AWS S3 Presign URL

原由

在 AWS S3 上面下載東西，都是以流量計費的，但有時候為了不想要把一些重要的檔案給所有人取用時，免得會被超收很多費用，但卻又需要提供給別人下載時，我們就可以使用 AWS S3 Presign URL 這個功能。

用這個功能，我覺得有二個好處

1. 檔案無須公開
2. 可以限制下載的時間

如此一來，就可以有效的保護自已的重要檔案，又可以達到節省不必要的花費了。

指令用法

• 語法
  • --expires-in (integer) Number of seconds until the pre-signed URL expires.
  •  Default is 3600 seconds.

aws s3 presign  --expires-in 

• 實際指令

aws s3 presign s3:// BucketName/FileName --expires-in 300 --profile UserName

• Reference:
  • cli chap getting start
  • cli mutiple profiles
  • Why is my presigned URL for an Amazon S3 bucket expiring before the expiration time that I specified?
  • Creating a secure URL with an expiration date from S3

Create Local Mirror Repo on RHEL 7

Disable Firewalld Service

# systemctl disable firewalld
# systemctl stop firewalld

SELinux Change Enforcing to disabled

• Check File

  # ls -la /etc/sysconfig/selinux
  lrwxrwxrwx. 1 root root 17 Jan 26 13:18 /etc/sysconfig/selinux -> ../selinux/config

• Disable SELinux

  # sed 's/SELINUX=enforcing/SELINUX=disabled/g' -i /etc/sysconfig/selinux

Install Requirement Packages

# yum -y install createrepo yum-utils httpd

Copy RPM Packages from CD-ROM

# mount /dev/cdrom /mnt/
# mkdir -p /ISO/7/x86_64/Packages
# cp -R /mnt/Packages/* /ISO/7/x86_64/Packages/

Assign Appropriate Permissons Local Repo Directory

# chown -R root.root /ISO/7/x86_64/

Generate Repo Metadata

• Use createrepo command to generate repo metadata

  # createrepo -v /ISO/7/x86_64/
  # chmod -R o-w+r /ISO/7/x86_64/

Create Repo File In /etc/yum.repos.d/local.repo

• local.repo on Repository Server

  [ISO]
  name="RHEL 7.4 Repostitory"
  baseurl="file:///ISO/7/x86_64"
  enabled=1
  gpgcheck=0
  priority=1

Download EPEL Repository

• Use reposync to download remote epel repository, if you want to update remote repository, also use it.

  # reposync -n --repoid=EPEL -p / --download-metadata

• Update repository metadata

  # createrepo /EPEL/ -g 66b8680793d983f01395176215ae7c5291578797ed3e327dfb65e9880d0de49e-comps-Everything.x86_64.xml

• Now you should create cronjob for daily update ( Recommand )

Setting Apache Server

• Directory Struture By Defaults

  # tree /etc/httpd/
  /etc/httpd/
  ├── conf
  │   ├── httpd.conf
  │   └── magic
  ├── conf.d
  │   ├── autoindex.conf
  │   ├── README
  │   ├── userdir.conf
  │   └── welcome.conf
  ├── conf.modules.d
  │   ├── 00-base.conf
  │   ├── 00-dav.conf
  │   ├── 00-lua.conf
  │   ├── 00-mpm.conf
  │   ├── 00-proxy.conf
  │   ├── 00-systemd.conf
  │   └── 01-cgi.conf
  ├── logs -> ../../var/log/httpd
  ├── modules -> ../../usr/lib64/httpd/modules
  └── run -> /run/httpd

• Backup welcome.conf we don't need it.

  # mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak

• Create /etc/httpd/conf.d/yum_repo.conf

  
  ServerAdmin root@server.deepsoft.com
  ServerName mirror.nobody.com.tw
  DocumentRoot "/var/www/html/Repo"
  
  Options Indexes FollowSymLinks
  Order allow,deny
  Allow from all
  
  
  
  
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  

• Create Symbolic Link to /var/www/html/Repo

  # ln -s /ISO  /var/www/html/Repo/
  # ln -s /EPEL /var/www/html/Repo/

• Now start apache server

  # systemctl enable httpd
  # systemctl start httpd.service

On The Other Servers Settings

• Edit /etc/yum.repos.d/local.repo

  [ISO]
  name="RHEL 7.4 Repostitory"
  baseurl="http://10.64.32.57/ISO/7/x86_64"
  enabled=1
  gpgcheck=0
  priority=1
  
  [EPEL]
  name="RHEL 7.4 Repostitory"
  baseurl="http://10.64.32.57/EPEL/"
  enabled=1
  gpgcheck=0
  priority=2

Reference:

• How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7 without using Satellite server?
• How to create a local repository for updates
• How to setup Apache httpd to host a git repo via "smart" HTTP & HTTPS with user auth
• CentOS / RHEL : How to create and host yum repository over httpd
• Create internal repository server on CentOS 7
• Centos7通过reposync搭建本地Yum源

Basic PowerShell

• 名詞解釋
  • cmdlet - 唸法為 Command-let，格式都是以 連字號 (-) 隔開的，字母不分大小，若是使用 Windows PowerShell ISE，可以按二次 Tab 鍵，就可以做命令補全了。

  > Get-Help

  • Get-WmiObject - 是一般系統管理工作最重要的 cmdlet ，WMI ( Windows Management Instrumentation ) 會將資料視為一個或是多個項目集合中的物件，並且可以透過使用 Get-WmiObject 來收集特定資訊，我們以點值(.)指定 ComputerName 參數，代表本機電腦。
  • 查看 Win32_OperationSystem 這個底下有什麼東西可以查？

  Get-WmiObject -Class Win32_OperationSystem | Get-Member

• 確認目前 PowerShell Version

方法 1:

Get-Host

方法 2

Get-Host | fl Version

方法 3

$PSVersionTable

方法 4

• 查找目前有哪些 Domain Controller

請點選左下角『 開始 』 → 使用 『 Search 』，並輸入『 cmd 』

nslookup
> set type=all
> _ldap._tpc.dc._msdcs.YourDomainName

• 查找目前是登入到哪台 DC

echo %LOGONSERVER%

• 查找目前 IP Address ( PowerShell 2.0 )

gwmi Win32_NetworkAdapterConfiguration | 
Where { $_.IPAddress } |
Select -Expand IPAddress |
Where { $_-like '192.168.1.* } 

• 第一個 Where 會去過濾所有存在的 IP Address 的物件
• 第二個 Select 只會去檢索屬性 值
• 第三個 Where 會去找出符合的字串
• 測試連線 ( PowerShell 2.0 )

Test-Connection $computername -count 3 |
Select @{ Name="Computername"; Expression={ $_.Address}}.IPv4Address

• 查看硬體伺服器廠牌及序號

Get-WmiObject Win32_BIOS | FL Manufacturer, SerialNumbeer

• 查看硬體伺服器型號

Get-WmiObject -Class Win32_ComputerSystem | FL Model

• 查看 CPU 型號

Get-WmiObject Win32_Processor | FL DeviceID, Name

• 查看 RAM

Get-CimInstance -class Win32_physicalMemory
Get-CimInstance -Class cim_physcialmemory | % {$_.Capacity} 
Get-CimInstance -Class cim_physcialmemory | FL Capacity} 

• 查 OS 版本及位元

Get-WmiObject -Class Win32_OperationSystem | FL Caption, OSarchitecture

Reference:

• 維基 - PowerShell

What is difference ARG and ENV in Dockerfile

LAB 1:

• Dockerfile

請注意，這邊用的是 ENV PHPVERSION 5

FROM alpine:latest
LABEL description="This example Dockerfile installs Apache & PHP."
ENV PHPVERSION 5
RUN apk add --update apache2 php${PHPVERSION}-apache2 php${PHPVERSION} && \
    rm -rf /var/cache/apk/* && \
    mkdir /run/apache2/ && \
    rm -rf /var/www/localhost/htdocs/index.html && \
    echo "" > /var/www/localhost/htdocs/index.php && \
    chmod 755 /var/www/localhost/htdocs/index.php
EXPOSE 80/tcp
ENTRYPOINT ["httpd"]
CMD ["-D", "FOREGROUND"]

