[20130409]
|
NetBSD is part of Google's Summer of Code 2013
News is out that
NetBSD is part of Google's Summer of Code 2013 (GSoC)
again. GSoC is about students doing work for Open Source projects
over the summer, and getting paid while doing so. By Google.
For projects proposed by both students and the Open Source projects.
Click on the above link for more information on GSoC in general,
there is also
a list of proposed projects for this year in NetBSD.
Next steps are:
April 9 - 21: Would-be student participants discuss application ideas with mentoring organizations.
April 22, 19:00 UTC: Student application period opens.
May 3, 19:00 UTC: Student application deadline.
Interim Period: Mentoring organizations review and rank student proposals; where necessary, mentoring organizations may request further proposal detail from the student applicant.
May 6: Mentoring organizations should have requested slots via their profile in Melange by this point.
May 8: Slot allocations published to mentoring organizations
From there, students work on their projects with the help
of their mentors. There's a "midterm" report due with a first
part of the money paid, the rest is paid if the project is
finished successfully.
During the project, students are encouraged to publish news
about their process to the world in blogs and other ways found
appropriate by their mentoring organizations.
Past NetBSD projects
can be found on
SourceForce.
Interested?
Act now!
[Tags: google-soc]
|
[20130324]
|
Ansible & EC2 - Playbooks for orchestrating NetBSD into the cloud
As follower of my blog you have
seen
the
steps
towards
getting NetBSD instances started in Amazon's EC2 cloud
with a simple web application deployed on one EC2 instance
and the database on another one.
These blog articles were very detailed on purpose, to have full
logfiles available just in case needed. I have used these logs to
prepare my
pkgsrcCon 2013
talk about Ansible and Amazon's EC2, so things can be looked at
without actually running anything. As it turns out this was good,
because the 32bit NetBSD instances that I've used during my
pkgsrcCon demonstration actually decided to do a kernel panic, and the presentation
was a bit more on the theoretical side than I originally planned.
Now after pkgsrcCon is over, I would like to
publish the presentation
slides with all the details, and especially the playbooks and all
other files to look at - enjoy!
[Tags: amazon, ansible, aws, ec2, pkgsrc, xen]
|
[20130321]
|
Ansible, EC2 and NetBSD final milestone 4 reached: Web and DB on separate VMs in the cloud
In the fourth and last step on my journey to use
Ansible
to bring a non-trivial system of a Web server and a DB server into
Amazon's EC2 cloud, this is the final step.
After starting out with a local VMware VM and making first steps
with Ansible and EC2, the
previous step was to push a single system
into the cloud. Now, the final step is to setup two distinct VMs, one
for the database and one for the webserver, and then make them known
to each other.
The single steps are:
- Prepare the two VMs
- Basic setup for all systems
- Install the database server
- Install the webserver
- Connect database and webserver
Again, here are all the steps in detail:
- As before, ensure local time is correct when talking to Amazon,
and also make sure the SSH agent has the proper key loaded.
% date
Thu Mar 21 00:45:37 CET 2013
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA)
- Make sure security groups are setup properly. We use one group
for the database server, and one for the webserver. This defines the
access permissions from the internet, and also allows to identify
systems for their individual configuration and also for connecting
them in the final step:
% euca-describe-groups
...
GROUP sg-ae54b3c5 749335780469 ec2-dbservers Database servers
PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 3306 3306 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-dbservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- Now, run our playbook to setup the two VMs. This uses the single
playbook from the previous milestone, and just runs it twice with
different security groups:
% ansible-playbook -i hosts-HF config-ec2-prepare-db+web-vm.yml
PLAY [localhost] *********************
TASK: [ec2-webservers | Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [ec2-webservers | Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [ec2-webservers | Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [ec2-webservers | Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [ec2-dbservers | Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [ec2-dbservers | Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [ec2-dbservers | Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=18 changed=18 unreachable=0 failed=0
- Just to make sure, check that the two instances run properly, and
are in the right security groups, ec2-webservers and ec2-dbservers:
% euca-describe-instances
RESERVATION r-a419f9d9 749335780469 ec2-webservers
INSTANCE i-21b7c441 ami-5d0f8034 ...
