 인스턴스 만들기
# vi mapping.json
[
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeSize": 8
}
},
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"VolumeSize": 8
}
}
]
// 사용자 데이터
# vi my_script.txt
#!/bin/bash
yum install -y httpd
systemctl enable --now httpd
echo "<h1>Hello AWS CLI</h1>" > /var/www/html/index.html
// 인스턴스 생성
# aws ec2 run-instances \
--image-id ami-0fd0765afb77bcca7 \
--count 1 \
--instance-type t2.micro \
--key-name new-key \
--security-group-ids $NEW_SG \
--subnet-id $NEW_SID1 \
--block-device-mappings file://mapping.json \
--user-data file://my_script.txt \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=NEW-WEB}]' 'ResourceType=volume,Tags=[{Key=Name,Value=NEW-ROOT}]'
# NEW_IID=i-04dcd2809d55b3a34
// 인스턴스 퍼블릭 ip 검색
# aws ec2 describe-instances --instance-id $NEW_IID | grep PublicIp
# ssh -i "new-key.pem" ec2-user@52.78.217.252
// xvdb 마운트 (ec2 접속해서)
# sudo mkfs -t ext4 /dev/xvdb
# sudo mount /dev/xvdb /mnt
# df -h
5. 정리
# aws ec2 terminate-instances --instance-id $NEW_IID
# aws ec2 delete-security-group --group-id $NEW_SG
# aws ec2 delete-subnet --subnet-id $NEW_SID1
# aws ec2 delete-subnet --subnet-id $NEW_SID2
# aws ec2 delete-subnet --subnet-id $NEW_SID3
# aws ec2 delete-subnet --subnet-id $NEW_SID4
# aws ec2 detach-internet-gateway --internet-gateway-id $NEW_IGW --vpc-id $NEW_VPC
# aws ec2 delete-internet-gateway --internet-gateway-id $NEW_IGW
# aws ec2 delete-vpc --vpc-id $NEW_VPC