hubertf's NetBSD blog

hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!

[20130409]	NetBSD is part of Google's Summer of Code 2013 News is out that NetBSD is part of Google's Summer of Code 2013 (GSoC) again. GSoC is about students doing work for Open Source projects over the summer, and getting paid while doing so. By Google. For projects proposed by both students and the Open Source projects. Click on the above link for more information on GSoC in general, there is also a list of proposed projects for this year in NetBSD. Next steps are: April 9 - 21: Would-be student participants discuss application ideas with mentoring organizations. April 22, 19:00 UTC: Student application period opens. May 3, 19:00 UTC: Student application deadline. Interim Period: Mentoring organizations review and rank student proposals; where necessary, mentoring organizations may request further proposal detail from the student applicant. May 6: Mentoring organizations should have requested slots via their profile in Melange by this point. May 8: Slot allocations published to mentoring organizations From there, students work on their projects with the help of their mentors. There's a "midterm" report due with a first part of the money paid, the rest is paid if the project is finished successfully. During the project, students are encouraged to publish news about their process to the world in blogs and other ways found appropriate by their mentoring organizations. Past NetBSD projects can be found on SourceForce. Interested? Act now! [Tags: google-soc]
[20130324]	Ansible & EC2 - Playbooks for orchestrating NetBSD into the cloud As follower of my blog you have seen the steps towards getting NetBSD instances started in Amazon's EC2 cloud with a simple web application deployed on one EC2 instance and the database on another one. These blog articles were very detailed on purpose, to have full logfiles available just in case needed. I have used these logs to prepare my pkgsrcCon 2013 talk about Ansible and Amazon's EC2, so things can be looked at without actually running anything. As it turns out this was good, because the 32bit NetBSD instances that I've used during my pkgsrcCon demonstration actually decided to do a kernel panic, and the presentation was a bit more on the theoretical side than I originally planned. Now after pkgsrcCon is over, I would like to publish the presentation slides with all the details, and especially the playbooks and all other files to look at - enjoy! [Tags: amazon, ansible, aws, ec2, pkgsrc, xen]
[20130321]	Ansible, EC2 and NetBSD final milestone 4 reached: Web and DB on separate VMs in the cloud In the fourth and last step on my journey to use Ansible to bring a non-trivial system of a Web server and a DB server into Amazon's EC2 cloud, this is the final step. After starting out with a local VMware VM and making first steps with Ansible and EC2, the previous step was to push a single system into the cloud. Now, the final step is to setup two distinct VMs, one for the database and one for the webserver, and then make them known to each other. The single steps are: Prepare the two VMs Basic setup for all systems Install the database server Install the webserver Connect database and webserver Again, here are all the steps in detail: As before, ensure local time is correct when talking to Amazon, and also make sure the SSH agent has the proper key loaded. % date Thu Mar 21 00:45:37 CET 2013 % ssh-add -l 2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA) Make sure security groups are setup properly. We use one group for the database server, and one for the webserver. This defines the access permissions from the internet, and also allows to identify systems for their individual configuration and also for connecting them in the final step: % euca-describe-groups ... GROUP sg-ae54b3c5 749335780469 ec2-dbservers Database servers PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 3306 3306 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-dbservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 Now, run our playbook to setup the two VMs. This uses the single playbook from the previous milestone, and just runs it twice with different security groups: % ansible-playbook -i hosts-HF config-ec2-prepare-db+web-vm.yml PLAY [localhost] ******************* TASK: [ec2-webservers \| Launch new EC2 instance] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Give the system 30 seconds to boot up] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Fix /usr/bootstrap.sh to run pkgin with -y] ***************** changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [ec2-webservers \| Install pkgin via /usr/bootstrap.sh] ***************** changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [ec2-webservers \| Copy over Ansible binary package] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Install Ansible dependencies] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Install Ansible package (manually)] ***************** changed: [127.0.0.1] TASK: [ec2-webservers \| Setup lame /usr/bin/python symlink] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Launch new EC2 instance] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Give the system 30 seconds to boot up] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Fix /usr/bootstrap.sh to run pkgin with -y] ***************** changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [ec2-dbservers \| Install pkgin via /usr/bootstrap.sh] ***************** changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [ec2-dbservers \| Copy over Ansible binary package] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Install