# Restart the AWS Replication Agent automatically without disabling SELinux after rebooting a RHEL source server
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server"></a>

*Anil Kunapareddy, Venkatramana Chintha, and Shanmugam Shanker, Amazon Web Services*

## Summary
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server-summary"></a>

AWS Application Migration Service helps simplify, expedite, and automate the migration of your Red Hat Enterprise Linux (RHEL) workload to the Amazon Web Services (AWS) Cloud. To add source servers to Application Migration Service, you install the AWS Replication Agent on the servers.

Application Migration Service provides real-time, asynchronous, block-level replication. This means that you can continue normal IT operations during the entire replication process. These IT operations might require that you reboot or restart your RHEL source server during the migration. If this happens, the AWS Replication Agent will not restart automatically, and your data replication will stop. Typically, you can set Security-Enhanced Linux (SELinux) to **disabled** or **permissive** mode to automatically restart AWS Replication Agent. However, your organization’s security policies might prohibit disabling SELinux, and you might also have to [relabel your files](https://access.redhat.com/solutions/3176).

This pattern describes how to automatically restart the AWS Replication Agent without turning off SELinux when your RHEL source server reboots or restarts during a migration. 

## Prerequisites and limitations
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server-prereqs"></a>

**Prerequisites **
+ An active AWS account.
+ An on-premises RHEL workload that you want to migrate to the AWS Cloud. 
+ Application Migration Service initialized from the Application Migration Service console. Initialization is required only the first time you use this service. For instructions, see the [Application Migration Service documentation](https://docs.aws.amazon.com/mgn/latest/ug/mandatory-setup.html).
+ An existing [AWS Identity and Access Management (IAM) policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) for Application Migration Service. For more information, see the [Application Migration Service documentation](https://docs.aws.amazon.com/mgn/latest/ug/mgn-policies.html).

**Versions**
+ RHEL version 7 or later

## Tools
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server-tools"></a>

**AWS services**
+ [AWS Application Migration Service](https://docs.aws.amazon.com/mgn/latest/ug/what-is-application-migration-service.html) is a highly automated lift-and-shift (rehost) solution that simplifies, expedites, and reduces the cost of migrating applications to AWS.

**Linux commands**

The following table provides a list of Linux commands that you will run on your RHEL source server. These are also described in the epics and stories for this pattern. 


| 
| 
| Command | Description | 
| --- |--- |
| `#systemctl –version` | Identifies the system version. | 
| `#systemctl list-units --type=service` | Lists all active services that are available on the RHEL server. | 
| `#systemctl list-units --type=service \| grep running` | Lists all services that are currently running on the RHEL server. | 
| `#systemctl list-units --type=service \| grep failed` | Lists all services that failed to load after the RHEL server rebooted or restarted. | 
| `restorecon -Rv /etc/rc.d/init.d/aws-replication-service` | Changes the context to `aws-replication-service`. | 
| `yum install policycoreutils*` | Installs the policy core utilities that are required for the operation of the SELinux system. | 
| `ausearch -c "insmod" --raw \| audit2allow -M my-modprobe` | Searches the audit log and creates a module for policies. | 
| `semodule -i my-modprobe.pp` | Activates the policy. | 
| `cat my-modprobe.te` | Displays the contents of the `my-modprobe.te` file. | 
| `semodule -l \| grep my-modprobe` | Checks whether the policy has been loaded to the SELinux module. | 

## Epics
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server-epics"></a>

### Install the AWS Replication Agent and reboot the RHEL source server
<a name="install-the-aws-replication-agent-and-reboot-the-rhel-source-server"></a>


| Task | Description | Skills required | 
| --- | --- | --- | 
| Create an Application Migration Service user with an access key and a secret access key.  | To install the AWS Replication Agent, you must create an Application Migration Service user with the required AWS credentials. For instructions, see the [Application Migration Service documentation](https://docs.aws.amazon.com/mgn/latest/ug/credentials.html). | Migration engineer | 
| Install the AWS Replication Agent. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server.html) | Migration engineer | 
| Restart or reboot the RHEL source server. | Restart or reboot your RHEL source server when its **Data replication status** displays **Stalled **on the [Migration dashboard](https://docs.aws.amazon.com/mgn/latest/ug/migration-dashboard.html). | Migration engineer | 
| Check data replication status. | Wait for one hour and then check the **Data replication status** again on the Migration dashboard. It should be in the **Healthy **state. | Migration engineer | 

### Check AWS Replication Agent status on the RHEL source server
<a name="check-aws-replication-agent-status-on-the-rhel-source-server"></a>


| Task | Description | Skills required | 
| --- | --- | --- | 
| Identify the system version. | Open the command line interface for your RHEL source server and run the following command to identify the system version:`#systemctl –version` | Migration engineer | 
| List all active services. | To list all active services available on the RHEL server, run the command:`#systemctl list-units --type=service` | Migration engineer | 
| List all running services. | To list all services that are currently running on the RHEL server, use the command:`#systemctl list-units --type=service \| grep running` | Migration engineer | 
| List all services that failed to load. | To list all services that failed to load after the RHEL server rebooted or restarted, run the command:`#systemctl list-units --type=service \| grep failed` | Migration engineer | 

### Create and run the SELinux module
<a name="create-and-run-the-selinux-module"></a>


| Task | Description | Skills required | 
| --- | --- | --- | 
| Change the security context. | In the command line interface for your RHEL source server, run the following command to change the security context to the AWS replication service:`restorecon -Rv /etc/rc.d/init.d/aws-replication-service` | Migration engineer | 
| Install core utilities. | To install the core utilities required for the operation of the SELinux system and its policies, run the command:`yum install policycoreutils*` | Migration engineer | 
| Search the audit log and create a module for policies. | Run the command:`ausearch -c "insmod" --raw \| audit2allow -M my-modprobe` | Migration engineer | 
| Display the contents of the my-modprobe-te file.  | The `my-modprobe.te` file is generated by the **audit2allow **command. It includes the SELinux domains, policy source directory, and subdirectories, and specifies the access vector rules and transitions associated with the domains. To display the contents of the file, run the command:`cat my modprobe.te` | Migration engineer | 
| Activate the policy. | To insert the module and make the policy package active, run the command:`semodule -i my-modprobe.pp` | Migration engineer | 
| Check whether the module has been loaded.  | Run the command:`semodule -l \| grep my-modprobe`After the SELinux module is loaded, you will no longer have to set SELinux to **disabled** or **permissive** mode during your migration. | Migration engineer | 
| Reboot or restart the RHEL source server and verify the data replication status. | Open the AWS Migration Service console, navigate to **Data replication progress**, and then reboot or restart your RHEL source server. Data replication should now resume automatically after the RHEL source server reboots. | Migration engineer | 

## Related resources
<a name="restart-the-aws-replication-agent-automatically-without-disabling-selinux-after-rebooting-a-rhel-source-server-resources"></a>
+ [Application Migration service documentation](https://docs.aws.amazon.com/mgn/latest/ug/what-is-application-migration-service.html)
+ [Technical training materials](https://docs.aws.amazon.com/mgn/latest/ug/mgn-training.html)
+ [Troubleshooting AWS Replication Agent issues](https://docs.aws.amazon.com/mgn/latest/ug/Troubleshooting-Agent-Issues.html)
+ [Application Migration Service policies](https://docs.aws.amazon.com/mgn/latest/ug/mgn-policies.html)