Tal Kimhi, Author at Devops engineer

Tal Kimhi Tal Kimhi

Popular articles by Tal Kimhi

Private and public subnets in Amazon VPC

Understanding the distinction between “private” and “public” subnets in Amazon VPC requires an understanding of how IP routing and network address translation (NAT) works in general, and how they are specifically implemented in VPC. The core differentiation between a public and private subnet in VPC is defined by what that subnet’s default route is, in the VPC routing tables.. This configuration, dictates the validity of using, or not using, public IP addresses on instances on that particular subnet. Each subnet has exactly one default route, which can be only one of two things: The VPC’s “Internet Gateway” object, in the case of a “public” subnet An EC2 instance, performing the “NAT instance” role, in the case of a “private” subnet....
Continue reading...

How To Create Linux LVM step-by-step

LVM allows users to dynamically extend or shrink Linux “partition” or file system in online mode! The LVM can resize volume groups (VG) online by adding new physical volumes (PV) or rejecting those existing PVs attached to VG. How to setup Linux LVM ? Login with root user ID Using the whole new hard disk for LVM partition: fdisk /dev/xvdf Follow This Steps! At the Linux fdisk command prompt, press n to create a new disk partition, press p to create a primary disk partition, press 1 to denote it as 1st disk partition, press ENTER twice to accept the default of 1st and last cylinder – to convert the whole secondary hard disk to a single disk partition, press t (will...
Continue reading...

Connect AWS via VPN client – UTM Sophos

The following is an overview diagram of our setup. Note that this post does not cover HA setup although it is possible to extend it further by running the instances in multiple AZs. In our VPC, we have public and private subnets: in our public subnet, we have the openVPN instance and in our private subnet we have the web server (server 1). This configuration allows you to separate public & private traffic by terminating all internet traffic at the public subnet layer. It is possible to have your internal instances in the public subnet where your VPN instance is located but the above model provides more isolation. The steps To configure your VPN, perform the following: Create a...
Continue reading...

How to create AWS scheduled snapshot

Hi there! Today i’ll explain how to create scheduled backup of AWS mysql data using snapshot script. The first step is to create an IAM user with permissions to do what our backup script requires. Create one in the IAM section of AWS console and in the Inline Policies area give it the following policy: { “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:CreateSnapshot”, “ec2:CreateTags”, “ec2:DeleteSnapshot”, “ec2:DescribeSnapshots”, “ec2:DescribeTags” ], “Resource”: [ “*” ] } ] } Be sure to save the IAM user credentials (AWS access key id and AWS secret access key) The next step is to create the script that will lock the mysql db at night (do it on slave instance to make sure your app will keep running during...
Continue reading...

High availability on AWS using Spotinst

Introducing Spotinst Spotinst is an AWS Partner who provides Spot Instance management and automated provisioning of Amazon EC2 instances within customer accounts. They are responsible for setting the optimal Spot bid price and identifying the most efficient instance type that provides the best performance for your application at the lowest price. Spotinst identifies a recommended solution by assigning a score for each instance type, size, and operating system in each AWS Region. This score is calculated from three criteria: Price – Spotinst looks for Spot markets (Availability Zones or instance types) with fewer fluctuations in price in order to reduce the chance of sudden termination due to Spot market changes. Specifications – Spotinst sets scoring per CPU and GiB of...
Continue reading...

How to install CouchDB on AWS

Hi there! new post that will guide you how to install couchdb on aws step by step Core deps and dev tools. Enable the epel and epel-source repos by editing the file /etc/yum.repos.d/epel.repo. Next install the deps and tools. sudo yum install gcc gcc-c++ libtool libicu-devel openssl-devel autoconf-archive erlang python27 python-sphinx help2man Get the SpiderMonkey JS Engine and build it. wget http://ftp.mozilla.org/pub/mozilla.org/js/js185-1.0.0.tar.gz tar xvfz js185-1.0.0.tar.gz cd js-1.8.5/js/src ./configure make sudo make install You should see it installed under /usr/local/lib Build CouchDB. Download the source package for CouchDB, unpack it and cd in. (https://www.apache.org/dyn/closer.lua?path=/couchdb/source/1.6.1/apache-couchdb-1.6.1.tar.gz) Point it to the required libs and configure. ./configure –with-erlang=/usr/lib64/erlang/usr/include –with-js-lib=/usr/local/lib/ –with-js-include=/usr/local/include/js/ make sudo make install Prepare the CouchDB installation. Make a couchdb user. sudo useradd...
Continue reading...

How To Change Linux Timezone

Firstly, install the latest tzdata package. Suppose you’ve properly configured the yum repositories, these commands will install / update tzdata: yum install tzdata yum update tzdata Now, replace /etc/localtime with the timezone file (installed by tzdata package in /usr/share/zoneinfo directory). For example, to set RHEL system timezone to New York: cp /usr/share/zoneinfo/America/New_York /etc/localtime Next, edit the /etc/sysconfig/clock file, set ZONE value to reflect timezone file used: ZONE=”America/New_York” UTC=true NOTE: If the BIOS clock is set to use UTC time, then you should also set the UTC value to “true”. Besides, insert this keyword UTCin the 3rd line of /etc/adjtime file, e.g.: -0.008103 1375208456 0.000000 1375208456 UTC It’s recommended to have BIOS clock storing UTC time instead of local time, if...
Continue reading...

