https://pulumi.com logo
b

busy-umbrella-36067

11/27/2018, 12:12 AM
@straight-guitar-55156 what are you trying to accomplish?
s

straight-guitar-55156

11/27/2018, 12:13 AM
Patching software (updating software versions). That would involve getting list of the hosts and what versions are running on them (for the least)
b

busy-umbrella-36067

11/27/2018, 12:20 AM
ok, is this software running on ec2 or containers?
s

straight-guitar-55156

11/27/2018, 12:22 AM
Mainly ec2
b

busy-umbrella-36067

11/27/2018, 12:37 AM
are these ec2 instances ephemeral?
s

straight-guitar-55156

11/27/2018, 12:37 AM
There are bunch of software that are running on ec2 instances, across multiple regions and accounts. So, I would wanna first get the list of all those hosts and list of all the software (application, kernel etc), running on them and do software patching (security updates). Similar to dynamic inventory with Ansible.
Most of them aren’t ephemeral, a few of them are, though.
b

busy-umbrella-36067

11/27/2018, 12:38 AM
pulumi is more geared for ephemeral workloads, thats how it lets you manage everything via code (everything can be destroyed at anytime and recreated)
a tool like
ansible
would be more suited to this usecase
you could write code that scans aws for ec2 instances and generates an inventory file
then have ansible consume that inventory file and perform update logic if necessary
edit: I guess you could use pulumi to get the list of ec2 instances. But then you still couldn’t use it to check kernels and system resources. Unless that stuff is tagged in AWS
s

straight-guitar-55156

11/27/2018, 12:43 AM
That’s what we have currently in our system. But as I was reading about Pulumi serving as Infrastructure as Code, I was wondering if it also manages software upgrades or not. We have a quite a number of ec2 instances that are ephemeral but about 50% aren’t.
b

busy-umbrella-36067

11/27/2018, 12:44 AM
Once you move to an architecture where you can just destroy the instance and replace it with a new AMI then pulumi would come in
or switch userdata to get ansible to pull a different git commit
s

straight-guitar-55156

11/27/2018, 12:44 AM
In that case, how would it get me software version?
^ for ephemeral systems
b

busy-umbrella-36067

11/27/2018, 12:45 AM
it cant
pulumi cant ssh onto the ec2 box
if the ec2 instance is tagged with the application name or version it could do that
but that would imply those tags already exist, which I assume they aren’t
s

straight-guitar-55156

11/27/2018, 7:47 AM
Thank you so much @busy-umbrella-36067 ! 🙂