Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Puppet repo for ec2 instances
Perl Puppet Shell Ruby
branch: master
Failed to load latest commit information.
manifests
modules
.gitignore Add .gitignore
README.mdown
Vagrantfile Add the last bit to the sample Vagrantfile
build-rpm.sh Fix the fpm command in build-rpm.sh
create-security-groups.pl Fix some typos in create-security-groups.pl
security-group-manager.pl
userscript.sh

README.mdown

About

This puppet repo is meant to work with the Amazon provided AMI. Currently this has been tested with amzn-ami-2011.09.1.x86_64-ebs (ami-7341831a) and Basic 32-bit Amazon Linux AMI 2011.09 (AMI Id: ami-7f418316).

You can use a command like this to fire up an instance:

Micro Instance

ec2-run-instances ami-7341831a -k <KEY_PAIR_NAME> -f ./userscript.sh -t t1.micro --group webserver -z us-east-1d

Small Instance

ec2-run-instances ami-7f418316 -k <KEY_PAIR_NAME> -f ./userscript.sh -t m1.small --group webserver -z us-east-1d

nodes.pp and security groups

EC2 instances come with a standard hostname scheme which means that we must come up with other ways of identifying various nodes. This repo currently supports using the names of security groups to meet this goal. This is why the command above has webserver as the group. In the future there will be also be some custom scripts that turn instance tags into custom facts.

AWS Tools

AMI ami-7341831a comes with many of the Amazon AWS cli tools installed already so there is no need to install them although there are one or two that we will install with this puppet config. It is also helpful to have some of the keys and environment variables set.
The next section covers the private repo which does just that.

The private repo

To be utilized most effectively one might construct a private puppet repo structured like the one below. This repo will be used to hold keys, paths, and values that are specific to the AWS tools.

.
|-- manifests
|   `-- private-nodes.pp
`-- modules
    |-- aws-cf-credentials
    |   |-- files
    |   |   `-- opt
    |   |       `-- aws
    |   |           `-- credential-file
    |   `-- manifests
    |       `-- init.pp
    `-- ec2-api-tools-certs
        |-- files
        |   |-- etc
        |   |   `-- ec2rc
        |   `-- opt
        |       `-- aws
        |           `-- ec2-certs
        |               |-- accesskey.pem
        |               |-- cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
        |               `-- pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
        `-- manifests
            `-- init.pp

./manifests/private-nodes.pp

node default {
    if $ec2_security_groups =~ /admin/ {
        include ec2-api-tools-certs
        include aws-cf-credentials
    } else {
        notify {"No private modules for security group: $ec2_security_groups":}
    }
}

./modules/ec2-api-tools-certs/manifests/init.pp

class ec2-api-tools-certs {

    file { ["/opt/aws/ec2-certs"]:
        ensure => "directory",
    }

    file { "/opt/aws/ec2-certs/accesskey.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/accesskey.pem",
        owner  => "root",
        group  => "root",
        mode   => 600,
    }

    file { "/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }

    file { "/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }

    file { "/etc/ec2rc":
        source => "puppet:///modules/ec2-api-tools-certs/etc/ec2rc",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }
}

./modules/ec2-api-tools-certs/files/etc/ec2rc

#################
# EC2 API TOOLS #
#################
export EC2_CERT=/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
export EC2_PRIVATE_KEY=/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem

#######################
# AWS Cloud Formation #
#######################
export AWS_CREDENTIAL_FILE=/opt/aws/credential-file

./modules/aws-cf-credentials/manifests/init.pp

class aws-cf-credentials {
    file { "/opt/aws/credential-file":
        source => "puppet:///modules/aws-cf-credentials/opt/aws/credential-file",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }
}

./modules/aws-cf-credentials/files/opt/aws/credential-file

AWSAccessKeyId=XXXXXXXXXXXXXXXX
AWSSecretKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Something went wrong with that request. Please try again.