Project and Objective:
provide a client with the ability to build a PuppetMaster using only one click and able to be brought up in any Amazon region.
The tool needed to be supportable, produce consistent results and work quickly. Customization and portability were not particularly important – they aren’t going to move off of Amazon anytime soon. Given the needs I utilized CloudFormation for the basis of the the tool. By leveraging the CloudFormation service anyone with familiarity with Amazon can easily build and modify the tooling.
Consistency, speed and availability.
If you peak under the hood of the tool you’d see the following happening in the order below:
- User instantiates CloudFormation with a region parameter.
- CloudFormation provisions resources such as an EC2 instance, a security group and an IAM Role (see “Resources Used”)
- EC2 resource is created, cloud-init runs user-data shell script.
- user-data shell script performs the following:
- lightweight machine configuration
- installs puppet from Puppetlabs
- gets puppetmaster configuration from GitHub
- installs the puppetmaster server through a puppet apply
- CloudFormation, used for provisioning AWS resources:
- EC2 instance: used for running the PuppetMaster
- Security Group: used for allowing access to the PuppetMaster machine
- Route53 Resource Record: for locating the PuppterMaster
- IAM Role: used for getting configuration information required to access GitHub.
- cloud-init with user-data: used for lightweight configuration, connecting to GitHub and bootstrapping puppet.
- GitHub: used for storing the PuppetMaster configuration and Puppet client configuration.
- Puppet: once running puppet apply was used to build the initial PuppetMaster server
- Python and tool cloudinit inject
Running the following command created a fully-functioning PuppetMaster server in the AWS us-east-1 region.
cfn-create-stack puppetmaster --template-file puppetmaster_merged.json --parameters "puppetFQDN=puppet-prod-iad-001.test.com" --capabilities CAPABILITY_IAM