Setting up a dual server LAMP host on EC2
9 views
Skip to first unread message
Micah Walter
Jul 9, 2009, 9:13:13 AM7/9/09
to AWS User group
Hi,
I am trying to configure a LAMP stack using two m1.small EC2
instances. My images are the base ubuntu 8.10 servers from Canonical.
The first server will be my PHP and Apache server and the second
server will be set up for MySQL. Each will have an attached EBS volume
to store user data, mysql databases, and anything else dynamic.
I have been trying to figure out how to connect the two but am having
trouble. On the MySQL server I have installed mysql-server and
modified the my.cnf file to comment out the bind-address line.
On the PHP server I have tried to connect to MySQL but have so far
been unsuccessful. I tried adding privileges on the MySQL server using
the internal ip as the hostname, but this still doesn't seem to work.
Is there another setting I need to do in my.cnf? I looked for "skip-
networking" but didn't see it in the file.
I'm also a little concerned about setting up DNS. I would eventually
like to expand this stack to a 4 server setup with two web servers and
a master-slave pair for mysql. If anyone has advice on how to do this
in DNS I would also really love to hear about it!
thanks for your advice
-micah
I am trying to configure a LAMP stack using two m1.small EC2
instances. My images are the base ubuntu 8.10 servers from Canonical.
The first server will be my PHP and Apache server and the second
server will be set up for MySQL. Each will have an attached EBS volume
to store user data, mysql databases, and anything else dynamic.
I have been trying to figure out how to connect the two but am having
trouble. On the MySQL server I have installed mysql-server and
modified the my.cnf file to comment out the bind-address line.
On the PHP server I have tried to connect to MySQL but have so far
been unsuccessful. I tried adding privileges on the MySQL server using
the internal ip as the hostname, but this still doesn't seem to work.
Is there another setting I need to do in my.cnf? I looked for "skip-
networking" but didn't see it in the file.
I'm also a little concerned about setting up DNS. I would eventually
like to expand this stack to a 4 server setup with two web servers and
a master-slave pair for mysql. If anyone has advice on how to do this
in DNS I would also really love to hear about it!
thanks for your advice
-micah
Micah Walter
Jul 9, 2009, 9:35:39 AM7/9/09
to AWS User group
Okay to follow up on my own question. It appears I am able to connect
to MySQL from the PH server if I grant access to a user for the
internal ip of the php host. In other words I did this...
on the MySQL server
mysql> GRANT ALL *.* TO 'micah'@'internal-ip-of-php-server' IDENTIFIED
BY 'my-password';
then on the PHP server I just did a $ mysql -u micah -h iternal-ip-of-
php-server -p
this works and seems to connect and everything is good. However, it's
a little rigid for a scalable cluster. What if I want to add a second
web server, or a third or 4th? Will I need to grant access to a user
for each internal IP? I'm guessing this al gets fixed somehow using
DNS, but I don't really understand how to set that up.
I tried granting privs using the elastic IP that I had assigned to my
PHP server, but it didn't seem to work. I would assume any DNS I set
up would be using these external IPs, so I am sort of confused as to
how it would all work out...
-micah
to MySQL from the PH server if I grant access to a user for the
internal ip of the php host. In other words I did this...
on the MySQL server
mysql> GRANT ALL *.* TO 'micah'@'internal-ip-of-php-server' IDENTIFIED
BY 'my-password';
then on the PHP server I just did a $ mysql -u micah -h iternal-ip-of-
php-server -p
this works and seems to connect and everything is good. However, it's
a little rigid for a scalable cluster. What if I want to add a second
web server, or a third or 4th? Will I need to grant access to a user
for each internal IP? I'm guessing this al gets fixed somehow using
DNS, but I don't really understand how to set that up.
I tried granting privs using the elastic IP that I had assigned to my
PHP server, but it didn't seem to work. I would assume any DNS I set
up would be using these external IPs, so I am sort of confused as to
how it would all work out...
-micah
Ross Cooney
Jul 9, 2009, 4:10:53 PM7/9/09
to AWS User group
On 9 July, 14:35, Micah Walter <micahwal...@gmail.com> wrote:
> Okay to follow up on my own question. It appears I am able to connect
> to MySQL from the PH server if I grant access to a user for the
> internal ip of the php host. In other words I did this...
>
> on the MySQL server
>
Hi Micah,
> Okay to follow up on my own question. It appears I am able to connect
> to MySQL from the PH server if I grant access to a user for the
> internal ip of the php host. In other words I did this...