RESERVATION r-641efe19 749335780469 ec2-dbservers
INSTANCE i-54a2ab3e ami-5d0f8034 ...
- Next, bring the two freshly setup systems (which are already
capable of acting as ansible targets) up to our basic system setup:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] *********************
TASK: [ping] *********************
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install tcsh] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Add user feyrer] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable ssh login with ssh-key] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install sudo] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Disable ssh logins as root] *********************
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
- Check:
% ssh ec2-54-234-139-151.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
%
% ssh ec2-54-235-44-118.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
- Now that the two machines run with our basline configuration,
install their individual software and settings. First the
database server:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml
PLAY [security_group_ec2-dbservers] *********************
TASK: [Install mysql] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Install MySQL rc.d script] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Start MySQL service] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Setup DB] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Add db-user] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Copy over DB template] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Import DB data] *********************
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0
- Check and see if the database works as expected:
% ssh -t ec2-54-235-44-118.compute-1.amazonaws.com mysql -u webapp -p webapp
Enter password: ****
...
mysql> show tables;
+------------------+
| Tables_in_webapp |
+------------------+
| names |
+------------------+
1 row in set (0.01 sec)
mysql> select * from names;
+----+--------+------+
| id | first | last |
+----+--------+------+
| 1 | Donald | Duck |
| 2 | Daisy | Duck |
+----+--------+------+
2 rows in set (0.00 sec)
mysql> bye
- Excellent. Now setup the webserver, too:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install Apache rc.d script] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable and start Apache service] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PHP in Apache config file] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Install phpmyadmin] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Fix Apache access control for phpmyadmin] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Create directory for webapp] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Deploy example webapp] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
TASK: [Create webapp symlink for easy access] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
NOTIFIED: [restart apache] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0
- Again, test:
% links -dump ec2-54-234-139-151.compute-1.amazonaws.com/
It works!
%
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/phptest.php | head
PHP Logo
PHP Version 5.3.17
System NetBSD ip-10-80-61-33.ec2.internal 6.0.1 NetBSD 6.0.1
(XEN3PAE_DOMU) i386
Build Date Dec 14 2012 10:31:13
'./configure' '--with-config-file-path=/usr/pkg/etc'
'--with-config-file-scan-dir=/usr/pkg/etc/php.d'
'--sysconfdir=/usr/pkg/etc' '--localstatedir=/var'
%
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/
Showing table hf.names:
Cannot connect to database: Can't connect to local MySQL server through
socket '/tmp/mysql.sock' (2)(2002)
- Close to optimum, but the last error is actually expectet: In
order for proper operation, the Database needs to grant the
webserver access, and the web server needs to know where the
database server is. So let's connect them!
This step is done by preparing a shell script on both systems, which
will then be ran to - depending on the system's security group - perform the
proper steps:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-connections.yml
PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] *********************
TASK: [Collect EC2 host information] *********************
ok: [ec2-54-234-139-151.compute-1.amazonaws.com]
ok: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Prepare connection-script in /tmp/do-connect-vms.sh] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
TASK: [Run connection-script] *********************
changed: [ec2-54-234-139-151.compute-1.amazonaws.com]
changed: [ec2-54-235-44-118.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-54-234-139-151.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0
ec2-54-235-44-118.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0
- With that final step, our test web application works, and the
webserver can access the database properly:
% links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
So much for this exercise. I'll talk about the ansible and euca2ools
packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like, or
stay tuned to find my presentation and all the data after pkgsrcCon
2013.
[Tags: amazon, ansible, ec2, xen]
|
[20130321]
|
Happy 20th Birthday, NetBSD! (Update)
20 years back from today, NetBSD was initially checked into
CVS. Revision 1.1 of src/Makefile was committed on March 21st 1993
on 09:45:37 by Chris Demetriou (cgd@):
% cvs log -Nr1.1 Makefile
...
revision 1.1
date: 1993/03/21 09:45:37; author: cgd; state: Exp;
branches: 1.1.1;
Initial revision
NetBSD was started as successor to the Berkeley System
Distribution (BSD) Unix with a focus on multiplatform
support.
