Overview
mr.awsome is a commandline-tool (aws) to manage and control Amazon Webservice's EC2 instances. Once configured with your AWS key, you can create, delete, monitor and ssh into instances, as well as perform scripted tasks on them (via fabfiles). Examples are adding additional, pre-configured webservers to a cluster (including updating the load balancer), performing automated software deployments and creating backups - each with just one call from the commandline. Aw(e)some, indeed, if we may say so...
Installation
mr.awsome is best installed with easy_install, pip or with zc.recipe.egg in
a buildout. It installs two scripts, aws and assh.
With zc.recipe.egg you can set a custom configfile location like this:
[aws]
recipe = zc.recipe.egg
eggs = mr.awsome
arguments = configpath="${buildout:directory}/etc/servers.cfg"
The pycrypto package is throwing some deprecation warnings, you might want to disable them by adding an initialization option to the aws part like this:
initialization =
import warnings
warnings.filterwarnings("ignore", ".*", DeprecationWarning, "Crypto\.Hash\.MD5", 6)
warnings.filterwarnings("ignore", ".*", DeprecationWarning, "Crypto\.Hash\.SHA", 6)
warnings.filterwarnings("ignore", ".*", DeprecationWarning, "Crypto\.Util\.randpool", 40)
Configuration
Support for backends is implemented by plugins. Two plugins are included with mr.awsome. To use the plugins, you have to configure one or more masters, like this:
[ec2-master:default] module = mr.awsome.ec2 [plain-master:default] module = mr.awsome.plain
The ec2-master is for the Amazon cloud. The plain-master is for
servers reachable by ssh which you want to included in the config for Fabric
integration and easy ssh access with a centralized config.
To authorize itself against AWS, mr.awsome uses the following two environment variables:
AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
You can find their values at http://aws.amazon.com under 'Your Account'-'Security Credentials'.
You can also put them into files and point to them in the
[ec2-master:default] section with the access-key-id and
secret-access-key options. It's best to put them in ~/.aws/ and make
sure only your user can read them.
All other information about server instances is located in aws.conf, which
by default is looked up in etc/aws.conf.
Before you can create a server instance with the create command described
below, you first have to declare a security group in your aws.conf like
this:
[ec2-securitygroup:demo-server] description = Our Demo-Server connections = tcp 22 22 0.0.0.0/0 tcp 80 80 0.0.0.0/0
The security group is used for both the firewall settings, as documented in the AWS docs, and to find the server instance associated with it.
Then you can add the info about the server instance itself like this:
[ec2-instance:demo-server] keypair = default securitygroups = demo-server region = eu-west-1 placement = eu-west-1a # we use images from `http://alestic.com/`_ # Ubuntu 9.10 Karmic server 32-bit Europe image = ami-a62a01d2 startup_script = startup-demo-server fabfile = `fabfile.py`_
Startup scripts
The startup_script option above allows you to write a script which is run right after instance creation to setup your server. This feature is supported by many AMI images and was made popular by http://alestic.com/ (See http://alestic.com/2009/06/ec2-user-data-scripts).
Most of the time these are bash scripts like this (for Ubuntu in this case):
#!/bin/bash set -e -x export DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y
The set -e -x is for debugging. You can see the commands which ran and
their output in /var/log/syslog once you are logged into the server.
The startup scripts have a maximum size of 16kb. You can check the size with
the debug command of the aws script.
The startup script is basically a template for the Python string format method (See http://docs.python.org/library/string.html#formatstrings). So anything inside curly brackets is expanded. To get normal curly brackets, when you write bash functions etc, just double them like this:
function LOG() {{ echo "$*"; }}
If you want to include any files for something like ssh authorized_keys,
you do something the following:
authorized_keys: file,escape_eol ssh-authorized_keys
#!/bin/bash
...
/bin/bash -c "echo -e \"{authorized_keys}\" >> /root/.ssh/authorized_keys"
So the startup script basically has rfc822 syntax (internally the e-mail
parser is used). The file,escape_eol tells the script that the ssh-
authorized_keys string should be used as a filename for a file which is then
read and the \n characters are escaped so the resulting string can be used
in the echo -e command.
- You have the following possibilities (brain dump, needs fleshing out):
- file
- base64
- format
- template
- gzip
- escape_eol
In addition to that, you have access to some more variables. For example full access to the server config in the aws.conf. With servers[demo- server].instance.dns_name for example, you can get the current DNS name of the server (this only works with other servers already started, not the one for which the startup script is for, since the DNS isn't set at the time the script is created).
You can modify the options for the startup script by declaring a hook like this in your config:
hooks = mymodule.Hooks
Where Hooks is a class with a startup_script_options method. Here is an
example which adds an addresses option containing the IP address of
available EC2 instances:
class _IPProxy(object):
def __init__(self, servers):
self.servers = servers
def __getitem__(self, value):
result = self.servers[value]
instance = result.instance
if instance is None:
# return a dummy address
return u'192.168.0.1'
return result.instance.private_ip_address
class Hooks(object):
def startup_script_options(self, options):
addresses = options.get('addresses')
if addresses is None:
options['addresses'] = _IPProxy(options['servers'])
You can add a gzip: prefix before the filename to let the script be self
extracting. The code used looks like this:
#!/bin/bash tail -n+4 $0 | gunzip -c | bash exit $?
Directly after that follows the binary data of the gzipped startup script.
Controlling instances
- start
- stop
- status
Snapshots
(Needs description of volumes in "Configuration")
SSH integration
mr.awsome provides an additional tool assh to easily perform SSH based
operations against named EC2 instances. Particularly, it encapsulates the
entire SSH fingerprint mechanism, as EC2 instances are often short-lived and
normally trigger warnings, especially, if you are using elastic IPs.
Note:: it does so not by simply turning off these checks, but by transparently updating its own fingerprint list (it relies on the console output of the instance to provide the fingerprint via the AWS API, some images may not be configured to do so) when adding new instances.
The easiest scenario is simply to create an SSH session with an instance. You can either use the ssh subcommand of the aws tool like so:
aws ssh SERVERNAME
Alternatively you can use the assh command direct, like so:
assh SERVERNAME
The latter has been provided to support scp and rsync. Here are some examples, you get the idea:
scp -S `pwd`/bin/assh some.file demo-server:/some/path/ rsync -e "bin/assh" some/path fschulze@demo-server:/some/path
Fabric integration
Since Fabric <http://fabfile.org/`_>`_ basically works through ssh, all the
bits necessary for ssh integration are also needed for Fabric. To make it
easy to run fabfiles, you specifiy them with the "fabfile" option in your
aws.conf and use the ``do command to run them.
Take the following fabfile.py as an example:
from fabric.api import env, run
env.reject_unknown_hosts = True
env.disable_known_hosts = True
def get_syslog():
run("echo /var/log/syslog")
If you have that fabfile for the demo-server above, you can then run the command with "bin/aws demo-server do get_syslog".
For more info about fabfiles, read the docs at http://fabfile.org/.
Macro expansion
In the aws.conf you can use macro expansion for cleaner configuration
files. This looks like this:
[ec2-instance:demo-server2] <= demo-server securitygroups = demo-server2 [ec2-securitygroup:demo-server2] <= demo-server
All the options from the specified macro are copied with some important exceptions:
- For instances the
ipandvolumesoptions aren't copied.
If you want to copy data from some other kind of options, you can add a colon in the macro name. This is useful if you want to have a base for instances like this:
[macro:base-instance] keypair = default region = eu-west-1 placement = eu-west-1a [ec2-instance:server] <= macro:base-instance ...