This puppet repo is meant to work with the Amazon provided AMI. Currently this has been tested with
amzn-ami-2011.09.1.x86_64-ebs (ami-7341831a)
and Basic 32-bit Amazon Linux AMI 2011.09 (AMI Id: ami-7f418316)
.
You can use a command like this to fire up an instance:
Micro Instance
ec2-run-instances ami-7341831a -k <KEY_PAIR_NAME> -f ./userscript.sh -t t1.micro --group webserver -z us-east-1d
Small Instance
ec2-run-instances ami-7f418316 -k <KEY_PAIR_NAME> -f ./userscript.sh -t m1.small --group webserver -z us-east-1d
EC2 instances come with a standard hostname scheme which means that we must come up with other
ways of identifying various nodes. This repo currently supports using the names of security groups
to meet this goal. This is why the command above has webserver
as the group. In the future there will be
also be some custom scripts that turn instance tags into custom facts.
AMI ami-7341831a
comes with many of the Amazon AWS cli tools installed already so there is no need to install them although there are
one or two that we will install with this puppet config. It is also helpful to have some of the keys and environment variables set.
The next section covers the private repo which does just that.
To be utilized most effectively one might construct a private puppet repo structured like the one below. This repo will be used to hold keys, paths, and values that are specific to the AWS tools.
.
|-- manifests
| `-- private-nodes.pp
`-- modules
|-- aws-cf-credentials
| |-- files
| | `-- opt
| | `-- aws
| | `-- credential-file
| `-- manifests
| `-- init.pp
`-- ec2-api-tools-certs
|-- files
| |-- etc
| | `-- ec2rc
| `-- opt
| `-- aws
| `-- ec2-certs
| |-- accesskey.pem
| |-- cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
| `-- pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
`-- manifests
`-- init.pp
./manifests/private-nodes.pp
node default {
if $ec2_security_groups =~ /admin/ {
include ec2-api-tools-certs
include aws-cf-credentials
} else {
notify {"No private modules for security group: $ec2_security_groups":}
}
}
./modules/ec2-api-tools-certs/manifests/init.pp
class ec2-api-tools-certs {
file { ["/opt/aws/ec2-certs"]:
ensure => "directory",
}
file { "/opt/aws/ec2-certs/accesskey.pem":
source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/accesskey.pem",
owner => "root",
group => "root",
mode => 600,
}
file { "/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
owner => "root",
group => "root",
mode => 644,
}
file { "/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
owner => "root",
group => "root",
mode => 644,
}
file { "/etc/ec2rc":
source => "puppet:///modules/ec2-api-tools-certs/etc/ec2rc",
owner => "root",
group => "root",
mode => 644,
}
}
./modules/ec2-api-tools-certs/files/etc/ec2rc
#################
# EC2 API TOOLS #
#################
export EC2_CERT=/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
export EC2_PRIVATE_KEY=/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
#######################
# AWS Cloud Formation #
#######################
export AWS_CREDENTIAL_FILE=/opt/aws/credential-file
./modules/aws-cf-credentials/manifests/init.pp
class aws-cf-credentials {
file { "/opt/aws/credential-file":
source => "puppet:///modules/aws-cf-credentials/opt/aws/credential-file",
owner => "root",
group => "root",
mode => 644,
}
}
./modules/aws-cf-credentials/files/opt/aws/credential-file
AWSAccessKeyId=XXXXXXXXXXXXXXXX
AWSSecretKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXX