Changes in f3fc9b7: bug5912: more progress on install script for Sailing Analytics Server from a scratch Amazon Linux 2023

				configuration/crontab
			
          @@ -1,2 +1 @@

           * * * * *	export PATH=/bin:/usr/bin:/usr/local/bin; sleep $(( $RANDOM * 60 / 32768 )); update_authorized_keys_for_landscape_managers_if_changed $( cat /root/ssh-key-reader.token ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err

          -* * * * *	export PATH=/bin:/usr/bin:/usr/local/bin; switchoverArchive.sh /etc/httpd/conf.d/000-macros.conf 2 9

				configuration/sailing
			
          @@ -26,19 +26,16 @@ SERVERS_DIR=/home/sailing/servers

           cd "${SERVERS_DIR}"

           JAVA_START_INSTANCES="$(find * -type d -prune)"

           GIT_REPOSITORY=/home/sailing/code

          -APACHE_CONFIG_DIR=/etc/httpd/conf.d

          -APACHE_INTERNALS_CONFIG_FILE="$APACHE_CONFIG_DIR/001-internals.conf"

          -EC2_METADATA_CMD=/opt/aws/bin/ec2-metadata

          +if [ -x /usr/bin/ec2-metadata ]; then

          +  EC2_METADATA_CMD=/usr/bin/ec2-metadata

          +else

          +  EC2_METADATA_CMD=/opt/aws/bin/ec2-metadata

          +fi

           REBOOT_INDICATOR=/var/run/is-rebooted

           SSH_KEY_READER_BEARER_TOKEN=/root/ssh-key-reader.token

           echo "Executing with $1 at `date`" >>/var/log/sailing.err

          -start_tmux() {

          -	su - sailing -c "/home/sailing/bin/tmuxConsole.sh unattended"

          -	success

          -}

          -

           start_servers() {

                   /usr/local/bin/update_authorized_keys_for_landscape_managers $( cat ${SSH_KEY_READER_BEARER_TOKEN} ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err

           	cp /home/sailing/code/configuration/cp_root_mail_properties /usr/local/bin

          @@ -65,8 +62,6 @@ start_servers() {

           	    else

           	      echo "Server to configure and start: ${FIRST_SERVER}" >>/var/log/sailing.err

           	      configure_and_start_server "${FIRST_SERVER}"

          -	      create_basic_httpd_config "${FIRST_SERVER}"

          -	      reload_httpd

           	    fi

           	    echo 1 >"${REBOOT_INDICATOR}"

           	  fi

          @@ -98,7 +93,6 @@ stop_servers() {

           		su - sailing -c "cd $SERVERS_DIR/$conf && ./stop"

           		RETVAL=$?

           		[ $RETVAL -eq 0 ] && success || failure

          -		stop_httpd

           		sync_logs

           	done

           }

          @@ -109,37 +103,6 @@ sync_logs() {

           	sync

           }

          -reload_httpd() {

          -	echo "Will try to launch httpd so this replica can work with an ELB easily." >>/var/log/sailing.err

          -	if [ -x /etc/init.d/httpd ]; then

          -	  echo "Reloading httpd configuration..." >>/var/log/sailing.err

          -	  service httpd reload

          -	else

          -	  echo "Can't launch httpd; start script doesn't seem to be installed at /etc/init.d/httpd"

          -	fi

          -}

          -

          -# Adds a Plain-SSL mapping to the first server's port and a mapping for /internal-server-status, both to 001-internals.conf

          -create_basic_httpd_config() {

          -    FIRST_SERVER=$1

          -    if [ -d $SERVERS_DIR/$FIRST_SERVER ]; then

          -      source $SERVERS_DIR/$FIRST_SERVER/env.sh

          -    fi

          -    echo "Writing macro invocation to ${APACHE_INTERNALS_CONFIG_FILE} to map internal IP $INSTANCE_INTERNAL_IP4 to plain server running $SERVER_PORT..." >>/var/log/sailing.err

          -    echo "Use Plain-SSL ${INSTANCE_INTERNAL_IP4} 127.0.0.1 $SERVER_PORT" >"${APACHE_INTERNALS_CONFIG_FILE}"

          -    # Append Apache macro invocation for /internal-server-status based on mod_status and INSTANCE_DNS to "${APACHE_INTERNALS_CONFIG_FILE}"

          -    echo "Appending macro usage for $INSTANCE_DNS/internal-server-status URL for mod_status based Apache monitoring to ${APACHE_INTERNALS_CONFIG_FILE}" >>/var/log/sailing.err

