AWS

AKOS-Study-Manual-EKS-Setup

두번째로 진행한 가시다님과의 스터디! AKOS다.

가시다님은 편한 스터디를 위해서 항상 CloudFromation 을 제공해주시지만 청개구리인 나는 사실 그대로 따라해본적은 없다. 이번에도 그렇다. 먼저 VPC와 bastion-hsot를 생성하는 cloudformation 템플릿을 주셨지만 어찌..엔지니어가 된자의 도리로 그대로 따라만 하겠는가..

라고 생각하여 일단 새로 생성하는것이 아닌..내가 사용하던 EC2에 셋팅을 했다.

미리 사용하던 VPC가 있었기에 VPC도 그대로 쓴다.

aws cli,eksctl,kubectl,
실습에서 사용하는 postgresql cmd docker 등 실습에 필요한 것들을 설치했다.
해당 부분은 cloudformation 템플릿에 user-data 로 셋팅하는 부분을 참고했다.

bastion-host를 셋팅후 bastion-host에 이미 ssm 을 사용하기 위해 추가했던 역할에 실습에 사용하기위한 권한을 을 부여했다.

실습이 끝나면 administratoraccess 권한을 제거한다.

EC2에 부여된 역할도 확인했다.

나는 SSM을 사용하기 때문에 SSH로 인스턴스를 접근하지 않는다. 실습중에 SSH에 접근하기 위해 보안그룹을 여는과정이 있었는데, 그부분은 스킵한다.

이런식으로 웹에서 콘솔을 사용할수 있다. SSH 와는 다르다 SSH와는..

자쿠와는 다르다! 자쿠와는!"은 무슨 뜻일까?

키페어를 생성하는 중에 추가된게 보였다 pem 말고 이젠 ppk 방식의 키도 제공한다..
이전까지는 puttygen으로 제너레이터 하던부분이 개선된거 같다. 개꿀팁...와...

이제 EKS 구성!!

클러스터 구성은 다음과 같은 명령어를 사용한다.

eksctl create cluster --vpc-public-subnets $WKSubnets --name $CLUSTER_NAME --region $AWS_REGION --version 1.21 \
 --nodegroup-name $CLUSTER_NAME-nodegroup --node-type t3.medium --nodes 3 --nodes-min 3 --nodes-max 6 \
 --with-oidc --node-volume-size=20 --ssh-access --ssh-public-key $MySSHKeypair --dry-run

근데 또 이대로 생성은 못한다. 이유는 나는..수동으로 하기때문.......가자 매뉴얼의 길!!

echo "export WKVPC=`aws ec2 describe-vpcs --filters Name=tag:Name,Values=Linuxer-Blog-VPC | jq -r '.Vpcs[].VpcId'`" >> ~/.bashrc
echo $WKVPC
vpc-094808933b68add7c
echo "export AWS_REGION=$AWS_REGION" >> ~/.bashrc
echo "export CLUSTER_NAME=first-eks" >> ~/.bashrc
echo "export WKSubnets=subnet-0a603a222db0cce10,subnet-007964ce4a003361a,subnet-007813cf58631ef3b" >> ~/.bashrc
echo "export MySSHKeypair=eks-test-key" >> ~/.bashrc
source ~/.bashrc

