Upload
hoangcong
View
215
Download
1
Embed Size (px)
Citation preview
This guide will walk you through the processing of setting up
and using Oracle products on Amazon Web Services (AWS).
Oracle and Amazon Web Services
Getting Started Guide
Important: Oracle and Amazon have
provided you with a promotional code
for a free 72 hours (3 days) of
continuous usage of Amazon AWS. At
the end of this period, you must
remember to shutdown any Oracle
instances and EBS volumes that you
have created. Failure to do so will
result in usage charges. Introduction
This guide will cover how to:
• Signup for Amazon services
• Create Digital Keys for Authentication
• Download required freeware for connecting to Linux from Windows
• Configure the Amazon firewall for your instance
• Launch instances
• Create / Attach storage
• Configure freeware / Connect to your Amazon Instance
• Mount volumes, start VNC and Oracle DB
• Explore Fusion Middleware Lab exercises
You’ll need two things to get started:
• A good understanding of your network location. A DSL or faster connection is recommended, and
knowing whether the firewall at your current location allows SSH (TCP 22) and VNC (5901) is also
important. If necessary, bypass your corporate firewall altogether if it does not allow SSH (TCP Port
22) traffic. We’ll use a mix of different available tools to get you setup -- the Amazon console &
ElasticFox (a plug-in to Firefox), so that you’ll feel comfortable in either environment, and get to
know which performs better for a given task. Also, since running Linux instances are cheaper than
Windows instances, we’ll use Oracle Enterprise Linux based instances.
• A credit card and a telephone for Amazon account verification.
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
Signing Up for Amazon Web Services
1. Make sure you are at a fast network connection, DSL or better. Find out if that network’s firewall at
your access point blocks SSH (port 22) or VNC (5901). There are some tunneling workarounds
with PuTTY if 5901 is blocked - this is documented later.
2. Create a directory on your computer where you will store the various files needed for connecting to
the Amazon environment. If you’re a Windows user, c:\ec2 is a convenient location—and the rest
of this document will assume that you created a directory in that location.
3. Sign up for AWS, and specifically the EC2 service and the S3 simple storage service, at
http://aws.amazon.com. A tutorial is available here. While this action will require a credit card to
create your account, you will be receiving a credit for your usage so the usage will be free for you.
Amazon Web Services will email you a promotional code for $35.00 USD, which is sufficient value
to cover your costs for 72 hours, or 3 days, of continuous usage of the required resources. The
email will be delivered to the address you used to register for your amazon account. Visit the
Promotional Code Redemption Page and enter your promotional code . (You must be signed in to
view this page). Then you may verify that the credit has been applied to your account by viewing
your Account Activity page if you wish.
Important: Oracle and Amazon have provided you with a promotional code for a free 72 hours (3
days) of continuous usage of Amazon AWS. At the end of this period, you must remember to
shutdown any Oracle instances and EBS volumes that you have created. Failure to do so will result
in usage charges.
Create Digital Keys for Authentication
4. Login to AWS console at http://aws.amazon.com/console/ and choose the Amazon EC2 tab if it
is not already selected.
5. For security reasons, Amazon Web Services requires that you use an electronic key to log in, rather
than a password. In the AWS console, click on Key Pairs in the left column navigation to create a
key, then click create Key Pair. It doesn’t matter what you name the key; however a best practice is
to use a name that helps you remember which key is for what purpose (assuming that eventually
you will have a collection of these keys). Save it to the special EC2 directory that you created above,
or note the filename / path if you saved it to some other location.
Figure 1 Amazon EC2 Console - Key Pairs
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
Download required freeware for connecting to Linux from Windows
6. Download and install PuTTY, and the Tight VNC client. We encourage you to use the TightVNC
client for optimal network performance. (you don’t need to install the server, just the client). Other
AMI’s, like any other machine, may have a different VNC server altogether, or no VNC server at
all. We’ve configured this particular image to use Tight VNC since it’s performs well.