Ansible dependencies] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Install Ansible package (manually)] ***************** changed: [127.0.0.1] TASK: [ec2-dbservers \| Setup lame /usr/bin/python symlink] ***************** changed: [127.0.0.1] PLAY RECAP ***************** 127.0.0.1 : ok=18 changed=18 unreachable=0 failed=0 Just to make sure, check that the two instances run properly, and are in the right security groups, ec2-webservers and ec2-dbservers: % euca-describe-instances RESERVATION r-a419f9d9 749335780469 ec2-webservers INSTANCE i-21b7c441 ami-5d0f8034 ... RESERVATION r-641efe19 749335780469 ec2-dbservers INSTANCE i-54a2ab3e ami-5d0f8034 ... Next, bring the two freshly setup systems (which are already capable of acting as ansible targets) up to our basic system setup: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] ***************** TASK: [ping] ***************** ok: [ec2-54-235-44-118.compute-1.amazonaws.com] ok: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install tcsh] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Add user feyrer] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Create ~feyrer/.ssh directory] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable ssh login with ssh-key] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install sudo] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Disable ssh logins as root] ***************** ok: [ec2-54-235-44-118.compute-1.amazonaws.com] ok: [ec2-54-234-139-151.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-54-234-139-151.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0 ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0 Check: % ssh ec2-54-234-139-151.compute-1.amazonaws.com id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) % % ssh ec2-54-235-44-118.compute-1.amazonaws.com id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) Now that the two machines run with our basline configuration, install their individual software and settings. First the database server: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml PLAY [security_group_ec2-dbservers] ***************** TASK: [Install mysql] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Install MySQL rc.d script] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Start MySQL service] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Install python-mysqldb (for mysql_user module)] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Setup DB] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Add db-user] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Copy over DB template] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Import DB data] ***************** changed: [ec2-54-235-44-118.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0 Check and see if the database works as expected: % ssh -t ec2-54-235-44-118.compute-1.amazonaws.com mysql -u webapp -p webapp Enter password: **** ... mysql> show tables; +------------------+ \| Tables_in_webapp \| +------------------+ \| names \| +------------------+ 1 row in set (0.01 sec) mysql> select * from names; +----+--------+------+ \| id \| first \| last \| +----+--------+------+ \| 1 \| Donald \| Duck \| \| 2 \| Daisy \| Duck \| +----+--------+------+ 2 rows in set (0.00 sec) mysql> bye Excellent. Now setup the webserver, too: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml PLAY [security_group_ec2-webservers] ***************** TASK: [Installing ap24-php53 package and dependencies] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install Apache rc.d script] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable and start Apache service] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PHP in Apache config file] ******************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'LoadModule.mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'AddHandler.x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'}) TASK: [Make Apache read index.php] ******************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install phpmyadmin] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable phpmyadmin in Apache config] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Fix Apache access control for phpmyadmin] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PHP modules in PHP config file] ******************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.zlib.so', 'l': 'extension=zlib.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.zip.so', 'l': 'extension=zip.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.mysqli.so', 'l': 'extension=mysqli.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.mysql.so', 'l': 'extension=mysql.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.mcrypt.so', 'l': 'extension=mcrypt.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.mbstring.so', 'l': 'extension=mbstring.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.json.so', 'l': 'extension=json.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.gd.so', 'l': 'extension=gd.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.gettext.so', 'l': 'extension=gettext.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.bz2.so', 'l': 'extension=bz2.so'}) TASK: [Create directory for webapp] ******************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Deploy example webapp] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Create webapp symlink for easy access] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] NOTIFIED: [restart apache] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-54-234-139-151.