그리고 클러스터 생성을 dry-run 으로 하면

ksctl create cluster --vpc-public-subnets $WKSubnets --name $CLUSTER_NAME --region $AWS_REGION --version 1.21 \
>  --nodegroup-name $CLUSTER_NAME-nodegroup --node-type t3.medium --nodes 3 --nodes-min 3 --nodes-max 6 \
>  --with-oidc --node-volume-size=20 --ssh-access --ssh-public-key $MySSHKeypair --dry-run
apiVersion: eksctl.io/v1alpha5
availabilityZones:
- ap-northeast-2c
- ap-northeast-2b
- ap-northeast-2a
cloudWatch:
  clusterLogging: {}
iam:
  vpcResourceControllerPolicy: true
  withOIDC: true
kind: ClusterConfig
managedNodeGroups:
- amiFamily: AmazonLinux2
  desiredCapacity: 3
  disableIMDSv1: false
  disablePodIMDS: false
  iam:
    withAddonPolicies:
      albIngress: false
      appMesh: false
      appMeshPreview: false
      autoScaler: false
      certManager: false
      cloudWatch: false
      ebs: false
      efs: false
      externalDNS: false
      fsx: false
      imageBuilder: false
      xRay: false
  instanceSelector: {}
  instanceType: t3.medium
  labels:
    alpha.eksctl.io/cluster-name: first-eks
    alpha.eksctl.io/nodegroup-name: first-eks-nodegroup
  maxSize: 6
  minSize: 3
  name: first-eks-nodegroup
  privateNetworking: false
  releaseVersion: ""
  securityGroups:
    withLocal: null
    withShared: null
  ssh:
    allow: true
    publicKeyPath: eks-test-key
  tags:
    alpha.eksctl.io/nodegroup-name: first-eks-nodegroup
    alpha.eksctl.io/nodegroup-type: managed
  volumeIOPS: 3000
  volumeSize: 20
  volumeThroughput: 125
  volumeType: gp3
metadata:
  name: first-eks
  region: ap-northeast-2
  version: "1.21"
privateCluster:
  enabled: false
vpc:
  autoAllocateIPv6: false
  cidr: 10.0.0.0/16
  clusterEndpoints:
    privateAccess: false
    publicAccess: true
  id: vpc-094808933b68add7c
  manageSharedNodeSecurityGroupRules: true
  nat:
    gateway: Disable
  subnets:
    public:
      ap-northeast-2a:
        az: ap-northeast-2a
        cidr: 10.0.11.0/24
        id: subnet-0a603a222db0cce10
      ap-northeast-2b:
        az: ap-northeast-2b
        cidr: 10.0.12.0/24
        id: subnet-007964ce4a003361a
      ap-northeast-2c:
        az: ap-northeast-2c
        cidr: 10.0.13.0/24
        id: subnet-007813cf58631ef3b

잘 동작한다.

eksctl create cluster --vpc-public-subnets $WKSubnets --name $CLUSTER_NAME --region $AWS_REGION --version 1.21 \
>  --nodegroup-name $CLUSTER_NAME-nodegroup --node-type t3.medium --nodes 3 --nodes-min 3 --nodes-max 6 \
>  --with-oidc --node-volume-size=20 --ssh-access --ssh-public-key $MySSHKeypair
2021-08-28 12:09:47 [ℹ]  eksctl version 0.63.0
2021-08-28 12:09:47 [ℹ]  using region ap-northeast-2
2021-08-28 12:09:47 [✔]  using existing VPC (vpc-094808933b68add7c) and subnets (private:map[] public:map[ap-northeast-2a:{subnet-0a603a222db0cce10 ap-northeast-2a 10.0.11.0/24} ap-northeast-2b:{subnet-007964ce4a003361a ap-northeast-2b 10.0.12.0/24} ap-northeast-2c:{subnet-007813cf58631ef3b ap-northeast-2c 10.0.13.0/24}])
2021-08-28 12:09:47 [!]  custom VPC/subnets will be used; if resulting cluster doesn't function as expected, make sure to review the configuration of VPC/subnets
2021-08-28 12:09:47 [ℹ]  nodegroup "first-eks-nodegroup" will use "" [AmazonLinux2/1.21]
2021-08-28 12:09:47 [ℹ]  using EC2 key pair %!q(*string=<nil>)
2021-08-28 12:09:47 [ℹ]  using Kubernetes version 1.21
2021-08-28 12:09:47 [ℹ]  creating EKS cluster "first-eks" in "ap-northeast-2" region with managed nodes
2021-08-28 12:09:47 [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
2021-08-28 12:09:47 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=ap-northeast-2 --cluster=first-eks'
2021-08-28 12:09:47 [ℹ]  CloudWatch logging will not be enabled for cluster "first-eks" in "ap-northeast-2"
2021-08-28 12:09:47 [ℹ]  you can enable it with 'eksctl utils update-cluster-logging --enable-types={SPECIFY-YOUR-LOG-TYPES-HERE (e.g. all)} --region=ap-northeast-2 --cluster=first-eks'
2021-08-28 12:09:47 [ℹ]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "first-eks" in "ap-northeast-2"
2021-08-28 12:09:47 [ℹ]  2 sequential tasks: { create cluster control plane "first-eks", 3 sequential sub-tasks: { 4 sequential sub-tasks: { wait for control plane to become ready, associate IAM OIDC provider, 2 sequential sub-tasks: { create IAM role for serviceaccount "kube-system/aws-node", create serviceaccount "kube-system/aws-node" }, restart daemonset "kube-system/aws-node" }, 1 task: { create addons }, create managed nodegroup "first-eks-nodegroup" } }
2021-08-28 12:09:47 [ℹ]  building cluster stack "eksctl-first-eks-cluster"
2021-08-28 12:09:48 [ℹ]  deploying stack "eksctl-first-eks-cluster"
2021-08-28 12:10:18 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-cluster"