          -    echo "## SERVER STATUS" >>"${APACHE_INTERNALS_CONFIG_FILE}"

          -    echo "Use Status $INSTANCE_DNS internal-server-status" >>"${APACHE_INTERNALS_CONFIG_FILE}"

          -}

          -

          -stop_httpd() {

          -	if [ -x /etc/init.d/httpd ]; then

          -		service httpd stop

          -		echo "Stopped httpd..." >>/var/log/sailing.err

          -	fi

          -}

          -

           # See how we were called.

           case "$1" in

             start)

				configuration/sailing_server_setup/crontab-root
			
          @@ -0,0 +1 @@

          +* * * * *       export PATH=/bin:/usr/bin:/usr/local/bin; sleep $(( $RANDOM * 60 / 32768 )); update_authorized_keys_for_landscape_managers_if_changed $( cat /root/ssh-key-reader.token ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err

				configuration/sailing_server_setup/sailing.service
			
          @@ -0,0 +1,12 @@

          +[Unit]

          +Description=The sailing start-up service reading through EC2 userdata and acting accordingly

          +Requires=-.mount

          +After=-.mount

          +

          +[Install]

          +

          +[Service]

          +Type=oneshot

          +RemainAfterExit=true

          +ExecStart=/etc/init.d/sailing start

          +ExecStop=/etc/init.d/sailing stop

				configuration/sailing_server_setup/setup-sailing-server.sh
			
          @@ -6,11 +6,16 @@ if [ $# != 0 ]; then

           else

             if ec2-metadata | grep -q instance-id; then

               echo "Running on an AWS EC2 instance as user ${USER} / $(whoami), starting setup..."

          -    # TODO: install JVM

          -    # install mountnvmeswap stuff

          -    # install /etc/init.d/sailing start-up script

          -    # mount /home

          +    # Allow root ssh login with the same key used for the ec2-user for now;

          +    # later, a cron job will be installed that keeps the /root/authorized_keys file

          +    # up to date with all landscape managers' public SSH keys

          +    sudo cp /home/ec2-user/.ssh/authorized_keys /root/.ssh

          +    sudo chown root /root/.ssh/authorized_keys

          +    sudo chgrp root /root/.ssh/authorized_keys

               sudo adduser sailing

          +    sudo su - sailing -c "mkdir servers"

          +    # Create an SSH key pair with empty passphrase for ec2-user, deploy it to trac@sapsailing.com

          +    # and then move it to the sailing user's .ssh directory

               ssh-keygen -t ed25519 -P '' -f /home/ec2-user/.ssh/id_ed25519

               cat /home/ec2-user/.ssh/id_ed25519.pub | ssh root@sapsailing.com "cat >>/home/trac/.ssh/authorized_keys"

               sudo mkdir /home/sailing/.ssh

          @@ -18,10 +23,66 @@ else

               sudo chown -R sailing /home/sailing/.ssh

               sudo chgrp -R sailing /home/sailing/.ssh

               sudo chmod 700 /home/sailing/.ssh

          +    # Install standard packages:

               sudo yum -y update

          -    sudo yum -y install git tmux

          +    sudo yum -y install git tmux nvme-cli chrony

          +    # Force acceptance of sapsailing.com's host key:

               sudo su - sailing -c "ssh -o StrictHostKeyChecking=false trac@sapsailing.com ls" >/dev/null

          +    # Clone Git to /home/sailing/code

               sudo su - sailing -c "git clone ssh://trac@sapsailing.com/home/trac/git code"

          +    # Install SAP JVM 8:

          +    sudo mkdir -p /opt

          +    sudo su - -c "source /home/sailing/code/configuration/imageupgrade_functions.sh; download_and_install_latest_sap_jvm_8"

          +    # Install sailing.sh script to /etc/profile.d

          +    sudo ln -s /home/sailing/code/configuration/sailing.sh /etc/profile.d

          +    # TODO: install /etc/init.d/sailing start-up script

          +    sudo ln -s /home/sailing/code/configuration/sailing /etc/init.d/sailing

          +    sudo ln -s /home/sailing/code/configuration/sailing_server_setup/sailing.service /etc/systemd/system

          +    sudo systemctl daemon-reload

          +    sudo systemctl enable sailing.service

          +    # Configure SSH daemon:

