[20130712]
|
Spanish translation of my "Managing NetBSD with Ansible" article
Maria Ramos from
Webhostinghub.com
offered to translate my
"Managing NetBSD with Ansible"
blog post for the spanish-speaking WebHostingHub community.
Due to this,
a
spanish translation of my article
is available now. Thanks Maria!
[Tags: ansible, spanish]
|
[20130324]
|
Ansible & EC2 - Playbooks for orchestrating NetBSD into the cloud
As follower of my blog you have
seen
the
steps
towards
getting NetBSD instances started in Amazon's EC2 cloud
with a simple web application deployed on one EC2 instance
and the database on another one.
These blog articles were very detailed on purpose, to have full
logfiles available just in case needed. I have used these logs to
prepare my
pkgsrcCon 2013
talk about Ansible and Amazon's EC2, so things can be looked at
without actually running anything. As it turns out this was good,
because the 32bit NetBSD instances that I've used during my
pkgsrcCon demonstration actually decided to do a kernel panic, and the presentation
was a bit more on the theoretical side than I originally planned.
Now after pkgsrcCon is over, I would like to
publish the presentation
slides with all the details, and especially the playbooks and all
other files to look at - enjoy!
[Tags: amazon, ansible, aws, ec2, pkgsrc, xen]
|
[20130321]
|
Ansible, EC2 and NetBSD final milestone 4 reached: Web and DB on separate VMs in the cloud
In the fourth and last step on my journey to use
Ansible
to bring a non-trivial system of a Web server and a DB server into
Amazon's EC2 cloud, this is the final step.
After starting out with a local VMware VM and making first steps
with Ansible and EC2, the
previous step was to push a single system
into the cloud. Now, the final step is to setup two distinct VMs, one
for the database and one for the webserver, and then make them known
to each other.
The single steps are:
- Prepare the two VMs
- Basic setup for all systems
- Install the database server
- Install the webserver
- Connect database and webserver
Again, here are all the steps in detail:
- As before, ensure local time is correct when talking to Amazon,
and also make sure the SSH agent has the proper key loaded.
% date
Thu Mar 21 00:45:37 CET 2013
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA)
- Make sure security groups are setup properly. We use one group
for the database server, and one for the webserver. This defines the
access permissions from the internet, and also allows to identify
systems for their individual configuration and also for connecting
them in the final step:
% euca-describe-groups
...
GROUP sg-ae54b3c5 749335780469 ec2-dbservers Database servers
PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 3306 3306 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-dbservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- Now, run our playbook to setup the two VMs. This uses the single
playbook from the previous milestone, and just runs it twice with
different security groups:
% ansible-playbook -i hosts-HF config-ec2-prepare-db+web-vm.yml
PLAY [localhost] *********************
TASK: [ec2-webservers | Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [ec2-webservers | Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [ec2-webservers | Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [ec2-dbservers | Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [ec2-dbservers | Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=18 changed=18 unreachable=0 failed=0
- Just to make sure, check that the two instances run properly, and
are in the right security groups, ec2-webservers and ec2-dbservers:
% euca-describe-instances
RESERVATION r-a419f9d9 749335780469 ec2-webservers
INSTANCE i-21b7c441 ami-5d0f8034 ...
RESERVATION r-641efe19 749335780469 ec2-dbservers
INSTANCE i-54a2ab3e ami-5d0f8034 ...
- Next, bring the two freshly setup systems (which are already
capable of acting as ansible targets) up to our basic system setup:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] *********************
TASK: [ping] *********************
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install tcsh] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Add user feyrer] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable ssh login with ssh-key] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install sudo] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Disable ssh logins as root] *********************
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
- Check:
% ssh ec2-54-234-139-151.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
%
% ssh ec2-54-235-44-118.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
- Now that the two machines run with our basline configuration,
install their individual software and settings. First the
database server:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml
PLAY [security_group_ec2-dbservers] *********************
TASK: [Install mysql] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Install MySQL rc.d script] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Start MySQL service] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Setup DB] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Add db-user] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Copy over DB template] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Import DB data] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0
- Check and see if the database works as expected:
% ssh -t ec2-54-235-44-118.compute-1.amazonaws.com mysql -u webapp -p webapp
Enter password: ****
...
mysql> show tables;
+------------------+
| Tables_in_webapp |
+------------------+
| names |
+------------------+
1 row in set (0.01 sec)
mysql> select * from names;
+----+--------+------+
| id | first | last |
+----+--------+------+
| 1 | Donald | Duck |
| 2 | Daisy | Duck |
+----+--------+------+
2 rows in set (0.00 sec)
mysql> bye
- Excellent. Now setup the webserver, too:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install Apache rc.d script] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable and start Apache service] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PHP in Apache config file] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install phpmyadmin] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Fix Apache access control for phpmyadmin] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Create directory for webapp] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Deploy example webapp] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Create webapp symlink for easy access] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
NOTIFIED: [restart apache] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0
- Again, test:
% links -dump ec2-54-234-139-151.compute-1.amazonaws.com/
It works!
%
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/phptest.php | head
PHP Logo
PHP Version 5.3.17
System NetBSD ip-10-80-61-33.ec2.internal 6.0.1 NetBSD 6.0.1
(XEN3PAE_DOMU) i386
Build Date Dec 14 2012 10:31:13
'./configure' '--with-config-file-path=/usr/pkg/etc'
'--with-config-file-scan-dir=/usr/pkg/etc/php.d'
'--sysconfdir=/usr/pkg/etc' '--localstatedir=/var'
%
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/
Showing table hf.names:
Cannot connect to database: Can't connect to local MySQL server through
socket '/tmp/mysql.sock' (2)(2002)
- Close to optimum, but the last error is actually expectet: In
order for proper operation, the Database needs to grant the
webserver access, and the web server needs to know where the
database server is. So let's connect them!
