AWS Opsworkscm Server Mgmt
aws-opsworkscm-server-mgmt sets up a pipeline that manages OpsWorks Configuration Manager server instances (such as OpsWorks Chef Automate and/or OpsWorks Puppet Enterprise) based on a configuration file (opsworkscmconfig.json). The pipeline can identify a "rogue" instances (defined by those instances that does not have an entry in the opsworkscmconfig.json) and optionally remove the instances. The pipeline currently supports single account and multi region for now but the effort is under way to support multi account and multi region instances.
Solution Architecture
AWS OpsWorks Chef Automate and AWS OpsWorks Puppet Enterprise
Operational Considerations:
OpsWorks Servers
- Runs on EC2 instances that are exposed via the console and CLI
- OpsWorks servers run on the newest versions of Amazon Linux
- Chef Server 12.x
- Chef Automate Server 1.8 - Release Notes for Chef Automate
- Puppet Enterprise 2017.3
Chef Client
- minimum supported version of chef-client is 13.x - Latest Stable Release
Puppet agent
- Version of supported puppet agent is > 5.3.2- Component version document of Puppet Enterprise
opsworkscm-server-mgmt pipeline installation/uninstallation instruction
Prerequisite
- If executing the cloudformation from the AWS CLI, the configured profile should be point to the desired target environment.
Pipeline Installation
Installation: In order to deploy the pipeline, please execute the deploy-pipeline.sh script:
aws cloudformation create-stack --stack-name opsworkscm-stack1 \
--template-body file://opsworkscm-server-mgmt-pipeline-cfn.yaml \
--parameters file://opsworkscm-server-mgmt-pipeline-params.json \
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
Pipeline Execution
Upon completion of the cloudformation stack deployment, a codecommit repository named "opsworkscm-server-mgmt" is created.
Initially, the opsworkscm-server-mgmt repository is empty to prevent automatically triggering a run of the pipeline. Creating the file "opsworkscmconfig.json" within the opsworkscm-server-mgmt repository is required for a successful execution of the pipeline.
An example of "opsworkscmconfig.json":
{
"ops_delete_if_absent_entry": "False",
{
"ops_env": [
{
"name": "devinstance1",
"ops_account": "[YOUR AWS ACCOUNT NUMBER]",
"ops_region": "[desired region code]",
"ops_subnet": "[subnet ID of target network]",
"ops_key_pair_name": "[managed ssh key name]"
}
]
}
}
This will provision OpsWorks Configuration Manager Server in us-east-1 region with the name "devinstance1" (The correct account ID is required) See below for more comprehensive list of options and explanation
Pipeline Uninstallation
aws cloudformation delete-stack --stack-name opsworkscm-stack1
Currently supported configuration parameters
{
"ops_delete_if_absent_entry": [Boolean],
"ops_sns_arn": [ARN String]
"ops_env":
{
"name": [String],
"ops_engine": [String],
"ops_engine_model": [String],
"ops_engine_version": [Integer],
"ops_account": [Integer],
"ops_region": [String],
"ops_subnet": [string],
"ops_key_pair_name": [String],
"ops_instance_type": [String],
"ops_maintenance_window": [String],
"ops_use_automated_backup": [Boolean],
"ops_backup_retention: [Integer],
"ops_backup_window": [String],
"ops_delete_if_absent_entry": [Boolean]
}
}
- "ops_delete_if_absent_entry": "True" or "False" (optional)
- "ops_sns_arn": SNS Topic ARN to use for notification (optional)
- "ops_env"{ }: This is used to describe an OWCA Server environment (required)
- "name": Name of the OpsWorks Chef Automate Server Instance (required)
- "ops_engine": Either 'Chef' or 'Puppet' (required and case sensitive)
- "ops_engine_model": 'Single' or 'Monolithic' for OWCA nad OWPE respectively (optional and case sensitive)
- "ops_engine_version": '12' or '2017' for OWCA and OWPE respectively (optional)
- "ops_account": 12 digit AWS Account ID (required)
- "ops_region": Target Deployment Region for OWCA Server (required)
- "ops_subnet": Target Deployment Region Subnet ID (required)
- "ops_key_pair_name": ssh key pair name to allow (optional)
- "ops_instance_type": desired instance type (optional) See below for a complete list
- "ops_maintenance_window": desired 1 hour maintenance window See below for an acceptable string format
- "ops_backup_window": desired 1 hour backup window See below for an acceptable string format
- "ops_use_automated_backup": True or False (optional)
- "ops_backup_retention": an integer in between 0-30 (do not use quotes)
- "ops_delete_if_absent_entry": This causes the pipeline to delete the OWCA and OWPE instances that are not found in the opsworkscmconfig.json (optional - default False)
Supported Instance Types for an OWCA Server
- m4.large
- r4.xlarge
- r4.2xlarge
Supported Instance Types for an OWPE Server
- c4.large
- c4.xlarge
- c4.2xlarge
Supported format for maintenance and backup window
The supported string format is
- DDD:HH:MM (both for backup and maintenance window to indicate weekly backup and maintenance)
- HH:MM (only for backup window to indicate daily backup)
- Examples:
MON:08:00 (Monday 8AM for one hour)
SUN:01:00 (Sunday 1AM for one hour)
02:00 (2AM daily)
06:00 (6AM daily)
Maintenance window is a weekly activity thus providing daily format would be an invalid entry. Automated backup can be daily or weekly, depending on the user parameters.
Upcoming Features
The following feature request has been received and will be made available in the subsequent releases:
###Feature Enhancements:
- Cross account provisioning support
License Summary
This sample code is made available under a modified MIT license. See the LICENSE file.