\n
![\"devops_intensifies\"](\"http:\/\/blogs.nd.edu\/devops\/files\/2013\/12\/devops_intensifies1.gif\")
<\/a><\/p>\nThis rails application was deployed to AWS with a single command. What happens when it runs?\u00a0<\/em><\/p>\n To do:\u00a0<\/em><\/p>\n Onward!\u00a0<\/em><\/p>\n Brandon<\/em><\/p>\n _________________________________________________________________________________________________________<\/p>\n A single command, eh? It looks a bit like this:<\/p>\n Alright! \u00a0So let’s dig into exactly how it works. \u00a0All code can be found here in SVN<\/a>. \u00a0The puppet scripts and app are in my Github account, which I’ll link as necessary.<\/p>\n It starts with CloudFormation, as described in my post on that topic<\/a>. \u00a0The following template creates a security group, the instance, and a public IP. \u00a0This template<\/a> is called rails_instance_no_wait.json. \u00a0That’s because the Cloud Init tutorial<\/a> has you create this “wait handle” that prevents the CF console from showing “complete” until the provisioning part is done. \u00a0I’m doing so much in this step that I removed the wait handle to prevent a timeout. \u00a0As I mention below, this step could\/should be much more streamlined, so later we should be able to reintroduce this.<\/p>\n So we start with a security group. \u00a0This opens port 3000 (the default Rails port) to the world. \u00a0It could just have easily been opened to the campus IP range, the ES-VPN, or something else. \u00a0You’ll note that I am making reference to an already-existing VPC. \u00a0This is one of those governance things: VPCs and subnets are relatively permanent constructs, so we will just have to use IDs for static architecture like that. \u00a0Note that I have altered the ID for publication.<\/p>\n Please also notice that I have omitted an SSH security group! \u00a0Look ma, no hands!<\/em><\/p>\n Next up is the instance itself. \u00a0Its parameters are pretty straightforward:<\/p>\n Much of what I’m doing with Cloud Init comes from this Amazon documentation<\/a>. There is a more powerful version of this called cfn-init<\/a>, as demonstrated here<\/a>, but in my opinion it’s overkill. \u00a0Cfn-init looks like it’s trying to be Puppet-lite, but that’s why we have actual Puppet. \u00a0The “user data” approach is basically just a shell script, and though I have just under a dozen lines here, ideally you’d have under five: just enough to bootstrap the instance and let better automation tools handle the rest. \u00a0This also lets the instance resource JSON be more reusable and less tied to the app you’ll deploy on it. \u00a0Anyway, here it is:<\/p>\n So you can see what’s happening here. \u00a0We use yum to update itself, then install puppet and git. \u00a0I first clone a git repo that installs rvm<\/a>.<\/p>\n Why did I fork this manifest into my own account? \u00a0Well, there is a dependency in there for a curl library, which apparently changed names on centos as some point. \u00a0So there is conditional code in the original manifest that chooses which name to use based on version number. Unfortunately, even though Amazon Linux is rightly recognized as a centos variant, this part fails, because Amazon uses their own version numbering. \u00a0I fixed it, but without being sure how the authors would want to handle this, I avoided a pull request and submitted an issue to them. \u00a0We’ll see.<\/p>\n I went to github for two reasons:<\/p>\n Let’s add these to the pile of good reasons to use Github Organizations.<\/p>\n Anyway, with the rvm module installed, we use another puppet manifest<\/a> to invoke \/ install it with puppet apply<\/strong>, the standalone client-side version of puppet. It installs my ruby\/rails versions of choice: 1.93 \/ 2.3.14. \u00a0I also set up bundler and sqlite (so that I can run a default rails app).<\/p>\n The next git clone downloads the application. \u00a0It’s a very simple app with one root route<\/a>. It’s called cap-test because the next thing I want to do is deploy it with capistrano. The only thing to note here is that the Gemfile<\/a>\u00a0contains the gem “therubyracer,” a javascript runtime. \u00a0I could have satisfied this requirement by installing nodejs, but it looks like a bit of pain since there’s no yum repo for that. \u00a0This was the simplest solution.