Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Puppet repo for ec2 instances
Perl Puppet Shell Ruby
branch: master
Failed to load latest commit information.
manifests
modules puppet cron will now source /etc/bashrc before it tries to run puppet…
.gitignore Add .gitignore
README.mdown Make another small change
Vagrantfile Add the last bit to the sample Vagrantfile
build-rpm.sh Fix the fpm command in build-rpm.sh
create-security-groups.pl Fix some typos in create-security-groups.pl
security-group-manager.pl Turns out there is already a mongo policy that I can add the admin se…
userscript.sh Make the 'internal' title to 'external'

README.mdown

About

This puppet repo is meant to work with the Amazon provided AMI. Currently this has been tested with amzn-ami-2011.09.1.x86_64-ebs (ami-7341831a) and Basic 32-bit Amazon Linux AMI 2011.09 (AMI Id: ami-7f418316).

You can use a command like this to fire up an instance:

Micro Instance

ec2-run-instances ami-7341831a -k <KEY_PAIR_NAME> -f ./userscript.sh -t t1.micro --group webserver -z us-east-1d

Small Instance

ec2-run-instances ami-7f418316 -k <KEY_PAIR_NAME> -f ./userscript.sh -t m1.small --group webserver -z us-east-1d

nodes.pp and security groups

EC2 instances come with a standard hostname scheme which means that we must come up with other ways of identifying various nodes. This repo currently supports using the names of security groups to meet this goal. This is why the command above has webserver as the group. In the future there will be also be some custom scripts that turn instance tags into custom facts.

AWS Tools

AMI ami-7341831a comes with many of the Amazon AWS cli tools installed already so there is no need to install them although there are one or two that we will install with this puppet config. It is also helpful to have some of the keys and environment variables set.
The next section covers the private repo which does just that.

The private repo

To be utilized most effectively one might construct a private puppet repo structured like the one below. This repo will be used to hold keys, paths, and values that are specific to the AWS tools.

.
|-- manifests
|   `-- private-nodes.pp
`-- modules
    |-- aws-cf-credentials
    |   |-- files
    |   |   `-- opt
    |   |       `-- aws
    |   |           `-- credential-file
    |   `-- manifests
    |       `-- init.pp
    `-- ec2-api-tools-certs
        |-- files
        |   |-- etc
        |   |   `-- ec2rc
        |   `-- opt
        |       `-- aws
        |           `-- ec2-certs
        |               |-- accesskey.pem
        |               |-- cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
        |               `-- pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
        `-- manifests
            `-- init.pp

./manifests/private-nodes.pp

node default {
    if $ec2_security_groups =~ /admin/ {
        include ec2-api-tools-certs
        include aws-cf-credentials
    } else {
        notify {"No private modules for security group: $ec2_security_groups":}
    }
}

./modules/ec2-api-tools-certs/manifests/init.pp

class ec2-api-tools-certs {

    file { ["/opt/aws/ec2-certs"]:
        ensure => "directory",
    }

    file { "/opt/aws/ec2-certs/accesskey.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/accesskey.pem",
        owner  => "root",
        group  => "root",
        mode   => 600,
    }

    file { "/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }

    file { "/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem":
        source => "puppet:///modules/ec2-api-tools-certs/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }

    file { "/etc/ec2rc":
        source => "puppet:///modules/ec2-api-tools-certs/etc/ec2rc",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }
}

./modules/ec2-api-tools-certs/files/etc/ec2rc

#################
# EC2 API TOOLS #
#################
export EC2_CERT=/opt/aws/ec2-certs/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem
export EC2_PRIVATE_KEY=/opt/aws/ec2-certs/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem

#######################
# AWS Cloud Formation #
#######################
export AWS_CREDENTIAL_FILE=/opt/aws/credential-file

./modules/aws-cf-credentials/manifests/init.pp

class aws-cf-credentials {
    file { "/opt/aws/credential-file":
        source => "puppet:///modules/aws-cf-credentials/opt/aws/credential-file",
        owner  => "root",
        group  => "root",
        mode   => 644,
    }
}

./modules/aws-cf-credentials/files/opt/aws/credential-file

AWSAccessKeyId=XXXXXXXXXXXXXXXX
AWSSecretKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Something went wrong with that request. Please try again.