--- title: Preparing our high side exercise: 3 date: '2023-12-19' tags: ['openshift','containers','kubernetes','disconnected'] draft: false authors: ['default'] summary: "Setting up a bastion server and transferring content" --- In this exercise, we'll prepare the **High side**. This involves creating a bastion server on the **High side** that will host our mirror registry. > Note: We have an interesting dilemma for this excercise: the Amazon Machine Image we used for the prep system earlier does not have `podman` installed. We need `podman`, since it is a key dependency for `mirror-registry`. > > We could rectify this by running `sudo dnf install -y podman` on the bastion system, but the bastion server won't have Internet access, so we need another option for this lab. To solve this problem, we need to build our own RHEL image with podman pre-installed. Real customer environments will likely already have a solution for this, but one approach is to use the [Image Builder](https://console.redhat.com/insights/image-builder) in the Hybrid Cloud Console, and that's exactly what has been done for this lab. > > [workshop](/workshops/static/images/disconnected/image-builder.png) > > In the home directory of your web terminal you will find an `ami.txt` file containng our custom image AMI which will be used by the command that creates our bastion ec2 instance. ## 3.1 - Creating a bastion server First up for this exercise we'll grab the ID of one of our **High side** private subnets as well as our ec2 security group. Copy the commands below into your web terminal: ```bash PRIVATE_SUBNET=$(aws ec2 describe-subnets | jq '.Subnets[] | select(.Tags[].Value=="Private Subnet - disco").SubnetId' -r) echo $PRIVATE_SUBNET SG_ID=$(aws ec2 describe-security-groups --filters "Name=tag:Name,Values=disco-sg" | jq -r '.SecurityGroups[0].GroupId') echo $SG_ID ``` Once we know our subnet and security group ID's we can spin up our **High side** bastion server. Copy the commands below into your web terminal to complete this: ```bash aws ec2 run-instances --image-id $BASTION_AMI_ID \ --count 1 \ --instance-type t3.large \ --key-name disco-key \ --security-group-ids $SG_ID \ --subnet-id $PRIVATE_SUBNET \ --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$BASTION_NAME}]" \ --block-device-mappings "DeviceName=/dev/sdh,Ebs={VolumeSize=50}" ``` |![workshop](/workshops/static/images/disconnected/security-group.gif) | |:-----------------------------------------------------------------------------:| | *Creating aws ec2 security group* |