          +    sudo cat << EOF >>/etc/ssh/sshd_config

          +PermitRootLogin without-password

          +PermitRootLogin Yes

          +MaxStartups 100

          +EOF

          +    # Increase limits

          +    sudo cat << EOF >>/etc/sysctl.conf

          +# number of connections the firewall can track

          +net.ipv4.ip_conntrac_max = 131072

          +EOF

          +    # Install mountnvmeswap stuff

          +    sudo ln -s /home/sailing/code/configuration/sailing_server_setup/mountnvmeswap /usr/local/bin

          +    sudo ln -s /home/sailing/code/configuration/sailing_server_setup/mountnvmeswap.service /etc/systemd/system

          +    sudo systemctl daemon-reload

          +    sudo systemctl enable mountnvmeswap.service

          +    # Install MongoDB 4.4 and configure as replica set "replica"

          +    sudo cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo

          +[mongodb-org-4.4]

          +name=MongoDB Repository

          +baseurl=https://repo.mongodb.org/yum/amazon/2023/mongodb-org/4.4/x86_64/

          +gpgcheck=1

          +enabled=1

          +gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

          +EOF

          +    sudo yum -y update

          +    sudo yum -y install mongodb-org-server mongodb-org-shell mongodb-org-tools

          +    sudo cat << EOF >>/etc/mongod.conf

          +replication:

          +  replSetName: replica

          +EOF

          +    sudo systemctl start mongod.service

          +    echo "rs.initiate()" | mongo

          +    # Install cron job for ssh key update for landscape managers

          +    sudo ln -s /home/sailing/code/configuration/update_authorized_keys_for_landscape_managers /usr/local/bin

          +    sudo ln -s /home/sailing/code/configuration/update_authorized_keys_for_landscape_managers_if_changed /usr/local/bin

          +    sudo ln -s /home/sailing/code/configuration/sailing_server_setup/crontab-root /root/crontab

          +    sudo su - -c "crontab /root/crontab"

          +    scp root@sapsailing.com:ssh-key-reader.token /tmp

          +    sudo mv /tmp/ssh-key-reader.token /root

          +    sudo chown root /root/ssh-key-reader.token

          +    sudo chgrp root /root/ssh-key-reader.token

          +    sudo chmod 600 /root/ssh-key-reader.token

             else

               echo "Not running on an AWS instance; refusing to run setup!" >&2

               exit 2

				wiki/info/landscape/creating-ec2-image-from-scratch.md
			
          @@ -1,6 +1,6 @@

           # Creating an Amazon AWS EC2 Image from Scratch

          -I started out with a clean "Amazon Linux AMI 2015.03 (HVM), SSD Volume Type - ami-a10897d6" image from Amazon and added the existing Swap and Home snapshots as new volumes. The root/system volume I left as is, to start with. This requires having access to a user key that can be selected when launching the image.

          +I started out with a clean "Amazon Linux AMI 2023" image from Amazon with a single 100GB root volume. The root/system volume I left as is, to start with. This requires having access to a user key that can be selected when launching the image.

           Add a ``sailing`` user / group. Under that user account, clone ``ssh://trac@sapsailing.com/home/trac/git`` to ``/home/sailing/code``.

          @@ -52,14 +52,14 @@ A latest MongoDB shell is installed by the following:

           cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo

           [mongodb-org-4.4]

           name=MongoDB Repository

          -baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/4.4/x86_64/

          +baseurl=https://repo.mongodb.org/yum/amazon/2023/mongodb-org/4.4/x86_64/

           gpgcheck=1

           enabled=1

           gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

           EOF

           yum update

          -yum install mongodb-org-shell

          +yum install mongodb-org-server mongodb-org-shell mongodb-org-tools

           ```

           Then I created a mount point /home/sailing and copied the following lines from the /etc/fstab file from an existing SL instance:

          @@ -175,4 +175,4 @@ VNCSERVERARGS[2]="-geometry 1600x900"

           ```

           ## Mail Relaying

          -For setting up mail relaying towards central postfix server, have a look [here](https://wiki.sapsailing.com/wiki/info/landscape/mail-relaying)

          \ No newline at end of file

          +For setting up mail relaying towards central postfix server, have a look [here](https://wiki.sapsailing.com/wiki/info/landscape/mail-relaying)

...	...	@@ -1,2 +1 @@
1	1	* * * * * export PATH=/bin:/usr/bin:/usr/local/bin; sleep $(( $RANDOM * 60 / 32768 )); update_authorized_keys_for_landscape_managers_if_changed $( cat /root/ssh-key-reader.token ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err
2		-* * * * * export PATH=/bin:/usr/bin:/usr/local/bin; switchoverArchive.sh /etc/httpd/conf.d/000-macros.conf 2 9