This step is done by preparing a shell script on both systems, which
will then be ran to - depending on the system's security group - perform the
proper steps:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-connections.yml
PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] *********************
TASK: [Collect EC2 host information] *********************
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Prepare connection-script in /tmp/do-connect-vms.sh] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Run connection-script] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0
ec2-54-235-44-118.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0
- With that final step, our test web application works, and the
webserver can access the database properly:
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
So much for this exercise. I'll talk about the ansible and euca2ools
packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like, or
stay tuned to find my presentation and all the data after pkgsrcCon
2013.
[Tags: amazon, ansible, ec2, xen]
|
[20130321]
|
Ansible, EC2 and NetBSD milestone 3 reached: Web and database in the cloud
With the previous work on
setting up a local VM as database and web server
and
setting up a Xen VM in Amazon's EC2 cloud
combined, it is pretty straight forward to setup a EC2 instance that
has all the software to serve a simple web application from the cloud.
The single steps are:
- Prepare the environment with proper time, SSH agent and EC2 firewall groups
- Setup EC2 instance with pkgin and ansible
- Do basic preparations to meet our standards for logins, shells and general usability and security
- Setup database server with DB software, user and import of data
- Setup web server with all the software and some demo application
The following details show all the commands can and their output in
more detail:
- Make sure time is set properly - needed when talking to Amazon EC2:
% sudo sh /etc/rc.d/ntpd stop
ntpd not running? (check /var/run/ntpd.pid).
% sudo sh /etc/rc.d/ntpdate restart
Setting date via ntp.
% sudo sh /etc/rc.d/ntpd start
Starting ntpd.
% date
Sat Mar 16 16:46:19 CET 2013
- Teach our EC2 SSH key to SSH agent, so we don't have to type a
password (which we don't know anyways - EC2 only works with SSH
keys):
% ssh-add -l
Could not open a connection to your authentication agent.
%
% eval `ssh-agent`
Agent pid 10467
% ssh-add -l
The agent has no identities.
% ssh-add ../../euca2ools/key-eucaHF.pem
Identity added: ../../euca2ools/key-eucaHF.pem (../../euca2ools/key-eucaHF.pem)
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA)
- Check security (firewall) groups - those are stored in EC2, and
we
have previously
set them up:
% euca-describe-groups
...
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- See if there are any EC2 instances running:
% euca-describe-instances
%
No - that's fine, we are about to change that!
- Run first playbook to launch EC2 instance and prepare it for
using with ansible:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml
PLAY [localhost] *********************
TASK: [Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0
We now have a EC2 instance running that has Ansible installed:
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ...
- With this EC2 instance, we can do some basic preparations for our
standards, e.g. a login without requiring root (and while there, actually
disable allowing as root), setup sudo and a proper shell:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [ping] *********************
ok: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install tcsh] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add user feyrer] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable ssh login with ssh-key] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install sudo] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Disable ssh logins as root] *********************
ok: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
Let's have a look if things actually work:
% ssh 107.22.69.112 id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
% ssh ec2-107-22-69-112.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
% ssh ec2-107-22-69-112.compute-1.amazonaws.com sudo id
uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)
- Next, install database software and import our demo database, just
as we did in out local VM:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Install mysql] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install MySQL rc.d script] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Start MySQL service] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Setup DB] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add db-user] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Copy over DB template] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Import DB data] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0
Again, let's see if everything works as expected:
% ssh ec2-107-22-69-112.compute-1.amazonaws.com
...
ip-10-202-65-196: {1} mysql -u webapp -p webapp
Enter password: ******
...
mysql> show tables;
+------------------+
| Tables_in_webapp |
+------------------+
| names |
+------------------+
1 row in set (0.00 sec)
mysql> select * from names;
+----+--------+------+
| id | first | last |
+----+--------+------+
| 1 | Donald | Duck |
| 2 | Daisy | Duck |
+----+--------+------+
2 rows in set (0.00 sec)
mysql> exit
Bye
ip-10-202-65-196: {2} exit
logout
Connection to ec2-107-22-69-112.compute-1.amazonaws.com closed.
- Last, add Apache+PHP and our small demo web-application:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install Apache rc.d script] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable and start Apache service] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PHP in Apache config file] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install phpmyadmin] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Fix Apache access control for phpmyadmin] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Create directory for webapp] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Deploy example webapp] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Create webapp symlink for easy access] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
NOTIFIED: [restart apache] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0
- Test!
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/
It works!
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/phptest.php
PHP Logo
PHP Version 5.3.17
System NetBSD ip-10-202-65-196.ec2.internal 6.0.1 NetBSD 6.0.1
(XEN3PAE_DOMU) i386
Build Date Dec 14 2012 10:31:13
...
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
- At this point, everything is setup and can be enjoyed.
If the instance is needed no longer, it can be terminated:
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ...
% euca-terminate-instances i-9fafc2f2
INSTANCE i-9fafc2f2
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 terminated eucaHF ...
What's next on my journey is to put database and webserver into
separate VMs. First one of each, and then see if I find the nerve to
look into a setup with more redundancy.
I'll talk about the ansible and euca2ools packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like!
[Tags: amazon, ansible, apache, ec2, mysql, php, xen]
|
[20130314]
|
Ansible, EC2 and NetBSD milestone 2 reached: Instance preparation and communication
On my quest to use Ansible to get a NetBSD virtual machine into Amazon's EC2
cloud, I've previously
described
how I use ansible to prepare a local machine. Working from a basic NetBSD setup,
the system is setup for basic operation, the configured as both a database server
and a Web/PHP server to serve a small demo application.
Now the next step is to replace the VM with an Amazon EC2 instance.
I have previously written about how to manage Amazon/EC2 NetBSD instances,
and here are the steps that I make to first prepare an EC2 instance with NetBSD and Ansible,
and then use a regular Ansible playbook to talk to all my EC2 instances.
Note that the connection between the machines setup via euca2ools
and ansible is in the security group names. In this case,
the security group "ec2-webservers" is assumed to exist.
- Make sure SSH agent runs and has the EC2 SSH-key added:
% ssh-add -l
Could not open a connection to your authentication agent.
% eval `ssh-agent`
Agent pid 9304
% ssh-add -l
The agent has no identities.
