To launch an Elastic Load Balancer ( ELB ) with an existing SSL certificate using Terraform, you need to specify the AWS certificate resource id. If you have already uploaded the certificate and attached it to an existing load balancer, the following AWS CLI command will display it in the command window. MY_PROFILE is the name of the profile in the square brackets  in the ~/.aws/credentials file.
aws elb describe-load-balancers --region MY_AWS_REGION --profile MY_PROFILE |grep SSL
To get all information on the load balancers, just omit the grep command:
aws elb describe-load-balancers --region MY_AWS_REGION --profile MY_PROFILE
Packer is a free, open-source application from Hashicorp. It can generate a server image based on an existing one, and configure it for your special needs. You can use the generated image when you launch a server instance in the cloud or on your local workstation.
Packer reads a .json file to generate the new server image.
For Chef in AWS
To allow the Chef Kitchen EC2 driver to read the OS version of the image, include the version in the “Name” as follows:
Generate the server image with Packer
- Open a Bash window,
- Navigate to the folder of the Packer JSON script,
- Execute the following command. Get the AWS access key and secret key from the ~/.aws/credentials file on your Macintosh or Linux workstation. On Windows, the file is at C:\Users\YOUR_USER_NAME\.aws\credentials.
packer build -var 'aws_access_key=MY_ACCESS_KEY' -var 'aws_secret_key=MY_SECRET_KEY' ./MY_PACKER_SCRIPT.json
- The command window will display the ID of the generated image, or you can find it by name in the EC2 section of the AWS console under AMIs.
Share the generated server image with other cloud accounts
If you work in multiple cloud accounts you need to share the generated server image with other accounts
- Log into the AWS account you have used to generate the server image,
- On the left side of the EC2 section select AMI and find the new image by name of ID,
- On the Permissions tab click the Edit button,
- Make sure the Private radio button is selected if you don’t want to share the image publicly,
- Enter the account number of the account you want to share the image with,
- Check the Add “create volume” permissions… checkbox,
- Click the Add Permission button,
- When you have added all accounts to share with, click the Save button.
When you create a key in AWS you can download it one time in PEM format. To use it in PuTTY, the free SSH and Telnet client, you have to convert it to PPK format.
To install PuTTY, see the Terminal Emulator section in Recommended utilities for your workstation
To convert a PEM file to PPK
- Open a terminal window in the folder of the PEM file
- Execute the following
puttygen MYKEY.pem -o MYKEY.ppk
Chef attributes are global variables that are available for every cookbook on the node. There are multiple formats to declare and use an attribute. For important notes on the syntax, please see Undefined method or attribute error in a Chef recipe.
To override the value of an attribute that is defined in another cookbook, use the following syntax
node.override['ATTRIBUTE_NAME'] = 'NEW_VALUE'
During compilation, this line will replace the default value of the attribute with the NEW_VALUE.
When you launch an instance with RightScale Self Service, and the Chef cookbook execution fails, the instance goes into “stranded” mode. By default RightScale Self Service terminates the stranded instances, so there is no way to remote into them and read log files to find the cause of the problem.
To keep stranded instances running in RightScale
- Find the booting instance in Cloud Management and click the instance name,
- Click the lock icon on the top of the screen
RightScale Self Service cannot terminate locked instances. To terminate the instance after the troubleshooting process, unlock the instance and terminate the instance by hand.
When you launch a server instance with Terraform, sometimes the error message does not contain the underlying cause. When the cloud provider cannot complete the request, many times Terraform displays a generic error message:
Error waiting for instance (i-...) to become ready: unexpected state 'terminated', wanted target 'running'
To find the root cause of the error in AWS
- Log into the AWS console and navigate to the EC2 section,
- Search for the instance by the instance Id,
- You can find the error message at the bottom of the Description tab
In our specific case, it was Client.VolumeLimitExceeded: Volume limit exceeded
We had to increase the volume limit to be able to launch more large EC2 instances.
When you need to upgrade an application on an AWS EC2 instance with minimum downtime, there are many options.