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0 Again, test: % links -dump ec2-54-234-139-151.compute-1.amazonaws.com/ It works! % % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/phptest.php \| head PHP Logo PHP Version 5.3.17 System NetBSD ip-10-80-61-33.ec2.internal 6.0.1 NetBSD 6.0.1 (XEN3PAE_DOMU) i386 Build Date Dec 14 2012 10:31:13 './configure' '--with-config-file-path=/usr/pkg/etc' '--with-config-file-scan-dir=/usr/pkg/etc/php.d' '--sysconfdir=/usr/pkg/etc' '--localstatedir=/var' % % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/ Showing table hf.names: Cannot connect to database: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)(2002) Close to optimum, but the last error is actually expectet: In order for proper operation, the Database needs to grant the webserver access, and the web server needs to know where the database server is. So let's connect them! This step is done by preparing a shell script on both systems, which will then be ran to - depending on the system's security group - perform the proper steps: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-connections.yml PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] ***************** TASK: [Collect EC2 host information] ***************** ok: [ec2-54-234-139-151.compute-1.amazonaws.com] ok: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Prepare connection-script in /tmp/do-connect-vms.sh] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Run connection-script] ***************** changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-54-234-139-151.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0 ec2-54-235-44-118.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0 With that final step, our test web application works, and the webserver can access the database properly: % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/** Showing table hf.names: +--------------------+ \| id \| first \| last \| \|----+--------+------\| \| 1 \| Donald \| Duck \| \|----+--------+------\| \| 2 \| Daisy \| Duck \| +--------------------+ ---------------------------------------------------------------------- Enter new values: first: _____________________ last: _____________________ [ Submit ] So much for this exercise. I'll talk about the ansible and euca2ools packages at pkgsrcCon 2013 in Berlin. Join in if you're curious about what the actual playbooks used in the above examples look like, or stay tuned to find my presentation and all the data after pkgsrcCon 2013. [Tags: amazon, ansible, ec2, xen]
[20130321]	Happy 20th Birthday, NetBSD! (Update) 20 years back from today, NetBSD was initially checked into CVS. Revision 1.1 of src/Makefile was committed on March 21st 1993 on 09:45:37 by Chris Demetriou (cgd@): % cvs log -Nr1.1 Makefile ... revision 1.1 date: 1993/03/21 09:45:37; author: cgd; state: Exp; branches: 1.1.1; Initial revision NetBSD was started as successor to the Berkeley System Distribution (BSD) Unix with a focus on multiplatform support. Personally, I've followed NetBSD since the day in 1993 when the Amiga port popped up, which was the first platform that the newly forked operating system was ported to after its separation from BSD. Many things have happened in the past 20 years, and a lot could be shown and told for the history books at this point. But I guess that can be done later - I'd be happy to help out with such a project if someone wants to start it, though :) For today I'm very happy that NetBSD is available on a wide range on platforms, runs the software that I want and gives me the assurrance it will be around tomorrow and hopefully for the next 20 years, too. Cheers, NetBSD! Update: Jeremy Reed pointed me at his BSDnewletter posting, which gives a number of details of NetBSD's history. Recommended reading! [Tags: history, netbsd]
[20130321]	Ansible, EC2 and NetBSD milestone 3 reached: Web and database in the cloud With the previous work on setting up a local VM as database and web server and setting up a Xen VM in Amazon's EC2 cloud combined, it is pretty straight forward to setup a EC2 instance that has all the software to serve a simple web application from the cloud. The single steps are: Prepare the environment with proper time, SSH agent and EC2 firewall groups Setup EC2 instance with pkgin and ansible Do basic preparations to meet our standards for logins, shells and general usability and security Setup database server with DB software, user and import of data Setup web server with all the software and some demo application The following details show all the commands can and their output in more detail: Make sure time is set properly - needed when talking to Amazon EC2: % sudo sh /etc/rc.d/ntpd stop ntpd not running? (check /var/run/ntpd.pid). % sudo sh /etc/rc.d/ntpdate restart Setting date via ntp. % sudo sh /etc/rc.d/ntpd start Starting ntpd. % date Sat Mar 16 16:46:19 CET 2013 Teach our EC2 SSH key to SSH agent, so we don't have to type a password (which we don't know anyways - EC2 only works with SSH keys): % ssh-add -l Could not open a connection to your authentication agent. % % eval `ssh-agent` Agent pid 10467 % ssh-add -l The agent has no identities. % ssh-add ../../euca2ools/key-eucaHF.pem Identity added: ../../euca2ools/key-eucaHF.pem (../../euca2ools/key-eucaHF.pem) % ssh-add -l 2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA) Check security (firewall) groups - those are stored in EC2, and we have previously set them up: % euca-describe-groups ... GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 See if there are any EC2 instances running: % euca-describe-instances % No - that's fine, we are about to change that! Run first playbook to launch EC2 instance and prepare it for using with ansible: % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml PLAY [localhost] ******************* TASK: [Launch new EC2 instance] ***************** changed: [127.0.0.1] TASK: [Give the system 30 seconds to boot up] ***************** changed: [127.0.0.1] TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ***************** changed: [127.0.0.1] TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] ***************** changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [Install pkgin via /usr/bootstrap.sh] ***************** changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [Copy over Ansible binary package] ***************** changed: [127.0.0.1] TASK: [Install Ansible dependencies] ***************** changed: [127.0.0.1] TASK: [Install Ansible package (manually)] ***************** changed: [127.0.0.1] TASK: [Setup lame /usr/bin/python symlink] ***************** changed: [127.0.0.1] PLAY RECAP ***************** 127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0 We now have a EC2 instance running that has Ansible installed: % euca-describe-instances RESERVATION r-d77272ad 749335780469 ec2-webservers INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ... With this EC2 instance, we can do some basic preparations for our standards, e.g. a login without requiring root (and while there, actually disable allowing as root), setup sudo and a proper shell: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml PLAY [security_group_ec2-webservers] ***************** TASK: [ping] ***************** ok: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install tcsh] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Add user feyrer] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Create ~feyrer/.ssh directory] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable ssh login with ssh-key] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install sudo] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Disable ssh logins as root] ***************** ok: [ec2-107-22-69-112.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0 Let's have a look if things actually work: % ssh 107.22.69.112 id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) % ssh ec2-107-22-69-112.compute-1.amazonaws.com id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) % ssh ec2-107-22-69-112.compute-1.amazonaws.com sudo id uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest) Next, install database software and import our demo database, just as we did in out local VM: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml PLAY [security_group_ec2-webservers] ***************** TASK: [Install mysql] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install MySQL rc.d script] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Start MySQL service] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install python-mysqldb (for mysql_user module)] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Setup DB] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Add db-user] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Copy over DB template] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Import DB data] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0 Again, let's see if everything works as expected: % ssh ec2-107-22-69-112.compute-1.amazonaws.com ... ip-10-202-65-196: {1} mysql -u webapp -p webapp Enter password: ** ... mysql> show tables; +------------------+ \| Tables_in_webapp \| +------------------+ \| names \| +------------------+ 1 row in set (0.00 sec) mysql> select * from names; +----+--------+------+ \| id \| first \| last \| +----+--------+------+ \| 1 \| Donald \| Duck \| \| 2 \| Daisy \| Duck \| +----+--------+------+ 2 rows in set (0.00 sec) mysql> exit Bye ip-10-202-65-196: {2} exit logout Connection to ec2-107-22-69-112.compute-1.amazonaws.com closed. Last, add Apache+PHP and our small demo web-application: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml PLAY [security_group_ec2-webservers] ***************** TASK: [Installing ap24-php53 package and dependencies] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install Apache rc.d script] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable and start Apache service] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable PHP in Apache config file] ******************* changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'LoadModule.mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'AddHandler.x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'}) TASK: [Make Apache read index.php] ******************* changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Install phpmyadmin] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable phpmyadmin in Apache config] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Fix Apache access control for phpmyadmin] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Enable PHP modules in PHP config file] ******************* changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.zlib.so', 'l': 'extension=zlib.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.zip.so', 'l': 'extension=zip.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.mysqli.so', 'l': 'extension=mysqli.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.mysql.so', 'l': 'extension=mysql.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.mcrypt.so', 'l': 'extension=mcrypt.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.mbstring.so', 'l': 'extension=mbstring.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.json.so', 'l': 'extension=json.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.gd.so', 'l': 'extension=gd.