docs-en:aws-tutorial.md

Hosting AzerothCore via Amazon AWS

Preface: The goal with this guide is for it to be mostly via a command line. There is also the AWS Console that some will find more intuitive, however, for guide longevity (as the AWS Console UI may change) the aws-cli tool will be recommended. Also included will be grep commands to receive only the required output. If the entire output is desired simply remove the | grep and everything after it.


[TOC]


These tools are required as rest of the tutorial will be done via a bash enabled command line:


Firstly verify that python & its included pip tool are correctly setup :

python --version && pip --version

This should return both the python and pip version. If not then correctly install python and link it to the PATH. Now that python is installed install aws-cli via:

pip install awscli --upgrade

Verify that awscli correctly installed by entering aws --version. If it didn't install correctly refer to this to troubleshoot depending on your computer's operating system.

An access Key and ID will be required. This can be found at AWS Security Credentials and selecting the Access Keys > Create New Access Key button. Keep this key safe as it can be used to perform any actions on an AWS account. It is considered best practice to allow access via an IAM User, especially if AWS privilege will be shared with anyone else. Once the Key has been obtained use it to give credentials to aws-cli using the command:

aws configure

Insert the ID and Key into their corresponding fields. For the default region name insert us-east-1 and for the default output format insert table. Another server now may be found with the command:

aws ec2 describe-regions --output table

Use the ping command plus the various endpoints to test latency to the regions. After an appropriate server has been found run aws configure again and enter the new region.

Before any server instances are created a key-pair will be required. This key-pair will be used to validated access to the EC2 instances it is affixed to. Create a new key-pair via:

aws ec2 create-key-pair --key-name AzCore-KP --query 'KeyMaterial' --output text > ~/AzCore-KP.pem

The key-pair will be saved into the $HOME directory. Make sure to keep this newly created AzCore-KP.pem file safe as this file cannot be remade after it is created. If the key-pair is lost after linking it to any EC2 instances they will need to be remade with a new key-pair. The key-pair is used to SSH into the instance and there are no ways to remove access from the key-pair without ultimately deleting the EC2 instance! Before the key-pair can be used the permissions must be set with :

chmod 400 ~/AzCore-KP.pem

Note: While AWS provides a default VPC that will work fine. The information required for making an entirely new VPC for this guide will be provided incase the default VPC for whatever case isn't available or working. It simultaneously acts as deeper delve into AWS and its networking features.

Creating a VPC for the region using:

aws ec2 create-vpc --cidr-block 172.32.0.0/16 | grep -Po "(vpc)-[a-zA-Z0-9]*\s"

This should output the vpc-id. Save this as it will be required later.

Also needed is the command:

aws ec2  modify-vpc-attribute --enable-dns-hostnames --vpc-id $VPC_ID 

A Subnet is required to be linked with the VPC using:

aws ec2 create-subnet --cidr-block 172.32.0.0/20 --vpc-id $VPC_ID | grep -Po "(?<!\/)(subnet)-[a-zA-Z0-9]*\s"

Save the subnet-id value for later use.

Create and attach the internet gateway with:

aws ec2 create-internet-gateway | grep -Po "(igw)-[a-zA-Z0-9]*\s"
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id $VPC_ID

The newly created VPC comes with a route table included, however, it doesn't have access to an Internet Gateway by default! To fix this issue describe the route tables with:

aws ec2 describe-route-tables

This will return a table with all VPCs in the region. Find the one with the CIDR block used which is most likely 172.32.0.0/16 and save the RouteTableID value. After finding the route table id enter:

aws ec2 create-route --route-table-id $RouteTableID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID

The Security Group will provide access to ports required for traffic to the server. This is done by:

aws ec2 create-security-group --group-name AzerothCore --description "World / Auth / SSH Port Access" --vpc-id $VPC_ID | grep -Po "(sg)-[a-zA-Z0-9]*\s"

This next string creates the port traffic permissions allowing traffic on ports 22 (SSH), 8085 (World Server), and 3724 (Authentication Server). Where $SECURITY_GROUP_ID is the previously obtained output.

aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP_ID --ip-permissions IpProtocol=tcp,FromPort=22,ToPort=22,IpRanges='[{CidrIp=0.0.0.0/0, Description="SSH from Anywhere"}]' IpProtocol=tcp,FromPort=8085,ToPort=8085,IpRanges='[{CidrIp=0.0.0.0/0, Description="World-Server from Anywhere"}]' IpProtocol=tcp,FromPort=3724,ToPort=3724,IpRanges='[{CidrIp=0.0.0.0/0, Description="Auth-Server from Anywhere"}]'

Ubuntu 18.04 LTS will be used for the guide but any Linux distribution should be fine. Keep in mind there may be small idiosyncrasies with differing distributions. Newer AMI releases of Ubuntu can be found here and other AMIs found on the AWS Marketplace. The AMI that is used for the guide is ami-024a64a6685d05041. Find more information on this image with:

aws ec2 describe-images --image-ids ami-024a64a6685d05041

Now it's finally time to create the server instance. Insert the previously described AMI or a new one in place of $AMI_ID :

aws ec2 run-instances --image-id $AMI_ID --instance-type t2.micro --count 1 --associate-public-ip-address --key-name AzCore-KP --security-group-ids $SECURITY_GROUP_ID --subnet-id $SUBNET_ID

This will create and initialize one t2.micro instance. Only one instance can constantly be ran in a month without paying for additional server hours.

