User:Jrconlin/AWSConfig

From MozillaWiki
Jump to: navigation, search

Setting up a new AWS instance

Amazon Web Services are a fast way to create instances for services, but it's best to follow a few guidelines in order to make sure that these services are supported and you can do things like sleep and go on vacations.

Getting Access

You will need to contact the AWS admin (currently @mmayo) who will provision an account for you on the Mozilla AWS console.

Recommendations

Use a "small" instance.
"Micro" sized instances can have stability issues. Amazon can and will kill micros faster than they will kill small instances. Micros are fine for low cost things like web-heads (which do nothing other than serve pages), but are not recommended for any actual processing or server use.
Use the Amazon Linux variant
Amazon Linux appears to be similar to Centos. To install new packages, you'll need to run yum.
Install the following base packages:
yum install gcc gcc-c++ python-devel screen git make easy_install virtualenv

The following are optional, but suggested:</br> yum install mysql mysql-devel
Be sure to add an Ops Pub key to allow Ops access to the instance.
Contact services-ops for the public PEM key to add to the ~/.ssh/authorized_keys file.
Tag Correctly
The following tags are recommended:
NameA unique name for your product (e.g. "FooService"), this will also be displayed on the console, If you're running multiple versions, you may wish to add the status or version to the name to assist in finding the correct instance.
VersionThe current version running (e.g. "1.2")
StatusThe status of the image (e.g. "Production","Dev","Beta")
AuthorYour Name/ID or Who to call when things go boom

Tags are modifiable, so be sure to keep them up to date if you've made significant changes to the image.

Helpful Tips

Getting the public instance name.

By default, AWS instance hostnames are set to the internal network IP. This isn't really useful and can be confusing if you've got multiple hosts you're connecting to. Amazon provides a Instance Metadata URL service that can be queried to return info about a given instance.

For example, I find it useful to include the public DNS name in my prompt. I've included the following lines in my .bashrc script: 

HOST=`wget -q -O- http://169.254.169.254/latest/meta-data/public-hostname`
PS1='$HOST:\w> '

Because I use this command fairly often, I've created a script as a shortcut: 

#!/bin/bash
/usr/bin/wget -q -O- http://169.254.169.254/latest/meta-data/$1
echo ""

Use Screen

Screen not only provides a way to run multiple terminals within a single connect session, it also allows you to reconnect to those sessions. I prefer to run in screen because it allows me to not worry what may happen if my local connection drops.

You may find the following .screenrc useful: 

vbell on
backtick 1 0 0 /home/ec2-user/bin/metadata instance-id 
caption always "%{wk}%?%-Lw%50L>%?%{bw}%n*%f %t%?(%u)%?%{wk}%?%+Lw%?%11` %=%{yk}%1`%{= kw} %Y-%m-%d %C %a%<"

This will display the instance ID in in the window's caption bar.

Being your own Operations Dude

Having instances at your disposal is highly empowering. Likewise, having a clean machine you can twist to your will can be a rush. Still, you're going to be responsible for these little beasts until you can convince someone else to manage them, and they'll be far happier with you if they're easy to deal with.

A few general words of advice:

  1. ) When creating an AMI, let it reboot. Otherwise, you're going to have a bad time. It's most efficient and reliable to let Amazon image a static image. Imaging takes less time than you'd think, particularly for Small instances that don't have a lot of content on disk.
  2. ) You probably want to use a load balancer rather than an elastic IP address. If you need a *.mozilla.org address, file a bug with NetOps to have a DNS alias created.
  3. ) You also want to have one extra instance that's not on a load balancer. This is your Hanger Queen as well as the machine you can use to test configurations, or generate new AMIs from. Understand that AWS instances can and will disappear on you. AMIs are snapshots of the machine at a state ofour choosing.
  4. ) Keep things as clean as possible. Delete what you absolutely don't need, avoid littering it up with unused packages and deployment items, kill jobs that aren't active, etc. Not only will this make your AMI generation times shorter, they'll also reduce the number of rabbit holes that might crop up later.
  5. ) Don't do development on AWS. Don't. Just, don't do it. You have a box on your desk and scp. Run Centos on VirtualBox or VMWare if need be, but DO. NOT. DEVELOP. ON. AWS.

Adding SSL to AWS

  1. File a bug on Mozilla Services:Operations with the subject "add cert and terminate SSL to [ProjectName] AWS ELB". Make sure to mark as Security.
  2. For *.services.mozilla.com, there is a general cert and chain set that Ops will need to apply to the host.
  3. To Apply the Cert, see http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPS.html

Registering the Key Fob

go to https://aws.amazon.com/mfa/ for instructions.

Retrieved from "https://wiki.mozilla.org/index.php?title=User:Jrconlin/AWSConfig&oldid=642172"