eksctl 도 내부적으론 cloudformation 으로 동작하는것을 알수있다.
eksctl 을 안쓰고 수동으로 node 만들고 EKS-master 에 연결하고 했다면 아마 좀힘들지 않았을까..? 하고 생각하는 중에 에러가 발생했다.

021-08-28 12:30:36 [✖]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 12:30:36 [ℹ]  fetching stack events in attempt to troubleshoot the root cause of the failure
2021-08-28 12:30:36 [!]  AWS::IAM::Role/NodeInstanceRole: DELETE_IN_PROGRESS
2021-08-28 12:30:36 [!]  AWS::EC2::LaunchTemplate/LaunchTemplate: DELETE_IN_PROGRESS
2021-08-28 12:30:36 [!]  AWS::EKS::Nodegroup/ManagedNodeGroup: DELETE_IN_PROGRESS
2021-08-28 12:30:36 [✖]  AWS::EKS::Nodegroup/ManagedNodeGroup: CREATE_FAILED – "Nodegroup first-eks-nodegroup failed to stabilize: [{Code: Ec2SubnetInvalidConfiguration,Message: One or more Amazon EC2 Subnets of [subnet-007964ce4a003361a, subnet-0a603a222db0cce10, subnet-007813cf58631ef3b] for node group first-eks-nodegroup does not automatically assign public IPaddresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip,ResourceIds: [subnet-007964ce4a003361a, subnet-0a603a222db0cce10, subnet-007813cf58631ef3b]}]"
2021-08-28 12:30:36 [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2021-08-28 12:30:36 [ℹ]  to cleanup resources, run 'eksctl delete cluster --region=ap-northeast-2 --name=first-eks'
2021-08-28 12:30:36 [✖]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup": ResourceNotReady: failed waiting for successful resource state
Error: failed to create cluster "first-eks"

으아니.....서브넷에서 Public IP를 자동으로 붙이도록 해야한다니ㅠㅠ AWS양반 이게 무슨말이요....

나는 기본으로 끄도록 설정한다. 켜주고..

또 보니까 eks 를 생성명령어 치고 에러가 발생하면 

eksctl delete cluster --region=ap-northeast-2 --name=first-eks
2021-08-28 12:35:42 [ℹ]  eksctl version 0.63.0
2021-08-28 12:35:42 [ℹ]  using region ap-northeast-2
2021-08-28 12:35:42 [ℹ]  deleting EKS cluster "first-eks"
2021-08-28 12:35:42 [ℹ]  deleted 0 Fargate profile(s)
2021-08-28 12:35:42 [✔]  kubeconfig has been updated
2021-08-28 12:35:42 [ℹ]  cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress
2021-08-28 12:35:43 [!]  retryable error (Throttling: Rate exceeded
        status code: 400, request id: 3c52ae23-c941-435c-82ef-4df78b0f706e) from cloudformation/DescribeStacks - will retry after delay of 5.632676043s
2021-08-28 12:35:50 [ℹ]  3 sequential tasks: { delete nodegroup "first-eks-nodegroup", 2 sequential sub-tasks: { 2 sequential sub-tasks: { delete IAM role for serviceaccount "kube-system/aws-node", delete serviceaccount "kube-system/aws-node" }, delete IAM OIDC provider }, delete cluster control plane "first-eks" [async] }
2021-08-28 12:35:50 [ℹ]  will delete stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 12:35:50 [ℹ]  waiting for stack "eksctl-first-eks-nodegroup-first-eks-nodegroup" to get deleted
2021-08-28 12:35:50 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 12:36:06 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 12:36:06 [ℹ]  will delete stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 12:36:06 [ℹ]  waiting for stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node" to get deleted
2021-08-28 12:36:06 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 12:36:24 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 12:36:24 [ℹ]  deleted serviceaccount "kube-system/aws-node"
2021-08-28 12:36:25 [ℹ]  will delete stack "eksctl-first-eks-cluster"
2021-08-28 12:36:25 [✔]  all cluster resources were deleted

자동으로 삭제하진 않고 내가 수동으로 삭제해야한다. 삭제를 하면 다시 설치!! 설치가 완료됬다.