Now, describe the running instance with:

aws ec2 describe-instances

Find the running instance and perform the following command on the volume-id that is attached:

aws ec2 modify-volume --size 20 --volume-id $VOL_ID

This will change the storage to 20GB. 30GB is the MAX block storage for free tier. Try not to go over that unless intending on paying!

Run the command:

aws ec2 allocate-address --domain $VPC_ID

This will provide an Allocation ID. Now using the Instance ID which can be found in the previously ran aws ec2 describe-instances perform the command:

aws ec2 associate-address --allocation-id $ALLOC_ID --instance-id $INSTANCE_ID

If a domain is desired for connection consider Amazons Route 53 service. They can be found as low as 12$ per year.


Describe the instance with aws ec2 describe-instances and find the PublicDnsName .

Access the server using the command

SSH -i "~/AzCore-KP.pem" ubuntu@$PublicDnsName

Follow the Linux portion of the guide found at http://www.azerothcore.org/wiki/Installation. Run sudo apt-get update && sudo apt-get upgrade before installing dependencies and update security patches.

Download the newest_data.zip and unzip it and its subfolders. Next cd into the folder where it is located and perform the command:

tar zcfv ~/data.tar.gz newest_data/

This will zip the file into a tar.gz file. Now to upload it to the server using

scp -i "~/AzCore-KP.pem" ~/data.tar.gz ubuntu@$PublicDnsName:$CMAKE_INSTALL_PREFIX/data

This can take a while depending on upload speed. The $CMAKE_INSTALL_PREFIX will be the path to where the server is installed not the cloned git repository which is ~/azeroth-server/ by default.

Now untar it with:

tar xfv $CMAKE_INSTALL_PREFIX/data.tar.gz --strip-components=2

It should now be unpacked into $CMAKE_INSTALL_PREFIX/data/

Alternatively, borrowed from stackoverflow and with much better download performance:

#!/bin/bash
fileid="12XIh3rqm3ukpSKQtMop44U4XCYb6kdda"
filename="data.tar.gz"
curl -c ./cookie -s -L "https://drive.google.com/uc?export=download&id=${fileid}" > /dev/null
curl -Lb ./cookie "https://drive.google.com/uc?export=download&confirm=`awk '/download/ {print $NF}' ./cookie`&id=${fileid}" -o ${filename}

Run nano $CMAKEINSTALL_PREFIX/data/ and save this script as a .sh file in the data directory and perform chmod -x $filename.sh to make it executable. The script will download a repackaged newest_data from a Google Drive upload. note: I recommend verifying the SHA256 Checksum values match between the mega upload and google drive upload. If not the files are not tampered with or changed.

Enter into MySQL using sudo mysql. A username and password will be needed to access the database.

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' IDENTIFIED BY 'password';

The .conf files will need to be edited with the newly chosen username and password described here.

Note: If running on a more powerful instance this step is likely irrelevant. For the t2.micro instance with 1GB of ram this step is required.

As a learning exercise after compilation run a top -oh %MEM and attempt to launch the world server. It will eventually reach a hang-up and the server will become unresponsive. Notice the process taking up a majority of memory is kswapd. The kswapd process is used whenever the systems memory usage reaches a threshold and then it offloads the memory into a storage. The default swap image, however, does not allocate enough resources to run the the world server so a new one is needed. Various solutions to this issue can be found here. The guide will be using the dd method:

#Creates 3GB swap image and sets up a swap area
sudo dd if=/dev/zero of=/media/fasthdd/swapfile.img bs=1024 count=3M
sudo mkswap /media/fasthdd/swapfile.img
 
#Opens editer with sudo permissions at /etc/fstab
sudo nano /etc/fstab
 
<!DOCTYPE markdown>
# Add this line to /etc/fstab
/media/fasthdd/swapfile.img swap swap sw 0 0
 
#Activate the swap image
swapon /media/fasthdd/swapfile.img

Find the instances Public IP address which can be found with aws ec2 describe-instances. Enter the PublicIpAddress into your acore_auth realmlist table. More connection information can be found here.


​ Many best practices have not been followed in lieu of guide brevity and general ignorance on internet security. Some things to be known and that should be done if planning to allow anyone access to your server include:

  • Adding an IAM User for anyone who needs AWS access. Don't allow someone to run 100 instances to mine bitcoins… keep in mind that payment information is stored to create an account and AWS charges per server hour used! Be safe.
  • AWS Free Tier allows 750 instance hours meaning 750/24 = 31.25 Days. Only one instance non-stop can be ran for a month without paying and the free tier only lasts for 12 months after account creation. Don't get unintentional charges. You've been warned!
  • Generally, don't allow another user SSH or admin privileges until some research on how to secure Linux and don't allow anyone root privileges. Only allow users the least privileges required. Your safety is in your hands, good luck!
  • docs-en/aws-tutorial.md.txt
  • 最后更改: 2024/03/15 19:08
  • 127.0.0.1