• www.tightvnc.com/download.html
• www.chiark.greenend.org.uk/~sgtatham/putty/download.html
If you are running on Mac OSX, please refer to the appendix on Mac VNC and SSH setup.
7. Putty is not able to use Amazon’s keypair format that you downloaded in step 6, therefore PuTTY
users must convert keys into a format PuTTY understands. not understand the keypair that you
downloaded in step 6. That’s not a major issue though, because PuttyGen is a program that
converts the native file format into one that PuTTY will understand.
Launch PuTTYGen, click on Conversions -> Import Key. Browse to c:\ec2 and locate the key you
downloaded. It will have a .pem extension.
If you wish, enter a passphrase in the fields provided by PuTTYGen; although we recommend
skipping this step.
Finally, click on File -> Save Private Key to save the converted key in c:\ec2. Use the same base
filename, so that MyKey.pem has a corresponding PuTTY file named MyKey.ppk. This best
practice makes it easier to keep things organized later.
Configure the Amazon firewall
8. Determine your IP address and netmask with ElasticFox. If you are brave and want to do this
manually, please refer to the appendix.
Download ElasticFox, setup access identifiers (ElasticFox is Optional). ElasticFox can
automatically determine your network range which is very convenient. You can do this same step
with the AWS console, which is described next, but it won’t automatically determine your network
range. You must input the CIDR notation yourself.
ElasticFox Download link:
http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609
To configure ElasticFox, refer to page 4-5 under the heading “Setting up the Credentials” of this
ElasticFox user guide.
http://www.slideshare.net/rawwell/elasticfox-owners-manual-presentation
It will show you how to setup the access identifiers, a one time security configuration. Do steps 1-6.
To locate your account specific Access Identifier / ElasticFox setup information, click here:
http://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key
Once you can connect ElasticFox to your AWS account, proceed to the next step.
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
9. Create a security group as shown below, creating rules for SSH, VNC at a minimum as shown
below: (Data in the screenshots are strictly examples).
Figure 2 ElasticFox - Group Permissions
Figure 3 ElasticFox - Grant Permissions
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
Launching Instances
10. Locate an AMI - In the AWS console, click on the AMIs link in the left hand side navigation pane.
In the “viewing” prompt, type in the AMI ID to locate the AMI. When you select it, you can see
information about the AMI in the pane below. Use the AMI ID ami-7708e51e in the US availability
zone. Right click on it, and choose Launch Instance. Do this next part carefully as it is critical to
proper operation.
Launch it with the following arguments:
1 instance
M1.large
<your security group name from step #9>
<your key pair name from step #5>
11. It should take only a few minutes to boot.. Navigate to the instances section / tab in the Amazon
console, or use ElasticFox, to monitor the startup process.
12. Once it is up, the Amazon console will display a green ball that indicates it is running. Then
navigate to your instances tab.
13. Select the instance you launched (if you don’t have others running it should be the only one). In the
details pane below for the selected instance, write down the instance ID and notice the availability
zone for your instance. You'll need the instance ID in later steps.
Figure 4 EC2 Wizard
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
14. You are ready to connect via SSH. Launch PuTTY.
Go back to the instances section of the AWS console.
Select the running instance and look in the details pane, and copy and paste the public DNS name
into PuTTY. (Data in the screenshots are strictly examples).
In PuTTY, and paste the value of the server hostname into the host name field. Save your
changes to a named profile so you don’t have to do this every time. (Data in the screenshots
are examples and do not match what you will see.)
Figure 5 EC2 Console
Figure 6 EC2 Console – Host Name
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
15. Then specify your MyKey.ppk PPK file from step 8, as shown below. Save your changes to the
same connection profile.
Figure 7 PuTTY - Host Name
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
16. If applicable, specify a proxy server in the Connections > Proxy in the PuTTY settings. Save your
changes to the same connection profile.