% ssh-add .../key-ec2HF.pem
Identity added: ../../euca2ools/key-ec2HF.pem (../../euca2ools/key-ec2HF.pem)
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-ec2HF.pem (RSA)
%
- When using a VM to talk to EC2, pay special attention that
it has the correct time, else funny things will happen:
% date
Sun Mar 10 14:42:33 CET 2013
- Setup the ec2-webservers security (firewall) group. This is used
both when creating the EC2 instances, and when accessing them.
It's the link between EC2 and Ansible's ec2.py script.
% euca-add-group -d 'Web servers' ec2-webservers
% euca-authorize -P tcp -p 80-80 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P tcp -p 22-22 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P icmp -s 0.0.0.0/0 ec2-webservers
%
% euca-describe-groups
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- List out EC2 instances:
% euca-describe-instances
%
None so far.
- Let's use our playbook to prepare our first EC2 instance:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml
PLAY [localhost] *********************
TASK: [Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," </usr/bootstrap.sh.orig >/usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0
%
- There we go. Let's list it:
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
%
- That worked - excellent! Let's add a few more, just for kicks:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
%
<...wait...>
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce ec2-23-20-42-71.compute-1.amazonaws.com \
ip-10-203-73-195.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:48.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.42.71 10.203.73.195 ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce ec2-23-20-87-176.compute-1.amazonaws.com \
ip-10-116-37-145.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.87.176 10.116.37.145 ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce ec2-54-242-254-237.compute-1.amazonaws.com \
ip-10-195-47-153.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.242.254.237 10.195.47.153 ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce ec2-54-235-232-227.compute-1.amazonaws.com \
ip-10-194-7-72.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.235.232.227 10.194.7.72 ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce ec2-50-16-129-62.compute-1.amazonaws.com \
domU-12-31-39-14-C6-CB.compute-1.internal running ec2HF 0 t1.micro \
2013-03-10T13:55:24.000Z us-east-1d aki-825ea7eb \
monitoring-disabled 50.16.129.62 10.206.197.53 ebs
%
- Let's talk to our EC2 instances now. For that, we use the ec2.py
script, which enumerates all instances:
% ./ec2.py --list
{
"i-2cb9a45f": [
"ec2-54-234-59-5.compute-1.amazonaws.com"
],
"i-40b5a833": [
"ec2-54-242-254-237.compute-1.amazonaws.com"
],
"i-42b5a831": [
"ec2-23-20-87-176.compute-1.amazonaws.com"
],
"i-46b5a835": [
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"i-7cb5a80f": [
"ec2-23-20-42-71.compute-1.amazonaws.com"
],
"i-b2adb0c1": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"key_ec2HF": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"security_group_ec2-webservers": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"type_t1_micro": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1a": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"us-east-1d": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
]
}
- ec2.py can also give us information about one instance:
% ./ec2.py --host ec2-54-234-59-5.compute-1.amazonaws.com
{
"ec2__in_monitoring_element": false,
"ec2_ami_launch_index": "0",
"ec2_architecture": "x86_64",
"ec2_client_token": "",
"ec2_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_eventsSet": "",
"ec2_group_name": "",
"ec2_hypervisor": "xen",
"ec2_id": "i-2cb9a45f",
"ec2_image_id": "ami-a754dbce",
"ec2_instanceState": "",
"ec2_instance_type": "t1.micro",
"ec2_ip_address": "54.234.59.5",
"ec2_item": "",
"ec2_kernel": "aki-825ea7eb",
"ec2_key_name": "ec2HF",
"ec2_launch_time": "2013-03-10T13:47:32.000Z",
"ec2_monitored": false,
"ec2_monitoring": "",
"ec2_networkInterfaceSet": "",
"ec2_persistent": false,
"ec2_placement": "us-east-1a",
"ec2_platform": "",
"ec2_previous_state": "",
"ec2_private_dns_name": "ip-10-243-150-74.ec2.internal",
"ec2_private_ip_address": "10.243.150.74",
"ec2_public_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_ramdisk": "",
"ec2_reason": "",
"ec2_region": "us-east-1",
"ec2_requester_id": "",
"ec2_root_device_name": "/dev/sda1",
"ec2_root_device_type": "ebs",
"ec2_security_group_ids": "sg-a854b3c3",
"ec2_security_group_names": "ec2-webservers",
"ec2_shutdown_state": "",
"ec2_spot_instance_request_id": "",
"ec2_state": "running",
"ec2_state_code": 16,
"ec2_state_reason": "",
"ec2_subnet_id": "",
"ec2_tenancy": "default",
"ec2_virtualization_type": "paravirtual",
"ec2_vpc_id": ""
}
- Now let's use a regular playbook with the ec2.py script to
get a list of all instances in the 'ec2-webservers' group
and then use ansible's ping module on all of them:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
GATHERING FACTS *********************
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
TASK: [ping] *********************
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-23-20-42-71.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-23-20-87-176.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-50-16-129-62.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-234-59-5.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-235-232-227.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-242-254-237.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
%
- Finally, clean up and use euca-terminate-instance to delete all instances:
% euca-describe-instances | grep INSTANCE | awk '{print $2}' | xargs -n 1 euca-terminate-instances
INSTANCE i-60829f13
INSTANCE i-2cb9a45f
INSTANCE i-7cb5a80f
INSTANCE i-42b5a831
INSTANCE i-40b5a833
INSTANCE i-46b5a835
INSTANCE i-b2adb0c1
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:47:32.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:48.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:55:24.000Z us-east-1d \
aki-825ea7eb monitoring-disabled ebs
%
- The terminated instances will be removed by EC2 eventually, and you can start all over.
With the above steps and the previous work to use Ansible to setup
a NetBSD system with basic configuration as database- and webserver
the next step is to put those two things together, and get a
(single) NetBSD machine into the Amazon cloud that serves as
both database and webserver.
Let's stay tune for this to happen!
I'll talk about the ansible and euca2ools packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like!
References:
CapsUnlock blog post,
CentOS Wiki.
