Deployment and Provisioning
In this group of lectures we run a hands on deployment of the next iteration of the Pizza Time solution. The Pizza Time business has been a success. It needs to support more customers and wants to expand to meet a global market.
We define our new solution, then walk through a hands on deployment that extends our scalability, availability and fault tolerance.
About the Author
Eric Magalhães has a strong background as a Systems Engineer for both Windows and Linux systems and, currently, work as a DevOps Consultant for Embratel. Lazy by nature, he is passionate about automation and anything that can make his job painless, thus his interest in topics like coding, configuration management, containers, CI/CD and cloud computing went from a hobby to an obsession. Currently, he holds multiple AWS certifications and, as a DevOps Consultant, helps clients to understand and implement the DevOps culture in their environments, besides that, he play a key role in the company developing pieces of automation using tools such as Ansible, Chef, Packer, Jenkins and Docker.
Hi and welcome to this lecture.
In this lecture we are going to define user data and metadata, and after defining that, using these slides, we will go to the AWS Console and have an overview about these concepts and see them in action.
So user data is a script that runs during the instance startup, it runs automatically once. You can get the user data later and run that same script if you want, but it will only run automatically once.
It's great for scripting because you define the user data when you are launching the instance, and it's awesome to learn how to use this feature because you don't need to connect to the instance to configure the things that you want, you can simply create a script for that and everything will be created automatically for you, and you can only enjoy the final result.
It also avoids creating custom AMIs, AMIs are great, it's awesome to have some custom AMIs, they save us a lot of time, but they need maintenance, if you create an AMI, every time you start that AMI you need to update that AMI again, maybe we will be open to a few separate issues if you don't update your AMIs frequently, so it's great having user data because it avoids creating custom AMIs.
The only downside of user data is that it will take a few minutes to run the script, so if it's a long process, every time you launch an instance, AWS will take more or less five minutes to launch the instance, plus the time you launch and configure the user data script that you specified.
Metadata is data about your instance, it's also great for scripting and it doesn't require special IAM permissions. To access your metadata, and actually to also access your user data, remember that I said that you can retrieve that, you can retrieve that by accessing this URL inside your instance, you need to be inside your instance, you need to connect either via SSH in your Linux instances or you can connect to your Windows machine and open up a web browser and access this URL, and you will be able to see your metadata and also your user data using this same URL, 169.254.169.254.
So when you are creating scripts using metadata it's important to notice that we have in here a word called latest, and this latest refers to that, we are not talking about any specific API or something, we are actually talking about the structure of the metadata, because AWS keeps changing the structure of their metadata so it's important if you want to have a script that to not break overtime if you need for example, of the instance ID of your instance, it's good to specify the metadata version that you're using.
If you just want to check a few things once in a while you can use the latest and you'll be fine with that. Metadata is divided into categories, so once you access the metadata URL you'll be able to find the information that you need.
So you can, for example, find the AMI ID, you can find your instance ID and so on, all that inside your instance and you don't need to have special permissions for that, so you don't need to create an IAM rule or specify credentials, this information is already available for you without any configuration. So enough talking, let's go to the AWS Console and learn how to use user data and metadata.
So here in the AWS Console let's click on EC2, and I will show you first user data.
So I will click in here to launch a new instance. I will select Amazon Linux, select the instance type, I will stick with entry medium.
And in here we have the ability to specify the user data, we need to click in here on advanced details, and in here we can specify the user data. The user data must be Base64 encoded, but when you're using it on the console we can specify it as text or we can specify it as a file, and we can also say if it's already Base64 encoded, then AWS will not take the effort to encode it in Base64.
This script will install the pizza time application, I won't explain what's going on with this script, we are going to do this in the next lecture. So I will click on next. Next this is our pizza time user data.
Security group, I will create a new one, just add a new rule in here, and say that we can open HTTP connections.
It's time to review and launch, I will use the pizza time key pair. And we can view our instances, that will take a few minutes to launch, so stop the recording and get back once it's done.
Okay our instance is running, let's check the results. If we take the DNS address and open up a browser, yay, the application is working. We can take a look in here, on instance settings we can view or change the user data, so you could change in here but that would not make a difference, that would not force AWS to run the user data script again, you would only change the user data script, and you could grab an updated version of that user data script inside your instance.
So let me open my Terminal, and I will connect to this instance just to show you that we can get access to the user data from inside the instance.
So okay, what we need to do is check that URL. And we want the latest version. That's the metadata, if we want to check the user data instead, we only need to change the final thing.
And we can see here the script that we specified during the launch time, if we update the user data script in the console and run this command again, then we will be able to see the updated version, but again we won't force AWS to rerun this script. So talking now about metadata, we can use it for some useful stuff.
We can, for example, get the AMI ID of this particular instance. We can get the instance ID. I want to show you how to access metadata inside in the Windows machine, I already have a Windows machine running in my AWS account, the machine is this one, and for the times sake I already connected to this machine so we can see the machine in here.
We have a couple of ways to access our user data and also metadata inside a Windows machine. We can open a browser and we can access the URL. And in here we can see, more or less, the same thing that we were able to see in the command line. And you can also access that by using command line interface using PowerShell you have a command, it's called invoke web request, as far, yes, as far as I remember, and you just specify the same URL.
So we can see here in the content of our reply, the same response body that we received with the browser and then also inside the Linux Terminal.
Just to finish this lecture, when you are dealing with user data, and also when you are not dealing with user data, there is a useful tool that you can use, which is Get System Log, so for example, in our pizza time instance, the Linux instance that we launched with the user data, we can see the latest log entries inside our instance, and we can see that we updated our packages, we installed some packages, and all this stuff was made with our user data script.
That's great for troubleshooting, if you are having problems with your user data scripts you can troubleshoot that by accessing the system log. And the same system log is available for all instances that you might have, so in this case the Windows instance doesn't have a user data script, but we can still have access to the system log, what is happening here is that the AWS agent that lives inside the Windows instance is configuring our password, is defining the host name here.