Attaching a Restored Boot Volume to an Existing Instance

I did some research on attaching a restored boot volume to an existing instance but per this document, it might not be possible.

Here is the part I think it may not be possible.

You can use a boot volume backup to create an instance or you can attach it to another instance as a data volume.

This kind of tells me you can only create a new instance from the backup or attach it as a data volume.

Well, I’m not giving up my hope. How about cloning? I wonder if you can attach the cloned boot volume to an existing instance? I will find out.

How to Backup an Instance and Restore on Oracle Cloud Infrastructure

Backup

I would like to backup the boot volume of an instance to Object Storage and be able to restore the backed up image. Here are the steps.

I am going to ssh into the instance that I provisioned and create a file under my home directory.

So I have test.txt under my home directory. And then, I am going to backup the boot volume in Object Storage.

If you click Boot Volume link, it takes you to the link.

And if you click the link, you get to see the following options.

Now, click on Boot Volume Backups link. Now you can create a Boot Volume Backup as you can see in the image below.

Once you click Create Boot Volume Backup button, you can create a backup like the below. Click on Create Boot Volume Backup blue button to start the process

Once backup is complete, you should see it’s available now.

Just to be able to check if the boot volume has been restored, I am adding another line in test.txt. When I restore the volume, the second line should be gone.

I’m going to run the following commands after the backup. I should be able to run those commands again to update the OS after restoring the boot volume.

sudo apt update && sudo apt upgrade

Restoration

If you navigate to Menu-> Storage -> Block Storage -> Boot Volume Backups, you should see the list of boot volume backup. Now click on the target backup.

Click on the target backup and then click Restore Boot Volume button.

Now if you navigate to Menu -> Storage -> Block Storage -> Boot Volumes, you can see the one you just restored.

Once the boot volume is restored, attach it to the instance you already have. But first, you have to stop the instance and detach the boot volume.

If you go to the boot volume section of the instance details, you can detach the boot volume.

Well, I am not seeing the action item to attach restored boot volume in the menu. So I am restoring to OCI CLI to see if it works.

The following command may just work for me.

oci compute boot-volume-attachment attach --boot-volume-id [text] --instance-id [text]

It looks easy enough. Well, but it didn’t work.

ServiceError:
{
    "code": "Conflict",
    "message": "Boot volume ocid1.bootvolume.oc1.iad.abuwcljro5zeuegg7i2ms7xoaxgeft5mpef3ucykogfehtjhjde3zy676ddq cannot be attached to instance ocid1.instance.oc1.iad.anuwcljroksebviczqhtrjxzsu2d7angpz3bnpnl5z5gko27spvqlacxvicq. It can only be attached to its parent instance.",
    "opc-request-id": "98ECF81CD426418EB99DBB929733865A/38C80819B5A2267CEF1E0F89086F26D6/164678769EA39E4C60B724840D7F9F87",
    "status": 409
}

I googled it but could not figure out why. I will look into the issue when I have some time. Now my only option is to create a new instance out of the restored boot volume.

If you navigate to the restored boot volume, you can create a new instance.

Now that I was able to create an instance out of the restored boot volume, I was able to get the text.txt file I created in my home directory. And the second line I created after backing up was not there.

In a sense, this experiment was successful but I still need to figure out why I was not able to attach the restored boot volume to the existing instance.

Free Oracle Cloud Infrastructure Certification

Oracle is offering free Oracle Cloud Infrastructure certification taking. I got notified about it a few weeks ago and studied for it to get my certification for Oracle Cloud Infrastructure Foundation.

If you head on over to https://education.oracle.com/oracle-oci-certification, you can still access the study materials for free and take exams for free until 12/31/2021.

Oracle Cloud Infrastructure Foundations 2021 Certified Associate

I studied for Oracle Cloud Infrastructure Foundation Certified Associate and took the exam today. I passed it!

This is a basic knowledge check for Oracle Cloud Infrastructure, so it wasn’t too hard. I did spend time to study for it though. There were some information I wish I had known a while ago… Oracle offers good study resources on their site.

Certification doesn’t determine your skill level but it’s good to go over it because there are pieces of information that you never come across through your daily work.

I will continue to go for a few more certifications as time allows.