Figure 8 PuTTY - Auth Key
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
Then try to connect by double clicking on the profile name. The first time you successfully connect,
you will get a message about adding the keyfile to a cache. Say yes when prompted. It will prompt you
for the login ID after accepting the key, and the username is always root. There is no password as you
are using an encrypted key instead of a password.
Connection troubleshooting
• Make sure you specified the path to your key (*.ppk) file in the SSH/Auth section
• Most often the issue is a hang / timeout. This usually means a network problem, or the
instance didn’t boot properly.
• If you have a proxy that you normally use for your browser, you must specify it in the
connection/proxy section, and remember to save the change to your profile so you don’t
have to re-enter it every time.
• Double check your security groups and make sure they allow port 22. Consider where you are
connecting from, and whether or not you are actively using VPN or not. Some companies
have proxies, so if you’re on VPN you may need to specify your proxy. Try stripping out the
DNS name and just use the IP.
Figure 9 PuTTY - Proxy Setting
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
If the public DNS name is ec2-75-101-146-205.compute-1.amazonaws.com then the IP
would be 75.101.146.205. You may want to do this anyway to eliminate DNS as a potential
source of issues.
Note that ping will not work with Amazon
• As a last resort, use ElasticFox to check the STOUT console output and ensure that the
instance booted properly.
• If your firewall blocks SSH, consider using a SSH/HTTP tunnel like corkscrew.
17. Congratulations, you are logged in as root.
18. Let’s start the VNC Server. Make sure you are the root user, and at the command line, type
vncserver
Then start the database by typing:
su - oracle
sqlplus / as SYSDBA
Once connected to sqlplus type:
startup
Type exit to leave sqlplus and return to the command line
Then make sure the network database listener is started by typing
lsnrctl status
( if necessary to control listener use commands lsnrctl start, lsnrctl stop )
Figure 10 shows a successful output
Then quit sqlplus and go logout of the oracle account by typing:
exit
logout
Figure 10 Output from a Successful startup
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
19. Almost the last step! Connect via VNC. (See appendix if a MAC user). Paste the DNS name or IP
of your instance into your TightVNC client and click connect! The default geometry mode is
1024x768. See below if your firewall blocks VNC port 5901, and you need to port forward 5901
over the SSH (port 22) connection.
VNC password:oracle01
Connection troubleshooting:
• Make sure you are using the TightVNC client
• Make sure the previous step where you launched the vnc server succeeded
• If the connection is slow, consider your network access point. Also, you can reduce the
number of colors in the display to 8-bit to increase speed. This may cause some color palette
shifts on your screen as a result.
Some firewalls may block vnc on port 5901. If you can connect on SSH, you can use the port
forwarding feature of PuTTY to get around this. Realize that if you are tunneling, VNC will
depend on the SSH session being open / logged in to work. Setup the tunnel in PuTTY, then
connect your vnc client to 127.0.0.1:1 as shown below. If you were already connected on SSH
before making this change, make the change, save it, and disconnect / reconnect.
Figure 11 Tight VNC - Color Setting
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
Figure 12 PuTTY Port Forwarding
Figure 13 VNC Connection
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
20. Explore fusion middleware products embedded in this AMI – to get started with the lab of your
choice, simply double clicking the corresponding folder and look for the PDF lab guide.
21. You may want to simply leave the instance up and running for the duration of your evaluation --
the DNS / IP changes if you restart the instance, and you’d need to re-do many of these steps. If
you leave the instance running, you can simply quit out of PuTTY and / or VNC Client, and
pickup exactly where you left off, but usage charges will accrue. The promo code/coupon you
receive from Amazon will be redeemable for approximately 72 hours of continuous usage of a
m1.large instance, and a 50GB EBS volume.
22. After completing a particular lab exercise, we recommend shutting down server processes, IDE
tools, etc. used for that lab before proceeding to the next lab. While the m1.large server type has
8GB of RAM, it's better to eliminate any potential for conflicting resources.
