Overview
One of the main features in AWS environment is RDS database,
wherein database does need a server to create a database. You just need to
create a new instance and start utilizing the database service, once you
configure the security group and you need to establish connection via endpoint.
Applies To
RHEL 7, CentOS 7, AWS, RDS – MySQL
Pre-Requisites
·
MySQL workbench (optional) if you want to
connect from Windows machine
RDS Database
It’s completely different from the way a conventional
database where you build a server and install MySQL server, client packages and
create the database and create the required access privileges.
Launch RDS Console
Launch “RDS” from
different AWS services from the AWS Management Services Console, when you click
on “RDS Dashboard” will be launched.
If it’s a first time you are launching it, you will be seeing the below screen,
to create a new Instance, click on “Get
Started Now”.
Select Engine – Database
Next step is to choose database engine that needs to be
created. In this document we are creating MySQL instance, so click on “MySQL” and click on “Select” button.
DB Instance – High Availability
Next step is to choose whether the database have to be configured
in “Multi-AZ Deployment” which is
the database would be configured in more than one availability zone for higher
availability or choose it to be a standalone database, typically for a
non-production deployments.
DB Instance – Specifications
Next step, after selecting DB Engine choose Instance options
and configurations.
Options
|
When
to choose
|
DB Engine Version
|
Choose the Version that you intend to deploy,
typically depends on the application compatibility
|
DB Instance Class
|
Choose the compute, memory and workload, depends on workloads
|
Multi-AZ Deployment
|
Choose, wherein High-availability is mandatory
|
Storage Type
|
Depends on the application needs and IOPs required for the application
performance
|
Allocated Storage
|
5 GB Size
|
DB Instance – Settings
Next step, select the database settings and parameters.
Setting
|
Purpose
|
DB Instance Identifier
|
DB instance identifier, unique identifier for the
AWS account
|
Master Username
|
Set master username for the database
|
Master Password
|
Set master password for the database
|
Confirm Password
|
Set the master username password
|
DB Instance – Configure Advanced Settings
Next step is to configure advanced settings, wherein
security parameters is set or configured. Also ensure that you download the “SSL Certificate” if you intend to
connect securely, click on link “new certificate bundle”
Setting
|
Purpose
|
VPC
|
If you intend to create new VPC wherein you DB will
be configured on different VPC and DB Subnet group
|
Subnet Group
|
Default or new subnet group to be configured, according to the VPC
option
|
Publicly Accessible
|
If the database is accessible within VPC or publicly
|
Availability Zone
|
Choose the default, ideally choose in the EC2 configured zone
|
VPC Security Group(s)
|
Configure the authorized network to connect to
database
|
DB Instance – Database Options
Next step is to configure database options, wherein database
options.
Setting
|
Purpose
|
Database Name
|
Database name to be created by the RDS installation
process
|
Database Port
|
Database service port to be configured
|
DB Parameter Group
|
Choose the configuration setting for the version
(container for the engine)
|
Option Group
|
Amazon RDS uses option groups to enable and configure these features.
An option group can specify features, called options, that are available for
a particular Amazon RDS DB instance
|
Copy Tags To Group
|
Select this option to have any DB instance tags
copied to a DB snapshot when you create a snapshot.
|
Enable Encryption
|
Encrypt data transfer and data stored
|
DB Instance – Backup
Next step is to configure database backup retention and
backup window options. These two options are by default enabled.
Backup Retention Period
One of the feature wherein database or backup administrators
take of is configuring backup and subsequently retention period wherein the
previous backup that needs to be retained. Currently it can be configured anywhere
between 1 to 35 days.
Backup Window
When you configure Backup retention period, “Backup Window” should also be
configured according to the business needs and within stipulated timeframe. If
you need the backup should be done at specific time intervals, choose the “Backup Window” option and set the “Start Time” and “Duration” parameters.
Backup window should
not be configured same as “Maintenance
Window” and also ensure that you
have given sufficient time to complete the backup task, such that ongoing backup should not be disrupted. See
the “Maintenance Window”. Hence it is very import to configure backup
windows that doesn’t overlap with maintenance activity.
DB Instance – Maintenance
Once you have configured backup options. Next step is to
configure “Maintenance”. There are two
options.
Auto Minor Version Upgrade
The first option is to choose the “Auto Minor Version Upgrade” wherein minor database upgrade will be
done automatically, when the option is set to “Yes”.
Maintenance Window
When you configure Upgrade to “Yes”, “Maintenance Window”
should also be configured according to the business needs. If you need the maintained
activity to be implemented at specific time intervals, choose the “Maintenance Window” option and set the
“Start Time” and “Duration” parameters.
Maintenance window should
not be configured same as “Backup Window”
and also ensure that you have
given sufficient time to complete the backup task, such that ongoing backup should not be disrupted. See
the “Backup Window”. Hence it is very import to configure backup windows
that doesn’t overlap with maintenance activity.
After configuring this option, click on “Launch DB Instance”.
DB Instance – View Your DB Instance
After configuring all the options and clicking on “Launch DB Instance”, you can view the
launch status by clicking the “View Your
DB Instance” button.
DB Instance – Launch Status - Creating
When you click on “View Your DB Instance” button, you DB
instance current creation status will be displayed. In order to connect the
Database Instance that we launched, we will have to wait till the Status is set / updated to “available” and “Endpoint” is shown.
