Working with Nodes in AWS Opsworks in Puppet Enterprise

Starting system maintenance on demand

Run the following AWS CLI command to start system maintenance on demand, separate from your scheduled weekly or automatic daily maintenance. On-demand maintenance cannot be started in the AWS Management Console.

aws opsworks-cm start-maintenance --server-name name_ of_server.

Restoring custom configurations and files after maintenance

Custom configurations or documents you have put on your AWS OpsWorks for Puppet Enterprise server may be deleted or altered during the maintenance of the system.

You can launch a new Amazon EC2 instance using an AMI if your Puppet master is missing files or settings that you added using RunCommand or SSH after a maintenance run. The pre-maintenance configuration of a server can be used to create AMIs.

The new instance should have your missing files and configurations because it is in the same condition as the Puppet master before maintenance. 

Adding Nodes Automatically in OpsWorks for Puppet Enterprise

In this part, we will look at how to automatically add Amazon EC2 nodes to your OpsWorks for Puppet Enterprise server.

Methods to add nodes automatically using the unattended method are:-

1️⃣ To use your instance profile, create an IAM role:-.To use as your instance profile, create an IAM role:- To use your EC2 instance profile, create an AWS Identity and IAM role. Attach the below code to the IAM role.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "opsworks-cm:AssociateNode",
                "opsworks-cm:DescribeNodeAssociationStatus",
                "opsworks-cm:DescribeServers",
                "ec2:DescribeTags"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

AWS CloudFormation template offered by AWS OpsWorks is used to create the IAM role with the code mentioned above. The following AWS CLI command creates the IAM role for you:-

aws cloudformation --region region ID create-stack --stack-name myPuppet_instance_profile --template-url https://s3.amazonaws.com/opsworks-cm-us-east-1-prod-default-assets/misc/owpe/opsworks-cm-nodes-roles.yaml --capabilities CAPABILITY_IAM

2️⃣ Utilizing an Unattended Association Script to Create Instances:-  Amazon EC2 Auto Scaling group launch configurations or the user data script from the Starter Kit to create EC2 instances by pasting it into the userdata section of the relevant documentation. 

Apache Web Server Module Setup

Steps to setup the Apache Web Server Module to create a new node are:-

✔️ To link a new node with your Puppet master, the user data script in the Starter Kit executes the opsworks-cm API associate-node command. Save this script as userdata.sh in a useful location.

✔️ Select an Amazon Linux AMI from the EC2 instance launch wizard.

✔️ Select my_Puppetinstance_profile from the Configure Instance Details page.

✔️ Upload the userdata.sh script to the Advanced Details section.

✔️ Click Add Tags. Your EC2 instance's userdata.sh behavior can be modified by applying tags.

✔️ To open port 8080 for the Apache web server in this example, select Add Rule on the Configure Security Group page, and then select HTTP as the type of rule.

✔️ Select Launch after selecting Review and Launch.

✔️ You should see a website hosted by your Puppet-managed Apache web server when you open the website linked to the public DNS of your new node.

Disassociating a Node from OpsWorks for Puppet Enterprise Server

In this part of working with OpsWorks for Puppet Enterprise Server, we will look at how to remove a managed node from OpsWorks for Puppet Enterprise server management.

The OpsWorks for Puppet Enterprise server management does not currently support batch deletion of numerous nodes. One node is disassociated at a time by the command in this section. Therefore, disconnect nodes from a Puppet master before deleting the server so they can continue functioning without attempting to reconnect. Run the disassociate-node AWS CLI command to accomplish this.

A node must be disassociated from PE and have its certificate revoked for it to be completely removed from PE and stop pinging the Puppet master.

The steps to disassociate nodes are as follows:-

🚀 In the AWS CLI, run the Node_name command to disassociate nodes. 

aws opsworks-cm --region Region_name disassociate-node --node-name Node_name --server-name Server_name

Unless you want to separate a node from a Puppet master not in your default region, the –region parameter is unnecessary.

🚀 Wait until the disassociation is completely signaled by a response message.

Using AWS CloudTrail to record OpsWorks for Puppet Enterprise API Calls

AWS CloudTrail is a service that offers a log of actions taken by a user, role, or an AWS service in OpsWorks for Puppet Enterprise.

All OpsWorks for Puppet Enterprise API calls are recorded by CloudTrail as events, including calls made from the OpsWorks for PE console.

Understanding OpsWorks for Puppet Enterprise Log File Entries

A trail configuration allows delivering events as log files to a specific Amazon S3 bucket. There may be one or more log entries in a CloudTrail log file.

An event is a single request from any source that includes details about the action being requested, the time and date the action will take place, request parameters, etc.

The CloudTrail log entry for the OpsWorks for Puppet Enterprise CreateServer action is displayed in the example below.