<\/p>\n No magic here… I just let the root user that’s running the provisioning also start up the server. \u00a0It’s running on port 3000, which is already open to the world, so it’s now publicly available.<\/p>\n The CloudFormation template also creates an “elastic IP” and assigns it to the instance. \u00a0This is just a public IP generated in AWS’s space. \u00a0Not sure why it has to be labeled “elastic.”<\/p>\n You’ll also notice the output section of the CF template includes this IP reference. \u00a0This causes the IP to show up in the CloudFormation console under “output” and should be something I can return from the command line. \u00a0Speaking of which…<\/p>\n So this thing doesn’t just run itself. \u00a0You can run it manually through the CloudFormation GUI (nah), use the AWS CLI tools, or use Boto. \u00a0Here’s the usage on that script:<\/p>\n You can see what arguments it takes. \u00a0The tags file is optional, but it will always put your netid down as a “creator” tag. \u00a0Some key items are not yet implemented:<\/p>\n Anyway, here’s the implementation.<\/p>\n That’s it. \u00a0Here’s the script for OIT SVN users.<\/a> \u00a0Again, run it like so:<\/p>\n So this took a while to write up in a blog post, but there’s not much magic here. \u00a0It’s just connecting pieces together. \u00a0Hopefully, as I tackle those outstanding items from the page replica above, we’ll start to see some impressive levels of automation!<\/p>\n Onward!<\/p>\n","protected":false},"excerpt":{"rendered":" This weekend, I tweeted the public URL of an AWS instance. \u00a0Like most instances during this experimentation phase, it was not meant to live forever, so I’ll reproduce it here: _________________________________________________________________________________________________________ This rails application was deployed to AWS with a … Continue reading \n
\n
.\/run_cloudformation.py us-east-1 MyTestStack cf_template.json brich tagfile<\/pre>\n
{\r\n \"AWSTemplateFormatVersion\" : \"2010-09-09\",\r\n\r\n \"Description\" : \"Creates security groups, an Amazon Linux instance, and a public IP for that instance.\",\r\n\r\n \"Resources\" : {\r\n\r\n \"SGOpenRailsToWorld\" : {\r\n \"Type\" : \"AWS::EC2::SecurityGroup\",\r\n \"Properties\" : {\r\n \"GroupDescription\" : \"Rails web server access from SA-VPN\",\r\n \"VpcId\" : \"vpc-1f47507d\",\r\n \"SecurityGroupIngress\" : [ { \r\n \t\"IpProtocol\" : \"tcp\", \r\n \t\t\"CidrIp\" : \"0.0.0.0\/0\",\r\n\t\t\"FromPort\" : \"3000\", \r\n \t\t\"ToPort\" : \"3000\"\r\n \t} ]\r\n }\r\n },\r\n\r\n \"BrandonTestInstance\" : {\r\n \"Type\" : \"AWS::EC2::Instance\",\r\n \"Properties\" : {\r\n \"ImageId\" : \"ami-83e4bcea\",\r\n \"InstanceType\" : \"t1.micro\",\r\n \"KeyName\" : \"brich_test_key\",\r\n \"SecurityGroupIds\" : [ \r\n { \"Ref\" : \"SGWebTrafficInFromCampus\" },\r\n { \"Ref\" : \"SGSSHInFromSAVPN\" },\r\n { \"Ref\" : \"SGOpenRailsToWorld\" }\r\n ],\r\n \"SubnetId\" : \"subnet-4a73423e\",\r\n \"Tags\" : [\r\n {\"Key\" : \"Name\", \"Value\" : \"Brandon Test Instance\" },\r\n {\"Key\" : \"Application\", \"Value\" : { \"Ref\" : \"AWS::StackId\"} },\r\n {\"Key\" : \"Network\", \"Value\" : \"Private\" }\r\n ],\r\n \"UserData\" : \r\n { \"Fn::Base64\" : { \"Fn::Join\" : [\"\",[\r\n \"#!\/bin\/bash -ex\",\"\\n\",\r\n \"yum -y update\",\"\\n\",\r\n \"yum -y install puppet\",\"\\n\",\r\n \"yum -y install subversion\",\"\\n\",\r\n \"yum -y install git\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/puppet-rvm.git \/usr\/share\/puppet\/modules\/rvm\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/websvc-puppet.git \/tmp\/websvc-puppet\",\"\\n\",\r\n \"puppet apply \/tmp\/websvc-puppet\/rvm.pp\",\"\\n\",\r\n \"source \/usr\/local\/rvm\/scripts\/rvm\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/cap-test.git \/home\/ec2-user\/cap-test\",\"\\n\",\r\n \"cd \/home\/ec2-user\/cap-test\",\"\\n\",\r\n \"bundle install\",\"\\n\",\r\n \"rails s -d\",\"\\n\"\r\n ]]}}\r\n }\r\n },\r\n\r\n \"PublicIPForTestInstance\" : {\r\n \"Type\" : \"AWS::EC2::EIP\",\r\n \"Properties\" : {\r\n \"InstanceId\" : { \"Ref\" : \"BrandonTestInstance\" },\r\n \"Domain\" : \"vpc\"\r\n }\r\n }\r\n\r\n },\r\n\r\n\"Outputs\" : {\r\n \"BrandonPublicIPAddress\" : {\r\n \"Value\" : { \"Ref\" : \"PublicIPForTestInstance\" }\r\n },\r\n\r\n \"BrandonInstanceId\" : {\r\n \"Value\" : { \"Ref\" : \"BrandonTestInstance\" }\r\n }\r\n}\r\n\r\n}<\/pre>\n \"SGOpenRailsToWorld\" : {\r\n \"Type\" : \"AWS::EC2::SecurityGroup\",\r\n \"Properties\" : {\r\n \"GroupDescription\" : \"Rails web server access from SA-VPN\",\r\n \"VpcId\" : \"vpc-1f37ab7d\",\r\n \"SecurityGroupIngress\" : [ { \r\n \t\"IpProtocol\" : \"tcp\", \r\n \t\t\"CidrIp\" : \"0.0.0.0\/0\",\r\n\t\t\"FromPort\" : \"3000\", \r\n \t\t\"ToPort\" : \"3000\"\r\n \t} ]\r\n }\r\n },<\/pre>\n\n
\n
Bootstrapping with Cloud Init (User Data)<\/h3>\n
\"UserData\" : \r\n { \"Fn::Base64\" : { \"Fn::Join\" : [\"\",[\r\n \"#!\/bin\/bash -ex\",\"\\n\",\r\n \"yum -y update\",\"\\n\",\r\n \"yum -y install puppet\",\"\\n\",\r\n \"yum -y install git\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/puppet-rvm.git \/usr\/share\/puppet\/modules\/rvm\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/websvc-puppet.git \/tmp\/websvc-puppet\",\"\\n\",\r\n \"puppet apply \/tmp\/websvc-puppet\/rvm.pp\",\"\\n\",\r\n \"source \/usr\/local\/rvm\/scripts\/rvm\",\"\\n\",\r\n \"git clone https:\/\/github.com\/catapultsoftworks\/cap-test.git \/home\/ec2-user\/cap-test\",\"\\n\",\r\n \"cd \/home\/ec2-user\/cap-test\",\"\\n\",\r\n \"bundle install\",\"\\n\",\r\n \"rails s -d\",\"\\n\"\r\n ]]}}<\/pre>\nA note about Amazon Linux version numbering.<\/h3>\n
A note about github<\/h3>\n
\n
More Puppet: Set up Rails<\/h3>\n
The application<\/h3>\n
Starting the server<\/h3>\n
That public IP<\/h3>\n
\"PublicIPForTestInstance\" : {\r\n \"Type\" : \"AWS::EC2::EIP\",\r\n \"Properties\" : {\r\n \"InstanceId\" : { \"Ref\" : \"BrandonTestInstance\" },\r\n \"Domain\" : \"vpc\"\r\n }\r\n }<\/pre>\nOh yeah, that boto script<\/h3>\n
\/Users\/brich\/devops\/boto> .\/run_cloudformation.py -h\r\nusage: run_cloudformation.py [-h]\r\n region stackName stackFileName creator tagFile\r\n\r\nRun a cloudformation script. Make sure your script contains a detailed description! This script does not currently accept stack input params.\r\n\r\nCreator: Brandon Rich Last Updated: 5 Dec 2013\r\n\r\npositional arguments:\r\n region e.g. us-east-1\r\n stackName e.g. TeamName_AppName_TEST (must be unique)\r\n stackFileName JSON file for your stack. Make sure it validates!\r\n creator Your netID. Will be attached to stack as \"creator\" tag.\r\n tagFile optional. additional tags for the stack. newline delimited\r\n key-value pairs separated by colons. ie team:sfis\r\n functional:registrar\r\n\r\noptional arguments:\r\n -h, --help show this help message and exit<\/pre>\n
\n
# read tagfile\r\nlines = [line.strip() for line in open(args.tagFile)]\r\n\r\nprint \"tags: \" \r\nprint \"(creator: \" + args.creator + \")\"\r\n\r\ntagdict = { \"creator\" : args.creator }\r\nfor line in lines:\r\n keyval = line.split(':')\r\n key = keyval[0]\r\n val = keyval[1]\r\n tagdict[key] = val\r\n print \"(\" + key + \": \" + val + \")\"\r\n\r\n# aws cloudformation validate-template --template-body file:\/\/path-to-file.json\r\n#result = conn.validate_template( template_body=args.stackFileName, template_url=None )\r\n# example of bad validation (aside from invalid json): referencing a security group that doesn't exist in the file\r\n\r\nwith open (args.stackFileName, \"r\") as stackfile:\r\n json=stackfile.read().replace('\\n', '')\r\n#print json\r\n\r\ntry:\r\n stackID = conn.create_stack( \r\n\t\t stack_name=args.stackName, \r\n\t\t template_body=json, \r\n\t\t template_url=\"\", \r\n\t\t parameters=\"\",\r\n\t\t notification_arns=\"\",\r\n\t\t disable_rollback=False,\r\n\t\t timeout_in_minutes=10,\r\n\t\t capabilities=None,\r\n\t\t tags=tagdict\r\n\t\t) \r\n events = conn.describe_stack_events( stackID, None )\r\n print events\r\nexcept Exception,e:\r\n print str(e)<\/pre>\n.\/run_cloudformation.py us-east-1 MyTestStack cf_template.json brich tagfile<\/pre>\n