이제 pgsql rds와 secretmanager 셋팅을 할거다.

t2.micro로 생성하고

Secrets Manager 도 생성했다.

rds endpoint 도 변수로 추가하고 보안그룹 열어주고 pgsql 유저 패스워드를 지정한다

RDSEP=eksworkdb.cnnbttekipxl.ap-northeast-2.rds.amazonaws.com
createuser -d -U eksdbadmin -P -h $RDSEP mywork
Enter password for new role:
Enter it again:
Password:
#디비 생성
PGPASSWORD=$AppDbPw createdb -U mywork -h $RDSEP -E UTF8 myworkdb

이후로는 책의 진행을 따라서 backend-app 까지 배포했다.

ubectl logs -l app=backend-app -f --max-log-requests 8
2021-08-28 14:00:12.504 [http-nio-8080-exec-7] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:00:12.507 [http-nio-8080-exec-8] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:00:42.503 [http-nio-8080-exec-3] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:00:42.505 [http-nio-8080-exec-5] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:01:12.503 [http-nio-8080-exec-5] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:01:12.503 [http-nio-8080-exec-4] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:01:42.503 [http-nio-8080-exec-1] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:01:42.505 [http-nio-8080-exec-2] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:02:12.508 [http-nio-8080-exec-8] INFO  k.s.presentation.api.HealthApi - Health GET API called.
2021-08-28 14:02:12.513 [http-nio-8080-exec-9] INFO  k.s.presentation.api.HealthApi - Health GET API called.

정상적으로 들어오는거 확인하고~ 프론트를 빌드했다.

이후에 빌드한 것을 s3 로 정적호스팅 설정하고,

OAI 설정 및 연결해주고..대부분 기본설정이다.

이전에 만든 CF를 썼는데 원본이름이 이상하다...

일단 정적페이지 까지 띄웠다.

생각보다 긴 실습이었다.

eksctl delete cluster --region=ap-northeast-2 --name=first-eks
2021-08-28 14:28:19 [ℹ]  eksctl version 0.63.0
2021-08-28 14:28:19 [ℹ]  using region ap-northeast-2
2021-08-28 14:28:19 [ℹ]  deleting EKS cluster "first-eks"
2021-08-28 14:28:20 [ℹ]  deleted 0 Fargate profile(s)
2021-08-28 14:28:20 [✔]  kubeconfig has been updated
2021-08-28 14:28:20 [ℹ]  cleaning up AWS load balancers created by Kubernetes objects of Kind Service or Ingress
2021-08-28 14:29:57 [!]  retryable error (Throttling: Rate exceeded
        status code: 400, request id: 79716aac-f9df-40d9-871c-e473113fe5c1) from cloudformation/DescribeStacks - will retry after delay of 9.550890926s
2021-08-28 14:30:06 [ℹ]  3 sequential tasks: { delete nodegroup "first-eks-nodegroup", 2 sequential sub-tasks: { 2 sequential sub-tasks: { delete IAM role for serviceaccount "kube-system/aws-node", delete serviceaccount "kube-system/aws-node" }, delete IAM OIDC provider }, delete cluster control plane "first-eks" [async] }
2021-08-28 14:30:06 [ℹ]  will delete stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:30:06 [ℹ]  waiting for stack "eksctl-first-eks-nodegroup-first-eks-nodegroup" to get deleted
2021-08-28 14:30:06 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:30:23 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:30:40 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:30:59 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:31:16 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:31:36 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:31:55 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:32:14 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:32:31 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:32:49 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:33:05 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:33:21 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:33:40 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:33:56 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-nodegroup-first-eks-nodegroup"
2021-08-28 14:33:56 [ℹ]  will delete stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 14:33:56 [ℹ]  waiting for stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node" to get deleted
2021-08-28 14:33:56 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 14:34:13 [ℹ]  waiting for CloudFormation stack "eksctl-first-eks-addon-iamserviceaccount-kube-system-aws-node"
2021-08-28 14:34:13 [ℹ]  deleted serviceaccount "kube-system/aws-node"
2021-08-28 14:34:14 [ℹ]  will delete stack "eksctl-first-eks-cluster"
2021-08-28 14:34:14 [✔]  all cluster resources were deleted

클러스터를 삭제하며 포스팅을 마친다.

