Pages

Advertisement

Thursday, January 30, 2020

Amazon Web Services (AWS): Enabling API Access

 
The First step of enabling API access is to get your AWS Access keys properly created and defined. 

 Step 1 - Login to AWS console and Navigate to IAM

 Step 2 - Navigate to users and select user which you want to have the access key 

 Step 3 - Go to Security Credentials and Click on Create Access Key. 

 Remember, you will get a pop-up and this is the only time you will able to see the Secret Access Key, so it is a good choice to download and save it somewhere and probably somewhere safe as it gives access to your account. 
However, if you loose it, contact your admin and the admin can delete it or make it inactive

 Okay, Now that you have 2 parts of Key
Access Key and Secret Access Key.

 You should now configure your environment
In your home directory create a folder named .aws and create the credentials file as below.

cat ~/.aws/credentials
[default]
aws_access_key_id=xxxxxxxx
aws_secret_access_key=xxxxx

 Now this will be used as your default credentials.

 You should also create a config file which specifies default region 
Example Below 
cat ~.aws/config
[default]

region=us-east-1

 The other option can be to set it as your environment variables or set it as your environment variables in the Code Editor you use. 
I use pycharm, so go to Run and Edit Configurations, you will see environment  variables there which you can configure. 

 Also, you can use boto3 quick start for your help as well.

 https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html

Amazon Web Services (AWS) : EC2 - Instance Metadata Get Region/Type/IP

 
In this blog I am going to demonstrate how to get the Instance Metadata information using curl.

 Instance Metadata information is available at the 169.254.169.254 IP address.
If you are from networking background you will realize, this is Automatic Private IP or Self Assigned Private IP.

 So, we use curl to get the information and as an example below. 

$ curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -e Type -e region -e Ip
  "instanceType" : "m5.2xlarge",
  "privateIp" : "10.114.32.79",
  "region" : "us-east-1",

Wednesday, January 15, 2020

Amazon Web Services (AWS) : Customising the Sign-In Link for IAM Users

 
When you start creating IAM users, the first AWS does automatically for you is to create an IAM sign in link which could be given to your users. 

You can click on customize to customize it to your custom name and then provide it to your users in order to sign in directly to your account. 

Amazon Web Services (AWS) : Setting up Security / IAM Best Practices at account creation

 
In this blog I am going to show, how to have all the green ticks as per AWS recommendation, after setting up a new account. 

 Once you create a new account (most probably free tier), go to IAM and then if you are not already go to Dashboard. 

You should see your status as below.
The next step is to activate an MFA on your account. MFA is  multi-factor authentication which provides additional layer of security to login to your account.
The most easy (per me) downloa Duo Mobile and add your account. 
You will be asked to enter 2 continous codes and scan the QR Code. 

 The next step is to add a password policy to the user account. 
The next Step is to create a group and a user. 
So, click on Add Group and name : AWSAdmins.
Attach the policy as shown below - 'Administrator Access'
Review and Create
Next Create a user and attach this policy to the user, username can be any what you want and password you can set it at your ease.

Now if you go back to the dashboard, you will see - all your boxes are 'green ticked'


Wednesday, January 8, 2020

OEM 13cR3: OMS Plugin Patching 13.3.1.0.191231 and 13.3.2.0.191231

 
In this blog I am going to patch EM plugins on OMS for the given version
Note - you should always keep a backup of EM configuration and have a restore point / db backup to restore to in case there are any issues in application of the patch. 

 Download Patches

 $ wget 'https://updates.oracle.com/Orion/Services/download/p30666063_133000_Generic.zip?aru=23270565&patch_file=p30666063_133000_Generic.zip' --http-user='<username>' --http-password=<password> --no-check-certificate --output-document=p30666063_133000_Generic.zip
$ wget 'https://updates.oracle.com/Orion/Services/download/p30666123_133000_Generic.zip?aru=23270566&patch_file=p30666123_133000_Generic.zip' --http-user='<MoS Username>' --http-password='<password>' --no-check-certificate --output-document=p30666123_133000_Generic.zip



 Here are few things you must ensure - 
1. Ensure that the Software Library is configured.
2. Ensure that the Oracle WebLogic Administration server that hosts the OMS is up and running.
3. Ensure that the Oracle Database, which houses the Management Repository and its listener are up and running.
4. Ensure that the Oracle Management Service (OMS) on which you are installing the patch or from which you are rolling back the patch is Oracle Management Service 13c Release 3 (13.3.0.0.0).
5. Ensure that you have the latest version of OPatch 13.9.0.0.0 and OMSPatcher 13.8.0.0.3 on all OMS instance platform homes.

6. Ensure that you set the ORACLE_HOME environment variable to OMS core home.

 You must have applied latest patch and done all steps as in my last blog

 Patch apply 13.3.1.0.191231 and 13.3.2.0.19123
Unzip Patch (2 minutes)
$ unzip -qq p30666063_133000_Generic.zip
$ export ORACLE_HOME=/u01/app/oracle/product/oem13cr3

$ export PATH=$ORACLE_HOME/OMSPatcher:$ORACLE_HOME/OPatch:$ORACLE_HOME/bin:$PATH

 Pre Patch (5 minutes)
 cd 30666063
$ emctl stop oms 
$ omspatcher apply -analyze

 Patch (10 minutes)
$ omspatcher apply 

 Pre Patch (5 minutes)
$  unzip -qq p30666123_133000_Generic.zip
 cd 30666123
omspatcher apply -analyze

