[nycbug-talk] OT: Puppet/LDAP on EC2

Matt Juszczak matt at atopia.net
Tue Apr 20 17:48:50 EDT 2010


Hello fellow sysfolk,

I'm wondering if any of you have experience with EC2.  I'm looking to 
setup a standard environment where basically puppet manages all, even on 
EC2.  The hard part is being able to dynamically launch instances and 
"tell" them to point to puppet, as the boxes need to have their non-EC2 
hostname set first before the initial puppet connection (so I can validate 
the appropriate SSL cert with puppet-ca).

The hard part at this point is figuring out how exactly to get the 
hostname set and puppet launched initially.  I can either:

* set user-data that will install puppet, somehow "fetch" the hostname of 
the box externally, set the hostname, set /etc/resolv.conf to point to the 
appropriate DNS servers, and then launch puppet (and then let puppet put 
the real /etc/resolv.conf in place, as well as other packages).

or

* create an AMI that has all of this base stuff in it, but I'd still have 
to find a way for the image to get what hostname it should be, as that 
needs to be set prior to the box launching puppet (otherwise, if the box 
connects to puppet as amazon-ec2-hostname-12.14-121.amazonws.com, puppet 
won't know what the box is and/or what its role is)

Any suggestions?  Anyone have experience with this?  Is there a way in 
Amazon's API to tell it what to set the actual hostname on the box to, 
other than user-data?

Thanks,

-Matt



More information about the talk mailing list