Bootstrapping AWS
Exploring User Space
About Me
- Developer at JumpCloud
- Developing professionally for 2 years
- Love all things Web-oriented
The Problem
Configuration management tools often require servers to be configured prior to actually working
Some Solutions
- Manual: SSH in to the machine each time
- Heavy: Maintain your own AMIs/Snapshots
Enter the User Space
- Amazon's implementation of Cloud-Init
aws ec2 run-instances --user-data file://scriptUser Space
- Only runs on the first launch of an instance
- Must start with
#! - Runs as
root - Does not run interactively
- Output is by default logged to:
/var/log/cloud-init.log
Cloud Directives
- Define certain things in a human readable form
- Begins with
#cloud-config - YAML syntax
Cloud Directives
- Add Users and Groups
- Write out files
- Add Repos and Packages
- Configure Trusted Certs
- Configure DNS
- Install and run Chef/Puppet
- Adjust Mount Points
- Call a URL when finished
Setup Puppet
#cloud-config
puppet:
conf:
agent:
server: "puppetmaster.example.org"
# instanceid.fqdn
certname: "%i.%f"
ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Setting up a yum repo
yum_repos:
epel-testing:
baseurl: http://download.fedoraproject.org/pub/epel/testing/5/$basearch
enabled: false
failovermethod: priority
gpgcheck: true
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
name: Extra Packages for Enterprise Linux 5 - Testing
Limitations of User Space
Security
No way to change instance user-data after initialization. Anyone with access to http://169.254.169.254/latest/user-data can read it.