Difference between revisions of "OPS705 Assignment 2"

From CDOT Wiki
Jump to: navigation, search
(Modify Wordpress Configuration File)
(Task 2: Database)
 
(27 intermediate revisions by the same user not shown)
Line 1: Line 1:
In this assignment, you will install a WordPress blog in AWS using Elastic Beanstalk and RDS. '''You will construct this assignment in our ''AWS Academy Learner Lab'' classroom.'''
+
In this assignment, you will install a WordPress blog in AWS using Elastic Beanstalk and RDS. '''You will construct this assignment in our ''AWS Academy Learner Lab'' classroom.''' The purpose of this assignment is to demonstrate your knowledge of Amazon Web Services gathered from our lectures and assigned labs and to show you how you can leverage PaaS to build a web application easily.
  
 
Unlike labs, assignments have minimal instructions. You are given specifications on what the assignment needs, and you must rely on your previous work in the course. If the assignment doesn't have the command you need, you can find it in your labs. As with Assignment 1, don't be afraid to do a little research!
 
Unlike labs, assignments have minimal instructions. You are given specifications on what the assignment needs, and you must rely on your previous work in the course. If the assignment doesn't have the command you need, you can find it in your labs. As with Assignment 1, don't be afraid to do a little research!
Line 82: Line 82:
 
# Public access: '''No'''
 
# Public access: '''No'''
 
# VPC security group: Choose existing
 
# VPC security group: Choose existing
# Existing VPC security groups: Remove default VPC, add '''Wordpress Database VPC''' (look to see that it's there below the dropdown after you select it)
+
# Existing VPC security groups: Remove default VPC, add '''Wordpress Database SG''' (look to see that it's there below the dropdown after you select it)
 
# Availability Zone: '''us-east-1a'''
 
# Availability Zone: '''us-east-1a'''
 
# Monitoring > Enable Enhanced monitoring: '''Unchecked'''
 
# Monitoring > Enable Enhanced monitoring: '''Unchecked'''
Line 94: Line 94:
  
 
= Task 3: Wordpress Source Code Modification =
 
= Task 3: Wordpress Source Code Modification =
 +
'''Explanation:''' From your work with Wordpress in Assignment 1, you know you can simply upload the source code and the first time you load the webpage, you'll be asked for database connector information. However, Elastic Beanstalk applications are meant to be disposable. In A1, when you were adding that database connector info, it was being saved in a file called ''wp-config.php'' on the webserver VM. This is fine for that kind of setup, but in Elastic Beanstalk, changes made to static HTML or PHP ''are not saved if the Beanstalk application restarts'', which it will do often. Whenever the application restarts, it will load from the source zip file. If you did as in A1, you'd have to constantly re-enter your DB connector info every time you started up your Learner Lab environment.
 +
 +
We ''could'' add the DB connector info to '''wp-config.php''' manually before we upload the source code, but there's a much better way. We use environment variables to allow us to put all the info in the Elastic Beanstalk application wizard. That way, every time the application restarts and reloads from the source code zip, it'll then read our connector information from AWS. Read below for details and steps.
 +
 +
'''Note:''' All other information, like the Wordpress website name, users, theme settings, blog posts, etc., are saved in the actual database you created in RDS. This database does not get reset when the Elastic Beanstalk application restarts, so your actual blog will remain intact.
  
 
== Download and Unzip - Local Computer ==
 
== Download and Unzip - Local Computer ==
Line 100: Line 105:
  
 
== Modify Wordpress Configuration File ==
 
== Modify Wordpress Configuration File ==
 +
 +
=== Duplicate and Open Configuration File ===
 
# In the local ''wordpress'' folder, find a file called: '''wp-config-sample.php'''
 
# In the local ''wordpress'' folder, find a file called: '''wp-config-sample.php'''
 
# Duplicate this file, and call it: '''wp-config.php'''
 
# Duplicate this file, and call it: '''wp-config.php'''
Line 105: Line 112:
  
 
=== Adding Database Connector Info as Environment Variables ===
 
=== Adding Database Connector Info as Environment Variables ===
In this file (wp-config.php), you will be adding database connector information as '''environment variables''', not the actual connector information. Find the following lines and add the bolded values:
+
[[Image:Ops705_a2_wp-config-example.png|thumb|right|450px|Figure 1: Adding database connector information to ''wp-config.php''.]]
 +
In this file (wp-config.php), you will be adding database connector information as '''environment variables''', not the actual connector information. (We'll add that information later.) Find the following lines and add the bolded values:
 