How to Create Jenkins Slave on Linux

Most of the articles I find on creating a permanent Jenkins slave on Linux requires the slave node to be exposed to public Internet. I want the Linux slave to be pinging Jenkins master just like Windows service. Here is the way I came up with.

Install Prerequisites

  • Java (sudo dnf install java-11-openjdk.x86_64)
    • Check if the Java has been installed. (java -version)
      Result:
openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

Add a Permanent Node

Login to Jenkins master and click Manage Jenkins -> Manage Nodes and Clouds. Click New Node. And then give the node a name (like linux-node), select Permanent Agent and click OK.

And then, click Save button. If you navigate to the node that you just created, you should see something like…

We will take copy this line.

java -jar agent.jar -jnlpUrl https://jenkins.hayato-iriumi.net/computer/linux%2Dnode/jenkins-agent.jnlp -secret 136fa14dcc4013727e24c9f1a9b84127d7c7ca0cfa15e22c1e1d4e0140122529 -workDir ""

Now, we’ll have to download agent.jar from the Jenkins master and upload the file to the slave machine. Just click on the agent.jar link to download it.

I have the agent.jar file in Downloads directory, so here is the command to upload the agent.jar file to the slave machine.

scp ./Downloads/agent.jar hiriumi@192.168.1.29:~

Now, ssh into the slave machine.

ssh hiriumi@192.169.1.29

Trust SSL Certificate

If your Jenkins master has SSL implemented, it’s a good practice to trust the SSL certificate. Here is how you can download the certificate on your slave machine.

openssl s_client -showcerts -connect jenkins.hayato-iriumi.net:443 < /dev/null | openssl x509 -outform DER > jenkins.hayato-iriumi.net.cer

Now use keytool to trust it.

sudo keytool -trustcacerts \
-keystore "/etc/java/java-11-openjdk/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/lib/security/cacerts" \
-storepass changeit -alias jenkins -import -file \
"/home/hiriumi/jenkins.hayato-iriumi.net.cer"

Create a Script File and Execute

Paste the Java command you get from the node page in to slave.sh

java -jar agent.jar \
-jnlpUrl https://jenkins.hayato-iriumi.net/computer/linux%2Dnode/jenkins-agent.jnlp \
-secret 136fa14dcc4013727e24c9f1a9b84127d7c7ca0cfa15e22c1e1d4e0140122529 -workDir "./slave"

Make sure slave.sh is executable by adding execute flag on the file.

chmod +x slave.sh

If you execute the slave.sh file, it starts to communicate with the Jenkins master and starts to serve as one of the Jenkins slave.

./slave.sh

Once the connection is successful, you will see something like the following.

Now, this method does not survive restarting the slave machine. Now that the communication is successful, I will look into making this script a daemon.

Where Cloud Makes Sense

There are some Cloud providers out there. AWS by Amazon being one of the most famous one. There is Azure by Microsoft and there is OCI (Oracle Cloud Infrastructure) by Oracle. Cloud is nothing but computers on the other side of the Internet is what I used to think, but it’s a lot more.

I mean imagine a situation where you want to run a high demanded service? You would have to hire bunch of experienced engineers, invest in infrastructure, compute resources and then you have to design networking, how applications can be deployed, and how they can be monitored… It is not hard to imagine the amount of money that you would have to spend up front is big.

And the service your company have may experience big spike by holiday season demand but other times, not so much. If you host your application on-premise, the money you need to invest is big throughout the year.

However, if you do it on Cloud, you spend pretty much nothing up front. You can scale up your infrastructure depending on the load but you can terminate the resources that you don’t use other times. I think Cloud can save you so much.

Plus, Cloud providers does hardware maintenance for you. If an SSD fails, they replace it for you at no cost. They are specialized in it. And they keep adding services so that you can use them.

When you think about the infrastructure that they have, it could cost you hundreds of millions of dollars if not a billion. I heard that the initial investment that Larry Ellison did for Oracle Cloud Infrastructure was around 2 billion dollars.

Imagine your company has to pay that much money up front to create your own Cloud? I mean, paying 2 billion dollars doesn’t mean you are gonna get good scalable Cloud. You have to have the right engineers at the right place.

The more I learn about Cloud, the more I believe in it and it amazes me how it can change the IT world.

