Bootstrapping AWS #

Exploring User Space #

@mikekusold

About Me #

  • Developer at JumpCloud
  • Developing professionally for 2 years
  • Love all things Web-oriented

The Problem #

Configuration management tools often require servers to be configured prior to actually working

Some Solutions #

  • Manual: SSH in to the machine each time
  • Heavy: Maintain your own AMIs/Snapshots

Enter the User Space #

Amazon’s implementation of Cloud-Init

User Data

aws ec2 run-instances --user-data file://script

User Space #

  • Only runs on the first launch of an instance
  • Must start with #!
  • Runs as root
  • Does not run interactively
  • Output is by default logged to: /var/log/cloud-init.log

Cloud Directives #

  • Define certain things in a human readable form
  • Begins with #cloud-config
  • YAML syntax

Cloud Directives #

  • Add Users and Groups
  • Write out files
  • Add Repos and Packages
  • Configure Trusted Certs
  • Configure DNS
  • Install and run Chef/Puppet
  • Adjust Mount Points
  • Call a URL when finished

Setup Puppet #

#cloud-config
puppet:
  conf:
    agent:
      server: "puppetmaster.example.org"
      # instanceid.fqdn
      certname: "%i.%f"
    ca_cert: |
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----      

Setting up a yum repo #

yum_repos:
    epel-testing:
        baseurl: http://download.fedoraproject.org/pub/epel/testing/5/$basearch
        enabled: false
        failovermethod: priority
        gpgcheck: true
        gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
        name: Extra Packages for Enterprise Linux 5 - Testing

Limitations of User Space #

  • Not all directives listed in the Cloud-Init Docs work on all flavors of Linux
  • User-Data is limited to 16KB

Security #

No way to change instance user-data after initialization. Anyone with access to http://169.254.169.254/latest/user-data can read it.

Questions? #

@mikekusold

[email protected]