[Tags: ansible, ec2, xen]
|
[20130310]
|
Talking to the cloud
After some more hacking, I have a basic understanding
of how to start Amazon NetBSD EC2 instances
using Ansible, fix the instances so they can be used
as targets for further Ansible commands, and then
actually talking to my herd of happy instances.
Here's a teaser:
- Start EC2 instances, put them into ec2-webservers group.
Repeat the following command for more than one instance:
% ansible -i hosts-HF localhost -m ec2 -a 'image=ami-a754dbce instance_type=t1.micro \
key_name=eucaHF group=ec2-webservers'
- Prepare instances for Ansible (omitted - needs cleanup & automation)
- Use Ansible to ping all servers in the ec2-webservers group:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
GATHERING FACTS *********************
ok: [ec2-23-23-15-202.compute-1.amazonaws.com]
ok: [ec2-54-235-230-206.compute-1.amazonaws.com]
TASK: [ping] *********************
ok: [ec2-23-23-15-202.compute-1.amazonaws.com]
ok: [ec2-54-235-230-206.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-23-23-15-202.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-235-230-206.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
[Tags: ansible, ec2, xen]
|
[20130228]
|
Ansible and NetBSD milestone 1 reached: playbooks for system config, web+db servers
In my quest to play with Ansible, I've reached my first milestone:
I now have playbooks that take a basic NetBSD installation,
configure it into a usable base installation, and then add
a MySQL database, Apache and PHP to use it as webserver,
and then deploy a simple web application.
The playbooks are too emberassing to publish, but here
are the steps to get things going:
- Setup NetBSD 6.0 with "base" and "etc" set, also add "pkgin" from menu
- Allow root logins via ssh (for a start, will be changed later)
- Install ansible-1.0nb1 binary package with all its depends
- From a management station, run: ansible-playbook -k -i hosts-HF config-netbsd-basic.yml
- Then, run: ansible-playbook -i hosts-HF config-netbsd-dbserver.yml
- Last, run: ansible-playbook -i hosts-HF config-netbsd-webserver.yml
After that, a simple "phptest()" page, phpmyadmin and
my simple PHP-based web application can be run.
Administration of the system is via SSH and sudo, root
logins were disabled in the first ansible playbook.
Now to tweak the ansible playbooks to look less ugly,
use variables, and then separate database and webserver into
two separate machines - all in preparation to move them
into the Amazon EC2 cloud. Stay tuned!
For the record, here's a log of the three ansible playbooks above,
starting from my basic NetBSD installation that already has pkgin
and ansible:
% ansible-playbook -k -i hosts-HF config-netbsd-basic.yml
SSH password:
PLAY [netbsd] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Install tcsh] *********************
changed: [10.0.0.181]
TASK: [Add user feyrer] *********************
changed: [10.0.0.181]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [10.0.0.181]
TASK: [Enable ssh login with ssh-key] *********************
changed: [10.0.0.181]
TASK: [Install sudo] *********************
changed: [10.0.0.181]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [10.0.0.181]
TASK: [Disable ssh logins as root] *********************
changed: [10.0.0.181]
NOTIFIED: [restart sshd] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0
% ansible-playbook -i hosts-HF config-netbsd-dbserver.yml
PLAY [dbservers] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Install mysql] *********************
changed: [10.0.0.181]
TASK: [Install MySQL rc.d script] *********************
changed: [10.0.0.181]
TASK: [Start MySQL service] *********************
changed: [10.0.0.181]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [10.0.0.181]
TASK: [Setup DB] *********************
changed: [10.0.0.181]
TASK: [Add db-user] *********************
changed: [10.0.0.181]
TASK: [Copy over DB template] *********************
changed: [10.0.0.181]
TASK: [Import DB data] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0
%% ansible-playbook -i hosts-HF config-netbsd-webserver.yml
PLAY [webservers] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [10.0.0.181]
TASK: [Install Apache rc.d script] *********************
changed: [10.0.0.181]
TASK: [Enable and start Apache service] *********************
changed: [10.0.0.181]
TASK: [Enable PHP in Apache config file] *********************
changed: [10.0.0.181] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [10.0.0.181] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [10.0.0.181]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [10.0.0.181]
TASK: [Install phpmyadmin] *********************
changed: [10.0.0.181]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [10.0.0.181]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [10.0.0.181] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Fix Apache access control] *********************
changed: [10.0.0.181]
TASK: [Create directory for webapp] *********************
changed: [10.0.0.181]
TASK: [Deploy example webapp] *********************
changed: [10.0.0.181]
TASK: [Create webapp symlink for easy access] *********************
changed: [10.0.0.181]
NOTIFIED: [restart apache] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=15 changed=14 unreachable=0 failed=0
% links -dump http://10.0.0.181/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
%
[Tags: amazon, ansible, apache, ec2, mysql, php]
|
[20130226]
|
ansible and euca2ools committed to pkgsrc
Finally. Find them in pkgsrc/sysutils/ansible
and pkgsrc/sysutils/euca2ools, and enjoy!
[Tags: ansible, euca2ools, pkgsrc]
|
[20130216]
|
Playing with ansible playbooks on NetBSD
______________________
< TASK: [Install tcsh] >
----------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [10.0.0.181]
[Tags: ansible, pkgin, tcsh]
|
[20130203]
|
Managing Amazon/EC2 NetBSD instances with euca2ools
What and Why
Playing with
ansible,
its "ec2" module came to my attention: it is intended to manage virtual
machines in Amazon's EC2 cloud. The idea is that you describe a system
with the property "needs to run in Amazon's cloud", and ansible then
starts the machine if it isn't there already. In order to get to the point
where this can be played with, a working version of the
euca2ools package was required first.
Packaging was mostly a no-brainer, and a package is currently under review and will end up in pkgsrc eventually.
The more interesting part was to verify if the pkg actually worked as expected.
This proved tricky for two reasons: 1) my overall lack of how to use the
Amazon AWS command line tools (ec2-ami-tools, ec2-api-tools), and 2) the
fact that euca2ools is mostly written for the Eucalyptus Cloud infrastructure,
which just happens to be compatible with Amazon AWS.