Personally, I've followed NetBSD since the day
in 1993 when the Amiga port popped up, which was
the first platform that the newly forked
operating system was ported to after its
separation from BSD.
Many things have happened
in the past 20 years,
and a lot could be shown
and told for the history books
at this point. But I guess that can be done later - I'd be
happy to help out with such a project if someone wants to start it,
though :)
For today I'm very happy that NetBSD is available
on a wide range on platforms, runs the software that
I want and gives me the assurrance it will be around
tomorrow and hopefully for the next 20 years, too.
Cheers, NetBSD!
Update:
Jeremy Reed pointed me at his
BSDnewletter
posting, which gives a number of details of NetBSD's
history. Recommended reading!
[Tags: history, netbsd]
|
[20130321]
|
Ansible, EC2 and NetBSD milestone 3 reached: Web and database in the cloud
With the previous work on
setting up a local VM as database and web server
and
setting up a Xen VM in Amazon's EC2 cloud
combined, it is pretty straight forward to setup a EC2 instance that
has all the software to serve a simple web application from the cloud.
The single steps are:
- Prepare the environment with proper time, SSH agent and EC2 firewall groups
- Setup EC2 instance with pkgin and ansible
- Do basic preparations to meet our standards for logins, shells and general usability and security
- Setup database server with DB software, user and import of data
- Setup web server with all the software and some demo application
The following details show all the commands can and their output in
more detail:
- Make sure time is set properly - needed when talking to Amazon EC2:
% sudo sh /etc/rc.d/ntpd stop
ntpd not running? (check /var/run/ntpd.pid).
% sudo sh /etc/rc.d/ntpdate restart
Setting date via ntp.
% sudo sh /etc/rc.d/ntpd start
Starting ntpd.
% date
Sat Mar 16 16:46:19 CET 2013
- Teach our EC2 SSH key to SSH agent, so we don't have to type a
password (which we don't know anyways - EC2 only works with SSH
keys):
% ssh-add -l
Could not open a connection to your authentication agent.
%
% eval `ssh-agent`
Agent pid 10467
% ssh-add -l
The agent has no identities.
% ssh-add ../../euca2ools/key-eucaHF.pem
Identity added: ../../euca2ools/key-eucaHF.pem (../../euca2ools/key-eucaHF.pem)
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA)
- Check security (firewall) groups - those are stored in EC2, and
we
have previously
set them up:
% euca-describe-groups
...
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- See if there are any EC2 instances running:
% euca-describe-instances
%
No - that's fine, we are about to change that!
- Run first playbook to launch EC2 instance and prepare it for
using with ansible:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml
PLAY [localhost] *********************
TASK: [Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0
We now have a EC2 instance running that has Ansible installed:
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ...
- With this EC2 instance, we can do some basic preparations for our
standards, e.g. a login without requiring root (and while there, actually
disable allowing as root), setup sudo and a proper shell:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [ping] *********************
ok: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install tcsh] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add user feyrer] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable ssh login with ssh-key] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install sudo] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Disable ssh logins as root] *********************
ok: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0
Let's have a look if things actually work:
% ssh 107.22.69.112 id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
% ssh ec2-107-22-69-112.compute-1.amazonaws.com id
uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel)
% ssh ec2-107-22-69-112.compute-1.amazonaws.com sudo id
uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)
- Next, install database software and import our demo database, just
as we did in out local VM:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Install mysql] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install MySQL rc.d script] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Start MySQL service] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Setup DB] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add db-user] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Copy over DB template] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Import DB data] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0
Again, let's see if everything works as expected:
% ssh ec2-107-22-69-112.compute-1.amazonaws.com
...
ip-10-202-65-196: {1} mysql -u webapp -p webapp
Enter password: ******
...
mysql> show tables;
+------------------+
| Tables_in_webapp |
+------------------+
| names |
+------------------+
1 row in set (0.00 sec)
mysql> select * from names;
+----+--------+------+
| id | first | last |
+----+--------+------+
| 1 | Donald | Duck |
| 2 | Daisy | Duck |
+----+--------+------+
2 rows in set (0.00 sec)
mysql> exit
Bye
ip-10-202-65-196: {2} exit
logout
Connection to ec2-107-22-69-112.compute-1.amazonaws.com closed.