接著我們把它給 build 成 docker image

# docker build --tag local/apache-php:5 .

再來我們來做個實驗，在 docker run 時，使用 --env "PHPVERSION=7" 會不會跑成 PHP7

# docker container run --env "PHPVERSION=7" -p 8080:80 --name apache-php7 local/apache-php:5

請先確認 docker container 的狀態為 Up 即可

# docker container list

請打開 Browser 輸入 http://IP-ADDRESS:8080，確認 PHP INFO

接著我們在進入到 docker container 裡面去確認 PHPVERSION 這個變數有沒有改變，請另開一個 terminal 來執行

# docker exec -it apache-php7 env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=8ab899f69969
TERM=xterm
PHPVERSION=7
HOME=/root

唔！很明顯有 PHPVERSION=7 ，但為什麼網頁上的 PHP VERSION 卻還是 5 哩！

這是因為在 docker build 的時候，已經先指定好版本了，並且已經製作出 docker image 了，所以沒辦法去變更 PHPVERSION=5。

LAB 2:

• Dockerfile

請注意，這邊預設用的是 ARG buildtime_PHPVERSION=5

FROM alpine:latest
LABEL description="This example Dockerfile installs Apache & PHP."
ARG buildtime_PHPVERSION=5
ENV env_var_name=$buildtime_PHPVERSION
RUN apk add --update apache2 php${buildtime_PHPVERSION}-apache2 php${buildtime_PHPVERSION} && \
    rm -rf /var/cache/apk/* && \
    mkdir /run/apache2/ && \
    rm -rf /var/www/localhost/htdocs/index.html && \
    echo "" > /var/www/localhost/htdocs/index.php && \
    chmod 755 /var/www/localhost/htdocs/index.php
EXPOSE 80/tcp
ENTRYPOINT ["httpd"]
CMD ["-D", "FOREGROUND"]

接著我們把它給 build 成 docker image，並命名為 local/apache-php:5

# docker build --tag local/apache-php:5 .

使用 --build-arg 這個參數，再 build 一個 docker image，並命名為 local/apache-php:7

# docker build --build-arg buildtime_PHPVERSION=7 --tag local/apache-php:7 .

請觀察 docker images

# docker images

請同時啟動 local/apache-php:5 & local/apache-php:7，並觀察兩個 docker container 的 PHP VERSION

# docker container run -d -p 9090:80 --name apache-php5 local/apache-php:5
# docker container run -d -p 8080:80 --name apache-php7 local/apache-php:7

請確認 docker container 狀態為 UP

# docker container list
CONTAINER ID        IMAGE                COMMAND                 CREATED             STATUS              PORTS                  NAMES
278b3a6d165b        local/apache-php:5   "httpd -D FOREGROUND"   11 minutes ago      Up 11 minutes       0.0.0.0:9090->80/tcp   apache-php5
4f57218453c9        local/apache-php:7   "httpd -D FOREGROUND"   12 minutes ago      Up 12 minutes       0.0.0.0:8080->80/tcp   apache-php7

請打開 Browser 分別輸入 http://IP-ADDRESS:8080 & http://IP-ADDRESS:9090

明顯可以看出，有不同的 PHP VERSION

接著分別確認一下，這二個 docker container 的 ENV 是什麼

# docker exec -it apache-php7 env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4f57218453c9
TERM=xterm
env_var_name=7
HOME=/root

# docker exec -it apache-php5 env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=278b3a6d165b
TERM=xterm
env_var_name=5
HOME=/root

詳細原因可以參考下面這張圖

Reference:

• Understand how ARG and FROM interact
• Docker ARG, ENV and .env - a Complete Guide