...	...	@@ -26,19 +26,16 @@ SERVERS_DIR=/home/sailing/servers
26	26	cd "${SERVERS_DIR}"
27	27	JAVA_START_INSTANCES="$(find * -type d -prune)"
28	28	GIT_REPOSITORY=/home/sailing/code
29		-APACHE_CONFIG_DIR=/etc/httpd/conf.d
30		-APACHE_INTERNALS_CONFIG_FILE="$APACHE_CONFIG_DIR/001-internals.conf"
31		-EC2_METADATA_CMD=/opt/aws/bin/ec2-metadata
	29	+if [ -x /usr/bin/ec2-metadata ]; then
	30	+ EC2_METADATA_CMD=/usr/bin/ec2-metadata
	31	+else
	32	+ EC2_METADATA_CMD=/opt/aws/bin/ec2-metadata
	33	+fi
32	34	REBOOT_INDICATOR=/var/run/is-rebooted
33	35	SSH_KEY_READER_BEARER_TOKEN=/root/ssh-key-reader.token
34	36
35	37	echo "Executing with $1 at `date`" >>/var/log/sailing.err
36	38
37		-start_tmux() {
38		- su - sailing -c "/home/sailing/bin/tmuxConsole.sh unattended"
39		- success
40		-}
41		-
42	39	start_servers() {
43	40	/usr/local/bin/update_authorized_keys_for_landscape_managers $( cat ${SSH_KEY_READER_BEARER_TOKEN} ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err
44	41	cp /home/sailing/code/configuration/cp_root_mail_properties /usr/local/bin
...	...	@@ -65,8 +62,6 @@ start_servers() {
65	62	else
66	63	echo "Server to configure and start: ${FIRST_SERVER}" >>/var/log/sailing.err
67	64	configure_and_start_server "${FIRST_SERVER}"
68		- create_basic_httpd_config "${FIRST_SERVER}"
69		- reload_httpd
70	65	fi
71	66	echo 1 >"${REBOOT_INDICATOR}"
72	67	fi
...	...	@@ -98,7 +93,6 @@ stop_servers() {
98	93	su - sailing -c "cd $SERVERS_DIR/$conf && ./stop"
99	94	RETVAL=$?
100	95	[ $RETVAL -eq 0 ] && success \|\| failure
101		- stop_httpd
102	96	sync_logs
103	97	done
104	98	}
...	...	@@ -109,37 +103,6 @@ sync_logs() {
109	103	sync
110	104	}
111	105
112		-reload_httpd() {
113		- echo "Will try to launch httpd so this replica can work with an ELB easily." >>/var/log/sailing.err
114		- if [ -x /etc/init.d/httpd ]; then
115		- echo "Reloading httpd configuration..." >>/var/log/sailing.err
116		- service httpd reload
117		- else
118		- echo "Can't launch httpd; start script doesn't seem to be installed at /etc/init.d/httpd"
119		- fi
120		-}
121		-
122		-# Adds a Plain-SSL mapping to the first server's port and a mapping for /internal-server-status, both to 001-internals.conf
123		-create_basic_httpd_config() {
124		- FIRST_SERVER=$1
125		- if [ -d $SERVERS_DIR/$FIRST_SERVER ]; then
126		- source $SERVERS_DIR/$FIRST_SERVER/env.sh
127		- fi
128		- echo "Writing macro invocation to ${APACHE_INTERNALS_CONFIG_FILE} to map internal IP $INSTANCE_INTERNAL_IP4 to plain server running $SERVER_PORT..." >>/var/log/sailing.err
129		- echo "Use Plain-SSL ${INSTANCE_INTERNAL_IP4} 127.0.0.1 $SERVER_PORT" >"${APACHE_INTERNALS_CONFIG_FILE}"
130		- # Append Apache macro invocation for /internal-server-status based on mod_status and INSTANCE_DNS to "${APACHE_INTERNALS_CONFIG_FILE}"
131		- echo "Appending macro usage for $INSTANCE_DNS/internal-server-status URL for mod_status based Apache monitoring to ${APACHE_INTERNALS_CONFIG_FILE}" >>/var/log/sailing.err
132		- echo "## SERVER STATUS" >>"${APACHE_INTERNALS_CONFIG_FILE}"
133		- echo "Use Status $INSTANCE_DNS internal-server-status" >>"${APACHE_INTERNALS_CONFIG_FILE}"
134		-}
135		-
136		-stop_httpd() {
137		- if [ -x /etc/init.d/httpd ]; then
138		- service httpd stop
139		- echo "Stopped httpd..." >>/var/log/sailing.err
140		- fi
141		-}
142		-
143	106	# See how we were called.
144	107	case "$1" in
145	108	start)