2021년 8월 28일 by AWS 3

AWS-CLF-Practitioner

https://www.aws.training/LearningLibrary

AWS 의 기초학습은 먼저 AWS training ang certification 에서 진행한다.

Amazon 계정이 필요하며 로그인후

클라우드 실무자

한국어로 정렬한다.

그럼 초보자를 위한 학습리스트가 보인다. 모두듣자.

그다음은 내 블로그에서 여러번 소개된 인도아저씨 블로그를 참고하자.

Jayendra 님은 나를 AWS로 이끌어주는데 아주 많은 일조를 하신분이다.
항상 감사하는중. 언제 한번 계획을 세워 감사인사를 할 계획.

https://jayendrapatil.com/aws-certified-cloud-practitioner-exam-learning-path/
AWS Certified Solutions Architect – Associate SAA-C02 Exam Learning Path

SAA 포스팅을 추가로 넣은이유는 경계가 애매하기 때문이다.

그래서 같이보는것도 좋다.

공부할때 참고하길 바라며 궁금하거나 알고싶은건 언제나 댓글이나,

https://open.kakao.com/o/gMCqYXxb

오픈카톡으로 들어와서 질문하여도 좋다!

건승하시라!

2021년 1월 21일 by AWS Certification 1

AWS Certified Solutions Architect – Associate SAA-C02

AWS Certified Solutions Architect – Associate SAA-C02 준비방법

자격증 개요확인

https://aws.amazon.com/ko/certification/certified-solutions-architect-associate/

안내서

https://d1.awsstatic.com/ko_KR/training-and-certification/docs-sa-assoc/AWS-Certified-Solutions-Architect-Associate_Exam-Guide.pdf

샘플문항

https://d1.awsstatic.com/ko_KR/training-and-certification/docs-sa-assoc/AWS-Certified-Solutions-Architect-Associate_Sample-Questions.pdf

기본교육 - amazon id 필요

https://www.aws.training/Dashboard/?cta=tctopbanner

인도아저씨 - 서비스가 간략하게 정리되어있음 - 기출문제 존재

AWS Certified Solutions Architect – Associate SAA-C02 Exam Learning Path

참고사이트

https://aws-hyoh.tistory.com

비공식 AWS 공인 솔루션스 아키텍트 - 어소시에이트 SAA-C02 (2020년 3월 출시) 수험 가이드 (bit.ly/saaguide)

https://github.com/serithemage/AWSCertifiedSolutionsArchitectUnofficialStudyGuide

2020년 12월 29일 by AWS Certification 0

AWS-CloudShell

OK! Thank You!

amazon linux2 기반의 클라우드 쉘이다.

가볍고 빠르고 일부리전만 지원하고..

얼른한국 리전도 지원해주세요.!

본격적으로 스펙을 파악해 보자.

-bash-4.2# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay          30G   12G   17G  41% /
tmpfs            64M     0   64M   0% /dev
shm             1.9G     0  1.9G   0% /dev/shm
tmpfs           1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/nvme1n1     30G   12G   17G  41% /aws/mde
/dev/loop0      976M  2.6M  907M   1% /home
tmpfs           1.9G     0  1.9G   0% /proc/acpi
tmpfs           1.9G     0  1.9G   0% /sys/firmware

은근무거운데?

-bash-4.2# free
              total        used        free      shared  buff/cache   available
Mem:        3977864      270404     2099668         392     1607792     3495176
Swap:             0           0           0

메모리 수준 무엇?

-bash-4.2# cat /proc/cpuinfo | grep model
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz

CPU 좋고 용량 좋고 메모리 좋고 

[cloudshell-user@ip-10-0-153-179 ~]$ sudo systemctl start httpd
Failed to get D-Bus connection: Operation not permitted

서비스는 실행할수 없고..

그래고 엄청 짱짱하네..

기다려온 만큼 성능이 좋다!

