Limiting RDS DB access to only EC2 instances running in your Amazon account

Access to an AWS RDS is controlled by DB Security Group. By default it is set to Deny All. It is a best practice to limit the hosts that can actually connect to your RDS instance. It basically limits the attach vectors available. To do this AWS allows you to set two items:

1.      CIDR/IP -> Here you can specific a CIDR/IP range.  Learn about CIDR/IP range on http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.

2.   EC2 Security Group – If you have an instance running that uses a security group you can specify that security group and AWS account. This way all those instance which use the same security group and are instantiated in this particular AWS account will be able to access the RDS DB.

Tomcat Directory Structure on Ubuntu

This diagram assumes you are using a System wide installation of Apache.



An excellent article/document on Tomcat 6 on Ubuntu. Covers installation and basic configuration.


https://help.ubuntu.com/10.04/serverguide/C/tomcat.html


Cheers!

"java.lang.OutOfMemoryError: PermGen space" exception

"java.lang.OutOfMemoryError: PermGen space" exception  

• Generally seen when redeploying an application on web server.
• Should not be confused with the heap memory space.
• Even if you have a lot of heap memory available you may still see these PermGen space errors.

Why?

The JVM has a lot of different memory space/regions. The Heap and PermGen space are two of them.

Heap is used to store objects that are created by your application. Whereas PermGen space is used to load classes. This space has a fixed size which can be changed by using -XX:MaxPermSize in JAVA_OPTS environment variable.

So basically if there is a problem with Garbage collecting routine and it is unable to free up memory that was used for loading classes then gradually the PermGen space will be exhausted and you will then see this error.

To solve this error simply try to increase the PermGen Space. The default value of it in most of the Web Servers is 64MB. Try increasing it to 128 or 256MB.

Here is how the JAVA_OPTS would look like if we want to increase PermGen space to 256.

JAVA_OPTS="-Djava.awt.headless=true -Xms512m -Xmx2048m -XX:MaxPermSize=256m"

How to set JVM Heap size?

How to set JVM Heap size?

Heap is basically a portion of memory that is allocated to your program. In Java heap memory is used for storing all objects. Java heap is actually the memory allocated to JVM applications.

Default Java heap size is 128 MB which is configurable. You can use the –Xms and –Xmx to define minimum and maximum heap memory that JVM can use.

To define the JVM heap size used for tomcat there are two ways:

1.       Create environment variable CATALINA_OPTS and set it to “-Xms512m -Xmx512m”. For e.g.,

export CATALINA_OPTS=”-Xms256m -Xmx512m”  (bash).

The above command defines that the minimum memory set for Tomcat JVM is 256 and Maximum is 512.

2.       Create environment variable JAVA_OPTS similar to CATALINA_OPTS. The difference between both these variables is none except that CATALINA_OPTS is used by only tomcat. Whereas JAVA_OPTS is used by tomcat as well as other web servers.. so if you simply want to configure for tomcat use CATALINA_OPTS otherwise for setting it globally use JAVA_OPTS.

Generate list of Instance, AMI their Public DNS, Zone and type of Instance

Here is the command you can use to generate a list of instances running in your Amazon AWS account. You need to have Amazon AWS command line tool installed and configured on your machine. If you don't have it already follow article http://swapnilgoswami.blogspot.com/2011/03/amazon-ec2-command-line-tool-step-by.html.

./ec2-describe-instances | grep INSTANCE | cut –f12,2,10,3,4 >> abc.txt

The above command will create a file abc.txt in your current directory which has list of all instances running in your account.. Basically it will list down following info:


1. Instance ID
2. AMI ID
3. Public DNS
4. Type of Instance (small, medium, large etc)
5. Zone

Amazon EC2 Command Line Tool - Step by Step Setup on Ubuntu

Pre-requisites:

1. Java 5 or above. Either JRE or JDK is acceptable.
2. Depends on environment variable JAVA_HOME to locate Java runtime.

To setup this environment variable use:

sgoswami@ubuntu:/$ export JAVA_HOME=<PATH>

 <path> : Java Directory which contains subdirectory bin.


Setup Instructions:

• Create a Directory "ec2-api-tools".
• Download (from http://www.amazon.com/gp/redirect.html/ref=aws_rc_ec2tools?location=http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip&token=A80325AA4DAB186C80828ED5138633E3F49160D9) and extract the tool archieve into this directory.
• Create environment variable EC2_HOME and point it to the ec2-api-tools directory. Use command as below

sgoswami@ubuntu:~$ export EC2_HOME="/home/sgoswami/ec2-api-tools/"

• Export environment variables EC2_CERT and EC2_PRIVATE_KEY. As the name suggests they point to the files contain your Amazon account's Private Key and Certificate file. 

e.g.,:

sgoswami@ubuntu:~$ export EC2_CERT="/usr/local/ec2/cert-saasbeta.pem"
sgoswami@ubuntu:~$ export EC2_PRIVATE_KEY="/usr/local/ec2/pk-saasbeta.pem"

If you have followed the instructions correctly you should be able to run the ec2 commands successfully now.

To test it try below:

1. Navigate to bin folder of ec2. In my case it is: /home/sgoswami/ec2-api-tools/bin
2. Try the command:

sgoswami@ubuntu:~/ec2-api-tools/bin$ ./ec2-describe-instances

It should list you all the isntances that are running in your Amazon AWS account.

Congratulations you have setup this tool successfully. You can try other commands of this tool. Good Luck.

Popular Linux Flavours

RedHat: Most of us who started using Linux began with RedHat. RedHat when made commercial people started shifting to Fedora.

Fedora: Many Linux users started with Fedora initially, but due to installation issues while booting from disk initially a lot of them gave up and abandoned using it. As of today there aren't any faults as such and people are using it.

CentOS:  Its a very popular flavor of Linux in sense - very easy to use, and the server can be set up by booting a CD and using the easy-to-follow instructions. It manages all of the hardware drivers that are needed to execute business programs. CentOS is quite similar to RedHat as everything in the operating system is essentially in the identical place on the computer.

Ubuntu: Its a hot choice today. Is is Debian-based Linux. If a lot of open source practical applications that you’re going to use are built for Ubuntu, you can expect most of the problems that other distributions have to be solved- for these applications.

How to find out which Linux distribution I'm running

To Know Linux Distribution that's running

The /etc directory contains a file lsb-release which has information about the exact distribution that's running.

Simply do a cat of this file and it should give you the details..

For e.g.,

sgoswami@ubuntu:/etc$ cat lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=9.10
DISTRIB_CODENAME=karmic
DISTRIB_DESCRIPTION="Ubuntu 9.10"sgoswami@ubuntu:/etc$

To find out the Kernal version etc do a uname:

sgoswami@ubuntu:/etc$ uname -a
Linux ubuntu 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linuxsgoswami@ubuntu:/etc$
The above tells you that the kernal version is 2.6.31.

Also try cat /proc/version:-

sgoswami@ubuntu:/etc$ cat /proc/version
Linux version 2.6.31-14-generic (buildd@rothera) (gcc version 4.4.1 (Ubuntu 4.4.1-4ubuntu8) ) #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009sgoswami@ubuntu:/etc$