Prepare SSH Access To Your Amazon EC2 Instances
Configure Your Amazon Security Group
As Amazon blocks all incoming traffic to your EC2 instances by default. you’ll need to open the SSH port for
knife to access a newly created instance. This is pretty easy. Just login to the AWS console and navigate to the EC2 tab. Go to Security Groups and add a rule for
SSH with Source
0.0.0.0/0. This enables SSH connections from anywhere in the world. If you want to limit access to just your home or work network, enter the corresponding IP address instead of
Generate Key Pair in AWS Console
To enable API access to your AWS account you need to create a key pair.
knife will use it to create, list, and destroy VMs.
Just select Key Pairs in your AWS console’s EC2 tab and press Create Key Pair. Give it a name (e.g. knife so you know that this key pair will be used by
knife) and store the downloaded private key knife.pem in
~/.ssh/config to avoid host key mismatch errors
~/.ssh/config and add:
Host ec2*compute-1.amazonaws.com StrictHostKeyChecking no User ubuntu IdentityFile /Users/mm/.ssh/knife.pem
(make sure you fix the path to your home dir)
Now, SSH will work. Time to move on to the next step.
Configure knife Enabling it to Manage EC2 Instances
Tell knife about your AWS credentials
Put AWS credentials (access key and secret key found in your AWS profile) into
~/.chef/knife.rb like this
knife[:aws_access_key_id] = "..." knife[:aws_secret_access_key] = "........."
Choose an AMI for your EC2 instances
If you run small instances, you’re bound to 32-bit only so make sure you choose a 32-bit AMI as well.
Note: the chef ‘ubuntu10.04-dpkg-ree’ bootstrap template will NOT work with small 32-bit instances as it is 64-bit.
Create the EC2 instance using opscode chef knife
Now, it’s time to use
knife to fire up and configure a new EC2 instance.
$ knife ec2 server create -r "role[ubuntu]" -I ami-399ca94d -f m1.small -S knife -i ~/.ssh/knife.pem --ssh-user ubuntu --region eu-west-1 -Z eu-west-1a
"role[ubuntu]"is the run_list I want to associate with the newly created node. You can put any roles and recipes you like here
-Iis the AMI ID you selected earlier
-fis the Amazon EC2 instance type (see API name)
-Sis the name you gave to the EC2 key pair generated in the AWS console
-ipoints to the private key file of that EC2 key pair as downloaded when the keypair was created in the AWS console
--ssh-userthe official Ubuntu EC2 AMIs use ubuntu as the default user
--region eu-west-1If you want your instances to be deployed in any specific Amazon AWS region, add this parameter and the desired region
-Z eu-west-1ais the availability zone within your region (i.e. you have an existing disk volume you need to made availble to this instance)
ATTENTION: make sure to kill the instance again if not needed anymore
Managing EC2 Instances With knife
Once you’ve started up at least one instance with
knife, you can use it to find running EC2 instances like this:
$ knife ec2 server list --region eu-west-1
(make sure you use the correct
And, if you want to get rid of an instance (terminate instance and delete chef node), it’s as easy as:
$ knife ec2 server delete i-XXXXXXXX --region eu-west-1 $ knife node delete i-XXXXXXXX
i-XXXXXXXX is the ID of the instance as found in the AWS console or a
knife ec2 server list call)
After getting the initial setup right it’s a breeze to start, list, and stop Amaon EC2 instances with opscode chef
knife. With just a single command you can instantiate a new server, bootstrap it as a chef-client and run all chef recipes defined in the run_list. Pretty sweet. What are your experiences with knife and EC2 (or other cloud providers)? Let us know in the comments…