I needed to get this up and running today. Well perhaps needed wasn't exactly the right words. But here is what I did.
First off because I have a bad case of Programmer ADD I wanted to fix some of my identity issues with EC2. So I went created a new group called devops with EC2 and S3 Full entitlements on it. And then added an account with a password and got a new ID and Key. Then I deactivated the root ID and Key (I did not delete as I might find something that needs it later.) While I was there I protected my root key with MFA. Which should reduce the likelihood of bad guys stealing from me.
Next I have a set of scripts that execute when I bring up a shell and set env vars for my ID and Key (which is perhaps not the smartest move but this from my laptop and desktop both are single user computers, so I doubt it is that bad.) Now that I have my user and key I went to look for vagrant and aws. And what I found was this.
https://github.com/mitchellh/vagrant-aws
Sweet a lot of what I needed was there. So first thing I need to do is install it.
$ vagrant plugin install vagrant-aws
...
$ vagrant up --provider=aws
...
Aaaaaaaand it didn't work. It was not able to find the box. So I had to keep reading. A 'dummy' box needs to be configured. So unlike regular vagrant which copies stuff to your machine and starts a VM there. This was just reaching out into the API for EC2.
$ vagrant box add dummy https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box
...
Near as I can tell all this does is installed this file. It might do more but I am as yet unfamiliar with the ways of Vagrant.
$ cat ~/.vagrant.d/boxes/dummy/0/aws/metadata.json
{
"provider": "aws"
}
I tried again and it didn't work again. What it wanted was a Vagrant file. Which is OK so I copied their sample.
Vagrant.configure("2") do |config|
config.vm.box = "dummy"
config.vm.provider :aws do |aws, override|
aws.access_key_id = "YOUR KEY"
aws.secret_access_key = "YOUR SECRET KEY"
aws.session_token = "SESSION TOKEN"
aws.keypair_name = "KEYPAIR NAME"
aws.ami = "ami-7747d01e"
override.ssh.username = "ubuntu"
override.ssh.private_key_path = "PATH TO YOUR PRIVATE KEY"
end
end
So the first thing that threw me was session_token? What the hell was that? I looked around for a bit and I learned more about session tokens but I still don't understand them. So I wondered if I could just not include them and would things still work? And as it turns out they do. Sweet....
But now, how am I gonna check this Vagrant file in? It will have my access and secret in it (committing passwords is a really stupid idea and one should not do that. So I needed a plan B. And I remembered two things. First was that I had the ID and Secret as env variables, so that was nice. And the second thing was that Vagrant files are Ruby Files. So some searching and I learned that ENV is a list of the environment variables. Soo lets see if this works.
Vagrant.configure("2") do |config|
config.vm.box = "dummy"
config.vm.provider :aws do |aws, override|
aws.access_key_id = ENV['AWS_ACCESS_KEY_ID']
aws.secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
aws.keypair_name = "jahnke-gsg-keypair"
aws.ami = "ami-86aa1cee"
override.ssh.username = "ubuntu"
override.ssh.private_key_path = "/Users/jahnke/ec2-keys/jahnke-gsg-keypair.pem"
end
end
And one more time and yes it did work. It brought one up in my default Zone (which is VA.) This is kinda sweet, I could ssh into it and everything. I currently use a script called getawsaddresses which helps me find what machines I want.
$ getawsaddresses
1 - ubuntu/images/ebs-ssd/ubuntu-trusty-14.04-i386-server-20140927 2014-11-10T15:37:05.000Z
ec2-54-253-633-89.compute-1.amazonaws.com
ssh -i /Users/jahnke/ec2-keys/jahnke-gsg-keypair.pem ubuntu@ec2-54-253-633-89.compute-1.amazonaws.com
Choose a machine:
So this is going to be used to build my main tormenta.com web server. What I want to do is learn how to build a machine with CoreOS and use Docker to deploy. So I need really for this to run a few different ways. One in AWS so I can deploy and easily but also I want to run this in a local VM so I can experiment. So I came up with the following Vagrant file.
Vagrant.configure("2") do |config|
config.vm.define :tormenta do |x|
x.vm.box = "hashicorp/precise64"
x.vm.hostname = "tormenta"
x.vm.provider :virtualbox do |v|
v.name = "tormenta"
end
x.vm.provider :aws do |aws, override|
aws.access_key_id = ENV['AWS_ACCESS_KEY_ID']
aws.secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
aws.keypair_name = "jahnke-gsg-keypair"
aws.ami = "ami-86aa1cee"
aws.region = "us-east-1"
aws.instance_type = "t1.micro"
override.vm.box = "dummy"
override.ssh.username = "ubuntu"
override.ssh.private_key_path = "/Users/jahnke/ec2-keys/jahnke-gsg-keypair.pem"
end
end
end
Aaaaaaand that worked a treat. It brought the machine up and Vagrant knows what machine it is and everything. I have no trouble imagining that I can do this and it will keep track of it between reboots. And it shows up on my existing tool to look at active EC2 instances.
$ getawsaddresses
1 - ubuntu/images/ebs-ssd/ubuntu-trusty-14.04-i386-server-20140927 2014-11-10T15:37:05.000Z
ec2-54-253-633-89.compute-1.amazonaws.com
ssh -i /Users/jahnke/ec2-keys/jahnke-gsg-keypair.pem ubuntu@ec2-54-253-633-89.compute-1.amazonaws.com
2 - ubuntu/images/ebs-ssd/ubuntu-trusty-14.04-i386-server-20140927 2015-02-23T02:33:29.000Z
ec2-54-205-188-112.compute-1.amazonaws.com
ssh -i /Users/jahnke/ec2-keys/jahnke-gsg-keypair.pem ubuntu@ec2-54-205-188-112.compute-1.amazonaws.com
Choose a machine:
So what's next? I need to get security groups to work. So I can lock the machine down to do only what I want it to do. And then I need to get it to boot into CoreOS and not Ubuntu. And finally build some containers with the web components and have them built the machine. But as of right ow the Vagrant file works file and I will be incorporating it into the source of the web app its self.
No comments:
Post a Comment