- Last, add Apache+PHP and our small demo web-application:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml
PLAY [security_group_ec2-webservers] *********************
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install Apache rc.d script] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable and start Apache service] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PHP in Apache config file] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Install phpmyadmin] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Fix Apache access control for phpmyadmin] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [ec2-107-22-69-112.compute-1.amazonaws.com] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Create directory for webapp] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Deploy example webapp] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
TASK: [Create webapp symlink for easy access] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
NOTIFIED: [restart apache] *********************
changed: [ec2-107-22-69-112.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-107-22-69-112.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0
- Test!
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/
It works!
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/phptest.php
PHP Logo
PHP Version 5.3.17
System NetBSD ip-10-202-65-196.ec2.internal 6.0.1 NetBSD 6.0.1
(XEN3PAE_DOMU) i386
Build Date Dec 14 2012 10:31:13
...
% links -dump http://ec2-107-22-69-112.compute-1.amazonaws.com/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
- At this point, everything is setup and can be enjoyed.
If the instance is needed no longer, it can be terminated:
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 ec2-107-22-69-112.compute-1.amazonaws.com ...
% euca-terminate-instances i-9fafc2f2
INSTANCE i-9fafc2f2
% euca-describe-instances
RESERVATION r-d77272ad 749335780469 ec2-webservers
INSTANCE i-9fafc2f2 ami-5d0f8034 terminated eucaHF ...
What's next on my journey is to put database and webserver into
separate VMs. First one of each, and then see if I find the nerve to
look into a setup with more redundancy.
I'll talk about the ansible and euca2ools packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like!
[Tags: amazon, ansible, apache, ec2, mysql, php, xen]
|
[20130314]
|
Ansible, EC2 and NetBSD milestone 2 reached: Instance preparation and communication
On my quest to use Ansible to get a NetBSD virtual machine into Amazon's EC2
cloud, I've previously
described
how I use ansible to prepare a local machine. Working from a basic NetBSD setup,
the system is setup for basic operation, the configured as both a database server
and a Web/PHP server to serve a small demo application.
Now the next step is to replace the VM with an Amazon EC2 instance.
I have previously written about how to manage Amazon/EC2 NetBSD instances,
and here are the steps that I make to first prepare an EC2 instance with NetBSD and Ansible,
and then use a regular Ansible playbook to talk to all my EC2 instances.
Note that the connection between the machines setup via euca2ools
and ansible is in the security group names. In this case,
the security group "ec2-webservers" is assumed to exist.
- Make sure SSH agent runs and has the EC2 SSH-key added:
% ssh-add -l
Could not open a connection to your authentication agent.
% eval `ssh-agent`
Agent pid 9304
% ssh-add -l
The agent has no identities.
% ssh-add .../key-ec2HF.pem
Identity added: ../../euca2ools/key-ec2HF.pem (../../euca2ools/key-ec2HF.pem)
% ssh-add -l
2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-ec2HF.pem (RSA)
%
- When using a VM to talk to EC2, pay special attention that
it has the correct time, else funny things will happen:
% date
Sun Mar 10 14:42:33 CET 2013
- Setup the ec2-webservers security (firewall) group. This is used
both when creating the EC2 instances, and when accessing them.
It's the link between EC2 and Ansible's ec2.py script.