# define('DB_NAME', '''getenv('DB_NAME'))''';
 
# define('DB_NAME', '''getenv('DB_NAME'))''';
 
# define('DB_USER', '''getenv('DB_USER'))''';
 
# define('DB_USER', '''getenv('DB_USER'))''';
Line 111: Line 119:
 
# define('DB_HOST', '''getenv('DB_HOST'))''';
 
# define('DB_HOST', '''getenv('DB_HOST'))''';
  
=== Adding Authentication Unique Keys and Salts as Environment Variables ==
+
=== Adding Authentication Unique Keys and Salts as Environment Variables ===
In the same file (wp-config.php), you'll be adding the authentication keys and salts from the previous section as '''environment variables'''. Find the following lines and add the bolded values:
+
In the same file (wp-config.php), you'll be adding the authentication keys and salts as '''environment variables'''. Find the following lines and add the bolded values:
 
# define('AUTH_KEY', '''getenv('AUTH_KEY'))''';
 
# define('AUTH_KEY', '''getenv('AUTH_KEY'))''';
 
# define('SECURE_AUTH_KEY', '''getenv('SECURE_AUTH_KEY'))''';
 
# define('SECURE_AUTH_KEY', '''getenv('SECURE_AUTH_KEY'))''';
Line 121: Line 129:
 
# define('LOGGED_IN_SALT', '''getenv('LOGGED_IN_SALT'))''';
 
# define('LOGGED_IN_SALT', '''getenv('LOGGED_IN_SALT'))''';
 
# define('NONCE_SALT', '''getenv('NONCE_SALT'))''';
 
# define('NONCE_SALT', '''getenv('NONCE_SALT'))''';
 +
 +
== Zip As New File and Rename - Local Computer ==
 +
# Find the '''wordpress''' folder on your local computer.
 +
# Zip the ''entire wordpress directory'', not just the files inside. (Use the zip compression protocol. Don't use something else like .rar.)
 +
# Rename your new zip file: '''wordpress-6.2-modded.zip''' (Use whatever version the source zip file has.)
  
 
= Task 4: Elastic Beanstalk =
 
= Task 4: Elastic Beanstalk =
Line 130: Line 143:
 
== Main settings ==
 
== Main settings ==
 
# Application name: '''wordpress'''
 
# Application name: '''wordpress'''
# Environment name: ''Wordpress-env'''
+
# Environment name: '''Wordpress-env'''
# Domain: ''' ''yourSenecaUsername''-assignment2''' (Click on the ''Check availability'' button to verify the URL is free.)
 
 
# Platform: '''PHP'''
 
# Platform: '''PHP'''
 
# Platform branch: '''PHP 8.1''' (or current latest)
 
# Platform branch: '''PHP 8.1''' (or current latest)
 
# Application code: '''Upload your code'''
 
# Application code: '''Upload your code'''
# Choose file: '''Downloaded wordpress source code zip file''' (You can download the wordpress source code here: https://wordpress.org/latest.zip)
+
# Choose file: '''wordpress-6.2-modded.zip''' (From your local computer)
# Version label: ''wordpress-versionnumber'' (Example: wordpress-6.1.1)
+
# Version label: '''wordpress-6.2'''
  
 
== Configure more options ==
 
== Configure more options ==
  
 
=== Software ===
 
=== Software ===
 +
[[Image:Ops705_a2_beanstalk-environment-variables-example.png|thumb|right|650px|Figure 2: Adding database connector information, auth keys and salts to your Elastic Beanstalk application as static Environment Variables.]]
 +
Before beginning this section, you will need two things:
 +
# Your database connector information (you saved this, right?)
 +
# Randomly generated auth keys and salts from here: https://api.wordpress.org/secret-key/1.1/salt/ (it's a good idea to save these in a text file, too)
 +
 +
Settings:
 