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.gettext.so', 'l': 'extension=gettext.so'}) changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.bz2.so', 'l': 'extension=bz2.so'}) TASK: [Create directory for webapp] ******************* changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Deploy example webapp] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] TASK: [Create webapp symlink for easy access] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] NOTIFIED: [restart apache] ***************** changed: [ec2-107-22-69-112.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-107-22-69-112.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0 Test! % links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/ It works! % links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/phptest.php PHP Logo PHP Version 5.3.17 System NetBSD ip-10-202-65-196.ec2.internal 6.0.1 NetBSD 6.0.1 (XEN3PAE_DOMU) i386 Build Date Dec 14 2012 10:31:13 ... % links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/webapp/ Showing table hf.names: +--------------------+ \| id \| first \| last \| \|----+--------+------\| \| 1 \| Donald \| Duck \| \|----+--------+------\| \| 2 \| Daisy \| Duck \| +--------------------+ ---------------------------------------------------------------------- Enter new values: first: _____________________ last: _____________________ [ Submit ] At this point, everything is setup and can be enjoyed. If the instance is needed no longer, it can be terminated: % euca-describe-instances RESERVATION r-d77272ad 749335780469 ec2-webservers INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ... % euca-terminate-instances i-9fafc2f2 INSTANCE i-9fafc2f2 % euca-describe-instances RESERVATION r-d77272ad 749335780469 ec2-webservers INSTANCE i-9fafc2f2 ami-5d0f8034 terminated eucaHF ... What's next on my journey is to put database and webserver into separate VMs. First one of each, and then see if I find the nerve to look into a setup with more redundancy. Shameless plug:** I'll talk about the ansible and euca2ools packages at pkgsrcCon 2013 in Berlin. Join in if you're curious about what the actual playbooks used in the above examples look like! [Tags: amazon, ansible, apache, ec2, mysql, php, xen]
[20130314]	Ansible, EC2 and NetBSD milestone 2 reached: Instance preparation and communication On my quest to use Ansible to get a NetBSD virtual machine into Amazon's EC2 cloud, I've previously described how I use ansible to prepare a local machine. Working from a basic NetBSD setup, the system is setup for basic operation, the configured as both a database server and a Web/PHP server to serve a small demo application. Now the next step is to replace the VM with an Amazon EC2 instance. I have previously written about how to manage Amazon/EC2 NetBSD instances, and here are the steps that I make to first prepare an EC2 instance with NetBSD and Ansible, and then use a regular Ansible playbook to talk to all my EC2 instances. Note that the connection between the machines setup via euca2ools and ansible is in the security group names. In this case, the security group "ec2-webservers" is assumed to exist. Make sure SSH agent runs and has the EC2 SSH-key added: % ssh-add -l Could not open a connection to your authentication agent. % eval `ssh-agent` Agent pid 9304 % ssh-add -l The agent has no identities. % ssh-add .../key-ec2HF.pem Identity added: ../../euca2ools/key-ec2HF.pem (../../euca2ools/key-ec2HF.pem) % ssh-add -l 2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-ec2HF.pem (RSA) % When using a VM to talk to EC2, pay special attention that it has the correct time, else funny things will happen: % date Sun Mar 10 14:42:33 CET 2013 Setup the ec2-webservers security (firewall) group. This is used both when creating the EC2 instances, and when accessing them. It's the link between EC2 and Ansible's ec2.py script. % euca-add-group -d 'Web servers' ec2-webservers % euca-authorize -P tcp -p 80-80 -s 0.0.0.0/0 ec2-webservers % euca-authorize -P tcp -p 22-22 -s 0.0.0.0/0 ec2-webservers % euca-authorize -P icmp -s 0.0.0.0/0 ec2-webservers % % euca-describe-groups GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 List out EC2 instances: % euca-describe-instances % None so far. Let's use our playbook to prepare our first EC2 instance: % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml PLAY [localhost] ******************* TASK: [Launch new EC2 instance] ***************** changed: [127.0.0.1] TASK: [Give the system 30 seconds to boot up] ***************** changed: [127.0.0.1] TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ***************** changed: [127.0.0.1] TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] ***************** changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," </usr/bootstrap.sh.orig >/usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [Install pkgin via /usr/bootstrap.sh] ***************** changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [Copy over Ansible binary package] ***************** changed: [127.0.0.1] TASK: [Install Ansible dependencies] ***************** changed: [127.0.0.1] TASK: [Install Ansible package (manually)] ***************** changed: [127.0.0.1] TASK: [Setup lame /usr/bin/python symlink] ***************** changed: [127.0.0.1] PLAY RECAP ***************** 127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0 % There we go. Let's list it: % euca-describe-instances RESERVATION r-bb3b6ac1 749335780469 ec2-webservers INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \ ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 54.234.59.5 10.243.150.74 ebs % That worked - excellent! Let's add a few more, just for kicks: % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null & % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null & % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null & % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null & % ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null & % <...wait...