2020년 12월 16일 by AWS 0

AWS-gp3-speed-test

볼륨 두개를 만들었다

mount /dev/nvme1n1p1 /mnt/gp3
mount /dev/nvme2n1p1 /mnt/gp2
yum install gcc zlib-devel
wget https://codeload.github.com/axboe/fio/tar.gz/fio-3.24
tar zfxv fio-3.24
cd fio-fio-3.24/
./configure --prefix=/home/fio
make; make install

필요한 라이브러리 gcc, zlib-devel 설치후 컴파일.

fio 는 나도 처음써보는 툴이다

fio --directory=/mnt/gp3 --name fio_test_file --direct=1 --rw=randread \
--bs=4K --size=1G --numjobs=7 --time_based --runtime=180 --group_reporting \
--norandommap

3분동안 하나의 스레드가 7개의 1G 파일을 4K 단위로 Direct I/O 모드의 Random Read 로 읽는 테스트이다.

Jobs: 7 (f=7): [r(7)][100.0%][r=11.7MiB/s][r=3001 IOPS][eta 00m:00s]
fio_test_file: (groupid=0, jobs=7): err= 0: pid=2450: Wed Dec  2 06:59:19 2020
  read: IOPS=3016, BW=11.8MiB/s (12.4MB/s)(2121MiB/180004msec)
    clat (usec): min=188, max=296635, avg=2319.05, stdev=1213.65
     lat (usec): min=188, max=296635, avg=2319.21, stdev=1213.65
    clat percentiles (usec):
     |  1.00th=[  408],  5.00th=[  922], 10.00th=[ 1287], 20.00th=[ 1598],
     | 30.00th=[ 1762], 40.00th=[ 1926], 50.00th=[ 2057], 60.00th=[ 2212],
     | 70.00th=[ 2474], 80.00th=[ 2933], 90.00th=[ 3818], 95.00th=[ 4621],
     | 99.00th=[ 6194], 99.50th=[ 6587], 99.90th=[ 7767], 99.95th=[ 8455],
     | 99.99th=[10028]
   bw (  KiB/s): min= 9848, max=32328, per=100.00%, avg=12069.08, stdev=167.76, samples=2513
   iops        : min= 2462, max= 8082, avg=3017.27, stdev=41.94, samples=2513
  lat (usec)   : 250=0.05%, 500=2.12%, 750=1.59%, 1000=1.99%
  lat (msec)   : 2=40.61%, 4=45.04%, 10=8.59%, 20=0.01%, 50=0.01%
  lat (msec)   : 250=0.01%, 500=0.01%
  cpu          : usr=0.12%, sys=0.29%, ctx=543082, majf=0, minf=93
  IO depths    : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
     submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     issued rwts: total=542985,0,0,0 short=0,0,0,0 dropped=0,0,0,0
     latency   : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
   READ: bw=11.8MiB/s (12.4MB/s), 11.8MiB/s-11.8MiB/s (12.4MB/s-12.4MB/s), io=2121MiB (2224MB), run=180004-180004msec

Disk stats (read/write):
  nvme1n1: ios=542478/13, merge=0/3, ticks=1253070/0, in_queue=1078350, util=99.97%

정확히 3000iops 가 나온다.

그럼 로컬 디바이스 테스트 해볼까?

fio --directory=/mnt/gp2 --name fio_test_file --direct=1 --rw=randread \
--bs=4K --size=1G --numjobs=7 --time_based --runtime=180 --group_reporting \
--norandommap
fio-3.24
Starting 7 processes
Jobs: 7 (f=7): [r(7)][100.0%][r=11.7MiB/s][r=2997 IOPS][eta 00m:00s]
fio_test_file: (groupid=0, jobs=7): err= 0: pid=1316: Wed Dec  2 07:13:16 2020
  read: IOPS=3016, BW=11.8MiB/s (12.4MB/s)(2121MiB/180004msec)
    clat (usec): min=192, max=298525, avg=2318.95, stdev=1162.93
     lat (usec): min=192, max=298525, avg=2319.12, stdev=1162.93
    clat percentiles (usec):
     |  1.00th=[  457],  5.00th=[  963], 10.00th=[ 1254], 20.00th=[ 1565],
     | 30.00th=[ 1729], 40.00th=[ 1909], 50.00th=[ 2057], 60.00th=[ 2245],
     | 70.00th=[ 2540], 80.00th=[ 3032], 90.00th=[ 3818], 95.00th=[ 4490],
     | 99.00th=[ 5932], 99.50th=[ 6259], 99.90th=[ 6915], 99.95th=[ 7373],
     | 99.99th=[ 8455]
   bw (  KiB/s): min= 9808, max=26696, per=100.00%, avg=12069.37, stdev=141.33, samples=2513
   iops        : min= 2452, max= 6674, avg=3017.34, stdev=35.33, samples=2513
  lat (usec)   : 250=0.01%, 500=1.48%, 750=1.61%, 1000=2.48%
  lat (msec)   : 2=41.05%, 4=44.98%, 10=8.40%, 20=0.01%, 250=0.01%
  lat (msec)   : 500=0.01%
  cpu          : usr=0.12%, sys=0.30%, ctx=543092, majf=0, minf=90
  IO depths    : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
     submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     issued rwts: total=543002,0,0,0 short=0,0,0,0 dropped=0,0,0,0
     latency   : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
   READ: bw=11.8MiB/s (12.4MB/s), 11.8MiB/s-11.8MiB/s (12.4MB/s-12.4MB/s), io=2121MiB (2224MB), run=180004-180004msec