% euca-add-group -d 'Web servers' ec2-webservers
% euca-authorize -P tcp -p 80-80 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P tcp -p 22-22 -s 0.0.0.0/0 ec2-webservers
% euca-authorize -P icmp -s 0.0.0.0/0 ec2-webservers
%
% euca-describe-groups
GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
- List out EC2 instances:
% euca-describe-instances
%
None so far.
- Let's use our playbook to prepare our first EC2 instance:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml
PLAY [localhost] *********************
TASK: [Launch new EC2 instance] *********************
changed: [127.0.0.1]
TASK: [Give the system 30 seconds to boot up] *********************
changed: [127.0.0.1]
TASK: [Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] *********************
changed: [127.0.0.1]
TASK: [Fix /usr/bootstrap.sh to run pkgin with -y] *********************
changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'})
changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," </usr/bootstrap.sh.orig >/usr/bootstrap.sh'})
changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'})
TASK: [Install pkgin via /usr/bootstrap.sh] *********************
changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'})
TASK: [Copy over Ansible binary package] *********************
changed: [127.0.0.1]
TASK: [Install Ansible dependencies] *********************
changed: [127.0.0.1]
TASK: [Install Ansible package (manually)] *********************
changed: [127.0.0.1]
TASK: [Setup lame /usr/bin/python symlink] *********************
changed: [127.0.0.1]
PLAY RECAP *********************
127.0.0.1 : ok=9 changed=9 unreachable=0 failed=0
%
- There we go. Let's list it:
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
%
- That worked - excellent! Let's add a few more, just for kicks:
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
% ansible-playbook -i hosts-HF config-ec2-prepare1vm.yml >&/dev/null &
%
<...wait...>
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce ec2-54-234-59-5.compute-1.amazonaws.com \
ip-10-243-150-74.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:47:32.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.234.59.5 10.243.150.74 ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce ec2-23-20-42-71.compute-1.amazonaws.com \
ip-10-203-73-195.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:48.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.42.71 10.203.73.195 ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce ec2-23-20-87-176.compute-1.amazonaws.com \
ip-10-116-37-145.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 23.20.87.176 10.116.37.145 ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce ec2-54-242-254-237.compute-1.amazonaws.com \
ip-10-195-47-153.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.242.254.237 10.195.47.153 ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce ec2-54-235-232-227.compute-1.amazonaws.com \
ip-10-194-7-72.ec2.internal running ec2HF 0 t1.micro \
2013-03-10T13:50:54.000Z us-east-1a aki-825ea7eb \
monitoring-disabled 54.235.232.227 10.194.7.72 ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce ec2-50-16-129-62.compute-1.amazonaws.com \
domU-12-31-39-14-C6-CB.compute-1.internal running ec2HF 0 t1.micro \
2013-03-10T13:55:24.000Z us-east-1d aki-825ea7eb \
monitoring-disabled 50.16.129.62 10.206.197.53 ebs
%
- Let's talk to our EC2 instances now. For that, we use the ec2.py
script, which enumerates all instances:
% ./ec2.py --list
{
"i-2cb9a45f": [
"ec2-54-234-59-5.compute-1.amazonaws.com"
],
"i-40b5a833": [
"ec2-54-242-254-237.compute-1.amazonaws.com"
],
"i-42b5a831": [
"ec2-23-20-87-176.compute-1.amazonaws.com"
],
"i-46b5a835": [
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"i-7cb5a80f": [
"ec2-23-20-42-71.compute-1.amazonaws.com"
],
"i-b2adb0c1": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"key_ec2HF": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"security_group_ec2-webservers": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"type_t1_micro": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com",
"ec2-50-16-129-62.compute-1.amazonaws.com"
],
"us-east-1a": [
"ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2-23-20-42-71.compute-1.amazonaws.com",
"ec2-23-20-87-176.compute-1.amazonaws.com",
"ec2-54-242-254-237.compute-1.amazonaws.com",
"ec2-54-235-232-227.compute-1.amazonaws.com"
],
"us-east-1d": [
"ec2-50-16-129-62.compute-1.amazonaws.com"
]
}
- ec2.py can also give us information about one instance:
% ./ec2.py --host ec2-54-234-59-5.compute-1.amazonaws.com
{
"ec2__in_monitoring_element": false,
"ec2_ami_launch_index": "0",
"ec2_architecture": "x86_64",
"ec2_client_token": "",
"ec2_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_eventsSet": "",
"ec2_group_name": "",
"ec2_hypervisor": "xen",
"ec2_id": "i-2cb9a45f",
"ec2_image_id": "ami-a754dbce",
"ec2_instanceState": "",
"ec2_instance_type": "t1.micro",
"ec2_ip_address": "54.234.59.5",
"ec2_item": "",
"ec2_kernel": "aki-825ea7eb",
"ec2_key_name": "ec2HF",
"ec2_launch_time": "2013-03-10T13:47:32.000Z",
"ec2_monitored": false,
"ec2_monitoring": "",
"ec2_networkInterfaceSet": "",
"ec2_persistent": false,
"ec2_placement": "us-east-1a",
"ec2_platform": "",
"ec2_previous_state": "",
"ec2_private_dns_name": "ip-10-243-150-74.ec2.internal",
"ec2_private_ip_address": "10.243.150.74",
"ec2_public_dns_name": "ec2-54-234-59-5.compute-1.amazonaws.com",
"ec2_ramdisk": "",
"ec2_reason": "",
"ec2_region": "us-east-1",
"ec2_requester_id": "",
"ec2_root_device_name": "/dev/sda1",
"ec2_root_device_type": "ebs",
"ec2_security_group_ids": "sg-a854b3c3",
"ec2_security_group_names": "ec2-webservers",
"ec2_shutdown_state": "",
"ec2_spot_instance_request_id": "",
"ec2_state": "running",
"ec2_state_code": 16,
"ec2_state_reason": "",
"ec2_subnet_id": "",
"ec2_tenancy": "default",
"ec2_virtualization_type": "paravirtual",
"ec2_vpc_id": ""
}
- Now let's use a regular playbook with the ec2.py script to
get a list of all instances in the 'ec2-webservers' group
and then use ansible's ping module on all of them:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
GATHERING FACTS *********************
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
TASK: [ping] *********************
ok: [ec2-54-235-232-227.compute-1.amazonaws.com]
ok: [ec2-50-16-129-62.compute-1.amazonaws.com]
ok: [ec2-23-20-87-176.compute-1.amazonaws.com]
ok: [ec2-23-20-42-71.compute-1.amazonaws.com]
ok: [ec2-54-234-59-5.compute-1.amazonaws.com]
ok: [ec2-54-242-254-237.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-23-20-42-71.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-23-20-87-176.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-50-16-129-62.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-234-59-5.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-235-232-227.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-242-254-237.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
%
- Finally, clean up and use euca-terminate-instance to delete all instances:
% euca-describe-instances | grep INSTANCE | awk '{print $2}' | xargs -n 1 euca-terminate-instances
INSTANCE i-60829f13
INSTANCE i-2cb9a45f
INSTANCE i-7cb5a80f
INSTANCE i-42b5a831
INSTANCE i-40b5a833
INSTANCE i-46b5a835
INSTANCE i-b2adb0c1
% euca-describe-instances
RESERVATION r-bb3b6ac1 749335780469 ec2-webservers
INSTANCE i-2cb9a45f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:47:32.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-8b3c6df1 749335780469 ec2-webservers
INSTANCE i-7cb5a80f ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:48.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-733f6e09 749335780469 ec2-webservers
INSTANCE i-42b5a831 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-713f6e0b 749335780469 ec2-webservers
INSTANCE i-40b5a833 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-773f6e0d 749335780469 ec2-webservers
INSTANCE i-46b5a835 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:50:54.000Z us-east-1a \
aki-825ea7eb monitoring-disabled ebs
RESERVATION r-b72475cd 749335780469 ec2-webservers
INSTANCE i-b2adb0c1 ami-a754dbce terminated ec2HF \
0 t1.micro 2013-03-10T13:55:24.000Z us-east-1d \
aki-825ea7eb monitoring-disabled ebs
%
- The terminated instances will be removed by EC2 eventually, and you can start all over.
