Summary Prerequisites and limitations Tools Epics Related resources

Restart the AWS Replication Agent automatically without disabling SELinux after rebooting a RHEL source server

Created by Anil Kunapareddy (AWS), Shanmugam Shanker (AWS), and Venkatramana Chintha (AWS)

Environment: Production	Technologies: Migration; Operating systems	Workload: Open-source
AWS services: AWS MGN

Summary

AWS Application Migration Service helps simplify, expedite, and automate the migration of your Red Hat Enterprise Linux (RHEL) workload to the Amazon Web Services (AWS) Cloud. To add source servers to Application Migration Service, you install the AWS Replication Agent on the servers.

Application Migration Service provides real-time, asynchronous, block-level replication. This means that you can continue normal IT operations during the entire replication process. These IT operations might require that you reboot or restart your RHEL source server during the migration. If this happens, the AWS Replication Agent will not restart automatically, and your data replication will stop. Typically, you can set Security-Enhanced Linux (SELinux) to disabled or permissive mode to automatically restart AWS Replication Agent. However, your organization’s security policies might prohibit disabling SELinux, and you might also have to relabel your files.

This pattern describes how to automatically restart the AWS Replication Agent without turning off SELinux when your RHEL source server reboots or restarts during a migration.

Prerequisites and limitations

Prerequisites

An active AWS account.
An on-premises RHEL workload that you want to migrate to the AWS Cloud.
Application Migration Service initialized from the Application Migration Service console. Initialization is required only the first time you use this service. For instructions, see the Application Migration Service documentation.
An existing AWS Identity and Access Management (IAM) policy for Application Migration Service. For more information, see the Application Migration Service documentation.

Versions

RHEL version 7 or later

Tools

AWS services

AWS Application Migration Service is a highly automated lift-and-shift (rehost) solution that simplifies, expedites, and reduces the cost of migrating applications to AWS.

Linux commands

The following table provides a list of Linux commands that you will run on your RHEL source server. These are also described in the epics and stories for this pattern.

Command	Description
`#systemctl –version`	Identifies the system version.
`#systemctl list-units --type=service`	Lists all active services that are available on the RHEL server.
`#systemctl list-units --type=service \| grep running`	Lists all services that are currently running on the RHEL server.
`#systemctl list-units --type=service \| grep failed`	Lists all services that failed to load after the RHEL server rebooted or restarted.
`restorecon -Rv /etc/rc.d/init.d/aws-replication-service`	Changes the context to `aws-replication-service`.
`yum install policycoreutils*`	Installs the policy core utilities that are required for the operation of the SELinux system.
`ausearch -c "insmod" --raw \| audit2allow -M my-modprobe`	Searches the audit log and creates a module for policies.
`semodule -i my-modprobe.pp`	Activates the policy.
`cat my-modprobe.te`	Displays the contents of the `my-modprobe.te` file.
`semodule -l \| grep my-modprobe`	Checks whether the policy has been loaded to the SELinux module.

Epics

Task	Description	Skills required
Create an Application Migration Service user with an access key and a secret access key.	To install the AWS Replication Agent, you must create an Application Migration Service user with the required AWS credentials. For instructions, see the Application Migration Service documentation.	Migration engineer
Install the AWS Replication Agent.	Sign in to the AWS Management Console and open the AWS Migration Service console at https://console.aws.amazon.com/mgn/home. Configure replication settings by following the instructions in the Application Migration Service documentation. Install the AWS Replication Agent by following the instructions in the Application Migration Service documentation. On the Source Servers page, choose the RHEL source server, and then choose Replication to start the initial replication. For more information, see the Application Migration Service documentation.	Migration engineer
Restart or reboot the RHEL source server.	Restart or reboot your RHEL source server when its Data replication status displays Healthy on the Migration dashboard.	Migration engineer
Check data replication status.	Wait for one hour and then check the Data replication status again on the Migration dashboard. It should be in the Stalled state.	Migration engineer

Task	Description	Skills required
Identify the system version.	Open the command line interface for your RHEL source server and run the following command to identify the system version: `#systemctl –version`	Migration engineer
List all active services.	To list all active services available on the RHEL server, run the command: `#systemctl list-units --type=service`	Migration engineer
List all running services.	To list all services that are currently running on the RHEL server, use the command: `#systemctl list-units --type=service \| grep running`	Migration engineer
List all services that failed to load.	To list all services that failed to load after the RHEL server rebooted or restarted, run the command: `#systemctl list-units --type=service \| grep failed`	Migration engineer

Task	Description	Skills required
Change the security context.	In the command line interface for your RHEL source server, run the following command to change the security context to the AWS replication service: `restorecon -Rv /etc/rc.d/init.d/aws-replication-service`	Migration engineer
Install core utilities.	To install the core utilities required for the operation of the SELinux system and its policies, run the command: `yum install policycoreutils*`	Migration engineer
Search the audit log and create a module for policies.	Run the command: `ausearch -c "insmod" --raw \| audit2allow -M my-modprobe`	Migration engineer
Display the contents of the my-modprobe-te file.	The `my-modprobe.te` file is generated by the audit2allow command. It includes the SELinux domains, policy source directory, and subdirectories, and specifies the access vector rules and transitions associated with the domains. To display the contents of the file, run the command: `cat my modprobe.te`	Migration engineer
Activate the policy.	To insert the module and make the policy package active, run the command: `semodule -i my-modprobe.pp`	Migration engineer
Check whether the module has been loaded.	Run the command: `semodule -l \| grep my-modprobe` After the SELinux module is loaded, you will no longer have to set SELinux to disabled or permissive mode during your migration.	Migration engineer
Reboot or restart the RHEL source server and verify the data replication status.	Open the AWS Migration Service console, navigate to Data replication progress, and then reboot or restart your RHEL source server. Data replication should now resume automatically after the RHEL source server reboots.	Migration engineer

Related resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Migrate on-premises Cloudera workloads to AWS

Re-architect