Build Steps Process - HearstAT/cloudformation-chef-ha GitHub Wiki

Build Steps

This is just a breakdown of what the templates and cookbook accomplish together

Stack Build Out (pre-build)

  1. Builds the following items, turns into parameters for nested stacks
  • ENI; for all instances, allows to know all IPs before building instances
  • DNS; again know all DNS prior to instance creation
  • Secuity Groups; setups all SG associations up prior to instance Creation
  • EBS Volume; volume to be utilized for drdb data/lvm setup.
  • Chef Bucket; for automated backups and bundle sharing in Cookbook section
  1. Passes these and all other Params into the following stack IDs
  • BackendStack, FrontendStack, and AnalyticsStack
  1. Build orders is as follows
  • Backends get built first, primary backend then failover backend
  • Frontends get built out at same time
  • Analytics final build item

Instance Build Out

  1. All parameters are passed into the nested stack of BackendStack
  2. EIPs are associated, then instance creation starts
  3. Backend Primary Instance is first to be created (process identical for almost all instances)
  • The EBS volume ID & ENI ID is passed here and attached to the primary instance (just ENI ID for Failover)
  • UserData initializes, pulls python tools, pulls userdata.sh down, passes all parameters as exported shell variables, executes userdata.sh

Userdata Script

The userdata script is utilized by every instance, just some minor differences apply via conditionals

  1. Installs apt-get repo for chef
  2. Installs CFN tools and aws cli
  3. Configures aws cli
  4. sets hostname (based of params passed into each instances as $DNS)
  5. Primary Backend Only: set's second private IP via cli tool to be utilized as the VIP for the HA config
  6. installs chef on every instance
  • If primary/failover: chef-ha and chef-server-core get installed
  • If frontends: chef-manage and chef-server-core get installed
  • If analytics: opscode-analytics gets installed
  1. Builds out role to apply necessary attributes to the cookbook
  • see role build out here
  1. Primary Backend Only: makes copy of the role.json created and makes a secondary role with the backup restore set to true. Optional role to run see backup section[to be written] of wiki to learn more
  2. Sets up cookbook path and client.rb
  3. clones cookbook
  4. Sets berkshelf path and runs berks vender against cookbook berksfile
  5. Runs chef-client with su -l -c to create an interactive session, sets chef zero port to 8899 to deconflict with chef setup's chef-zero runs, calls the role.json created.

Cookbook

Primary Role

  1. Configures EBS volume; ebs_volume.rb, utilizes lvm cookbook.
  2. Disables IP tables; disable_iptables.rb
  3. Installs and configures newrelic;newrelic.rb
  4. Installs and configures sumologic; sumologic.rb
  5. Sets up chef backup utilizing knife ec backup w/ shell script and cron via backup.rb
  6. Configure local hosts file with failover and vip info; primary_hosts.erb
  7. Configures chef-server.rb file; chef_server.rb
  8. Sets cluster status as master
  9. Installs chef reporting
  10. Runs through a series of chef and reporting reconfigure/restarts.
  11. Creates bundles for analytics, core (includes chef-manage.rb), and reporting to share with other instances.
  12. Uploads bundles to S3 bucket created by cloudformation process

Primary with Backup Restore

  • Identical to Primary Role with these following additions prior to step 9 above
    • Pulls previous backup file listed in cloudformation build parameters
    • Extracts backups via tar
    • runs knife ec restore

Failover Role

  1. Configure local hosts file with primary and vip info; failover_hosts.erb
  2. Disables IP tables; disable_iptables.rb
  3. Installs and configures newrelic;newrelic.rb
  4. Installs and configures sumologic; sumologic.rb
  5. Configures base server; server_install.rb
  • Pulls core and reporting bundle from S3 and extracts them
  • Runs through a series of chef and reporting reconfigure/restarts
  • Stops all but keepalived to to ensure server stays as failover
  1. Sets up chef backup utilizing knife ec backup w/ shell script and cron via backup.rb (will only run if server becomes master)
  2. Installs lvm (needed for failovers)
  3. Sets cluster status as failover

Frontend Role

  1. Configure local hosts file with primary, failover, and vip info; frontend_hosts.erb
  2. Disables IP tables; disable_iptables.rb
  3. Installs and configures Chef Manage; manage.rb && manage.rb
  4. Sets up and configures postfix to allow Chef to send emails; mail.rb
  5. Configures SSL certs instead of having unsigned certs generated by chef; certs.rb
  6. Configures base server; server_install.rb
  • Pulls core and reporting bundle from S3 and extracts them
  • Runs through a series of chef and reporting and manage reconfigure/restarts
  1. Sets up ability to do blue/green deployments via creating another nginx server to support chef-a or chef-b subdomains; stage.rb
  2. Installs and configures newrelic;newrelic.rb
  3. Installs and configures sumologic; sumologic.rb

Analaytics Role

  1. Disables IP tables; disable_iptables.rb
  2. Sets up and configures postfix to allow Chef Analytics to send emails; mail.rb
  3. Configures SSL certs instead of having unsigned certs generated by chef; certs.rb
  4. Installs and configures newrelic;newrelic.rb
  5. Installs and configures sumologic; sumologic.rb
  6. Configure local hosts file with analytics info; analytics_hosts.erb
  7. Setup analytics config; opscode-analytics.rb
  8. Pulls analytics bundle from S3 and extracts it
  9. Sets up ability to do blue/green deployments via creating another nginx server to support analytics-a or analytics-b subdomains; stage-analytics.conf
  10. Reconfigures analytics and restarts