On Tue, Mar 20, 2012 at 1:31 AM, Denmat <tu2bgone@gmail.com> wrote:
> Thanks Brian,
>
NP. First let me say there are about 10 ways to skin a cat here, so many
folks might have different advice.
> We will be running a public subnet and at least one private subnet -
> traditional web/database set up essentially. Web servers will be behind a
> aws load balancer and there will be at least one admin host in the public
> subnet for access.
>
You could put your puppetmaster on the public subnet, if you put it in a
security group that limits access to specific non-ec2 IP addresses. (and
allows access from the rest of your security groups that need access.
Private hosts will access the outside world via a NAT
instance.>
Puppet works trans-NAT, so you should be fine having your private clients
connect to a puppetmaster on a public subnet.
> I''m very interested in using ''cloudformation'' to
build out the application
> stack instances and run configuration via puppet in either master or
> masterless mode. However I''m wondering if this is the best method
and how
> this can all be reported back to a centralized reporting server (if at all
> possible under these scenarios). Also interested in tips on building into
> VPCs in general.
>
Both popular reporting servers, Dashboard and Foreman, support multiple
puppetmasters, but you would need to put your reporting servers somewhere
that is reachable by all puppetmasters. General VPC advice is probably out
of scope of this group, but if you have some particular questions, feel
free to ping me offline. Cloudformation is fairly useful, for either
building a puppetmaster, or getting a basic puppet client up. If you are
using puppet, I would use Puppet to get your application stack installed,
and maybe use cloudformation to get your instance to the point it can
connect to the puppetmaster. That said, I might wait a few weeks and see if
the foreman ec2 provisioning support that is coming is a better fit than
cloudformation. (See below).
> I''m curious how foreman handles cloud provisioning and would
appreciate
> information on that.
>
I believe official Foreman support for cloud provisioning is not that far
off, as Ohad is refactoring the provisioning engine to use fog+libvirt and
one of the first "compute" resources we are going to see is EC2. I
don''t
know if VPC support will make it into the first release. For the first
release, I believe initial bootstrapping will be done with ssh, just as
Foreman currently does for traditional virt/bare-metal bootstrapping. (This
is the method that Foreman uses to get puppet installed, among other
things.) I believe cloud-init support is a planned enhancement. Ping
ohadlevy on #theforeman if you want early access, or have other questions.
I am sure he would welcome feature requests, and testers.
I should add we already have an existing puppet setup that
handles> traditional nodes. Our preference at this stage would be to keep them
> separate except for reporting. Not sure if that is something easily
> accomplished.
>
Multiple puppetmasters is easy with Foreman, and I imagine it''s easy
with
Dashboard as well.
Thanks,> Den
>
>
> On 20/03/2012, at 15:35, Brian Gupta <brian.gupta@brandorr.com>
wrote:
>
> Well you can always assign Elastic IPs to your VPC instances, if they are
> on a single public subnet. (Depending on how you have things configured.)
>
> Also, for a private subnet, you can setup an internet gateway instance
> that can handle outgoing NAT for you.
>
> Other than that, some fancier options are to run a replica of your
> puppetmaster in a public subnet, or even run a foreman
"smart-proxy" puppet
> proxy in a public VPC subnet, that your other VPC nodes can accces.
>
> (Let me know if any of these sound appealing and I can get you more info.
> Or at least point you in the right direction.)
>
> -Brian
>
> On Tue, Mar 20, 2012 at 12:03 AM, Denmat <tu2bgone@gmail.com> wrote:
>
>> Hi list,
>>
>> Quick general question, what''s the current best way to deploy
to an
>> Amazon VPC (without VPN to central puppet master)? Deliberately vague
to
>> get wide results :)
>>
>> Has anyone got good posts on this?
>>
>> TIA
>> Den
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> <http://aws.amazon.com/solutions/solution-providers/brandorr/>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
<http://aws.amazon.com/solutions/solution-providers/brandorr/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.