We have published Amazon EC2 images based on Canonical’s Ubuntu 9.10 base image, with Chef 0.8.8 installed via RubyGems. AMIs are only available in the us-east zone at this time.
These images have Chef 0.8.8 pre-installed, with the chef-client service set up to start on boot via runit. We use a special client configuration file that parses EC2 instance metadata for the validation key and chef_server_url
. The Chef client and node names are set to the EC2 instance ID, e.g., “i-12345678”. These images are compatible with the Opscode Platform, as well.
The AMI identifiers are:
To use these AMIs, you either need an Opscode Platform account or a Chef Server that can be accessed from EC2. You also need to configure Knife with your user/client key, and point to the correct chef_server_url
. This can be done using the configure subcommand for knife.
Once Knife is configured, generate the instance data with knife, and supply a run_list that will be added to the node. This will read your knife configuration (~/.chef/knife.rb
) for the validation certificate and URL to use and output in JSON format. Substitute your own desired role names and values.
$ knife ec2 instance data role[base]
You can specify multiple entries for the run_list by separating them by spaces. These can be roles or recipes:
$ knife ec2 instance data role[base] role[webserver] recipe[zsh]
You can redirect the output to a file and launch an instance using the EC2 command-line tools.
$ knife ec2 instance data role[base] role[webserver] > /tmp/webserver.json
$ ec2-run-instances ami-c56689ac -f /tmp/webserver.json \
--instance-type m1.small --region us-east-1 --key ${EC2_KEYPAIR_US_EAST_1}
If you’re using a different method for managing your EC2 instances (such as AWS Console or ElasticFox) check the tool’s documentation on how to pass the instance data to new instances.
When the instance launches, the client.rb will create an Ohai system object to get the EC2 attributes, which includes the instance metadata. It will write the validation key value from the JSON and write it to /etc/chef/validation.pem
. It will also write the attributes (including specified run_list) to use for the node to /etc/chef/client-config.json
. This is handled when chef-client starts via runit.