29. Amazon: EC2 (AMIs)
• AMI - Amazon Machine Image
• Conceptually similar to a Xen or VMware
image
30. Amazon: EC2 (AMIs)
• AMI - Amazon Machine Image
• Conceptually similar to a Xen or VMware
image
• Base to build on
31. Amazon: EC2 (AMIs)
• AMI - Amazon Machine Image
• Conceptually similar to a Xen or VMware
image
• Base to build on
• Hundreds pre-built
32. Amazon: EC2 (AMIs)
• AMI - Amazon Machine Image
• Conceptually similar to a Xen or VMware
image
• Base to build on
• Hundreds pre-built
• Snapshots
33. Amazon: EC2 (AMIs)
• AMI - Amazon Machine Image
• Conceptually similar to a Xen or VMware
image
• Base to build on
• Hundreds pre-built
• Snapshots
• PoolParty default is the widely used
- ec2ubuntu
ami-1cd73375
37. Amazon: EC2
• Primarily uses ephemeral storage
• e.g. node crashes = data gone (sortof)
• requires new way to think about servers
38. Amazon: EC2
• Primarily uses ephemeral storage
• e.g. node crashes = data gone (sortof)
• requires new way to think about servers
• forces redundancy and clustering issues to
the front
47. Amazon: EBS
• Elastic Block Store
• Persistent disks for EC2 instances
• Can store snapshots on S3
48. Amazon: EBS
• Elastic Block Store
• Persistent disks for EC2 instances
• Can store snapshots on S3
• Fast
49. Amazon: EBS
• Elastic Block Store
• Persistent disks for EC2 instances
• Can store snapshots on S3
• Fast
• Mounts to only one instance at a time (not a
SAN)
57. EC2 Security Groups
• Amazon has a strict firewall
• ec2-authorize
• default security group nodes have
unlimited (network) access to each other
58. EC2 Security Groups
• Amazon has a strict firewall
• ec2-authorize
• default security group nodes have
unlimited (network) access to each other
• everything else is turned off
60. EC2 Security Groups
ec2-add-group web -d quot;Web server groupquot;
ec2-authorize -p 80 web
ec2-authorize -p 22 web
ec2-authorize -P icmp -t -1:-1 web
84. Puppet
• Puppet is a system for automating system
administration tasks.
• Being used at Google to manage all Mac
desktops and laptops, expanding into Linux
clients.
85. Puppet
• Puppet is a system for automating system
administration tasks.
• Being used at Google to manage all Mac
desktops and laptops, expanding into Linux
clients.
• Red Hat - In the process of moving legacy
systems onto Puppet.
111. Puppet Security
• Uses SSL certificates as the required and only form
of authentication
• Master authenticates the certificates
112. Puppet Security
• Uses SSL certificates as the required and only form
of authentication
• Master authenticates the certificates
• Test certificate from node:
/usr/sbin/puppetd --waitforcert 60
--server master --test --verbose
113. Puppet Security
• Uses SSL certificates as the required and only form
of authentication
• Master authenticates the certificates
• Test certificate from node:
/usr/sbin/puppetd --waitforcert 60
--server master --test --verbose
• If certificate doesn’t match, probably cached on
server. Try on master:
puppetca --clean node1.compute-1.internal
120. Troubleshooting Puppet
• tail -f /var/log/syslog
• Can the nodes contact master?
• Do the certificates match?
• Does /var/lib/puppet/localconfig.yaml
contain the right information?
121. Troubleshooting Puppet
• tail -f /var/log/syslog
• Can the nodes contact master?
• Do the certificates match?
• Does /var/lib/puppet/localconfig.yaml
contain the right information?
• Does /etc/puppet/manifests/classes/
contain the right information?
poolparty.pp
122. Troubleshooting Puppet
• tail -f /var/log/syslog
• Can the nodes contact master?
• Do the certificates match?
• Does /var/lib/puppet/localconfig.yaml
contain the right information?