With the above steps and the previous work to use Ansible to setup
a NetBSD system with basic configuration as database- and webserver
the next step is to put those two things together, and get a
(single) NetBSD machine into the Amazon cloud that serves as
both database and webserver.
Let's stay tune for this to happen!
I'll talk about the ansible and euca2ools packages at
pkgsrcCon 2013 in Berlin.
Join in if you're curious about
what the actual playbooks used in the above examples look like!
References:
CapsUnlock blog post,
CentOS Wiki.
[Tags: ansible, ec2, xen]
|
[20130314]
|
NPF documentation
Mindaugas Rasiukevicius has worked on
NetBSD's new packet filter "npf" for quite some time now.
In order to make things easier for new users, he now has
also put up documentation for it.
The documentation covers
an introduction with a brief note on NPF's design
followed by elements of a NPF configuration file.
This is followed by instructions for
dynamic rules,
stateful filtering and
network address translation (NAT).
Further paragraphs describe
the extension API,
troubleshooting and
appendixes with more information.
[Tags: nat, npf]
|
[20130310]
|
Talking to the cloud
After some more hacking, I have a basic understanding
of how to start Amazon NetBSD EC2 instances
using Ansible, fix the instances so they can be used
as targets for further Ansible commands, and then
actually talking to my herd of happy instances.
Here's a teaser:
- Start EC2 instances, put them into ec2-webservers group.
Repeat the following command for more than one instance:
% ansible -i hosts-HF localhost -m ec2 -a 'image=ami-a754dbce instance_type=t1.micro \
key_name=eucaHF group=ec2-webservers'
- Prepare instances for Ansible (omitted - needs cleanup & automation)
- Use Ansible to ping all servers in the ec2-webservers group:
% env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml
PLAY [security_group_ec2-webservers] *********************
GATHERING FACTS *********************
ok: [ec2-23-23-15-202.compute-1.amazonaws.com]
ok: [ec2-54-235-230-206.compute-1.amazonaws.com]
TASK: [ping] *********************
ok: [ec2-23-23-15-202.compute-1.amazonaws.com]
ok: [ec2-54-235-230-206.compute-1.amazonaws.com]
PLAY RECAP *********************
ec2-23-23-15-202.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
ec2-54-235-230-206.compute-1.amazonaws.com : ok=2 changed=0 unreachable=0 failed=0
[Tags: ansible, ec2, xen]
|
[20130309]
|
pkgsrcCon 2013 schedule
Julian Fagir has posted
pkgsrcCon 2013's schedule
to the pkgsrc-users list. The event is on March 23rd in Berlin Moabit.
Here are a bunch of reasons to get there:
- pkgsrc release engineering
- pkgsrc on SmartOS
- Mancoosi tools for the analysis and quality assurance of FOSS distributions
- Go On NetBSD
- Rehabilitating pkglint
- DeforaOS and pkgsrc (presentation with workshop)
Register now!
[Tags: Events, pkgsrcCon]
|
[20130228]
|
Ansible and NetBSD milestone 1 reached: playbooks for system config, web+db servers
In my quest to play with Ansible, I've reached my first milestone:
I now have playbooks that take a basic NetBSD installation,
configure it into a usable base installation, and then add
a MySQL database, Apache and PHP to use it as webserver,
and then deploy a simple web application.
The playbooks are too emberassing to publish, but here
are the steps to get things going:
- Setup NetBSD 6.0 with "base" and "etc" set, also add "pkgin" from menu
- Allow root logins via ssh (for a start, will be changed later)
- Install ansible-1.0nb1 binary package with all its depends
- From a management station, run: ansible-playbook -k -i hosts-HF config-netbsd-basic.yml
- Then, run: ansible-playbook -i hosts-HF config-netbsd-dbserver.yml
- Last, run: ansible-playbook -i hosts-HF config-netbsd-webserver.yml
After that, a simple "phptest()" page, phpmyadmin and
my simple PHP-based web application can be run.