>
> on the MySQL server
>
The best way to do this is using the mysql statement that you have
already used:
> mysql> GRANT ALL *.* TO 'micah'@'internal-ip-of-php-server' IDENTIFIED
> BY 'my-password';
server.
--
Ross Cooney
www.emailcloud.com
Rozmic Wireless Limited
16/17 Gateshead int'l Business Centre
Mulgrave Terrace
Gateshead
NE8 1AN
United Kingdom.
Tel: 0845 130 5523
Micah Walter
Jul 9, 2009, 5:30:30 PM7/9/09
to AWS User group
Ross,
I sort of guessed as much... However, I am thinking there must be a
better way of doing this. What if I want to spin up 10 php servers? I
would have to go in an grant access for each internal IP? This would
be especially complicated if I had more than one user...
-micah
I sort of guessed as much... However, I am thinking there must be a
better way of doing this. What if I want to spin up 10 php servers? I
would have to go in an grant access for each internal IP? This would
be especially complicated if I had more than one user...
-micah
Matt Wood
Jul 10, 2009, 5:17:50 AM7/10/09
to aws-use...@googlegroups.com
Hi Micah,
My advice would be to use the EC2 security rules to control access to
the MySQL server, rather than granting permissions on a host by host
basis.
As you probably know, by default, EC2 doesn't allow any incoming
connections, but you can manage which nodes can access which other
nodes using the access permissions in a security group. For example,
you could have a 'database' group which is permitted to access the
default MySQL port on a particular server, and add you PHP nodes to
this group at instantiation.
These groups can also be updated dynamically, should you need to
change things down the road.
It's best to try and avoid tight coupling between infrastructure
layers on the cloud - but AWS has a great set of tools for helping to
do just that.
Let me know how you get on.
~ Matt
My advice would be to use the EC2 security rules to control access to
the MySQL server, rather than granting permissions on a host by host
basis.
As you probably know, by default, EC2 doesn't allow any incoming
connections, but you can manage which nodes can access which other
nodes using the access permissions in a security group. For example,
you could have a 'database' group which is permitted to access the
default MySQL port on a particular server, and add you PHP nodes to
this group at instantiation.
These groups can also be updated dynamically, should you need to
change things down the road.
It's best to try and avoid tight coupling between infrastructure
layers on the cloud - but AWS has a great set of tools for helping to
do just that.
Let me know how you get on.
~ Matt
Sebastian Stadil
Jul 10, 2009, 12:40:52 PM7/10/09
to aws-use...@googlegroups.com
Hi there.
I second what Matt Wood said: do not couple your elements tightly. Use the access permissions.
Incidentally, most Cloud management software makes it much easier to do just that. Check out RightScale, or their open source competitor, Scalr.net.
Regards,
Sebastian
I second what Matt Wood said: do not couple your elements tightly. Use the access permissions.
Incidentally, most Cloud management software makes it much easier to do just that. Check out RightScale, or their open source competitor, Scalr.net.
Regards,
Sebastian
Micah Walter
Jul 10, 2009, 9:22:50 AM7/10/09
to AWS User group
Matt,
Thanks for the advice. I will definitely look into security groups.
For now, I did some testing and if I grant access to a user for "Any
Host" this sort of solves my problem. Security seems to be set to not
allow connections from external hosts ( outside my subnet ) and this
includes other EC2 instances on other account.
I still have the issue of having to know the current internal IP of
the MySQL server. So, in this setup, I can easily add PHP servers, but
if I need to tear down the MySQL server and start a new one, I will
need to re-enter the host address for each node accessing the MySQL
server. This will of course be for each node and for each connection!
It would be much more ideal to have an internal domain name such as
master.mysubnet.com or something so that I could kind of set this by
default, and it would just get updated whenever my MySQL server
changed internal IPs. With this configuration, my PHP nodes would
always know where my MySQL server was, and my MySQL server would
always allow them to connect.
It really isn't as huge deal at the moment as I am still only dealing
with a single PHP node and a single MySQL node, but it would be nice
to have this plan in place for the future....
-micah
Thanks for the advice. I will definitely look into security groups.
For now, I did some testing and if I grant access to a user for "Any
Host" this sort of solves my problem. Security seems to be set to not
allow connections from external hosts ( outside my subnet ) and this
includes other EC2 instances on other account.