Patch (10 minutes)
omspatcher apply 

 Start OMS
emctl start oms 
$ emcli login -username=sysman
$ emcli sync

 After Patch  (13.3.1.0.191231) you can see this in output of opatch lspatches

30563546;EM FMW Plugin Bundle Patch 13.3.1.0.191231
30563523;EM Exadata Plugin Bundle Patch 13.3.1.0.191231
30563511;EM DB Plugin Bundle Patch 13.3.1.0.191231
29404834;EM SI Plugin Bundle Patch 13.3.1.0.190331
30203475;EMBP Patch Set Update 13.3.0.0.191015

After Patch  (13.3.2.0.191231) you can see this in output of opatch lspatches
30563518;EM DB Plugin Bundle Patch 13.3.2.0.191231
30341229;EM SI Plugin Bundle Patch 13.3.2.0.191031
30563546;EM FMW Plugin Bundle Patch 13.3.1.0.191231
30563523;EM Exadata Plugin Bundle Patch 13.3.1.0.191231
30203475;EMBP Patch Set Update 13.3.0.0.191015

Tuesday, January 7, 2020

AWS : Lambda: Add IP to Security Group Using Boto3 - Complete Code

  
IN this blog I am going to show how to add an IP using Lambda.
You can create a sample-SQS trigger event with an IP address in body to create an SQS event emulation for testing..


Now, 
    

  • lamda_handler is the default handler for lambda
    • 

  • It checks if the IP is not already part of the rule
    • 

  • it then calls updateIP and refreshes the timestamp if yes or adds new with new timestamp if no
    • 

  • the revoke is to temporarily revoke and add the IP.
    • 





import boto3
from datetime import datetime

ec2 = boto3.resource('ec2')
s_group = ec2.SecurityGroup('sg-85d42ac2')
dt = datetime.now()
date_format = "%m-%d-%Y %H:%M"str_dt = dt.strftime(date_format)
ssh_port = 22code = 200max_minutes = 5

def lambda_handler(event, context):
    for record in event['Records']:
        ip = record["body"]
        if (str(ip) == 'sweep'):
            sweepIP()
        else:
            verifyAddIP(str(ip))

def verifyAddIP(strIP):
    m_strIP = strIP + '/32'
    ip_permission = s_group.ip_permissions[0]
    ip_range = ip_permission['IpRanges']

    for cidr in ip_range:
        if (cidr['CidrIp'] == m_strIP):
            updateRule(strIP + '/32', True)
        else:
            updateRule(strIP + '/32', False)


def updateRule(strIP, update_p):
    if update_p:
        response = s_group.revoke_ingress(IpProtocol="tcp", CidrIp=strIP, FromPort=ssh_port, ToPort=ssh_port)
        response = s_group.authorize_ingress(IpPermissions=[
            {'IpProtocol': 'tcp',
             'FromPort': ssh_port,
             'ToPort': ssh_port,
             'IpRanges': [{'CidrIp': strIP, 'Description': str_dt}]
             }
        ]
        )
        print ('Update IP Address Time in Ingress Rule - ' + strIP)
    else:
        response = s_group.authorize_ingress(IpPermissions=[
            {'IpProtocol': 'tcp',
             'FromPort': ssh_port,
             'ToPort': ssh_port,
             'IpRanges': [{'CidrIp': strIP, 'Description': str_dt}]
             }
        ]
        )
        print ('Added IP Address to Ingress Rule - ' + strIP)















          

        

          

        

Friday, January 3, 2020


          

        




















OEM 13cR3: Patching 13.3.0.0.191015 















 
      







In this blog I am going to take up the part of Patching my OEM 13cR3 Setup.





Download Patches below 

1. Patch 6880880: OPatch version 13.9.3.3.0 for EMCC 13.x customers Only (not for FMW 12c)

Patch 19999993: OMSPatcher patch of version 13.8.0.0.3 for Enterprise Manager Cloud Control 13.3.0.0.0



3. Patch 30203475: EMBP Patch Set Update 13.3.0.0.191015







First two are Opatch and Omspatcher and the last is the system patch







Upgrade OPatch (2 minutes)







$ export PATH=$ORACLE_HOME/OMSPatcher:$ORACLE_HOME/OPatch:$ORACLE_HOME/bin:$PATH







$ unzip -qq unzip -qq p6880880_139000_Generic.zip



$ cd 6880880



${ORACLE_HOME}/oracle_common/jdk/bin/java -jar opatch_generic.jar -silent oracle_home=${ORACLE_HOME}







Upgrade OMS Patcher (1 minute)



$ cd $ORACLE_HOME



$ mv OMSPatcher OMSPatcher.03_Jan_2020



$ unzip -qq /u01/OEM/Patch/p19999993_133000_Generic.zip



$ cd OMSPatcher



$ ./omspatcher version







Analyze the Patch (5 minutes)



unzip -qq p30203475_133000_Generic.zip



$ cd 30203475



$ omspatcher apply -analyze







If you face issue here - then you might be hitting any one of the below. (mostly the second one) 



EM 13c: Enterprise Manager 13c Cloud Control OMSPatcher Patch Analyze Error: OMSPatcher finds that it is not able to connect to OMS repository (Doc ID 2306317.1) 



EM 13c: Applying a Patch to Enterprise Manager 13.3 Cloud Control OMS Fails with error code 235, OMSPatcher finds that it is not able to connect to OMS repository (Doc ID 2519247.1)







Patch the system (10 minutes)



$ emctl stop oms 



$ omspatcher apply 







Verify



$ opatch lspatches



Restart OMS

$ emctl start oms 























        

      




































Popular Posts











































© Copyright 2019 DBA to DA. . Powered by Blogger.