> % euca-describe-instances RESERVATION r-bb3b6ac1 749335780469 ec2-webservers INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \ ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 54.234.59.5 10.243.150.74 ebs RESERVATION r-8b3c6df1 749335780469 ec2-webservers INSTANCE i-7cb5a80f ami-a754dbce ec2-23-20-42-71.compute-1.amazonaws.com \ ip-10-203-73-195.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:50:48.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 23.20.42.71 10.203.73.195 ebs RESERVATION r-733f6e09 749335780469 ec2-webservers INSTANCE i-42b5a831 ami-a754dbce ec2-23-20-87-176.compute-1.amazonaws.com \ ip-10-116-37-145.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 23.20.87.176 10.116.37.145 ebs RESERVATION r-713f6e0b 749335780469 ec2-webservers INSTANCE i-40b5a833 ami-a754dbce ec2-54-242-254-237.compute-1.amazonaws.com \ ip-10-195-47-153.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 54.242.254.237 10.195.47.153 ebs RESERVATION r-773f6e0d 749335780469 ec2-webservers INSTANCE i-46b5a835 ami-a754dbce ec2-54-235-232-227.compute-1.amazonaws.com \ ip-10-194-7-72.ec2.internal running ec2HF 0 t1.micro \ 2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \ monitoring-disabled 54.235.232.227 10.194.7.72 ebs RESERVATION r-b72475cd 749335780469 ec2-webservers INSTANCE i-b2adb0c1 ami-a754dbce ec2-50-16-129-62.compute-1.amazonaws.com \ domU-12-31-39-14-C6-CB.compute-1.internal running ec2HF 0 t1.micro \ 2013-03-10T13:55:24.000Z us-east-1d aki-825ea7eb \ monitoring-disabled 50.16.129.62 10.206.197.53 ebs % Let's talk to our EC2 instances now. For that, we use the ec2.py script, which enumerates all instances: % ./ec2.py --list { "i-2cb9a45f": [ "ec2-54-234-59-5.compute-1.amazonaws.com" ], "i-40b5a833": [ "ec2-54-242-254-237.compute-1.amazonaws.com" ], "i-42b5a831": [ "ec2-23-20-87-176.compute-1.amazonaws.com" ], "i-46b5a835": [ "ec2-54-235-232-227.compute-1.amazonaws.com" ], "i-7cb5a80f": [ "ec2-23-20-42-71.compute-1.amazonaws.com" ], "i-b2adb0c1": [ "ec2-50-16-129-62.compute-1.amazonaws.com" ], "key_ec2HF": [ "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2-23-20-42-71.compute-1.amazonaws.com", "ec2-23-20-87-176.compute-1.amazonaws.com", "ec2-54-242-254-237.compute-1.amazonaws.com", "ec2-54-235-232-227.compute-1.amazonaws.com", "ec2-50-16-129-62.compute-1.amazonaws.com" ], "security_group_ec2-webservers": [ "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2-23-20-42-71.compute-1.amazonaws.com", "ec2-23-20-87-176.compute-1.amazonaws.com", "ec2-54-242-254-237.compute-1.amazonaws.com", "ec2-54-235-232-227.compute-1.amazonaws.com", "ec2-50-16-129-62.compute-1.amazonaws.com" ], "type_t1_micro": [ "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2-23-20-42-71.compute-1.amazonaws.com", "ec2-23-20-87-176.compute-1.amazonaws.com", "ec2-54-242-254-237.compute-1.amazonaws.com", "ec2-54-235-232-227.compute-1.amazonaws.com", "ec2-50-16-129-62.compute-1.amazonaws.com" ], "us-east-1": [ "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2-23-20-42-71.compute-1.amazonaws.com", "ec2-23-20-87-176.compute-1.amazonaws.com", "ec2-54-242-254-237.compute-1.amazonaws.com", "ec2-54-235-232-227.compute-1.amazonaws.com", "ec2-50-16-129-62.compute-1.amazonaws.com" ], "us-east-1a": [ "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2-23-20-42-71.compute-1.amazonaws.com", "ec2-23-20-87-176.compute-1.amazonaws.com", "ec2-54-242-254-237.compute-1.amazonaws.com", "ec2-54-235-232-227.compute-1.amazonaws.com" ], "us-east-1d": [ "ec2-50-16-129-62.compute-1.amazonaws.com" ] } ec2.py can also give us information about one instance: % ./ec2.py --host ec2-54-234-59-5.compute-1.amazonaws.com { "ec2__in_monitoring_element": false, "ec2_ami_launch_index": "0", "ec2_architecture": "x86_64", "ec2_client_token": "", "ec2_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2_eventsSet": "", "ec2_group_name": "", "ec2_hypervisor": "xen", "ec2_id": "i-2cb9a45f", "ec2_image_id": "ami-a754dbce", "ec2_instanceState": "", "ec2_instance_type": "t1.micro", "ec2_ip_address": "54.234.59.5", "ec2_item": "", "ec2_kernel": "aki-825ea7eb", "ec2_key_name": "ec2HF", "ec2_launch_time": "2013-03-10T13:47:32.000Z", "ec2_monitored": false, "ec2_monitoring": "", "ec2_networkInterfaceSet": "", "ec2_persistent": false, "ec2_placement": "us-east-1a", "ec2_platform": "", "ec2_previous_state": "", "ec2_private_dns_name": "ip-10-243-150-74.ec2.internal", "ec2_private_ip_address": "10.243.150.74", "ec2_public_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com", "ec2_ramdisk": "", "ec2_reason": "", "ec2_region": "us-east-1", "ec2_requester_id": "", "ec2_root_device_name": "/dev/sda1", "ec2_root_device_type": "ebs", "ec2_security_group_ids": "sg-a854b3c3", "ec2_security_group_names": "ec2-webservers", "ec2_shutdown_state": "", "ec2_spot_instance_request_id": "", "ec2_state": "running", "ec2_state_code": 16, "ec2_state_reason": "", "ec2_subnet_id": "", "ec2_tenancy": "default", "ec2_virtualization_type": "paravirtual", "ec2_vpc_id": "" } Now let's use a regular playbook with the ec2.py script to get a list of all instances in the 'ec2-webservers' group and then use ansible's ping module on all of them: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml PLAY [security_group_ec2-webservers] ***************** GATHERING FACTS ***************** ok: [ec2-50-16-129-62.compute-1.amazonaws.com] ok: [ec2-54-235-232-227.compute-1.amazonaws.com] ok: [ec2-23-20-42-71.compute-1.amazonaws.com] ok: [ec2-23-20-87-176.compute-1.amazonaws.com] ok: [ec2-54-242-254-237.compute-1.amazonaws.com] ok: [ec2-54-234-59-5.compute-1.amazonaws.com] TASK: [ping] ***************** ok: [ec2-54-235-232-227.compute-1.amazonaws.com] ok: [ec2-50-16-129-62.compute-1.amazonaws.com] ok: [ec2-23-20-87-176.compute-1.amazonaws.com] ok: [ec2-23-20-42-71.compute-1.amazonaws.com] ok: [ec2-54-234-59-5.compute-1.amazonaws.com] ok: [ec2-54-242-254-237.compute-1.amazonaws.com] PLAY RECAP ***************** ec2-23-20-42-71.