DEV Community

Cover image for AWS Systems Manager to manage Raspberry Pi running  Ubuntu server

AWS Systems Manager to manage Raspberry Pi running Ubuntu server

As part of this blog, I wanted to share my learnings towards AWS Systems Manager(previously AWS Simple Systems Manager - SSM) and how I configured Systems Manager to manage and perform auto patching on a hybrid environment. The hybrid environment here is a simple Raspberry Pi running one my home network, with Ubuntu server on it.

What is AWS Systems Manager?

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services, and then automate operational tasks across your AWS resources. Systems Manager helps you maintain security and compliance by scanning your managed instances and reporting on (or taking corrective action on) any policy violations it detects.

Task

When your environment consists of servers / VMs running on AWS cloud, on-premises data centers and on computers like Raspberry Pi, it will be difficult manage them separately on multiple tools/interfaces. Having a single interface to manage both cloud and non-cloud servers would reduce a lot of admin overhead and streamline the process.

Solution

AWS Systems Manager provides a single interface to manage, administer and get operational insights from servers running in AWS cloud, on-premise / hybrid environments.

SSM Agent

Systems Manager makes use of SSM agent installed on the servers to achieve this. By default SSM agent is pre-installed on instances created using certain AMIs on AWS cloud. For on-premise servers and VMs in hybrid environment, the agent needs to installed and configured manually.

The solution involves following steps:

  1. Create an Hybrid Activation on AWS Systems Manager. This activation also creates an IAM role and grants AssumeRole permission to the SSM service.

  2. Install and configure SSM agent on Raspberry Pi running the Ubuntu server 20.04 to enable SSM service to communicate with the server.

  3. Optional. Setup an Inventory association on AWS Systems Manager to collect information about software and settings for a target set of managed instances.

  4. Configure Patch Manager on AWS Systems Manager to automate patching of the managed instances on a pre-configured schedule.

Raspberry Pi 4 and Ubuntu Server 20.04

Since I am learning Linux administration, I have a Raspberry Pi set up with Ubuntu server 20.04 on my home Wifi for this purpose. If you are interested to set up the same, you can purchase a Raspberry Pi from here and use the step by step instructions here to install Ubuntu server 20.04. I also setup the Ubuntu server to connect to my home Wifi. Since my home internet router has DHCP reservation by default, the Ubuntu server always gets static IP when it connects to the WiFi network. So I need not worrry about setting up a static IP separately.

Solution Step 1. Hybrid Activation on AWS Systems Manager
  • Login to your AWS Console and Navigate to AWS Systems Manager. Click on Hybrid Activations. And then Create an Activation.

Image1

Image2

  • Enter the Activation description and Instance Limit. The Activation also creates an IAM role AmazonEC2RunCommandForManagedInstances which uses IAM policy AmazonSSMManagedInstanceCore and grants AssumeRole permission to SSM service.

Image3

  • Successful creation of Activation provides an Activation Code and Activation ID. Please make a note of these 2 values as these will be used at later step to configure the SSM agent on the server.

Image4

Solution Step 2. Install and configure SSM agent on Ubuntu Server
  • ssh into the Ubuntu server with your credentials and run the following set of commands to install SSM agent
ubuntu@ubuntu:/$ mkdir /tmp/ssm
Enter fullscreen mode Exit fullscreen mode
ubuntu@ubuntu:/$ curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_arm64/amazon-ssm-agent.deb -o /tmp/ssm/amazon-ssm-agent.deb
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 29.6M  100 29.6M    0     0   675k      0  0:00:44  0:00:44 --:--:-- 1179k
Enter fullscreen mode Exit fullscreen mode

Note: Since Raspberry Pi comes with ARM architecture, you need to use the corresponding version of the SSM agent.

ubuntu@ubuntu:/$ sudo dpkg -i /tmp/ssm/amazon-ssm-agent.deb
Enter fullscreen mode Exit fullscreen mode
  • Stop the SSM agent and register the agent using the Activation code and Activation ID that you noted down in previous step.
ubuntu@ubuntu:/$ sudo service amazon-ssm-agent stop
Enter fullscreen mode Exit fullscreen mode
ubuntu@ubuntu:/$ sudo amazon-ssm-agent -register -code "ACTIVATION_CODE" -id "ACTIVATION_ID" -region "ap-southeast-2"
Error occurred fetching the seelog config file path:  open /etc/amazon/ssm/seelog.xml: no such file or directory
Initializing new seelog logger
New Seelog Logger Creation Complete
2021-10-16 22:54:14 WARN Could not read InstanceFingerprint file: InstanceFingerprint does not exist.
2021-10-16 22:54:14 INFO No initial fingerprint detected, generating fingerprint file...
2021-10-16 22:54:15 INFO Successfully registered the instance with AWS SSM using Managed instance-id: mi-001e234567890dd12
Enter fullscreen mode Exit fullscreen mode

Note: You can ignore the warning and error. Make sure you receive a message that your instance/server has been registered with SSM.

  • Start the SSM agent
ubuntu@ubuntu:/$ sudo service amazon-ssm-agent start
Enter fullscreen mode Exit fullscreen mode

Now you can see the registered instance / server on AWS Systems Manager --> Fleet Manager (which was earlier referred to as Managed instances)

Image5

Image6

Solution Step 3. [Optional] Setup an Inventory association

AWS Systems Manager Inventory Association enables to collect information about your instances and the software installed on them, helping you to understand your system configurations and installed applications.

  • From the AWS Systems Manager page, navigate to Inventory section and then Setup Inventory Image6.1

Image7

Image8

Leave the default settings.

Image9

Image10

Once the Inventory association is setup, it runs every 30 mins to gather all the inventory from the managed instances. This makes use of AWS Systems Manager document AWS-GatherSoftwareinventory. You can verify the same from State Manager section.

Image11

Image12

Image13

Once the status changes to Success, you can view more details from the Resources tab in State Manager section.

Image14

Information collected about the software and settings on the managed Ubuntu server are displayed in Inventory section.

Image15

Image16

Solution Step 4. Configure Patch Manager

AWS Systems Manager patch manager helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances.

Using patch baselines, you can configure to auto approve a select categories of patches to be installed like OS or high severity patches.

  • From the AWS Systems Manager page, navigate to Patch Manager section and then Configure patching

Image17

Image18

Image19

  • Then you can define a maintenance window for patches so that they are only applied during preset times.

Image20

Image21

Image22

As you can see, AWS uses the AWS-UbuntuDefaultPatchBaseline for the patching the Ubuntu servers/instances. This is the default patch baseline for Ubuntu provided by AWS.

Image23

System Manger's Maintenance window acts like glue for all the components in Patch Manager.

Image24

Image25

In the background, Systems Manger use RUN COMMAND to perform the patching task.

Image26

Patching task is auto-executed at the preset time and details of the same can be verified in the History section.

Image description

Image description

Image description

Click on the View Output to see the task execution details.

Image description

Image description

*** Conclusion
Using AWS Systems Manager's Patch Manager feature, I was able to successfully patch my Ubuntu server on my home WiFi and also setup a maintenance window to do the same activity at preset time.

Apart from Patch Manager and Inventory, AWS Systems Manager also provides features like Incident Manager, Parameter Store, Automation, Run Command and OpsCenter which I would like to explore in my future blogs.

Thanks for reading my blog. Please share your comments and feedback.

Discussion (0)