All articles by Tal Kimhi

How to install CouchDB on AWS

Hi there! new post that will guide you how to install couchdb on aws step by step Core deps and dev tools. Enable the epel and epel-source repos by editing the file /etc/yum.repos.d/epel.repo. Next install the deps and tools. sudo yum install gcc gcc-c++ libtool libicu-devel openssl-devel autoconf-archive erlang python27 python-sphinx help2man Get the SpiderMonkey JS Engine and build it. wget http://ftp.mozilla.org/pub/mozilla.org/js/js185-1.0.0.tar.gz tar xvfz js185-1.0.0.tar.gz cd js-1.8.5/js/src ./configure make sudo make install You should see it installed under /usr/local/lib Build CouchDB. Download the source package for CouchDB, unpack it and cd in. (https://www.apache.org/dyn/closer.lua?path=/couchdb/source/1.6.1/apache-couchdb-1.6.1.tar.gz) Point it to the required libs and configure. ./configure –with-erlang=/usr/lib64/erlang/usr/include –with-js-lib=/usr/local/lib/ –with-js-include=/usr/local/include/js/ make sudo make install Prepare the CouchDB installation. Make a couchdb user. sudo useradd...
Continue reading...

How to create AWS scheduled snapshot

Hi there! Today i’ll explain how to create scheduled backup of AWS mysql data using snapshot script. The first step is to create an IAM user with permissions to do what our backup script requires. Create one in the IAM section of AWS console and in the Inline Policies area give it the following policy: { “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:CreateSnapshot”, “ec2:CreateTags”, “ec2:DeleteSnapshot”, “ec2:DescribeSnapshots”, “ec2:DescribeTags” ], “Resource”: [ “*” ] } ] } Be sure to save the IAM user credentials (AWS access key id and AWS secret access key) The next step is to create the script that will lock the mysql db at night (do it on slave instance to make sure your app will keep running during...
Continue reading...

How To Create Linux LVM step-by-step

LVM allows users to dynamically extend or shrink Linux “partition” or file system in online mode! The LVM can resize volume groups (VG) online by adding new physical volumes (PV) or rejecting those existing PVs attached to VG. How to setup Linux LVM ? Login with root user ID Using the whole new hard disk for LVM partition: fdisk /dev/xvdf Follow This Steps! At the Linux fdisk command prompt, press n to create a new disk partition, press p to create a primary disk partition, press 1 to denote it as 1st disk partition, press ENTER twice to accept the default of 1st and last cylinder – to convert the whole secondary hard disk to a single disk partition, press t (will...
Continue reading...

How To Change Linux Timezone

Firstly, install the latest tzdata package. Suppose you’ve properly configured the yum repositories, these commands will install / update tzdata: yum install tzdata yum update tzdata Now, replace /etc/localtime with the timezone file (installed by tzdata package in /usr/share/zoneinfo directory). For example, to set RHEL system timezone to New York: cp /usr/share/zoneinfo/America/New_York /etc/localtime Next, edit the /etc/sysconfig/clock file, set ZONE value to reflect timezone file used: ZONE=”America/New_York” UTC=true NOTE: If the BIOS clock is set to use UTC time, then you should also set the UTC value to “true”. Besides, insert this keyword UTCin the 3rd line of /etc/adjtime file, e.g.: -0.008103 1375208456 0.000000 1375208456 UTC It’s recommended to have BIOS clock storing UTC time instead of local time, if...
Continue reading...

Connect AWS via VPN client – UTM Sophos

The following is an overview diagram of our setup. Note that this post does not cover HA setup although it is possible to extend it further by running the instances in multiple AZs. In our VPC, we have public and private subnets: in our public subnet, we have the openVPN instance and in our private subnet we have the web server (server 1). This configuration allows you to separate public & private traffic by terminating all internet traffic at the public subnet layer. It is possible to have your internal instances in the public subnet where your VPN instance is located but the above model provides more isolation. The steps To configure your VPN, perform the following: Create a...
Continue reading...

Private and public subnets in Amazon VPC

Understanding the distinction between “private” and “public” subnets in Amazon VPC requires an understanding of how IP routing and network address translation (NAT) works in general, and how they are specifically implemented in VPC. The core differentiation between a public and private subnet in VPC is defined by what that subnet’s default route is, in the VPC routing tables.. This configuration, dictates the validity of using, or not using, public IP addresses on instances on that particular subnet. Each subnet has exactly one default route, which can be only one of two things: The VPC’s “Internet Gateway” object, in the case of a “public” subnet An EC2 instance, performing the “NAT instance” role, in the case of a “private” subnet....
Continue reading...