DB Instance – Launch Status - Available
After creating the DB Instance is created, the status will
be set to “available” and endpoint
for the DB instance will be displayed and the authorized networks will also be
set. Endpoint is nothing but “hostname”
for MySQL client connect string and authorized is nothing but security groups
configured list.
DB Instance – Configure Security Group
In order to connect to the database you need to configure
security group in the AWS Management console with the IP Address range for the
port 3306. To add a new rule or modify click on security “Group ID”. Click on “InBound” tab and click on “Edit” button.
DB Instance – Configure Security Group – Add Rule
After adding the new rule, click on “Save” button. After that you can establish connection to the
database.
Setting
|
Purpose
|
Type
|
Choose type of connection (MySQL/Aurora)
|
Database Port
|
Automatically updated
|
Source
|
Add access rule for the Source IP from where the
database connection would to be established
|
Connect from – Anywhere (0.0.0.0/0), My IP and Custom IP
|
DB Instance – MySQL Workbench – Parameters
Once the instance status is set to “available”, Create a new the MySQL workbench connection. Configure
New connection as per the below parameters and click on “Test Connection” and “OK”
button.
Parameters
|
Values
|
Hostname
|
copy and paste endpoint string from RDS Instance information
|
Username
|
Username, set during the “DB
instance – Settings” section
|
Password
|
Password, set during the “DB instance – Settings” section
|
DB Instance – Connect MySQL Workbench – SSL
Optionally, you
can configure SSL Certificate downloaded from AWS Portal.
Download the security file when configuring “Network & Security” option.
DB Instance – Connect MySQL Workbench
Once saved, double click on the saved connection, you should
be able to launch SQL query window. Database server information is displayed.
DB Instance – RDS DB Connection – SSL CA Download
Optionally, you can configure SSL Certificate downloaded
from AWS Portal.
Download the SSL CA certificate for RDS database instance
connection. When configuring the network & security section click on download
link “new certificate bundle”.
wget
https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
MySQL – RDS DB Connection - SSL Certificate Connectivity
Connect the database with SSL certificate with specific
database.
mysql -h
mywordpress.cnntryehtcnj.us-east-1.rds.amazonaws.com -umywordpressdb
-pmywordpressdb --ssl-ca=/root/rds-combined-ca-bundle.pem -s
-pmywordpressdb --ssl-ca=/root/rds-combined-ca-bundle.pem -s
MySQL – SSL Certificate Connection – DB
Connect the database with SSL certificate with specific
database.
mysql -h
mywordpress.cnntryehtcnj.us-east-1.rds.amazonaws.com -umywordpressdb
-pmywordpressdb --ssl-ca=/root/rds-combined-ca-bundle.pem -Dmywordpressdb
-pmywordpressdb --ssl-ca=/root/rds-combined-ca-bundle.pem -Dmywordpressdb
MySQL – Non SSL Connectivity
Connect the database without
SSL certificate with specific database.
mysql -h
mywordpress.cnntryehtcnj.us-east-1.rds.amazonaws.com -umywordpressdb
-pmywordpressdb -Dmywordpressdb
Configure SELinux
One of the important step after configuring wordpress
database is to configure SELinux and
enable “httpd network db connection”.
This step is applicable when the SELinux is enabled and enforcing.
SELinux – httpd
To list all SELinux attributes that can be configured httpd
related SELinx parameters that can be configured can be listed with command “getsebool -a | grep httpd” though we
need to configure database connectivity to get filter by below command.
getsebool -a |
grep httpd_can_network
SELinux – httpd
Modify current state of particular SElinux boolean; for
httpd database connection via network should be set to “on” to turn off modify the object to “off”, which is 0.
setsebool -P
httpd_can_network_connect_db 1
WordPress – Download Package
Download the WordPress package on the server, run the
command.
wget
http://wordpress.org/latest.tar.gz
WordPress - Extract Package
Extract the package in the DocumentRoot folder of Apache httpd server.
cd /var/www/html
tar -zxf latest.tar.gz
WordPress – Configure Database Parameters
Configure the database connection parameters for the
WordPress portal in the configuration file “wp-config.php”.
Setting
|
Purpose
|
DB Name
|
Configured database name (database – settings)
|
Master Username
|
Configured username
|
Master Password
|
Set master password for the database
|
Confirm Password
|
Set the master username password
|
WordPress - Launch Portal
Launch the WordPress portal and configure the Site
Information, administrator username, password and email ID. Once you are done
posting administrator information click on “Install WordPress” button.
http://WordPressServerIP/wordpress/
Troubleshooting
Error establishing a database connection
Error Message
Error establishing a database connection
Cause
SELinux is not configured to establish database connection
for httpd service. To verify this run the command;
getsebool -a |
grep httpd_can_network
Resolution
Since WordPress connects to a database SELinux needs to be
configured via httpd service, you need to turn on SELinux attribute “httpd_can_network_connect_db”.
setsebool -P
httpd_can_network_connect_db 1
Slideshare Information
Step by step guide with screenshot is uploaded.
Thanks for providing this informative information you may also refer.
ReplyDeletehttp://www.s4techno.com/blog/2016/02/04/increase-the-maximum-number-of-simultaneous-users-to-log-in-to-linux-server-using-ssh/