{"eventVersion":"1.05",
"userIdentity":{
    "type":"AssumedRole",
    "principalId":"ID number:OpsWorksCMUser",
    "arn":"arn:aws:sts::831000000000:assumed-role/Admin/OpsWorksCMUser",
    "accountId":"831000000000","accessKeyId":"ID number",
    
    "sessionContext":{
        "attributes":{
            "mfaAuthenticated":"false",
            "creationDate":"2017-01-05T22:03:47Z"
            },
            
        "sessionIssuer":{
            "type":"Role",
            "principalId":"ID number",
            "arn":"arn:aws:iam::831000000000:role/Admin",
            "accountId":"831000000000",
            "userName":"Admin"
            }
        }
    },
    
"eventTime":"2017-01-05T22:18:23Z",
"eventSource":"opsworks-cm.amazonaws.com",
"eventName":"CreateServer",
"awsRegion":"us-west-2",
"sourceIPAddress":"101.25.190.51",
"userAgent":"console.amazonaws.com",

"requestParameters":{
    "serverName":"test-puppet-server",
    "engineModel":"Single",
    "engine":"Puppet",
    "instanceProfileArn":"arn:aws:iam::831000000000:instance-profile/aws-opsworks-cm-ec2-role",
    "backupRetentionCount":3,"serviceRoleArn":"arn:aws:iam::831000000000:role/service-role/aws-opsworks-cm-service-role",
    "engineVersion":"12",
    "preferredMaintenanceWindow":"Fri:21:00",
    "instanceType":"t2.medium",
    "subnetIds":["subnet-1e111f11"],
    "preferredBackupWindow":"Wed:08:00"
    },
    
"responseElements":{
    "server":{
        "endpoint":"test-puppet-server-xxxx8u4390xo6pd9.us-west-2.opsworks-cm.io",
        "createdAt":"Jan 5, 2017 10:18:22 PM",
        "serviceRoleArn":"arn:aws:iam::831000000000:role/service-role/aws-opsworks-cm-service-role",
        "preferredBackupWindow":"Wed:08:00",
        "status":"CREATING",
        
        "subnetIds":["subnet-1e111f11"],
        "engine":"Puppet",
        "instanceType":"t2.medium",
        "serverName":"test-puppet-server",
        "serverArn":"arn:aws:opsworks-cm:us-west-2:831000000000:server/test-puppet-server/8ezz7f6z-e91f-4z10-89z5-8c6219zzz09f",
        "engineModel":"Single",
        "backupRetentionCount":3,
        
        "engineAttributes":[
            {"name":"PUPPET_ADMIN_PASSWORD","value":"*** Redacted ***"},
            {"name":"PUPPET_API_CA_CERT","value":"*** Redacted ***"},
            ],
        "engineVersion":"12.11.1",
        "instanceProfileArn":"arn:aws:iam::831000000000:instance-profile/aws-opsworks-cm-ec2-role",
        "preferredMaintenanceWindow":"Fri:21:00"
        }
    },
    
"requestID":"de7z64z9-d394-12ug-8081-7zz0386fbcb6",
"eventID":"8z7z18dz-6z90-47bz-87cf-e8346428zzz3",
"eventType":"AwsApiCall",
"recipientAccountId":"831000000000"
}

Frequently Asked Questions

What is the purpose of Puppet Enterprise?

You can manage and automate servers' configuration with Puppet's aid. When using Puppet, specify the ideal state for the infrastructure systems you want to manage.

Define Storage Gateway in AWS.

With the aid of the hybrid cloud storage service known as AWS Storage Gateway, a user can access virtually infinite cloud storage on-premises. With the common storage protocols provided by Storage Gateway, you can use AWS storage. 

What kind of architectural principles does Puppet follow?

Puppet uses a master-slave or client-server architecture. The secure socket layer, also known as SSL, links the puppet client and the puppet server. Models drive the system.

Conclusion

Congratulations on finishing the blog! We have discussed working with nodes in AWS OpsWorks in Puppet Enterprise. We looked further at adding nodes automatically and deleting, associating, and disassociating nodes in AWS OpsWorks in Puppet Enterprise.

We hope this blog has helped you enhance your knowledge of working with nodes in AWS Opsworks in Puppet Enterprise. If you want to learn more about AWS, check out our articles.

🤖Amazon Interactive Video Service.

🦾 AWS Features

🔑 Application Integration in AWS

Refer to our Guided Path to upskill yourself in DSA, Competitive Programming, JavaScript, System Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio!

But suppose you have just started your learning process and are looking for questions from tech giants like Amazon, Microsoft, Uber, etc. In that case, you must look at the problems, interview experiences, and interview bundles for placement preparations.

Please do upvote our blogs if you find them helpful and informative!

Happy Learning!