To give future parties something to google, here are the steps that to
fire up a NetBSD machine in the Amazon cloud.
How - Prerequirements
A login for Amazon Web Services (AWS) is required, of which the Elastic Cloud Computing (EC2)
Xen infrastructure is a part of. I won't go into details of this, please see
the NetBSD wiki or my article
``NetBSD in der Cloud'' in the German FreeX 5/2012 magazine, pages 58-63, for details.
Before starting, a few environment variables have to be filled
with authentication information.
Log into the Amazon AWS Console,
click on your name in the upper right corner to get to the
"Security Credentials" page, and create an access key if not already present.
Get the acces key ID and the secret key, and put them into environment variables EC2_ACCESS_KEY
and EC2_SECRET_KEY:
% setenv EC2_ACCESS_KEY "AKxxxxxxxxxxxxxxxxxx"
% setenv EC2_SECRET_KEY "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Next create and download a X.509 certificate - make sure to get both
the file with the private key (pk-XXXX.pem) as well as the file
with the public key (cert-XXX.pem). Set the environment variables
EC2_CERT and EC2_PRIVATE_KEY to thos files, respectively:
% setenv EC2_CERT .../cert-XXX.pem
% setenv EC2_PRIVATE_KEY .../pk-XXX.pem
Last, euca2ools want to know what cloud infrastructure to use for
virtual machines (EC2) and storage (S3). Coming from the
Eucalyptus project, the tools can talk to
cloud servers running Eucalyptus, OpenStack and Amazon AWS.
Communication is via HTTP, and the environment variables
EC2_URL and S3_URL have to be set accordingly:
% setenv EC2_URL http://ec2.amazonaws.com
% setenv S3_URL http://s3.amazonaws.com
Last, make sure your system's time is somewhat in sync with reality,
else you will get funny error messages!
So much for the preparations, let's dive into euca2ools.
List Regions and Availability Zones
Amazon's service offers is spread across many data centers across
different regions of the world. The list of regions is available via
the "euca-describe-regions" command:
% euca-describe-regions
REGION eu-west-1 ec2.eu-west-1.amazonaws.com
REGION sa-east-1 ec2.sa-east-1.amazonaws.com
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION us-west-2 ec2.us-west-2.amazonaws.com
REGION us-west-1 ec2.us-west-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
REGION ap-southeast-2 ec2.ap-southeast-2.amazonaws.com
Inside one region, systems
are grouped together in "availability zones" - usually data centers
or separate security zones within (refer to the Amazon documentation
for details). To list the availability zones in one region, use
the "euca-describe-availability-zones" command:
% euca-describe-availability-zones
AVAILABILITYZONE us-east-1a available
AVAILABILITYZONE us-east-1b available
AVAILABILITYZONE us-east-1c available
AVAILABILITYZONE us-east-1d available
To specify what region to talk to there are two ways. The first is to specify the
region name on any of the following commands with the "--region"
option (yuck):
% euca-describe-availability-zones --region eu-west-1
AVAILABILITYZONE eu-west-1a available
AVAILABILITYZONE eu-west-1b available
AVAILABILITYZONE eu-west-1c available
The second one is to adjust your EC2_URL to point to your preferred
region directly:
% setenv EC2_URL http://ec2.eu-west-1.amazonaws.com
% euca-describe-availability-zones --region eu-west-1
AVAILABILITYZONE eu-west-1a available
AVAILABILITYZONE eu-west-1b available
AVAILABILITYZONE eu-west-1c available
Systems and Listing Available Machine Images
Now that we have a basic overview of the cloud infrastructure
with its regions and availability zones, the next questions are
what hardware is available for running virtual machine instances on,
and what operating systems can be put on.
Amazon lists
available hardware configurations on their "instance types" web
sites. Sizes range from Micro Instances with 613MB RAM, up to two CPU
cores and no local harddisk (t1.micro) to Extra Large (XL) Instances
with 15GB RAM, 8 CPU cores and 1.690 GB local harddisk. Many more
configurations are available for situations that require much memory,
much CPU, much IO, or do cluster computing with CPU and GPU.
As for the operating system and software to put on those virtual
machine instances, there is a VERY wide choice available. The
"euca-describe-images --all" command lists all available optione:
% euca-describe-images --all
...
IMAGE ami-abd0d0df 101367081206/NetBSD-i386-6.0-20121015-1054 \
101367081206 available public i386 machine \
aki-64695810 ebs
IMAGE ami-7fc3c30b 101367081206/NetBSD-x86_64-6.0-20121014-1007 \
101367081206 available public x86_64 machine \
aki-62695816 ebs
...
In the output, the configuration is identified by the Amazon Machine
Identifier (AMI), e.g. "ami-7fc3c30b" for a NetBSD 6.0/amd64
instance. This image ID is required when defining what virtual machine
instance to start.
Note that the "euca-describe-images" command depends on the region
setting, so you will get (and need) different output depending on the
region that you intend your instances to run in.
Setup SSH Access
When starting a NetBSD AMI, access will be via SSH to the root
account. For that, a SSH key pair needs to be created with the
"euca-add-keypair" command. The command can write the private key to a
local file, be sure to protect it properly - it will be the only way
of access to the system! Other interesting commands when managing SSH
keys are "euca-describe-keypairs" and "euca-delete-keypair":
% euca-describe-keypairs
% euca-add-keypair -f key-eucaHF.pem eucaHF
KEYPAIR eucaHF b8:e9:05:7e:3a:df:c7:8e:eb:6e:8d:72:ff:77:68:01:e2:03:7e:3e
% euca-describe-keypairs
KEYPAIR eucaHF b8:e9:05:7e:3a:df:c7:8e:eb:6e:8d:72:ff:77:68:01:e2:03:7e:3e
% euca-delete-keypair eucaHF
KEYPAIR eucaHF
% euca-describe-keypairs
%
Of course we want to keep a key for logging with it, so let's re-run
the important part:
% euca-add-keypair -f key-eucaHF.pem eucaHF
KEYPAIR eucaHF 9b:d4:15:09:bc:51:b1:76:5c:db:a3:93:52:f0:d8:08:87:a4:80:c7
% cat key-eucaHF.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAn8rCLhqLyfke+NqeOkqb6BUIbfwBFm/9ddG8ghVt9CUmyKUMRrKFSyaTRreO
...