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-23-20-87-176.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-50-16-129-62.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-54-234-59-5.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-54-235-232-227.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-54-242-254-237.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 % Finally, clean up and use euca-terminate-instance to delete all instances: % euca-describe-instances \| grep INSTANCE \| awk '{print $2}' \| xargs -n 1 euca-terminate-instances INSTANCE i-60829f13 INSTANCE i-2cb9a45f INSTANCE i-7cb5a80f INSTANCE i-42b5a831 INSTANCE i-40b5a833 INSTANCE i-46b5a835 INSTANCE i-b2adb0c1 % euca-describe-instances RESERVATION r-bb3b6ac1 749335780469 ec2-webservers INSTANCE i-2cb9a45f ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:47:32.000Z us-east-1a \ aki-825ea7eb monitoring-disabled ebs RESERVATION r-8b3c6df1 749335780469 ec2-webservers INSTANCE i-7cb5a80f ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:50:48.000Z us-east-1a \ aki-825ea7eb monitoring-disabled ebs RESERVATION r-733f6e09 749335780469 ec2-webservers INSTANCE i-42b5a831 ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \ aki-825ea7eb monitoring-disabled ebs RESERVATION r-713f6e0b 749335780469 ec2-webservers INSTANCE i-40b5a833 ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \ aki-825ea7eb monitoring-disabled ebs RESERVATION r-773f6e0d 749335780469 ec2-webservers INSTANCE i-46b5a835 ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \ aki-825ea7eb monitoring-disabled ebs RESERVATION r-b72475cd 749335780469 ec2-webservers INSTANCE i-b2adb0c1 ami-a754dbce terminated ec2HF \ 0 t1.micro 2013-03-10T13:55:24.000Z us-east-1d \ aki-825ea7eb monitoring-disabled ebs % The terminated instances will be removed by EC2 eventually, and you can start all over. With the above steps and the previous work to use Ansible to setup a NetBSD system with basic configuration as database- and webserver the next step is to put those two things together, and get a (single) NetBSD machine into the Amazon cloud that serves as both database and webserver. Let's stay tune for this to happen! Shameless plug:** I'll talk about the ansible and euca2ools packages at pkgsrcCon 2013 in Berlin. Join in if you're curious about what the actual playbooks used in the above examples look like! References: CapsUnlock blog post, CentOS Wiki. [Tags: ansible, ec2, xen]
[20130314]	NPF documentation Mindaugas Rasiukevicius has worked on NetBSD's new packet filter "npf" for quite some time now. In order to make things easier for new users, he now has also put up documentation for it. The documentation covers an introduction with a brief note on NPF's design followed by elements of a NPF configuration file. This is followed by instructions for dynamic rules, stateful filtering and network address translation (NAT). Further paragraphs describe the extension API, troubleshooting and appendixes with more information. [Tags: nat, npf]
[20130310]	Talking to the cloud After some more hacking, I have a basic understanding of how to start Amazon NetBSD EC2 instances using Ansible, fix the instances so they can be used as targets for further Ansible commands, and then actually talking to my herd of happy instances. Here's a teaser: Start EC2 instances, put them into ec2-webservers group. Repeat the following command for more than one instance: % ansible -i hosts-HF localhost -m ec2 -a 'image=ami-a754dbce instance_type=t1.micro \ key_name=eucaHF group=ec2-webservers' Prepare instances for Ansible (omitted - needs cleanup & automation) Use Ansible to ping all servers in the ec2-webservers group: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml PLAY [security_group_ec2-webservers] ******************* GATHERING FACTS ***************** ok: [ec2-23-23-15-202.compute-1.amazonaws.com] ok: [ec2-54-235-230-206.compute-1.amazonaws.com] TASK: [ping] ***************** ok: [ec2-23-23-15-202.compute-1.amazonaws.com] ok: [ec2-54-235-230-206.compute-1.amazonaws.com] PLAY RECAP ******************* ec2-23-23-15-202.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 ec2-54-235-230-206.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0 [Tags: ansible, ec2, xen]
[20130309]	pkgsrcCon 2013 schedule Julian Fagir has posted pkgsrcCon 2013's schedule to the pkgsrc-users list. The event is on March 23rd in Berlin Moabit. Here are a bunch of reasons to get there: pkgsrc release engineering pkgsrc on SmartOS Mancoosi tools for the analysis and quality assurance of FOSS distributions Go On NetBSD Rehabilitating pkglint DeforaOS and pkgsrc (presentation with workshop) Register now! [Tags: Events, pkgsrcCon]