...	...	@@ -0,0 +1 @@
	1	+* * * * * export PATH=/bin:/usr/bin:/usr/local/bin; sleep $(( $RANDOM * 60 / 32768 )); update_authorized_keys_for_landscape_managers_if_changed $( cat /root/ssh-key-reader.token ) https://security-service.sapsailing.com /root 2>&1 >>/var/log/sailing.err

...	...	@@ -0,0 +1,12 @@
	1	+[Unit]
	2	+Description=The sailing start-up service reading through EC2 userdata and acting accordingly
	3	+Requires=-.mount
	4	+After=-.mount
	5	+
	6	+[Install]
	7	+
	8	+[Service]
	9	+Type=oneshot
	10	+RemainAfterExit=true
	11	+ExecStart=/etc/init.d/sailing start
	12	+ExecStop=/etc/init.d/sailing stop

...	...	@@ -6,11 +6,16 @@ if [ $# != 0 ]; then
6	6	else
7	7	if ec2-metadata \| grep -q instance-id; then
8	8	echo "Running on an AWS EC2 instance as user ${USER} / $(whoami), starting setup..."
9		- # TODO: install JVM
10		- # install mountnvmeswap stuff
11		- # install /etc/init.d/sailing start-up script
12		- # mount /home
	9	+ # Allow root ssh login with the same key used for the ec2-user for now;
	10	+ # later, a cron job will be installed that keeps the /root/authorized_keys file
	11	+ # up to date with all landscape managers' public SSH keys
	12	+ sudo cp /home/ec2-user/.ssh/authorized_keys /root/.ssh
	13	+ sudo chown root /root/.ssh/authorized_keys
	14	+ sudo chgrp root /root/.ssh/authorized_keys
13	15	sudo adduser sailing
	16	+ sudo su - sailing -c "mkdir servers"
	17	+ # Create an SSH key pair with empty passphrase for ec2-user, deploy it to trac@sapsailing.com
	18	+ # and then move it to the sailing user's .ssh directory
14	19	ssh-keygen -t ed25519 -P '' -f /home/ec2-user/.ssh/id_ed25519
15	20	cat /home/ec2-user/.ssh/id_ed25519.pub \| ssh root@sapsailing.com "cat >>/home/trac/.ssh/authorized_keys"
16	21	sudo mkdir /home/sailing/.ssh
...	...	@@ -18,10 +23,66 @@ else
18	23	sudo chown -R sailing /home/sailing/.ssh
19	24	sudo chgrp -R sailing /home/sailing/.ssh
20	25	sudo chmod 700 /home/sailing/.ssh
	26	+ # Install standard packages:
21	27	sudo yum -y update
22		- sudo yum -y install git tmux
	28	+ sudo yum -y install git tmux nvme-cli chrony
	29	+ # Force acceptance of sapsailing.com's host key:
23	30	sudo su - sailing -c "ssh -o StrictHostKeyChecking=false trac@sapsailing.com ls" >/dev/null
	31	+ # Clone Git to /home/sailing/code
24	32	sudo su - sailing -c "git clone ssh://trac@sapsailing.com/home/trac/git code"
	33	+ # Install SAP JVM 8:
	34	+ sudo mkdir -p /opt
	35	+ sudo su - -c "source /home/sailing/code/configuration/imageupgrade_functions.sh; download_and_install_latest_sap_jvm_8"
	36	+ # Install sailing.sh script to /etc/profile.d
	37	+ sudo ln -s /home/sailing/code/configuration/sailing.sh /etc/profile.d
	38	+ # TODO: install /etc/init.d/sailing start-up script
	39	+ sudo ln -s /home/sailing/code/configuration/sailing /etc/init.d/sailing
	40	+ sudo ln -s /home/sailing/code/configuration/sailing_server_setup/sailing.service /etc/systemd/system
	41	+ sudo systemctl daemon-reload
	42	+ sudo systemctl enable sailing.service
	43	+ # Configure SSH daemon:
	44	+ sudo cat << EOF >>/etc/ssh/sshd_config
	45	+PermitRootLogin without-password
	46	+PermitRootLogin Yes
	47	+MaxStartups 100
	48	+EOF
	49	+ # Increase limits
	50	+ sudo cat << EOF >>/etc/sysctl.conf
	51	+# number of connections the firewall can track
	52	+net.ipv4.ip_conntrac_max = 131072
	53	+EOF
	54	+ # Install mountnvmeswap stuff
	55	+ sudo ln -s /home/sailing/code/configuration/sailing_server_setup/mountnvmeswap /usr/local/bin
	56	+ sudo ln -s /home/sailing/code/configuration/sailing_server_setup/mountnvmeswap.service /etc/systemd/system
	57	+ sudo systemctl daemon-reload
	58	+ sudo systemctl enable mountnvmeswap.service
	59	+ # Install MongoDB 4.4 and configure as replica set "replica"
	60	+ sudo cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo
	61	+[mongodb-org-4.4]
	62	+name=MongoDB Repository
	63	+baseurl=https://repo.mongodb.org/yum/amazon/2023/mongodb-org/4.4/x86_64/
	64	+gpgcheck=1
	65	+enabled=1
	66	+gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
	67	+EOF
	68	+ sudo yum -y update
	69	+ sudo yum -y install mongodb-org-server mongodb-org-shell mongodb-org-tools
	70	+ sudo cat << EOF >>/etc/mongod.conf
	71	+replication:
	72	+ replSetName: replica
	73	+EOF
	74	+ sudo systemctl start mongod.service
	75	+ echo "rs.initiate()" \| mongo
	76	+ # Install cron job for ssh key update for landscape managers
	77	+ sudo ln -s /home/sailing/code/configuration/update_authorized_keys_for_landscape_managers /usr/local/bin
	78	+ sudo ln -s /home/sailing/code/configuration/update_authorized_keys_for_landscape_managers_if_changed /usr/local/bin
	79	+ sudo ln -s /home/sailing/code/configuration/sailing_server_setup/crontab-root /root/crontab
	80	+ sudo su - -c "crontab /root/crontab"
	81	+ scp root@sapsailing.com:ssh-key-reader.token /tmp
	82	+ sudo mv /tmp/ssh-key-reader.token /root
	83	+ sudo chown root /root/ssh-key-reader.token
	84	+ sudo chgrp root /root/ssh-key-reader.token
	85	+ sudo chmod 600 /root/ssh-key-reader.token
25	86	else
26	87	echo "Not running on an AWS instance; refusing to run setup!" >&2
27	88	exit 2