I still have the issue of having to know the current internal IP of
the MySQL server. So, in this setup, I can easily add PHP servers, but
if I need to tear down the MySQL server and start a new one, I will
need to re-enter the host address for each node accessing the MySQL
server. This will of course be for each node and for each connection!
It would be much more ideal to have an internal domain name such as
master.mysubnet.com or something so that I could kind of set this by
default, and it would just get updated whenever my MySQL server
changed internal IPs. With this configuration, my PHP nodes would
always know where my MySQL server was, and my MySQL server would
always allow them to connect.
It really isn't as huge deal at the moment as I am still only dealing
with a single PHP node and a single MySQL node, but it would be nice
to have this plan in place for the future....
-micah
Matt Wood
Jul 10, 2009, 1:20:06 PM7/10/09
to aws-use...@googlegroups.com
Hi Micah,
Your best bet here is to use Amazon's elastic IP service to assign an
IP to your MySQL server, and map that to a domain, just as you
suggested. You can then point your PHP nodes to that subdomain, which
will resolve to the elastic IP, which you can point at the MySQL node
(or a cache, or a load balancer, or whatever). Elastic IPs are free
when in use.
Just as a heads up, if you assign an elastic IP to a node, the node's
hostname will change to reflect the new IP. A good rule of thumb is to
consider everything in your cloud infrastructure as temporary: any
hard coded names will be sure to bite back later.
Hope this helps - do let me know if you have any other questions.
~ Matt
Your best bet here is to use Amazon's elastic IP service to assign an
IP to your MySQL server, and map that to a domain, just as you
suggested. You can then point your PHP nodes to that subdomain, which
will resolve to the elastic IP, which you can point at the MySQL node
(or a cache, or a load balancer, or whatever). Elastic IPs are free
when in use.
Just as a heads up, if you assign an elastic IP to a node, the node's
hostname will change to reflect the new IP. A good rule of thumb is to
consider everything in your cloud infrastructure as temporary: any
hard coded names will be sure to bite back later.
Hope this helps - do let me know if you have any other questions.
~ Matt
Micah Walter
Jul 10, 2009, 1:28:42 PM7/10/09
to AWS User group
Matt,
Yes, this is sort of what I was thinking... so essentially the setup
would be...
1) Assign Elastic IP for MySQL node
2) Create DNS entry for it, such as master.mydomain.com or whatever
( I do this via godaddy )
3) set up a security group to allow my php nodes to access the default
mysql port
4) set my php nodes to access mysql via master.mydomain.com instead of
the internal ip address of the mysql node
- I still have to look a little closer at how to set up the security
group... i am in fact using Rightscale, so this should be failry easy
I hope!
- I'm also wondering why when I post a message here it takes about a
half hour to appear! :)
thanks again for your help... this is gonna rock when it's all set up!
-m
Yes, this is sort of what I was thinking... so essentially the setup
would be...
1) Assign Elastic IP for MySQL node
2) Create DNS entry for it, such as master.mydomain.com or whatever
( I do this via godaddy )
3) set up a security group to allow my php nodes to access the default
mysql port
4) set my php nodes to access mysql via master.mydomain.com instead of
the internal ip address of the mysql node
- I still have to look a little closer at how to set up the security
group... i am in fact using Rightscale, so this should be failry easy
I hope!
- I'm also wondering why when I post a message here it takes about a
half hour to appear! :)
thanks again for your help... this is gonna rock when it's all set up!
-m
Matt Wood
Jul 11, 2009, 5:19:16 AM7/11/09
to aws-use...@googlegroups.com
Hi Micah,
Yes - that sounds like a good plan. The security groups are pretty
easy to setup, especially if you're using RightScale.
Good luck, and let me know how you get on!
~ Matt
Yes - that sounds like a good plan. The security groups are pretty
easy to setup, especially if you're using RightScale.
Good luck, and let me know how you get on!
~ Matt
Micah Walter
Jul 20, 2009, 9:03:16 PM7/20/09
to AWS User group
So I have been investigating how to do this with security groups and
rightscale... can anyone give me a rundown? I am not getting it so
far.. basically I want a group for my php/apache servers, and a group
for mysql server, granting access for those php servers to get at
master.mydomain.com instead of the internal IP address...
-m
rightscale... can anyone give me a rundown? I am not getting it so
far.. basically I want a group for my php/apache servers, and a group
for mysql server, granting access for those php servers to get at
master.mydomain.com instead of the internal IP address...
-m
Reply all
Reply to author
Forward
0 new messages