wA5a3XZuEFw83HdGrhaRgom2ZJ1SEk2889FpAA+yrhveKhDJIe6Zc2rM+crqUWBfnvs=
-----END RSA PRIVATE KEY-----
Manage Virtual Machine Instances
Now that everything is prepared, telling the cloud infrastructure
to find physical hardware, put our preferred operating system
on it, and start it is done with the "euca-run-instance" command:
% euca-run-instances -t t1.micro -k eucaHF ami-7fc3c30b
RESERVATION r-2182506a 749335780469 default
INSTANCE i-2ed60264 ami-7fc3c30b pending \
eucaHF 0 t1.micro 2013-02-03T15:51:49.000Z \
us-east-1b aki-62695816 monitoring-disabled \
ebs
That's actually as complicate as it gets - one command that tells what
hardware to use (t1.micro - can be omitted, a useful default will be
chosen), what SSH key to use for the root account, and what machine
image (AMI) to use are all used here. In return, the command prints a
number of information from the freshly created instance. The one used
in the following commands is the "instance id", "i-2ed60264" in this
example.
When the above command was started, this is a good time to go back to
the Amazon AWS console and have a look at your instances - you will
find the one listed above there now, too!
Instead of the web-based console, the "euca-describe-instances"
command can be used:
% euca-describe-instances
RESERVATION r-2182506a 749335780469 default
INSTANCE i-2ed60264 ami-7fc3c30b ec2-54-228-22-143.compute.amazonaws.com \
ip-10-226-194-20.compute.internal running eucaHF 0 \
t1.micro 2013-02-03T15:51:49.000Z us-east-1b \
aki-62695816 monitoring-disabled \
54.228.22.143 10.226.194.20 ebs
Now this is all nice and dandy, but we have just created a NetBSD
machine in the Amazon cloud. Let's log in!!!1!
To do so, we need the private key file created with the
"euca-add-keypair" command, and the host name. The latter is available
in the list of instances - be sure to use the one within the
"compute.anazonaws.com" domain:
% ssh -i key-eucaHF.pem -l root ec2-54-228-22-143.compute.amazonaws.com
The authenticity of host 'ec2-54-228-22-143.compute.amazonaws.com (54.228.22.143)'
can't be established.
ECDSA key fingerprint is f7:a9:f6:21:fc:d2:0e:46:03:41:f8:d5:c1:72:92:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-54-228-22-143.compute.amazonaws.com,54.228.22.143' (ECDSA)
to the list of known hosts.
NetBSD 6.0 (XEN3_DOMU)
Welcome to NetBSD - Amazon EC2 image!
This system is running a snapshot of a stable branch of the NetBSD
operating system, adapted for running on the Amazon EC2 infrastructure.
The environment is very similar to one provided within a typical Xen domU
installation. It contains a small, autonomous environment (including a
compiler toolchain) that you can run to build your own system.
The file system is lightly populated so you have plenty of space to play with.
Should you need a src or pkgsrc tree, please use the "bootstrap" script found
under /usr to download them. You can also use the script to set up
binary packages using "pkgin":
/usr/bootstrap.sh [src|pkgsrc|binpkg]
This AMI sends email to the maintainer on first boot, to help get
an idea of what is in use at any given time.
You are encouraged to test this image as thoroughly as possible. Should you
encounter any problem, please report it back to the development team using the
send-pr(1) utility (requires a working MTA). If yours is not properly set up,
use the web interface at: http://www.NetBSD.org/support/send-pr.html
Thank you for helping us test and improve NetBSD's quality!
Terminal type is vt220.
We recommend that you create a non-root account and use su(1) for root access.
ip-10-226-194-20# uname -a
NetBSD ip-10-226-194-20.compute.internal 6.0 NetBSD 6.0 (XEN3_DOMU) amd64
ip-10-226-194-20# exit
From here, you are on your own - it's a NetBSD machine, after all.
One word of warning at this point: Amazon AWS is not for free (as you
should be aware from the Preparations step). If you do not need
machines any more, be sure to remove them from the cluster, else this
may drive up your bill for nothing! You can use the
"euca-terminate-instances" command to do just that:
% euca-terminate-instances i-2ed60264
INSTANCE i-2ed60264
When you look at the output of "euca-describe-instances" now, you will
see that the machine's state goes from "running" first to
"shuting-down" then to "terminated" - the cloud infrastructure will
eventually be cleaned up to not list the stale machines any more.
What's next?
As stated above, the whole goal of this exercise is to manage Amazon
EC2 images from ansible. Weekend's mostly over and we will see
where this journey is going. For the time being, I'm happy to hear
about any comments of you using NetBSD on Amazon's EC2, and of
my euca2ools package.