[20130228]	Ansible and NetBSD milestone 1 reached: playbooks for system config, web+db servers In my quest to play with Ansible, I've reached my first milestone: I now have playbooks that take a basic NetBSD installation, configure it into a usable base installation, and then add a MySQL database, Apache and PHP to use it as webserver, and then deploy a simple web application. The playbooks are too emberassing to publish, but here are the steps to get things going: Setup NetBSD 6.0 with "base" and "etc" set, also add "pkgin" from menu Allow root logins via ssh (for a start, will be changed later) Install ansible-1.0nb1 binary package with all its depends From a management station, run: ansible-playbook -k -i hosts-HF config-netbsd-basic.yml Then, run: ansible-playbook -i hosts-HF config-netbsd-dbserver.yml Last, run: ansible-playbook -i hosts-HF config-netbsd-webserver.yml After that, a simple "phptest()" page, phpmyadmin and my simple PHP-based web application can be run. Administration of the system is via SSH and sudo, root logins were disabled in the first ansible playbook. Now to tweak the ansible playbooks to look less ugly, use variables, and then separate database and webserver into two separate machines - all in preparation to move them into the Amazon EC2 cloud. Stay tuned! For the record, here's a log of the three ansible playbooks above, starting from my basic NetBSD installation that already has pkgin and ansible: % ansible-playbook -k -i hosts-HF config-netbsd-basic.yml SSH password: PLAY [netbsd] ******************* GATHERING FACTS ***************** ok: [10.0.0.181] TASK: [Install tcsh] ***************** changed: [10.0.0.181] TASK: [Add user feyrer] ***************** changed: [10.0.0.181] TASK: [Create ~feyrer/.ssh directory] ***************** changed: [10.0.0.181] TASK: [Enable ssh login with ssh-key] ***************** changed: [10.0.0.181] TASK: [Install sudo] ***************** changed: [10.0.0.181] TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] ***************** changed: [10.0.0.181] TASK: [Disable ssh logins as root] ***************** changed: [10.0.0.181] NOTIFIED: [restart sshd] ***************** changed: [10.0.0.181] PLAY RECAP ***************** 10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0 % ansible-playbook -i hosts-HF config-netbsd-dbserver.yml PLAY [dbservers] ***************** GATHERING FACTS ***************** ok: [10.0.0.181] TASK: [Install mysql] ***************** changed: [10.0.0.181] TASK: [Install MySQL rc.d script] ***************** changed: [10.0.0.181] TASK: [Start MySQL service] ***************** changed: [10.0.0.181] TASK: [Install python-mysqldb (for mysql_user module)] ***************** changed: [10.0.0.181] TASK: [Setup DB] ***************** changed: [10.0.0.181] TASK: [Add db-user] ***************** changed: [10.0.0.181] TASK: [Copy over DB template] ***************** changed: [10.0.0.181] TASK: [Import DB data] ***************** changed: [10.0.0.181] PLAY RECAP ***************** 10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0 %% ansible-playbook -i hosts-HF config-netbsd-webserver.yml PLAY [webservers] ***************** GATHERING FACTS ***************** ok: [10.0.0.181] TASK: [Installing ap24-php53 package and dependencies] ***************** changed: [10.0.0.181] TASK: [Install Apache rc.d script] ***************** changed: [10.0.0.181] TASK: [Enable and start Apache service] ***************** changed: [10.0.0.181] TASK: [Enable PHP in Apache config file] ******************* changed: [10.0.0.181] => (item={'re': 'LoadModule.mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'}) changed: [10.0.0.181] => (item={'re': 'AddHandler.x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'}) TASK: [Make Apache read index.php] ******************* changed: [10.0.0.181] TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] ***************** changed: [10.0.0.181] TASK: [Install phpmyadmin] ***************** changed: [10.0.0.181] TASK: [Enable phpmyadmin in Apache config] ***************** changed: [10.0.0.181] TASK: [Enable PHP modules in PHP config file] ******************* changed: [10.0.0.181] => (item={'re': '^extension.zlib.so', 'l': 'extension=zlib.so'}) changed: [10.0.0.181] => (item={'re': '^extension.zip.so', 'l': 'extension=zip.so'}) changed: [10.0.0.181] => (item={'re': '^extension.mysqli.so', 'l': 'extension=mysqli.so'}) changed: [10.0.0.181] => (item={'re': '^extension.mysql.so', 'l': 'extension=mysql.so'}) changed: [10.0.0.181] => (item={'re': '^extension.mcrypt.so', 'l': 'extension=mcrypt.so'}) changed: [10.0.0.181] => (item={'re': '^extension.mbstring.so', 'l': 'extension=mbstring.so'}) changed: [10.0.0.181] => (item={'re': '^extension.json.so', 'l': 'extension=json.so'}) changed: [10.0.0.181] => (item={'re': '^extension.gd.so', 'l': 'extension=gd.so'}) changed: [10.0.0.181] => (item={'re': '^extension.gettext.so', 'l': 'extension=gettext.so'}) changed: [10.0.0.181] => (item={'re': '^extension.bz2.so', 'l': 'extension=bz2.so'}) TASK: [Fix Apache access control] ******************* changed: [10.0.0.181] TASK: [Create directory for webapp] ***************** changed: [10.0.0.181] TASK: [Deploy example webapp] ***************** changed: [10.0.0.181] TASK: [Create webapp symlink for easy access] ***************** changed: [10.0.0.181] NOTIFIED: [restart apache] ***************** changed: [10.0.0.181] PLAY RECAP ***************** 10.0.0.181 : ok=15 changed=14 unreachable=0 failed=0 % links -dump http://10.0.0.181/webapp/** Showing table hf.names: +--------------------+ \| id \| first \| last \| \|----+--------+------\| \| 1 \| Donald \| Duck \| \|----+--------+------\| \| 2 \| Daisy \| Duck \| +--------------------+ ---------------------------------------------------------------------- Enter new values: first: _____________________ last: _____________________ [ Submit ] % [Tags: amazon, ansible, apache, ec2, mysql, php]

More recent 10 entriesPrevious 10 entries

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 35200416
Copyright (c) Hubert Feyrer