How to Install htop on Oracle Linux 7

I wrote an article on how to install htop on Oracle Linux before. Thanks to Markus, I learned that installing htop is just a matter of enabling a repo on Oracle Linux 8. I have a Oracle Linux 7 host that I use for a customer and I wanted to install htop on it. I tried to look for epel repo in /etc/yum.repos.d/oracle-linux-ol7.repo but I could not find it. So the only option for me is to add the epel repo under /etc/yum.repo.d

I looked for EPEL repo for Oracle Linux 7 and added the following in /etc/yum.repos.d/oracle-epel-ol7.repo

[ol7_developer_EPEL]
name=Oracle Linux $releasever EPEL Packages for Development ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

Then run the following command.

sudo yum update
sudo yum install htop

Then, you get to install htop on Oracle Linux 7. 🙂

Uploading Backup File to OCI’s Object Storage via Jenkins

I have had a need to upload a zip file for backup from a Windows agent to Oracle Cloud Infrastructure’s Object Storage. Here is what I did.

Installed OCI CLI for Windows. Please follow this link to install it on Windows. Then, Install Jenkins slave on the same machine. I have a step by step instruction on how to do it. Once you install it, make sure to change the account to run the slave as to the account you used to install OCI CLI. Otherwise, it won’t work.

On the Jenkins job, using Compress-Archive Cmdlet, you can zip up some directories into a zip file.

Compress-Archive -Path $zipPaths -DestinationPath $zipFile

Please note that Compress-Archive has a limitation of 2GB. I heard that it’s the limitation of the underlining API.

Now that you have the zip file, you can upload it to Object Storage like the following.

oci os object put -bn backup --file $zipFile -ns "yournamespace" `
	--parallel-upload-count 5 --part-size 20 --verify-checksum

I am recommending this method to a customer because Object Storage is a relatively cheap and secure storage on OCI. It also supports retention duration and also replication. Great feature for relatively reasonable service.

Cheapest Way to Blog with Your Own Domain

Most of the hosting services want you to buy domain and host your site there. As I was working on my blog site, I’ve learned how I could change DNS record to point to my free tier host on Oracle Cloud Infrastructure. I wanted to do it because iPage.com was too slow for me.

Then, I thought what if I could use a service that allows me to just buy domains and manage my own DNS records without any hosting and host my site on OCI’s free tier?

When I was watching Scott Hanselman‘s YouTube video, I noticed something. He was using DNSimple for his DNS management. So this is a site where you can buy domains and manage DNS records and SSL certs.

So I pay $6 every month for the service and I pay $16 every year for my domain. $6×12+$16=$88 My blog site is hosted at OCI’s free tier host, so it does not cost anything. So I can have my own blog with my domain name for $88 per year. I think it’s quite reasonable.

Of course, this method requires pretty good knowledge of How IP address works, DNS, Web Server, Database and SSL but if you are an engineer or planning to be one, I’d highly recommend it.

How to Add an Additional Public Key to an Existing Instance on OCI

You may want to access an existing instance from another client machine that has a different public/private key pair on Oracle Cloud Infrastructure. I looked around the net and I could not find a solid documentation on how to do it. Basically, the OCI console itself does not have a support to add another public key.

I thought of my previous post on passwordless SSH article. Basically, you are adding public key to ~/.ssh/authorized_keys so that whoever has the public key in the list can SSH into it. I tried adding a new public key to ~/.ssh/authorized_keys on an existing instance and it was successful. I will describe the steps below.

  1. On a new client machine, execute ssh-keygen to generate a new public/private key pair. If you have already done it, you can skip this step.
  2. It generates ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).
  3. Print the public key on your terminal by executing cat ~/.ssh/id_rsa.pub
  4. Copy the public key to the machine that you already have access to the instance. You could email it to yourself or use something like DropBox.
  5. SSH into your existing instance.
  6. Open authorized_keys file. vim ~/.ssh/authorized_keys
  7. Copy the new public key and paste it in the last line.
  8. Save the file and exit vim. (:wq)
  9. Go back to the machine where you generated the public key.
  10. SSH into the machine now and you now have access to the instance.

This method probably can be applied to other cloud services as well as long as you have a Linux distro instance.