|
[20130314]
|
Ansible, EC2 and NetBSD milestone 2 reached: Instance preparation and communication
On my quest to use Ansible to get a NetBSD virtual machine into Amazon's EC2
cloud, I've previously
described
how I use ansible to prepare a local machine. Working from a basic NetBSD setup,
the system is setup for basic operation, the configured as both a database server
and a Web/PHP server to serve a small demo application.
Now the next step is to replace the VM with an Amazon EC2 instance.
I have previously written about how to manage Amazon/EC2 NetBSD instances,
and here are the steps that I make to first prepare an EC2 instance with NetBSD and Ansible,
and then use a regular Ansible playbook to talk to all my EC2 instances.
Note that the connection between the machines setup via euca2ools
and ansible is in the security group names. In this case,
the security group "ec2-webservers" is assumed to exist.
- Make sure SSH agent runs and has the EC2 SSH-key added:
% ssh-add -l
Could not open a connection to your authentication agent.
% eval `ssh-agent`
Agent pid 9304
% ssh-add -l
The agent has no identities.
% ssh-add .../key-ec2HF.pem
Identity added: ../../euca2ools/key-ec2HF.pem (../../euca2ools/key-ec2HF.pem)
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-ec2HF.pem (RSA)
%
- When using a VM to talk to EC2, pay special attention that
it has the correct time, else funny things will happen:
% date
Sun Mar 10 14:42:33 CET 2013
- Setup the ec2-webservers security (firewall) group. This is used
both when creating the EC2 instances, and when accessing them.
It's the link between EC2 and Ansible's ec2.py script.
% euca-add-group -d 'Web servers' ec2-webservers
% euca-authorize -P tcp -p 80-80 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P tcp -p 22-22 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P icmp -s 0.0.0.0/0 ec2-webservers
%
% euca-describe-groups
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- List out EC2 instances:
% euca-describe-instances
%
None so far.
- Let's use our playbook to prepare our first EC2 instance:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml
PLAY [localhost] *********************
TASK: [Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," </usr/bootstrap.sh.orig >/usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0
%
- There we go. Let's list it:
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
%
- That worked - excellent! Let's add a few more, just for kicks:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
%
<...wait...>
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce ec2-23-20-42-71.compute-1.amazonaws.com \
ip-10-203-73-195.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:48.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.42.71 10.203.73.195 ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce ec2-23-20-87-176.compute-1.amazonaws.com \
ip-10-116-37-145.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.87.176 10.116.37.145 ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce ec2-54-242-254-237.compute-1.amazonaws.com \
ip-10-195-47-153.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.242.254.237 10.195.47.153 ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce ec2-54-235-232-227.compute-1.amazonaws.com \
ip-10-194-7-72.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.235.232.227 10.194.7.72 ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce ec2-50-16-129-62.compute-1.amazonaws.com \
domU-12-31-39-14-C6-CB.compute-1.internal running ec2HF 0 t1.micro \
2013-03-10T13:55:24.000Z us-east-1d aki-825ea7eb \
monitoring-disabled 50.16.129.62 10.206.197.53 ebs
%
- Let's talk to our EC2 instances now. For that, we use the ec2.py
script, which enumerates all instances:
% ./ec2.py --list
{
"i-2cb9a45f": [
"ec2-54-234-59-5.compute-1.amazonaws.com"
],
"i-40b5a833": [
"ec2-54-242-254-237.compute-1.amazonaws.com"
],
"i-42b5a831": [
"ec2-23-20-87-176.compute-1.amazonaws.com"
],
"i-46b5a835": [
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"i-7cb5a80f": [
"ec2-23-20-42-71.compute-1.amazonaws.com"
],
"i-b2adb0c1": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"key_ec2HF": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"security_group_ec2-webservers": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"type_t1_micro": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1a": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"us-east-1d": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
]
}
- ec2.py can also give us information about one instance:
% ./ec2.py --host ec2-54-234-59-5.compute-1.amazonaws.com
{
"ec2__in_monitoring_element": false,
"ec2_ami_launch_index": "0",
"ec2_architecture": "x86_64",
"ec2_client_token": "",
"ec2_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_eventsSet": "",
"ec2_group_name": "",
"ec2_hypervisor": "xen",
"ec2_id": "i-2cb9a45f",
"ec2_image_id": "ami-a754dbce",
"ec2_instanceState": "",
"ec2_instance_type": "t1.micro",
"ec2_ip_address": "54.234.59.5",
"ec2_item": "",
"ec2_kernel": "aki-825ea7eb",
"ec2_key_name": "ec2HF",
"ec2_launch_time": "2013-03-10T13:47:32.000Z",
"ec2_monitored": false,
"ec2_monitoring": "",
"ec2_networkInterfaceSet": "",
"ec2_persistent": false,
"ec2_placement": "us-east-1a",
"ec2_platform": "",
"ec2_previous_state": "",
"ec2_private_dns_name": "ip-10-243-150-74.ec2.internal",
"ec2_private_ip_address": "10.243.150.74",
"ec2_public_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_ramdisk": "",
"ec2_reason": "",
"ec2_region": "us-east-1",
"ec2_requester_id": "",
"ec2_root_device_name": "/dev/sda1",
"ec2_root_device_type": "ebs",
"ec2_security_group_ids": "sg-a854b3c3",
"ec2_security_group_names": "ec2-webservers",
"ec2_shutdown_state": "",
"ec2_spot_instance_request_id": "",
"ec2_state": "running",
"ec2_state_code": 16,
"ec2_state_reason": "",
"ec2_subnet_id": "",
"ec2_tenancy": "default",
"ec2_virtualization_type": "paravirtual",
"ec2_vpc_id": ""
}
- Now let's use a regular playbook with the ec2.py script to
get a list of all instances in the 'ec2-webservers' group
and then use ansible's ping module on all of them:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
GATHERING FACTS *********************
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
TASK: [ping] *********************
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-23-20-42-71.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-23-20-87-176.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-50-16-129-62.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-234-59-5.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-235-232-227.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-242-254-237.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
%
- Finally, clean up and use euca-terminate-instance to delete all instances:
% euca-describe-instances | grep INSTANCE | awk '{print $2}' | xargs -n 1 euca-terminate-instances
INSTANCE i-60829f13
INSTANCE i-2cb9a45f
INSTANCE i-7cb5a80f
INSTANCE i-42b5a831
INSTANCE i-40b5a833
INSTANCE i-46b5a835
INSTANCE i-b2adb0c1
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:47:32.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:48.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:55:24.000Z us-east-1d \
aki-825ea7eb monitoring-disabled ebs
%
- The terminated instances will be removed by EC2 eventually, and you can start all over.
With the above steps and the previous work to use Ansible to setup
a NetBSD system with basic configuration as database- and webserver
the next step is to put those two things together, and get a
(single) NetBSD machine into the Amazon cloud that serves as
both database and webserver.
Let's stay tune for this to happen!
I'll talk about the ansible and euca2ools packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like!
References:
CapsUnlock blog post,
CentOS Wiki.
[Tags: ansible, ec2, xen]
|