# Document root: '''/wordpress'''
 
# Document root: '''/wordpress'''
 
# Environment properties
 
# Environment properties
Line 147: Line 165:
 
## DB_USER: '''admin'''
 
## DB_USER: '''admin'''
 
## DB_PASSWORD: ''your auto-generated database password''
 
## DB_PASSWORD: ''your auto-generated database password''
## AUTH_KEY: ''(use gathered info from previous step)''
+
## AUTH_KEY: ''(use gathered info from salt page)''
## SECURE_AUTH_KEY: ''(use gathered info from previous step)''
+
## SECURE_AUTH_KEY: ''(use gathered info from salt page)''
## LOGGED_IN_KEY: ''(use gathered info from previous step)''
+
## LOGGED_IN_KEY: ''(use gathered info from salt page)''
## NONCE_KEY: ''(use gathered info from previous step)''
+
## NONCE_KEY: ''(use gathered info from salt page)''
## AUTH_SALT: ''(use gathered info from previous step)''
+
## AUTH_SALT: ''(use gathered info from salt page)''
## SECURE_AUTH_SALT: ''(use gathered info from previous step)''
+
## SECURE_AUTH_SALT: ''(use gathered info from salt page)''
## LOGGED_IN_SALT: ''(use gathered info from previous step)''
+
## LOGGED_IN_SALT: ''(use gathered info from salt page)''
## NONCE_SALT: ''(use gathered info from previous step)''
+
## NONCE_SALT: ''(use gathered info from salt page)''
 +
#* ''(Hint: None of these values should have single quotes in them. i.e. ')
  
 
=== Security ===
 
=== Security ===
Line 179: Line 198:
 
# EC2 Security Groups: '''Wordpress Website SG''' (both checked)
 
# EC2 Security Groups: '''Wordpress Website SG''' (both checked)
  
Create the application.
+
'''Create the application.'''
  
 
While you wait for the creation to complete, check your e-mail to confirm your notification subscription.
 
While you wait for the creation to complete, check your e-mail to confirm your notification subscription.
Line 214: Line 233:
 
# A single screenshot showing your active and complete Wordpress blog.
 
# A single screenshot showing your active and complete Wordpress blog.
  
Once submitted, you can leave your resources running.
+
Once submitted, you can leave your Elastic Beanstalk application running, but '''shutdown your Learner Lab environment'''.
  
 
[[Category:OPS705]]
 
[[Category:OPS705]]
 
[[Category:OPS705 Assignment]]
 
[[Category:OPS705 Assignment]]
 
[[Category:Digital Classroom]]
 
[[Category:Digital Classroom]]

Latest revision as of 13:47, 13 April 2023

In this assignment, you will install a WordPress blog in AWS using Elastic Beanstalk and RDS. You will construct this assignment in our AWS Academy Learner Lab classroom. The purpose of this assignment is to demonstrate your knowledge of Amazon Web Services gathered from our lectures and assigned labs and to show you how you can leverage PaaS to build a web application easily.

Unlike labs, assignments have minimal instructions. You are given specifications on what the assignment needs, and you must rely on your previous work in the course. If the assignment doesn't have the command you need, you can find it in your labs. As with Assignment 1, don't be afraid to do a little research!

Assignments in OPS705 are built as an assessment of your ability to meet the course objectives.

Task 1: Networking

In this task, you will create all the networking required for your new web application.

Virtual Private Cloud

Create a new VPC with the following settings:

  1. VPC only
  2. Name: Wordpress VPC
  3. IPv4 CIDR: 10.0.0.0/16
  4. Leave all other settings on default

Once created, modify this VPC (Edit VPC Settings) with the following actions:

  1. Enable DNS resolution: Checked
  2. Enable DNS hostnames: Checked

Subnets

Create two private IPv4 subnets in this VPC:

  1. Private Subnet 1 – 10.0.1.0/24us-east-1a
  2. Private Subnet 2 – 10.0.2.0/24us-east-1b

Create two public IPv4 subnets in this VPC:

  1. Public Subnet 1 – 10.0.11.0/24us-east-1a
  2. Public Subnet 2 – 10.0.12.0/24us-east-1b

Edit your public subnets (Edit subnet settings) with the following settings:

  1. Enable auto-assign public IPv4 address: Checked
  2. Enable resource name DNS A record on launch: Checked

Internet Gateway

Create a new Internet Gateway with the following:

  1. Name: Wordpress Gateway
  2. Once created, attach it to your Wordpress VPC.

Route Tables

Find your default route table for your Wordpress VPC and add the name: VPC-local Route Table

Create a second route table:

  1. Name: Wordpress Website Route Table
  2. VPC: Wordpress VPC
  3. Routes Entry 1:
    1. Destination: 10.0.0.0/16
    2. Target: local
  4. Routes Entry 2:
    1. Destination: 0.0.0.0/0
    2. Target: Internet Gateway – Wordpress Gateway

Security Groups

Create a security group with the following settings:

