Channels
#general
- b
boundless-monkey-50243
09/03/2018, 5:21 PMcfn-metadata was a great place to stick Chef attributes for chef-zero, so it ended up getting a little duct-tapey - b
big-piano-35669
09/03/2018, 5:22 PMIt is surprisingly poorly documented, for something that presumably 10s of 1000s of programmers end up using to configure their VMs. - b
boundless-monkey-50243
09/03/2018, 5:22 PMI really don't think most people, even devops people, know it exists - r
rough-oil-1458
09/03/2018, 5:23 PMCan you use user_data? - b
boundless-monkey-50243
09/03/2018, 5:23 PMYou use user_data to bootstrap cfn-init, generally - b
boundless-monkey-50243
09/03/2018, 5:23 PMWhich gets weird, because cloud-init's functionality definitely overlaps cfn-init's in some places - r
rough-oil-1458
09/03/2018, 5:23 PMYea, try to use Cloudinit as little as possible - r
rough-oil-1458
09/03/2018, 5:24 PMI try* - r
rough-oil-1458
09/03/2018, 5:24 PMand just have handlers that I wrote - b
boundless-monkey-50243
09/03/2018, 5:24 PMMost folks I run into very much overload cloud-init, cfn-init is comparatively rare - b
boundless-monkey-50243
09/03/2018, 5:24 PMAnd lots of folks hit snarls with it when they do stuff like "set cfn-hup to poll so hard that it rate-limits you out" - b
boundless-monkey-50243
09/03/2018, 5:25 PMSo they don't come back - r
rough-oil-1458
09/03/2018, 5:25 PMhmmm, what does Cfn give you? - b
boundless-monkey-50243
09/03/2018, 5:26 PMcfn-init gives you an unstructured data source attached to every ASG and every EC2 instance that does not require permissions to use - r
rough-oil-1458
09/03/2018, 5:26 PMim by no means a aws expert - b
boundless-monkey-50243
09/03/2018, 5:26 PMWell, no. CloudFormation metadata service does that. - b
boundless-monkey-50243
09/03/2018, 5:26 PMOne of the keys,
, is reserved for cfn-initAws::CloudFormation::Init - b
boundless-monkey-50243
09/03/2018, 5:26 PMJoe's example shows some of what it can do: https://github.com/joeduffy/pcloudinit#example - r
rough-oil-1458
09/03/2018, 5:26 PMGotcha, we chose to abstract of anything AWS only - r
rough-oil-1458
09/03/2018, 5:26 PMoff* - b
boundless-monkey-50243
09/03/2018, 5:27 PMBut you can stick your own data in the metadata service and you don't need any IAM nonsense to access it. - r
rough-oil-1458
09/03/2018, 5:27 PMSo we wind up abusing consul - b
boundless-monkey-50243
09/03/2018, 5:27 PMi.e., Chef attributes - b
boundless-monkey-50243
09/03/2018, 5:28 PMI don't mind, from a security perspective, using something like Consul, because nothing that goes in there should be at all sensitive (that's what a secret store is for), but you have the "where do you put the lever" problem - b
boundless-monkey-50243
09/03/2018, 5:28 PMi.e., how do you make sure Consul then bootstraps sanely? etc. - r
rough-oil-1458
09/03/2018, 5:28 PMits pretty easy - r
rough-oil-1458
09/03/2018, 5:28 PMconsul just takes an array of IPs*, I have a TF module - r
rough-oil-1458
09/03/2018, 5:29 PM - r
rough-oil-1458
09/03/2018, 5:29 PMIt follows the autopilotpattern, Which leverages this binary called containerpilot - r
rough-oil-1458
09/03/2018, 5:30 PMMost of TF modules work in Fargate also, since Triton (Joyents Cloud) was a Container based IaaS, that runs on SmartOS