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
APPENDIX: MAC OSX CONFIGURATION FOR VNC
Mac users only, follow the following steps to set up a VNC client: A. An easy path : use JollysFastVNC (http://www.jinx.de/JollysFastVNC.html), create a new connection using the external DNS name of your AMI and change port # to 5901, connect and : voilà ! Don't forget to run vncserver via ssh on the VM. B. While more possibly effort, we recommend trying to use tight VNC as we've experienced better VNC performance when using both the TightVNC client and the TightVNC server (which is embedded into the event AMI). At www.tightvnc.com/download.html, download tightvnc-1.3.10_javabin.zip to your Mac Install the classes into the Apache httpd document root: > root@domU-12-31-38-01-B1-01:[/root] $ mv /mnt/tightvnc-1.3.10_javabin.zip /var/www/html/ $ cd /var/www/html/ $ ls
tightvnc-1.3.10_javabin.zip $ unzip tightvnc-1.3.10_javabin.zip
Configure the Apache httpd server for the TightVNC Applet: $ /etc/init.d/httpd start
Launch the VNC viewer from the command line: disco-stu:Desktop jamie$ cd tightvnc-1.3.10_javabin
Replace the DNS address in the next line with your instance's DNS address: disco-stu:classes jamie$ java VncViewer HOSTec2-75-101-254-116.compute-1.amazonaws.comPORT 5901
You should see: Initializing... Connecting toec2-75-101-254-116.compute-1.amazonaws.com, port 5901... Connected to server RFB server supports protocol version 3.8 Using RFB protocol version 3.8 Performing standard VNC authentication VNC authentication: success Desktop name is X Desktop size is 1024 x 768 Disconnecting Updates received: 70 (470 rectangles + 7 pseudo), 2.58 updates/sec Rectangles: Tight=0(JPEG=0) ZRLE=365 Hextile=0 Raw=0 CopyRect=105 other=0 Pixel data: 20935244 bytes, 130252 compressed, ratio 160.729 RFB socket closed
Oracle and Amazon Web Services – Getting Started Guide
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109
To execute the SSH connection: If you are using OS X, (I imagine this will also work with Linux / Unix), open the terminal application, and type:
ssh -i /path/to/MyKey.pem root@publicDNSofInstance
where /path/to/MyKey.pem is the key pair you generated and downloaded in step
6, and publicDNSofInstance is the public DNS name described in step 27.
Note also that MyKey.pem must have restricted access permissions otherwise you
will get an error that it was ignored. If you get this error type: chmod 600 /path/to/MyKey.pem
(replacing /path/to/MyKey.pem with the path to your key file) in the terminal before running the ssh command again.
Also make sure you don't leave off root@ in front of the public DNS name, because
otherwise ssh will substitute your local username and the server will ask you for a password that doesn't exist. Determining your CIDR address: Determine your IP address and netmask. IMPORTANT: (we recommend that you use the ElasticFox plug-in for Firefox so you can skip this step.) Each AWS account comes with a firewall, known as a “security group” in AWS lingo. You can (and should) restrict inbound SSH and VNC traffic thru the firewall by limiting access to specific IP addresses. (Some protocols, such as HTTP to a public website, are typically left wide open to the entire internet by specifying 0.0.0.0/0 as the source address and mask.) There are two things that frequently arise as issues when you restrictions up. First, the notation used is unfamiliar to many people. It’s known as Classless Inter-Domain Routing, or “CIDR”. There is a base IP address followed by a “/” and netmask. Second, determining your IP address as perceived by others on the Internet can be tricky, especially from home. That’s because large ISPs such as Verizon frequently translate the address even though you already have a firewall in place. For a single (usually home) IP address you’ll need to enter the address in the format 1.2.3.4/32. If an IP address range (usually a large corporation), then the address will be in the format 1.2.3.0/28 (where 28 is replaced by some other number). Rather than spend pages documenting all of the steps, we instead recommend that you watch this video in its entirety to learn more about both topics. Otherwise, just use ElasticFox, which will do this for you automatically.