Disk stats (read/write):
  nvme2n1: ios=542683/0, merge=0/0, ticks=1253810/0, in_queue=1076380, util=99.74%

엥 결과가 같다..왜지? 3000iops 로 고정된다 gp2인데..

gp3를 분리하고 테스트한다.

Jobs: 7 (f=7): [r(7)][75.6%][r=11.7MiB/s][r=3001 IOPS][eta 00m:44s]

그럼 gp3연결하고 iops 를 올리고 다시 gp3 에 테스트한다.

fio-3.24
Starting 7 processes
Jobs: 7 (f=7): [r(7)][100.0%][r=23.4MiB/s][r=6002 IOPS][eta 00m:00s]
fio_test_file: (groupid=0, jobs=7): err= 0: pid=1393: Wed Dec  2 07:29:50 2020
  read: IOPS=6033, BW=23.6MiB/s (24.7MB/s)(4242MiB/180002msec)
    clat (usec): min=146, max=327858, avg=1158.79, stdev=1152.61
     lat (usec): min=146, max=327858, avg=1158.95, stdev=1152.62
    clat percentiles (usec):
     |  1.00th=[  281],  5.00th=[  371], 10.00th=[  441], 20.00th=[  586],
     | 30.00th=[  685], 40.00th=[  766], 50.00th=[  848], 60.00th=[  947],
     | 70.00th=[ 1090], 80.00th=[ 1434], 90.00th=[ 2343], 95.00th=[ 3294],
     | 99.00th=[ 5014], 99.50th=[ 5342], 99.90th=[ 6456], 99.95th=[ 8455],
     | 99.99th=[26608]
   bw (  KiB/s): min=16360, max=37232, per=100.00%, avg=24140.01, stdev=241.45, samples=2513
   iops        : min= 4090, max= 9308, avg=6035.00, stdev=60.36, samples=2513
  lat (usec)   : 250=0.64%, 500=13.39%, 750=23.96%, 1000=26.32%
  lat (msec)   : 2=23.16%, 4=9.85%, 10=2.63%, 20=0.01%, 50=0.04%
  lat (msec)   : 100=0.01%, 250=0.01%, 500=0.01%
  cpu          : usr=0.24%, sys=0.53%, ctx=1086208, majf=0, minf=87
  IO depths    : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
     submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     issued rwts: total=1085994,0,0,0 short=0,0,0,0 dropped=0,0,0,0
     latency   : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
   READ: bw=23.6MiB/s (24.7MB/s), 23.6MiB/s-23.6MiB/s (24.7MB/s-24.7MB/s), io=4242MiB (4448MB), run=180002-180002msec

Disk stats (read/write):
  nvme2n1: ios=1085375/0, merge=0/0, ticks=1249280/0, in_queue=1077940, util=100.00%

gp3의 iops 가 올라간건 확인이 된다.

정리하자면 gp2의 성능테스트시에 iops 가 3000으로 고정된다. 아마 대역폭기반 계산이라 정확하게 3000으로 측정되어 실제 디스크의 iops 가 아닌거 같다.

대역폭을 측정할수 있는 툴인가........툴을까봐야하는데 귀찮다..그건 나중에...-_-;

2020년 12월 2일 by AWS ec2 5

최신 글