Upgrade an EC2 instance
- Stop the application, so users don’t make more changes,
- Create a backup of the database (snapshot of the RDS instance),
- Create a backup of the server (backup image of the EC2 instance),
- Upgrade the application on the server,
- Start the application,
- Test the new version of the application.
In case the upgrade fails, or the post-upgrade test fails
- Stop the application,
- If you use RightScale to launch servers:
- stop the RightLink service on the failed server to prevent RightScale auto terminating the restored server
(When RightScale finds a new identical server instance, it automatically shuts it down to avoid multiple instances with the same identifier.)
- Terminate the failed server
- Stop the failed server,
- Restore the database from the pre-upgrade backup with a new name,
- Restore the server instance from the pre-upgrade backup,
- Start the restored server,
- Change the database address in the application’s config file to point to the restored database,
- Start the application,
- Test the restored version of the application.
To make the backup image of the AWS EC2 instance
- Open the AWS console and navigate to EC2, Running instances
- Find the server instance you want to backup
- Right-click the row of the instance and select Image, Create Image
- Name the image and click the Create Image button
- Save the image Id from the popup
When you use RightScale to launch servers in the cloud, you want to use the same base image to test your Chef cookbooks in Test Kitchen.
Packer by Hashicorp is a utility to create custom server images based on cloud images. You supply the image ID and other configuration parameters to create a new custom image.
To find the AMI ID of the base image of the RightScale Server Template
- Open the RightScale user interface in your browser,
- Select the RightScale account where the server template was created,
- In RightScale Cloud Management select Design / ServerTemplates,
- Select the server template,
- Select Images,
- Select the MultiCloud image,
- Select Clouds,
- Select the image in the region you are working in,
- The Resource UID is the AMI ID of the image.
In the previous parts of this tutorial we have launched instances (servers) in the cloud, but those were created by Test Kitchen, running on our workstation. Those instances are as good as they can be, but the cookbook did not reside on the Chef server.
To launch pre-production and production instances in the cloud, first we need to upload the cookbook to the Chef server. In Beginner’s Guide to DevOps Engineering part 4. Connect to the Chef server we have already connected our workstation to the Chef server.
Upload the cookbook to the Chef server
To make your cookbook available for all the servers of the organization we will upload the cookbook to the Chef server.
Launch the server in the Cloud
There are many ways to launch servers in a scripted way, we are going to review a few options. One is to use RightScale, a Cloud Management Platform, that can manage servers in multiple cloud environments.
Create a new Deployment
- Using your web browser log into the RightScale Cloud Management user interface,
- In the Manage menu select Deployment and click the New button,
- Enter the name of the new deployment,
- To add the new deployment to your bookmarks,
- On the left side in the Bookmarks section click the Add link,
- If necessary shorten the name of the bookmark and click OK,
- To reorder the bookmarks
- Click the Edit link and drag the bookmark to the desired position,
- Click the Done link to save your changes.
Create the CAT file
CAT files are Ruby like scripts that describe the configuration of the instance. It contain the name of the deployment the server should be placed it, the cloud attributes to assign security groups, regions, availability zones, set the drive size, specify security keys. The easiest way to configure a server is to copy an existing RightScale Self Service CAT file and update it with the new values.
If this is the first CAT file in your organization, get help from RightScale support and get a sample file from them.
If your organization already has a library of CAT files
- Make a copy of an existing CAT file
- Update the values to customize it for your server
- Application name
- Chef runlist
- Security group
- Deployment name
- Load balancer name
- Instance type
Upload the CAT file to RightScale
- Open the RightScale Self Service user interface,
- Select Designer on the left,
- Click the Upload CAT button and select the CAT file,
- Click the Upload button in the lower right corner,
- In the green popup in the upper right corner click the Publish to catalog link,
- In the lower right corner click the Yes, Publish button.
Launch the server in RightScale Self Service
- In the RightScale Self Service interface select Catalog on the left side,
- Select the catalog item you want to launch,
- Enter a name for the instance to be able to identify it later and select the instance in the dropdown list,
- Click the Launch CloudApp button.
To monitor the server launch
- In your web browser open the RightScale user interface,
- In the design menu select Deployments,
- Select the deployment of the instance,
- Click the instance to see in formation on it.
to the Tutorials page