One of the nice features of opscode chef is it’s integration with cloud providers like amazon EC2. Knife, opscode chef’s command line client tool, makes it possible to create and bootstrap a VM in just one line – if you go through a few setup steps. In this article, I want to show you how to setup your chef installation and AWS configuration so you can easily bootstrap new VMs with chef.
Prepare SSH Access To Your Amazon EC2 Instances
Configure Your Amazon Security Group
As Amazon blocks all incoming traffic to your EC2 instances by default. you’ll need to open the SSH port for knife to access a newly created instance. This is pretty easy. Just login to the AWS console and navigate to the EC2 tab. Go to Security Groups and add a rule for SSH with Source 0.0.0.0/0. This enables SSH connections from anywhere in the world. If you want to limit access to just your home or work network, enter the corresponding IP address instead of 0.0.0.0/0.
Generate Key Pair in AWS Console
To enable API access to your AWS account you need to create a key pair. knife will use it to create, list, and destroy VMs.
Just select Key Pairs in your AWS console’s EC2 tab and press Create Key Pair. Give it a name (e.g. knife so you know that this key pair will be used by knife) and store the downloaded private key knife.pem in ~/.ssh/knife.pem
Prepare your ~/.ssh/config to avoid host key mismatch errors
Open your ~/.ssh/config and add:
Host ec2*compute-1.amazonaws.com StrictHostKeyChecking no User ubuntu IdentityFile /Users/mm/.ssh/knife.pem
(make sure you fix the path to your home dir)
Now, SSH will work. Time to move on to the next step.
Configure knife Enabling it to Manage EC2 Instances
Tell knife about your AWS credentials
Put AWS credentials (access key and secret key found in your AWS profile) into ~/.chef/knife.rb like this
knife[:aws_access_key_id] = "..." knife[:aws_secret_access_key] = "........."
Choose an AMI for your EC2 instances
If you run small instances, you’re bound to 32-bit only so make sure you choose a 32-bit AMI as well.
Note: the chef ‘ubuntu10.04-dpkg-ree’ bootstrap template will NOT work with small 32-bit instances as it is 64-bit.
Create the EC2 instance using opscode chef knife
Now, it’s time to use knife to fire up and configure a new EC2 instance.
$ knife ec2 server create "role[ubuntu]" -i ami-399ca94d -f m1.small -S knife -I ~/.ssh/knife.pem --ssh-user ubuntu --region eu-west-1 -Z eu-west-1a
- "role[ubuntu]" is the run_list I want to associate with the newly created node. You can put any roles and recipes you like here
- -i is the AMI ID you selected earlier
- -f is the Amazon EC2 instance type (see API name)
- -S is the name you gave to the EC2 key pair generated in the AWS console
- -I points to the private key file of that EC2 key pair as downloaded when the keypair was created in the AWS console
- --ssh-user the official Ubuntu EC2 AMIs use ubuntu as the default user
- --region eu-west-1 If you want your instances to be deployed in any specific Amazon AWS region, add this parameter and the desired region
- -Z eu-west-1a is the availability zone within your region (i.e. you have an existing disk volume you need to made availble to this instance)
ATTENTION: make sure to kill the instance again if not needed anymore
Managing EC2 Instances With knife
Once you’ve started up at least one instance with knife, you can use it to find running EC2 instances like this:
$ knife ec2 server list --region eu-west-1
(make sure you use the correct --region parameter)
And, if you want to get rid of an instance (terminate instance and delete chef node), it’s as easy as:
$ knife ec2 server delete i-XXXXXXXX --region eu-west-1 $ knife node delete i-XXXXXXXX
(i-XXXXXXXX is the ID of the instance as found in the AWS console or a knife ec2 server list call)
After getting the initial setup right it’s a breeze to start, list, and stop Amaon EC2 instances with opscode chef knife. With just a single command you can instantiate a new server, bootstrap it as a chef-client and run all chef recipes defined in the run_list. Pretty sweet. What are your experiences with knife and EC2 (or other cloud providers)? Let us know in the comments…