Appendix: euca2ools Cheat Sheet
Environment variables:
setenv EC2_ACCESS_KEY "AKxxxxxxxxxxxxxxxxxx"
setenv EC2_SECRET_KEY "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
setenv EC2_CERT .../cert-XXX.pem
setenv EC2_PRIVATE_KEY .../pk-XXX.pem
setenv EC2_URL http://ec2.amazonaws.com
setenv S3_URL http://s3.amazonaws.com
Regions & availability zones:
euca-describe-regions
euca-describe-availability-zones
euca-describe-availability-zones --region eu-west-1
Change default region:
setenv EC2_URL http://ec2.eu-west-1.amazonaws.com
AMIs:
euca-describe-images --all
SSH Keypairs:
euca-add-keypair -f key-eucaHF.pem eucaHF
euca-describe-keypairs
euca-delete-keypair eucaHF
Instances:
euca-run-instances -k eucaHF ami-7fc3c30b
euca-describe-instances
euca-describe-instances i-96a773dc
ssh -i key-eucaHF.pem ec2-54-328-43-220.compute.amazonaws.com -l root
euca-terminate-instances i-96a773dc
[Tags: amazon, ansible, ec2, euca2ools, eucalyptus]
|
|
Tags: ,
2bsd,
34c3,
3com,
501c3,
64bit,
acl,
acls,
acm,
acorn,
acpi,
acpitz,
adobe,
adsense,
Advocacy,
advocacy,
advogato,
aes,
afs,
aiglx,
aio,
airport,
alereon,
alex,
alix,
alpha,
altq,
am64t,
amazon,
amd64,
anatomy,
ansible,
apache,
apm,
apple,
arkeia,
arla,
arm,
art,
Article,
Articles,
ascii,
asiabsdcon,
aslr,
asterisk,
asus,
atf,
ath,
atheros,
atmel,
audio,
audiocodes,
autoconf,
avocent,
avr32,
aws,
axigen,
azure,
backup,
balloon,
banners,
basename,
bash,
bc,
beaglebone,
benchmark,
bigip,
bind,
blackmouse,
bldgblog,
blog,
blogs,
blosxom,
bluetooth,
board,
bonjour,
books,
boot,
boot-z,
bootprops,
bozohttpd,
bs2000,
bsd,
bsdca,
bsdcan,
bsdcertification,
bsdcg,
bsdforen,
bsdfreak,
bsdmac,
bsdmagazine,
bsdnexus,
bsdnow,
bsdstats,
bsdtalk,
bsdtracker,
bug,
build.sh,
busybox,
buttons,
bzip,
c-jump,
c99,
cafepress,
calendar,
callweaver,
camera,
can,
candy,
capabilities,
card,
carp,
cars,
cauldron,
ccc,
ccd,
cd,
cddl,
cdrom,
cdrtools,
cebit,
centrino,
cephes,
cert,
certification,
cfs,
cgd,
cgf,
checkpointing,
china,
christos,
cisco,
cloud,
clt,
cobalt,
coccinelle,
codian,
colossus,
common-criteria,
community,
compat,
compiz,
compsci,
concept04,
config,
console,
contest,
copyright,
core,
cortina,
coverity,
cpu,
cradlepoint,
cray,
crosscompile,
crunchgen,
cryptography,
csh,
cu,
cuneiform,
curses,
curtain,
cuwin,
cvs,
cvs-digest,
cvsup,
cygwin,
daemon,
daemonforums,
daimer,
danger,
darwin,
data,
date,
dd,
debian,
debugging,
dell,
desktop,
devd,
devfs,
devotionalia,
df,
dfd_keeper,
dhcp,
dhcpcd,
dhcpd,
dhs,
diezeit,
digest,
digests,
dilbert,
dirhash,
disklabel,
distcc,
dmesg,
Docs,
Documentation,
donations,
draco,
dracopkg,
dragonflybsd,
dreamcast,
dri,
driver,
drivers,
drm,
dsl,
dst,
dtrace,
dvb,
ec2,
eclipse,
eeepc,
eeepca,
ehci,
ehsm,
eifel,
elf,
em64t,
Embedded,
embedded,
emips,
emulate,
encoding,
envsys,
eol,
espresso,
etcupdate,
etherip,
euca2ools,
eucalyptus,
eurobsdcon,
eurosys,
Events,
exascale,
ext3,
f5,
facebook,
falken,
fan,
faq,
fatbinary,
features,
fefe,
ffs,
filesystem,
fileysstem,
firefox,
firewire,
fireworks,
flag,
flash,
flashsucks,
flickr,
flyer,
fmslabs,
force10,
fortunes,
fosdem,
fpga,
freebsd,
freedarwin,
freescale,
freex,
freshbsd,
friendlyAam,
friendlyarm,
fritzbox,
froscamp,
fsck,
fss,
fstat,
ftp,
ftpd,
fujitsu,
fun,
fundraising,
funds,
funny,
fuse,
fusion,
g4u,
g5,
galaxy,
games,
gcc,
gdb,
gentoo,
geode,
getty,
gimstix,
git,
gnome,
google,
google-soc,
googlecomputeengine,
gpio,
gpl,
gprs,
gracetech,
gre,
groff,
groupwise,
growfs,
grub,
gumstix,
guug,
gzip,
hackathon,
hackbench,
hal,
hanoi,
happabsd,
Hardware,
hardware,
haze,
hdaudio,
heat,
heimdal,
hf6to4,
hfblog,
hfs,
history,
hosting,
hotplug,
hp,
hp700,
hpcarm,
hpcsh,
hpux,
html,
httpd,
hubertf,
hurd,
i18n,
i386,
i386pkg,
ia64,
ian,
ibm,
ids,
ieee,
ifwatchd,
igd,
iij,
image,
images,
imx233,
imx7,
information,
init,
initrd,
install,
intel,
interix,
internet2,
interview,
interviews,
io,
ioccc,
iostat,
ipbt,
ipfilter,
ipmi,
ipplug,
ipsec,
ipv6,
irbsd,
irc,
irix,
iscsi,
isdn,
iso,
isp,
itojun,
jail,
jails,
japanese,
java,
javascript,
jetson,
jibbed,
jihbed,
jobs,
jokes,
journaling,
kame,
kauth,
kde,
kerberos,
kergis,
kernel,
keyboardcolemak,
kirkwood,
kitt,
kmod,
kolab,
kvm,
kylin,
l10n,
landisk,
laptop,
laptops,
