From dfca551e114d013b34ff2b6da64a8155d8e44832 Mon Sep 17 00:00:00 2001 From: AJ Danelz Date: Sat, 30 Dec 2023 13:06:18 -0500 Subject: [PATCH] Update instructions for internet connectivity (#161) update the other instructinos with veryify steps --- .../secure-public-access/development.md | 55 +++++++++++++++--- .../production-mutual-tls.md | 56 ++++++++++++++++--- .../secure-public-access/production.md | 56 ++++++++++++++++--- .../confluent-cloud/secure-public-access.md | 17 +++++- src/reference/aws/launch-ec2-instance.md | 3 + 5 files changed, 165 insertions(+), 22 deletions(-) diff --git a/src/how-tos/amazon-msk/secure-public-access/development.md b/src/how-tos/amazon-msk/secure-public-access/development.md index 79871091..476f1786 100644 --- a/src/how-tos/amazon-msk/secure-public-access/development.md +++ b/src/how-tos/amazon-msk/secure-public-access/development.md @@ -75,6 +75,9 @@ Follow the [Create Security Group](https://console.aws.amazon.com/vpcconsole/hom - Add Inbound Rule - Type: `SSH` - Source type: `My IP` +- Add Outbound Rule (if not exists) + - Type: `All traffic` + - Destination: `Anywhere-IPv4` ### Update the default security group rules @@ -276,23 +279,61 @@ ssh -i ~/.ssh/ ec2-user@ After logging in via SSH, check the status of the `zilla-plus` system service. +::: tabs + +@tab Service is running + +Verify that the `zilla-plus` service is active and logging output similar to that shown below. + ```bash:no-line-numbers systemctl status zilla-plus.service ``` -Verify that the `zilla-plus` service is active and logging output similar to that shown below. - ```output:no-line-numbers zilla-plus.service - Zilla Plus Loaded: loaded (/etc/systemd/system/zilla-plus.service; enabled; vendor preset: disabled) - Active: active (running) since Tue 2021-08-24 20:56:51 UTC; 1 day 19h ago - Main PID: 1803 (java) - CGroup: /system.slice/zilla-plus.service - └─... + Active: active (running) since... +``` + +@tab Check Ports -Aug 26 06:56:54 ip-10-0-3-104.ec2.internal zilla[1803]: Recorded usage for record id ... +Check for the active ports with `netstat`. + +```bash:no-line-numbers +netstat -ntlp +``` + +```output:no-line-numbers +tcp6 0 0 :::9092 :::* LISTEN 1726/.zpm/image/bin ``` +@tab Check Zilla Logs + +You can get an stdout dump of the `zilla-plus.service` using `journalctl`. + +```bash:no-line-numbers +journalctl -e -u zilla-plus.service | tee -a /tmp/zilla.log +``` + +```output:no-line-numbers +systemd[1]: Started zilla-plus.service - Zilla Plus. +... +``` + +@tab Check Cloud Init Logs + +All output from cloud-init is captured by default to `/var/log/cloud-init-output.log`. There shouldn't be any errors in this log. + +```bash:no-line-numbers +cat /var/log/cloud-init-output.log +``` + +```output:no-line-numbers +Cloud-init v. 22.2.2 running 'init'... +``` + +::: + Repeat these steps for each of the other proxies launched by the CloudFormation template. ## Verify Kafka Client Connectivity diff --git a/src/how-tos/amazon-msk/secure-public-access/production-mutual-tls.md b/src/how-tos/amazon-msk/secure-public-access/production-mutual-tls.md index 75bc9481..4f52faae 100644 --- a/src/how-tos/amazon-msk/secure-public-access/production-mutual-tls.md +++ b/src/how-tos/amazon-msk/secure-public-access/production-mutual-tls.md @@ -105,6 +105,9 @@ Follow the [Create Security Group](https://console.aws.amazon.com/vpcconsole/hom - Add Inbound Rule - Type: `SSH` - Source type: `My IP` +- Add Outbound Rule (if not exists) + - Type: `All traffic` + - Destination: `Anywhere-IPv4` ### Update the default security group rules @@ -308,25 +311,64 @@ Find the `Public IPv4 Address` and then SSH into the instance. ssh -i ~/.ssh/ ec2-user@ ``` + After logging in via SSH, check the status of the `zilla-plus` system service. +::: tabs + +@tab Service is running + +Verify that the `zilla-plus` service is active and logging output similar to that shown below. + ```bash:no-line-numbers systemctl status zilla-plus.service ``` -Verify that the `zilla-plus` service is active and logging output similar to that shown below. - ```output:no-line-numbers zilla-plus.service - Zilla Plus Loaded: loaded (/etc/systemd/system/zilla-plus.service; enabled; vendor preset: disabled) - Active: active (running) since Tue 2021-08-24 20:56:51 UTC; 1 day 19h ago - Main PID: 1803 (java) - CGroup: /system.slice/zilla-plus.service - └─... + Active: active (running) since... +``` + +@tab Check Ports + +Check for the active ports with `netstat`. + +```bash:no-line-numbers +netstat -ntlp +``` + +```output:no-line-numbers +tcp6 0 0 :::9092 :::* LISTEN 1726/.zpm/image/bin +``` -Aug 26 06:56:54 ip-10-0-3-104.ec2.internal zilla[1803]: Recorded usage for record id ... +@tab Check Zilla Logs + +You can get an stdout dump of the `zilla-plus.service` using `journalctl`. + +```bash:no-line-numbers +journalctl -e -u zilla-plus.service | tee -a /tmp/zilla.log +``` + +```output:no-line-numbers +systemd[1]: Started zilla-plus.service - Zilla Plus. +... +``` + +@tab Check Cloud Init Logs + +All output from cloud-init is captured by default to `/var/log/cloud-init-output.log`. There shouldn't be any errors in this log. + +```bash:no-line-numbers +cat /var/log/cloud-init-output.log +``` + +```output:no-line-numbers +Cloud-init v. 22.2.2 running 'init'... ``` +::: + Repeat these steps for each of the other proxies launched by the CloudFormation template. ### Configure Global DNS diff --git a/src/how-tos/amazon-msk/secure-public-access/production.md b/src/how-tos/amazon-msk/secure-public-access/production.md index 21b09cd4..3c28940d 100644 --- a/src/how-tos/amazon-msk/secure-public-access/production.md +++ b/src/how-tos/amazon-msk/secure-public-access/production.md @@ -86,6 +86,9 @@ Follow the [Create Security Group](https://console.aws.amazon.com/vpcconsole/hom - Add Inbound Rule - Type: `SSH` - Source type: `My IP` +- Add Outbound Rule (if not exists) + - Type: `All traffic` + - Destination: `Anywhere-IPv4` ### Update the default security group rules @@ -282,25 +285,64 @@ Find the `Public IPv4 Address` and then SSH into the instance. ssh -i ~/.ssh/ ec2-user@ ``` + After logging in via SSH, check the status of the `zilla-plus` system service. +::: tabs + +@tab Service is running + +Verify that the `zilla-plus` service is active and logging output similar to that shown below. + ```bash:no-line-numbers systemctl status zilla-plus.service ``` -Verify that the `zilla-plus` service is active and logging output similar to that shown below. - ```output:no-line-numbers zilla-plus.service - Zilla Plus Loaded: loaded (/etc/systemd/system/zilla-plus.service; enabled; vendor preset: disabled) - Active: active (running) since Tue 2021-08-24 20:56:51 UTC; 1 day 19h ago - Main PID: 1803 (java) - CGroup: /system.slice/zilla-plus.service - └─... + Active: active (running) since... +``` + +@tab Check Ports + +Check for the active ports with `netstat`. + +```bash:no-line-numbers +netstat -ntlp +``` + +```output:no-line-numbers +tcp6 0 0 :::9092 :::* LISTEN 1726/.zpm/image/bin +``` -Aug 26 06:56:54 ip-10-0-3-104.ec2.internal zilla[1803]: Recorded usage for record id ... +@tab Check Zilla Logs + +You can get an stdout dump of the `zilla-plus.service` using `journalctl`. + +```bash:no-line-numbers +journalctl -e -u zilla-plus.service | tee -a /tmp/zilla.log +``` + +```output:no-line-numbers +systemd[1]: Started zilla-plus.service - Zilla Plus. +... +``` + +@tab Check Cloud Init Logs + +All output from cloud-init is captured by default to `/var/log/cloud-init-output.log`. There shouldn't be any errors in this log. + +```bash:no-line-numbers +cat /var/log/cloud-init-output.log +``` + +```output:no-line-numbers +Cloud-init v. 22.2.2 running 'init'... ``` +::: + Repeat these steps for each of the other proxies launched by the CloudFormation template. ### Configure Global DNS diff --git a/src/how-tos/confluent-cloud/secure-public-access.md b/src/how-tos/confluent-cloud/secure-public-access.md index 563c997f..11a39f22 100644 --- a/src/how-tos/confluent-cloud/secure-public-access.md +++ b/src/how-tos/confluent-cloud/secure-public-access.md @@ -119,6 +119,9 @@ Make sure you have selected the desired region, such as `US East (N. Virginia) u - Add Inbound Rule - Type: `SSH` - Source type: `My IP` +- Add Outbound Rule (if not exists) + - Type: `All traffic` + - Destination: `Anywhere-IPv4` - Create the Security Group Navigate to the VPC Management Console [Security Groups](https://console.aws.amazon.com/vpc/home#securityGroups:) table. Select the `my-zilla-proxy-sg` security group you just created. You will create an inbound rule to allow all traffic inside itself. @@ -327,7 +330,7 @@ netstat -ntlp tcp6 0 0 :::9092 :::* LISTEN 1726/.zpm/image/bin ``` -@tab Check Logs +@tab Check Zilla Logs You can get an stdout dump of the `zilla-plus.service` using `journalctl`. @@ -340,6 +343,18 @@ systemd[1]: Started zilla-plus.service - Zilla Plus. ... ``` +@tab Check Cloud Init Logs + +All output from cloud-init is captured by default to `/var/log/cloud-init-output.log`. There shouldn't be any errors in this log. + +```bash:no-line-numbers +cat /var/log/cloud-init-output.log +``` + +```output:no-line-numbers +Cloud-init v. 22.2.2 running 'init'... +``` + ::: Repeat these steps for each of the other proxies launched by the CloudFormation template. diff --git a/src/reference/aws/launch-ec2-instance.md b/src/reference/aws/launch-ec2-instance.md index cf5eb871..f5bc8caf 100644 --- a/src/reference/aws/launch-ec2-instance.md +++ b/src/reference/aws/launch-ec2-instance.md @@ -61,6 +61,9 @@ Filter the security groups by selecting a `VPC` and select the `default` securit - Add Inbound Rule - Type: `SSH` - Source type: `My IP` +- Add Outbound Rule (if not exists) + - Type: `All traffic` + - Destination: `Anywhere-IPv4` ::: info This makes the launched EC2 instance accessible via `SSH`.