Background Story
tldr đ
So this post is more of sharing how we can achieve X with amalgamation of Y,Z… where, X => auto-scaling aws machines Y,Z… => tools like git,ansible
I work here at CloudFactory team to create some meaningful work/opportunities. We are big fan of some good stuffs like:
ansiblerun a task/playbooks on a target host(s); it like you have a simple tool that reads some tasks(simple steps you want your machine/stuffs to be in/with). Its also like; your mom cooking all the foods in kitchen with ease (simple yaml definitions, minimal headaches of overdoing and less hassles of dependencies hail)aws-ec2(elastic cloud computing); its like you have some simple api calls and you blow a fully bootstrapped computers of your need in couple of mins; yes of course, assumption is you got some đ° to burn. đ¤git: the stupid content tracker. its a simple tool that help you change anything in your code with full contorl/freedom in a much collaborative way. learn it, if you have not. or magit-it if do Emacs.sidekiq(a.k.a Simple, efficient background processing for Ruby)- list is long, can’t write now, must stop.
So this post is more of sharing how we can achieve X with amalgamation of Y,Z… where, X => auto-scaling aws machines Y,Z… => tools like git,ansible
Why I did it ?
At the time of massive ddos: 2016 Dyn cyberattack our auto-scaling strategy was failing too. Reason: Unable to resolve github.com, since the bootstrap process involved cloning the latest deployed codebase from the github.
We used to bake AMIS (its like an pre-configured virtual disk file on aws ready to turn on and operate with). That means we have much of things hard-coded in those frozen drives. Although the boot-up process used to configure the new machines with ansible hooked up from rc.local scripts, the whole process was its-self statically trapped inside. So as the our auto-scaling metrics started triggering the launch process of new machines, all useless as they were chocking at clone failure, since resolving github to their ips was not working and yes our machines were mostly there.
I was thinking of hardcoding the ips into poor-man’s-dns đ entry.
dig github.com
...
;; ANSWER SECTION:
github.com. 126 IN A 192.30.253.113
github.com. 126 IN A 192.30.253.112
...
But the scale-up and scale-down was a dynamic, and I need to ansible it every time a new machine wakes up. (At the time, i was not aware of user-data section of autoscaling đ¤, we could have sed in changes dns changes, but /etc/hosts gets dynamically updated with yet another script running for other necessary reasons…). We knew bunch of automation stuffs, still we could not sleep well that night, and next workday at office was like đ´ , hehe.
Feeling retarded, googling the possibilities, then i got routed to this awesome blog and i heard of ansible-pull. Blazed with the stuffs/steps by the Lazy Geek on that post, shared it with my team and pinned it like this is what we need. Period.
And yesterday… this came true and I am writing this post on my rooftop đ
Assumptions
DONE Is it for me ?
I might be playing out random beating the bush alone, but whatever/however you think đ¤ đ˛ đ§ đ đ
The context of this post is like, I am puddling:
- aws and ec2 auto-scaling stuffs
- ansible to do my stuffs
- put my bootstrap scripts in some place like github
use s3 bucket and put the necessary credentials there only accessible via bunch of machines via ~IAM role~(a abstraction on best security practices i like about aws)
Feels like you are in sync /(at least 30% or near, continue; else bail out, goodbye đ, though some are stubborn enough to bare with me đ)
Acknowledgments/Disclaimers
I am thankful to handful of people who guide/inspire/motivate me get it done. {@kajisaap @sameergautam @arbabnazar}
The post is highly biased from the post by the Lazy Geek if you get confused đ or seek for original stuffs, do visit his awesome blog url. And do learn and try it, it worth thriving for.
HOW others can so the same ?
The whole steps is reproducible as:
make a dedicated bucket put keys and configs like:
[X] push private to bucket and public key to github
[X] use dedicated ssh-config for github
[X] create new policy and attach it to your IAM role that is to be attached to instance
now we create a launch config for autoscaling scaling lucky we are, we have an idempotent ansible module đ So lets define few artificats we need as our arsenal:
[X] we need a playbook like:
[X] and the vars file
[X] with userdata
And yes, I have skipped the AutoScaling Groups Config definitions, which we are going manual this time(hope could be ansiblize too… but that’s for future)
oh, its you made it till end… yeah that’s all about it, its easy, isn’t it đ
Post is kind of work in progress… Its laready 186 lines…so i will continue the rest of story in next post.