Chef AWS

OK so you have your AWS account setup, your ready to launch a EC2 instance with Hosted Chef what do you need to know? I know this may seem simple to someone who has been doing it for a long time but it took me a few hours to figure what exactly I needed. Here is a few quick notes on what I found worked work me on my Macbook Air although it should work just fine on Linux also. I assume you have a working chef install and can upload cookbooks to your Hosted Chef server. Secondly I am using the chef-dk and had to install the knife-ec2 plugin. Assuming you have setup the chef-dk as they recommend all you should need to do is run the chef gem install command. This will install the ruby gems into your home directory at ~/.chefdk so you will not need sudo access.

jmiller11:fcs2-chef-repo jmiller$ ls -l ~/.chefdk/
total 0
drwxr-xr-x 3 jmiller staff 102 May 3 13:35 gem
jmiller11:fcs2-chef-repo jmiller$

Here is the command to install the plugin:

chef gem isntall knife-ec2

Append the following to your .chef/knife.rb

# AWS support
knife[:aws_access_key_id] = ENV[‘AWS_ACCESS_KEY_ID’]
knife[:aws_secret_access_key] = ENV[‘AWS_SECRET_ACCESS_KEY’]
# Optional if you’re using Amazon’s STS
#knife[:aws_session_token] = ENV[‘AWS_SESSION_TOKEN’]
knife[:aws_ssh_key_id] = ENV[‘AWS_MYPEM’]
knife[:region] = ENV[‘AWS_REGION’]
knife[:bootstrap_version]= ‘11.12.4-1’

Append the following to your ~/.bash_profile

AWS_ACCESS_KEY_ID=XXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=XXXXXXXXXXX
# note the AWS_MYPEM does not have .pem extension listed
# it found my key that was in ~/.ssh/ and is chmod 600
AWS_MYPEM=XXXXXXXX
AWS_REGION=us-east-1
# Optional if you’re using Amazon’s STS
#AWS_SESSION_TOKEN=””
export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_MYPEM AWS_REGION

Source your bash profile to make sure the new variables are active:

jmiller11:fcs2-chef-repo jmiller$ . ~/.bash_profile

Ok lets test that your setup correctly by running “knife ec2 server list”, likely this will be empty for your but as long as it returns the header your fine:

jmiller11:fcs2-chef-repo jmiller$ knife ec2 server list
Instance ID Name Public IP Private IP Flavor Image SSH Key Security Groups IAM Profile State
i-b9ea45e9 base1204-1 m1.small ami-0145d268 aws-jmiller default terminated
i-88e34cd8 m1.small ami-0145d268 aws-jmiller default terminated
i-25e84775 base1204-1 m1.small ami-0145d268 aws-jmiller default terminated
i-c7e44b97 base1204-1 m1.small ami-0145d268 aws-jmiller default terminated
i-41e14e11 base1204-1 54.227.113.203 10.236.185.159 m1.small ami-0145d268 aws-jmiller www, default running
i-7dfc532d base1204-2 54.237.5.212 10.151.112.113 m1.small ami-0145d268 aws-jmiller www, default running
i-53b57800 webserver1 t1.micro ami-3202f25b me default terminated
jmiller11:fcs2-chef-repo jmiller$

Launch Command:

Ok here I am using a simple role called “base” that was uploaded to my chef hosted account all it does at this point is setup chef to run as a cron job to save memory. The ami is a ubuntu 12.04 that will be running on a m1.small instance, with the “default” and “www” security groups, with a easy to read name of “base1204-1” using the ssh key file for my aws key. I need to figure out if there is a better way then defining he ssh key on the line but this works for now.

jmiller11:fcs2-chef-repo jmiller$ knife ec2 server create -r ‘role[BASE]’ -I ami-0145d268 -f m1.small -x ubuntu -G default -N base1204-1 -i ~/.ssh/aws-jmiller

The output of the command will run and you should see something like this:

jmiller11:fcs2-chef-repo jmiller$ knife ec2 server create -r ‘role[BASE]’ -I ami-0145d268 -f m1.small -x ubuntu -G default,www -N base1204-2 -i ~/.ssh/aws-jmiller
Instance ID: i-7dfc532d
Flavor: m1.small
Image: ami-0145d268
Region: us-east-1
Availability Zone: us-east-1a
Security Groups: default, www
Tags: Name: base1204-2
SSH Key: aws-jmiller

Waiting for instance…………………
Public DNS Name: ec2-54-237-5-212.compute-1.amazonaws.com
Public IP Address: 54.237.5.212
Private DNS Name: ip-10-151-112-113.ec2.internal
Private IP Address: 10.151.112.113

Waiting for sshd….done
Connecting to ec2-54-237-5-212.compute-1.amazonaws.com
ec2-54-237-5-212.compute-1.amazonaws.com Installing Chef Client…

ec2-54-237-5-212.compute-1.amazonaws.com Chef Client finished, 7/12 resources updated in 14.133802702 seconds

Instance ID: i-7dfc532d
Flavor: m1.small
Image: ami-0145d268
Region: us-east-1
Availability Zone: us-east-1a
Security Groups: default, www
Security Group Ids: default
Tags: Name: base1204-2
SSH Key: aws-jmiller
Root Device Type: ebs
Root Volume ID: vol-cc24df85
Root Device Name: /dev/sda1
Root Device Delete on Terminate: true
Public DNS Name: ec2-54-237-5-212.compute-1.amazonaws.com
Public IP Address: 54.237.5.212
Private DNS Name: ip-10-151-112-113.ec2.internal
Private IP Address: 10.151.112.113
Environment: _default
Run List: role[BASE]

Ok thats the basics, if you get this far you might want to checkout chef-metal