• Does /etc/puppet/manifests/classes/
contain the right information?
poolparty.pp
• Does contain the
/var/poolparty/poolparty.pp
right information? (more on that later)
133. HAProxy
• Extremely fast
• Reports of HAProxy saturating gigabit fiber
(http://is.gd/4myI)
• Reputation of being reliable and secure
134. HAProxy
• Extremely fast
• Reports of HAProxy saturating gigabit fiber
(http://is.gd/4myI)
• Reputation of being reliable and secure
• Installed and setup by PoolParty by default
154. PoolParty Messenger
• Changes happening in architecture
• Will become neighborhood-based instead of
master/node-based
155. PoolParty Messenger
• Changes happening in architecture
• Will become neighborhood-based instead of
master/node-based
• The brains of the operation when humans
aren’t around
163. Using PoolParty: What Happens
• PoolParty reads clouds.pool
• Generates templates, puppet configs, etc in a local
storage directory (/tmp/poolparty)
164. Using PoolParty: What Happens
• PoolParty reads clouds.pool
• Generates templates, puppet configs, etc in a local
storage directory (/tmp/poolparty)
• Files are rsync’d to /var/poolparty on
master
165. Using PoolParty: What Happens
• PoolParty reads clouds.pool
• Generates templates, puppet configs, etc in a local
storage directory (/tmp/poolparty)
• Files are rsync’d to /var/poolparty on
master
• A gang of bootstrapping tasks are run (via
Capistrano)
166. Using PoolParty: What Happens
• PoolParty reads clouds.pool
• Generates templates, puppet configs, etc in a local
storage directory (/tmp/poolparty)
• Files are rsync’d to /var/poolparty on
master
• A gang of bootstrapping tasks are run (via
Capistrano)
• Puppet config is cp’d from /var/poolparty to /etc/
puppet/manifests/classes/poolparty.pp
172. Using PoolParty: What Happens
• PP Messenger master contacts Amazon and boots
more instances if needed.
173. Using PoolParty: What Happens
• PP Messenger master contacts Amazon and boots
more instances if needed.
• PP Messenger bootstraps the new node
174. Using PoolParty: What Happens
• PP Messenger master contacts Amazon and boots
more instances if needed.
• PP Messenger bootstraps the new node
• The bootstrap process starts PP Messenger Node
175. Using PoolParty: What Happens
• PP Messenger master contacts Amazon and boots
more instances if needed.
• PP Messenger bootstraps the new node
• The bootstrap process starts PP Messenger Node
• PP Messenger initiates Puppet provisioning on the
new node
176. Using PoolParty: What Happens
• PP Messenger master contacts Amazon and boots
more instances if needed.
• PP Messenger bootstraps the new node
• The bootstrap process starts PP Messenger Node
• PP Messenger initiates Puppet provisioning on the
new node
• time passes
178. Using PoolParty: What Happens
• Puppet runs on master and master discovers a
new node has been started.
179. Using PoolParty: What Happens
• Puppet runs on master and master discovers a
new node has been started.
• In the case of HAProxy/Apache, Puppet re-
generates the HAProxy config to include the new
node.
180. Using PoolParty: What Happens
• Puppet runs on master and master discovers a
new node has been started.
• In the case of HAProxy/Apache, Puppet re-
generates the HAProxy config to include the new
node.
• As specified in poolparty.pp, when haproxy.cnf gets
updated, it asks HAProxy to reload.
181. Using PoolParty: What Happens
• Puppet runs on master and master discovers a
new node has been started.
• In the case of HAProxy/Apache, Puppet re-
generates the HAProxy config to include the new
node.
• As specified in poolparty.pp, when haproxy.cnf gets
updated, it asks HAProxy to reload.
• HAProxy now starts distributing the load to the
new node
195. Agenda:
• Launch, login, terminate an EC2 instance
• into our instances and look around
cloud ssh
196. Agenda:
• Launch, login, terminate an EC2 instance
• into our instances and look around
cloud ssh
• Take a closer look at clouds.pool
197. Agenda:
• Launch, login, terminate an EC2 instance
• into our instances and look around
cloud ssh
• Take a closer look at clouds.pool
• Examine a basic PoolParty plugin