Public Cloud Infrastructure18 Jul 2021 • Leave Comments
- General Components
This will presents a general setup on public cloud platform (e.g. AWS) to launching a working web server.
- Compute instance, like EC2.
- Running time.
- Network, like VPC (virtual private cloud).
- Elastic IP.
- Security Group (zone) and Compute iptables.
- Bandwidth and traffic usage.
- Storage, like EBS (elastic block storage).
- Image storage.
Oracle Cloud Infrastructure (OCI):
- Tenancy. User accounts, the root account included.
Compartment. A group of resources for different projects, like Finance compartment, logging compartment etc. Think of compartment as Tess cluster.
Click link to review all resources within the root compartment.
- Tag namespace. A group of tags applied to resources. Think of tag namespace as Tess namespace - just another dimension of resources organization.
Always free resources does not limit running time or network traffic:
- 2 instances.
- 2 public IPs.
- 200 GB storage (block volume + boot volume).
- 5 volume backups.
- 2 VCN (virtual cloud network).
- Create an instance
- Select resources with "Always Free Eligible" label.
- Select CentOS 8.2.
- Instance shape is "VM.Standard.E2.1.Micro".
- Upload SSH public key.
Public IP assigned may be blocked, but we can always got a new one at:
Compute - Instances - Instance Details - Attached VNICs - VNIC Details - IPv4 Addresses.
- Configure VCN
- Add "ingress rules" to the default "security list". By default, VNC only allows port 22 ingress. 2, Leave "Stateless" alone, otherwise you need to add matching "egress rules". By default, ICMP is blocked; SSH is allowed.
- Block Volume. By default, each instance is assigned 50 GB boot volume. However, each account can have up to 200 GB volume. So we can attach a special volume to the instance and mount as "/home".
- Create and attach block volume. Please remembr to run the iSCSI commands.
- To mount the new device by "/etc/fstab", remember to add
nofailoptions, as attached block volumes require network access.
- When you "terminate" an instance, remember that the volumes associated remain unless explicitly deleted.
- Disable all "plugins".
Disable Orable Cloud Agent.
~ $ systemctl stop oracle-cloud-agent ~ $ systemctl disable oracle-cloud-agent ~ $ systemctl stop oracle-cloud-agent-updater ~ $ systemctl disable oracle-cloud-agent-updater
~ $ systemctl stop rpcbind.service ~ $ systemctl stop rpcbind.socket ~ $ systemctl stop rpcbind.target ~ $ systemctl disable rpcbind ~ $ systemctl disable rpcbind.socket
- By default, firewalld is enabled.
- iptables rules are quite complex. We'd better leave it alone.