Administration of the system is via SSH and sudo, root
logins were disabled in the first ansible playbook.
Now to tweak the ansible playbooks to look less ugly,
use variables, and then separate database and webserver into
two separate machines - all in preparation to move them
into the Amazon EC2 cloud. Stay tuned!
For the record, here's a log of the three ansible playbooks above,
starting from my basic NetBSD installation that already has pkgin
and ansible:
% ansible-playbook -k -i hosts-HF config-netbsd-basic.yml
SSH password:
PLAY [netbsd] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Install tcsh] *********************
changed: [10.0.0.181]
TASK: [Add user feyrer] *********************
changed: [10.0.0.181]
TASK: [Create ~feyrer/.ssh directory] *********************
changed: [10.0.0.181]
TASK: [Enable ssh login with ssh-key] *********************
changed: [10.0.0.181]
TASK: [Install sudo] *********************
changed: [10.0.0.181]
TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] *********************
changed: [10.0.0.181]
TASK: [Disable ssh logins as root] *********************
changed: [10.0.0.181]
NOTIFIED: [restart sshd] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0
% ansible-playbook -i hosts-HF config-netbsd-dbserver.yml
PLAY [dbservers] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Install mysql] *********************
changed: [10.0.0.181]
TASK: [Install MySQL rc.d script] *********************
changed: [10.0.0.181]
TASK: [Start MySQL service] *********************
changed: [10.0.0.181]
TASK: [Install python-mysqldb (for mysql_user module)] *********************
changed: [10.0.0.181]
TASK: [Setup DB] *********************
changed: [10.0.0.181]
TASK: [Add db-user] *********************
changed: [10.0.0.181]
TASK: [Copy over DB template] *********************
changed: [10.0.0.181]
TASK: [Import DB data] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=9 changed=8 unreachable=0 failed=0
%% ansible-playbook -i hosts-HF config-netbsd-webserver.yml
PLAY [webservers] *********************
GATHERING FACTS *********************
ok: [10.0.0.181]
TASK: [Installing ap24-php53 package and dependencies] *********************
changed: [10.0.0.181]
TASK: [Install Apache rc.d script] *********************
changed: [10.0.0.181]
TASK: [Enable and start Apache service] *********************
changed: [10.0.0.181]
TASK: [Enable PHP in Apache config file] *********************
changed: [10.0.0.181] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'})
changed: [10.0.0.181] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'})
TASK: [Make Apache read index.php] *********************
changed: [10.0.0.181]
TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] *********************
changed: [10.0.0.181]
TASK: [Install phpmyadmin] *********************
changed: [10.0.0.181]
TASK: [Enable phpmyadmin in Apache config] *********************
changed: [10.0.0.181]
TASK: [Enable PHP modules in PHP config file] *********************
changed: [10.0.0.181] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'})
changed: [10.0.0.181] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'})
TASK: [Fix Apache access control] *********************
changed: [10.0.0.181]
TASK: [Create directory for webapp] *********************
changed: [10.0.0.181]
TASK: [Deploy example webapp] *********************
changed: [10.0.0.181]
TASK: [Create webapp symlink for easy access] *********************
changed: [10.0.0.181]
NOTIFIED: [restart apache] *********************
changed: [10.0.0.181]
PLAY RECAP *********************
10.0.0.181 : ok=15 changed=14 unreachable=0 failed=0
% links -dump http://10.0.0.181/webapp/
Showing table hf.names:
+--------------------+
| id | first | last |
|----+--------+------|
| 1 | Donald | Duck |
|----+--------+------|
| 2 | Daisy | Duck |
+--------------------+
----------------------------------------------------------------------
Enter new values:
first: _____________________
last: _____________________
[ Submit ]
%
[Tags: amazon, ansible, apache, ec2, mysql, php]
|
|