...	...	@@ -1,6 +1,6 @@
1	1	# Creating an Amazon AWS EC2 Image from Scratch
2	2
3		-I started out with a clean "Amazon Linux AMI 2015.03 (HVM), SSD Volume Type - ami-a10897d6" image from Amazon and added the existing Swap and Home snapshots as new volumes. The root/system volume I left as is, to start with. This requires having access to a user key that can be selected when launching the image.
	3	+I started out with a clean "Amazon Linux AMI 2023" image from Amazon with a single 100GB root volume. The root/system volume I left as is, to start with. This requires having access to a user key that can be selected when launching the image.
4	4
5	5	Add a ``sailing`` user / group. Under that user account, clone ``ssh://trac@sapsailing.com/home/trac/git`` to ``/home/sailing/code``.
6	6
...	...	@@ -52,14 +52,14 @@ A latest MongoDB shell is installed by the following:
52	52	cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo
53	53	[mongodb-org-4.4]
54	54	name=MongoDB Repository
55		-baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/4.4/x86_64/
	55	+baseurl=https://repo.mongodb.org/yum/amazon/2023/mongodb-org/4.4/x86_64/
56	56	gpgcheck=1
57	57	enabled=1
58	58	gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
59	59	EOF
60	60
61	61	yum update
62		-yum install mongodb-org-shell
	62	+yum install mongodb-org-server mongodb-org-shell mongodb-org-tools
63	63	```
64	64
65	65	Then I created a mount point /home/sailing and copied the following lines from the /etc/fstab file from an existing SL instance:
...	...	@@ -175,4 +175,4 @@ VNCSERVERARGS[2]="-geometry 1600x900"
175	175	```
176	176
177	177	## Mail Relaying
178		-For setting up mail relaying towards central postfix server, have a look [here](https://wiki.sapsailing.com/wiki/info/landscape/mail-relaying)
...	...	\ No newline at end of file
	0	+For setting up mail relaying towards central postfix server, have a look [here](https://wiki.sapsailing.com/wiki/info/landscape/mail-relaying)