  1. Name: Wordpress Website SG
  2. Description: Allows HTTP traffic inbound
  3. VPC: Wordpress VPC
  4. Inbound Rule:
    1. Type: HTTP
    2. Source: Anywhere – IPv4 (0.0.0.0/0)

Create a security group with the following settings:

  1. Name: Wordpress Database SG
  2. Description: Allows MySQL traffic locally
  3. VPC: Wordpress VPC
  4. Inbound Rule:
    1. Type: MYSQL/Aurora
    2. Source: Custom (Select Wordpress Website SG in the search field)

Edit both public subnets’ route table associations to: Wordpress Website Route Table

Task 2: Database

Create a new RDS instance with the following settings:

  1. Engine type: MySQL
  2. Engine Version: MySQL 8.0.32 (or current latest version available)
  3. Templates: Free tier
  4. DB instance identifier: wordpress-db
  5. Master username: admin
  6. Auto generate a password: Checked
  7. DB instance class: db.t3.micro
  8. Allocated storage: 5
  9. Enable storage autoscaling: Unchecked
  10. Virtual private cloud (VPC): Wordpress VPC
  11. DB subnet group: Create new DB Subnet Group (if you're redoing your database creation, there will already be an entry here. Make sure you're using the Wordpress VPC in the setting above!)
  12. Public access: No
  13. VPC security group: Choose existing
  14. Existing VPC security groups: Remove default VPC, add Wordpress Database SG (look to see that it's there below the dropdown after you select it)
  15. Availability Zone: us-east-1a
  16. Monitoring > Enable Enhanced monitoring: Unchecked
  17. Below the Monitoring section, Additional configuration > Initial database name: wordpress (Write the database name down! You will need this later.)
  18. Enable automated backups: Unchecked
  19. Enable encryption: Unchecked

Once the database has finished creating, click on the View connection details button by the green success message at the top of the page. This gives you your database password.

Store the Master username, Master password, and Endpoint in a saved document along with your Initial database name. You’ll need it later.

Task 3: Wordpress Source Code Modification

Explanation: From your work with Wordpress in Assignment 1, you know you can simply upload the source code and the first time you load the webpage, you'll be asked for database connector information. However, Elastic Beanstalk applications are meant to be disposable. In A1, when you were adding that database connector info, it was being saved in a file called wp-config.php on the webserver VM. This is fine for that kind of setup, but in Elastic Beanstalk, changes made to static HTML or PHP are not saved if the Beanstalk application restarts, which it will do often. Whenever the application restarts, it will load from the source zip file. If you did as in A1, you'd have to constantly re-enter your DB connector info every time you started up your Learner Lab environment.

We could add the DB connector info to wp-config.php manually before we upload the source code, but there's a much better way. We use environment variables to allow us to put all the info in the Elastic Beanstalk application wizard. That way, every time the application restarts and reloads from the source code zip, it'll then read our connector information from AWS. Read below for details and steps.

Note: All other information, like the Wordpress website name, users, theme settings, blog posts, etc., are saved in the actual database you created in RDS. This database does not get reset when the Elastic Beanstalk application restarts, so your actual blog will remain intact.

Download and Unzip - Local Computer

  1. On your local machine, download the current Wordpress source code from here: https://wordpress.org/latest.zip
  2. Unzip the file. You should end up with a wordpress directory. (Do not delete the original .zip file)

Modify Wordpress Configuration File

Duplicate and Open Configuration File

  1. In the local wordpress folder, find a file called: wp-config-sample.php
  2. Duplicate this file, and call it: wp-config.php
  3. Open wp-config.php in a plain text editor. I recommend Sublime. (https://www.sublimetext.com/download)

Adding Database Connector Info as Environment Variables

Figure 1: Adding database connector information to wp-config.php.

In this file (wp-config.php), you will be adding database connector information as environment variables, not the actual connector information. (We'll add that information later.) Find the following lines and add the bolded values:

  1. define('DB_NAME', getenv('DB_NAME'));
  2. define('DB_USER', getenv('DB_USER'));
  3. define('DB_PASSWORD', getenv('DB_PASSWORD'));
  4. define('DB_HOST', getenv('DB_HOST'));

Adding Authentication Unique Keys and Salts as Environment Variables

In the same file (wp-config.php), you'll be adding the authentication keys and salts as environment variables. Find the following lines and add the bolded values:

  1. define('AUTH_KEY', getenv('AUTH_KEY'));
  2. define('SECURE_AUTH_KEY', getenv('SECURE_AUTH_KEY'));
  3. define('LOGGED_IN_KEY', getenv('LOGGED_IN_KEY'));
  4. define('NONCE_KEY', getenv('NONCE_KEY'));
  5. define('AUTH_SALT', getenv('AUTH_SALT'));
  6. define('SECURE_AUTH_SALT', getenv('SECURE_AUTH_SALT'));
  7. define('LOGGED_IN_SALT', getenv('LOGGED_IN_SALT'));
  8. define('NONCE_SALT', getenv('NONCE_SALT'));

Zip As New File and Rename - Local Computer

  1. Find the wordpress folder on your local computer.
  2. Zip the entire wordpress directory, not just the files inside. (Use the zip compression protocol. Don't use something else like .rar.)
  3. Rename your new zip file: wordpress-6.2-modded.zip (Use whatever version the source zip file has.)

Task 4: Elastic Beanstalk

Create a new Elastic Beanstalk application with the following settings:

Environment Tier

Select: Web server environment

Main settings

  1. Application name: wordpress
  2. Environment name: Wordpress-env
  3. Platform: PHP
  4. Platform branch: PHP 8.1 (or current latest)
  5. Application code: Upload your code
  6. Choose file: wordpress-6.2-modded.zip (From your local computer)
  7. Version label: wordpress-6.2

Configure more options

Software

Figure 2: Adding database connector information, auth keys and salts to your Elastic Beanstalk application as static Environment Variables.

Before beginning this section, you will need two things:

  1. Your database connector information (you saved this, right?)
  2. Randomly generated auth keys and salts from here: https://api.wordpress.org/secret-key/1.1/salt/ (it's a good idea to save these in a text file, too)

Settings:

  1. Document root: /wordpress
  2. Environment properties
    1. DB_HOST: your RDS database URL
    2. DB_NAME: initial database name
    3. DB_USER: admin
    4. DB_PASSWORD: your auto-generated database password
    5. AUTH_KEY: (use gathered info from salt page)
    6. SECURE_AUTH_KEY: (use gathered info from salt page)
    7. LOGGED_IN_KEY: (use gathered info from salt page)
    8. NONCE_KEY: (use gathered info from salt page)
    9. AUTH_SALT: (use gathered info from salt page)
    10. SECURE_AUTH_SALT: (use gathered info from salt page)
    11. LOGGED_IN_SALT: (use gathered info from salt page)
    12. NONCE_SALT: (use gathered info from salt page)
    • (Hint: None of these values should have single quotes in them. i.e. ')

Security

  1. Service role: LabRole
  2. EC2 key pair: vockey
  3. IAM instance profile: LabInstanceProfile

Monitoring

  1. System: Basic

Managed updates

  1. Enabled: Unchecked

Notifications

  1. Email: YourSenecaE-mailAddress

Network

  1. VPC: Wordpress VPC
  2. Public IP address: Checked
  3. Instance subnets: Public Subnet 1, Public Subnet 2 (both checked)
  4. Database subnets: Private Subnet 1, Private Subnet 2 (both checked)

Instances

  1. EC2 Security Groups: Wordpress Website SG (both checked)

Create the application.

While you wait for the creation to complete, check your e-mail to confirm your notification subscription.

Task 5: Site Configuration

Open the URL presented in the Wordpress EBS instance and begin the site setup:

Site Information

Set the following site information:

  1. Site Title: OPS705 Winter 2023 A2 - Full Name
  2. Username: yourSenecaUsername
  3. Password: Choose a strong password (do not reuse the DB password)
  4. Your Email: yourSenecaEmailAddress
  5. Search engine visibility: Unchecked

Task 5: Blog Posts

Delete the first template post. In your own words, answer the following questions in individual blog posts:

Blog Post: 1

How would you describe how you set up this Elastic Beanstalk+Database instance of Wordpress to a student who has just finished OPS705 Week 1?

Blog Post: 2

What was the most difficult part of this assignment for you?

Blog Post: 3

What parts of this assignment did you find easier compared to our IaaS version of Wordpress from Assignment 1?

Blog Post: 4

In the context of this assignment, briefly describe the function of the following: VPCs, subnets, security groups, route tables, internet gateways

Lab Submission

As with previous labs, your work will be evaluated by accessing your site directly. To formally submit, you must include the following:

  1. In the comment section of your submission, paste the URL of your new site.
  2. A single screenshot showing your active and complete Wordpress blog.

Once submitted, you can leave your Elastic Beanstalk application running, but shutdown your Learner Lab environment.