law,
ld.so,
ldap,
lehmanns,
lenovo,
lfs,
libc,
license,
licensing,
linkedin,
links,
linksys,
linux,
linuxtag,
live-cd,
lkm,
localtime,
locate.updatedb,
logfile,
logging,
logo,
logos,
lom,
lte,
lvm,
m68k,
macmini,
macppc,
macromedia,
magicmouse,
mahesha,
mail,
makefs,
malo,
mame,
manpages,
marvell,
matlab,
maus,
max3232,
mbr95,
mbuf,
mca,
mdns,
mediant,
mediapack,
meetbsd,
mercedesbenz,
mercurial,
mesh,
meshcube,
mfs,
mhonarc,
microkernel,
microsoft,
midi,
mini2440,
miniroot,
minix,
mips,
mirbsd,
missile,
mit,
mixer,
mobile-ip,
modula3,
modules,
money,
mouse,
mp3,
mpls,
mprotect,
mtftp,
mult,
multics,
multilib,
multimedia,
music,
mysql,
named,
nas,
nasa,
nat,
ncode,
ncq,
ndis,
nec,
nemo,
neo1973,
netbook,
netboot,
netbsd,
netbsd.se,
nethack,
nethence,
netksb,
netstat,
netwalker,
networking,
neutrino,
nforce,
nfs,
nis,
npf,
npwr,
nroff,
nslu2,
nspluginwrapper,
ntfs-3f,
ntp,
nullfs,
numa,
nvi,
nvidia,
nycbsdcon,
office,
ofppc,
ohloh,
olimex,
olinuxino,
olpc,
onetbsd,
openat,
openbgpd,
openblocks,
openbsd,
opencrypto,
opendarwin,
opengrok,
openmoko,
openoffice,
openpam,
openrisk,
opensolaris,
openssl,
or1k,
oracle,
oreilly,
oscon,
osf1,
osjb,
paas,
packages,
pad,
pae,
pam,
pan,
panasonic,
parallels,
pascal,
patch,
patents,
pax,
paypal,
pc532,
pc98,
pcc,
pci,
pdf,
pegasos,
penguin,
performance,
pexpect,
pf,
pfsync,
pgx32,
php,
pie,
pike,
pinderkent,
pkg_install,
pkg_select,
pkgin,
pkglint,
pkgmanager,
pkgsrc,
pkgsrc.se,
pkgsrccon,
pkgsrcCon,
Platforms,
plathome,
pleiades,
pocketsan,
podcast,
pofacs,
politics,
polls,
polybsd,
portability,
posix,
postinstall,
power3,
powernow,
powerpc,
powerpf,
pppoe,
precedence,
preemption,
prep,
presentations,
prezi,
products,
Products,
proplib,
protectdrive,
proxy,
ps,
ps3,
psp,
psrset,
pthread,
ptp,
ptyfs,
Publications,
puffs,
puredarwin,
pxe,
qemu,
qnx,
qos,
qt,
quality-management,
quine,
quote,
quotes,
r-project,
ra5370,
radio,
radiotap,
raid,
raidframe,
rants,
raptor,
raq,
raspberrypi,
rc.d,
readahead,
realtime,
record,
refuse,
reiserfs,
Release,
releases,
Releases,
releng,
reports,
resize,
restore,
ricoh,
rijndael,
rip,
riscos,
rng,
roadmap,
robopkg,
robot,
robots,
roff,
rootserver,
rotfl,
rox,
rs323,
rs6k,
rss,
ruby,
rump,
rzip,
sa,
safenet,
san,
sata,
savin,
sbsd,
scampi,
scheduler,
scheduling,
schmonz,
sco,
screen,
script,
sdf,
sdtemp,
secmodel,
security,
Security,
sed,
segvguard,
seil,
sendmail,
serial,
serveraptor,
sfu,
sge,
sgi,
sgimips,
sh,
sha2,
shark,
sharp,
shisa,
shutdown,
sidekick,
size,
slackware,
slashdot,
slides,
slit,
smbus,
smp,
sockstat,
soekris,
softdep,
softlayer,
software,
solaris,
sony,
sound,
source,
source-changes,
spanish,
sparc,
sparc64,
spider,
spreadshirt,
spz,
squid,
ssh,
sshfs,
ssp,
statistics,
stereostream,
stickers,
storage,
stty,
studybsd,
subfile,
sudbury,
sudo,
summit,
sun,
sun2,
sun3,
sunfire,
sunpci,
support,
sus,
suse,
sushi,
susv3,
svn,
swcrypto,
symlinks,
sysbench,
sysctl,
sysinst,
sysjail,
syslog,
syspkg,
systat,
systrace,
sysupdate,
t-shirt,
tabs,
talks,
tanenbaum,
tape,
tcp,
tcp/ip,
tcpdrop,
tcpmux,
tcsh,
teamasa,
tegra,
teredo,
termcap,
terminfo,
testdrive,
testing,
tetris,
tex,
TeXlive,
thecus,
theopengroup,
thin-client,
thinkgeek,
thorpej,
threads,
time,
time_t,
timecounters,
tip,
tk1,
tme,
tmp,
tmpfs,
tnf,
toaster,
todo,
toolchain,
top,
torvalds,
toshiba,
touchpanel,
training,
translation,
tso,
tty,
ttyrec,
tulip,
tun,
tuning,
uboot,
ucom,
udf,
ufs,
ukfs,
ums,
unetbootin,
unicos,
unix,
updating,
upnp,
uptime,
usb,
usenix,
useradd,
userconf,
userfriendly,
usermode,
usl,
utc,
utf8,
uucp,
uvc,
uvm,
valgrind,
vax,
vcfe,
vcr,
veriexec,
vesa,
video,
videos,
virtex,
virtualization,
vm,
vmware,
vnd,
vobb,
voip,
voltalinux,
vpn,
vpnc,
vulab,
w-zero3,
wallpaper,
wapbl,
wargames,
wasabi,
webcam,
webfwlog,
wedges,
wgt624v3,
wiki,
willcom,
wimax,
window,
windows,
winmodem,
wireless,
wizd,
wlan,
wordle,
wpa,
wscons,
wstablet,
X,
x.org,
x11,
x2apic,
xbox,
xcast,
Xen,
xen,
xfree,
xfs,
xgalaxy,
xilinx,
xkcd,
xlockmore,
xmms,
xmp,
xorg,
xscale,
youos,
youtube,
zaurus,
zdump,
zfs,
zlib
'nuff.
Grab the RSS-feed,
index,
or go back to my regular NetBSD page
Disclaimer: All opinion expressed here is purely my own.
No responsibility is taken for anything.