On Sep 14, 6:49 am, Robin Sheat <ro...@kallisti.net.nz> wrote: > Op dinsdag 15 september 2009 01:29:09 schreef CaptTofu: > > > * Having the certificate requests for these new instances > > automatically signed > > * Creating a new node for a new instance, once it is up and I know the > > host/ip. As you know, you don't know that until Amazon assigns this. > > How could I automate this? My first impulse is to write Perl or Ruby > > code to write a nodes.pp file, but I'm guessing there is a better way > > to do this (???) > > I have puppet configuring all my EC2 images from (almost) scratch to do > whatever it is they should be doing. I only have a single node definition for > all of them, and use --fqdn to force them to all pretend to be the same node > to the puppetmaster. > > To distinguish the images from each other, I use the user data, and made a > factor plugin that will pull that in as 'key=value'. The node description then > uses those variables to work out what to do, basically with a lot of if > statements. > > As all our EC2 servers are simple variations on a theme (glassfish Java > application servers running a webapp backed with postgresql), it's quite > effective. About 20 minutes after startup, all going well, the instance is > completely configured and running (it takes a while as it's pulling a lot of > small things over a fairly high-latency connection.) > > The plugins and some other misc scripts are > here:https://code.launchpad.net/~eythian/+junk/ec2facts > > an example of what I put in the user data is: > inst_glassfish=true > inst_apache2=true > inst_apache2ssl=true > inst_postgresql=true > apache_domain=my.domain.com > apache_template=default > gf_appcontext=context > gf_apps3path=s3bucket/path/webapp.war > pg_database=dbname > pg_db_username=username > pg_db_password=password > pg_db_backup=s3bucket/backup/location > gf_connpool=ConnectionPool > gf_jdbcname=jdbc/TheDB > gf_autoredeploy=false > ebs_volume_id=vol-12345678 > gf_restartondeploy=true > > -- > Robin <ro...@kallisti.net.nz> JabberID: > <eyth...@jabber.kallisti.net.nz>http://www.kallisti.net.nz/blog ||| > http://identi.ca/eythian > > PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D > > signature.asc > < 1KViewDownload
https://fedorahosted.org/pipermail/cobbler/2009-May/003973.html I posted how Speakeasy deals with certs during a kickstart on the Cobbler list awhile back, though you could easily use this implementation without kickstart. Basically the new host runs 'curl -k https://puppetca | tar xC /' and puppetca runs a simple script that generates the cert. Cheers, -g --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
