4.3 Configuring the Amazon EC2 Provisioning Adapter

This section includes the following information:

4.3.1 Components of the EC2 Provisioning Adapter

When you install PlateSpin Orchestrate, a new ec2 provisioning job is deployed. This provisioning adapter uses the following components, which are also deployed during Orchestrate startup:

  • ec2.policy: This file contains information that is used by the ec2 provisioning job. In it, you define properties for your ec2 accounts.

  • ec2_client.policy: This policy must be associated with any resource that you want to use to manage EC2.

  • ec2PA.policy: This policy is automatically associated with VMs discovered by the ec2 provisioning adapter.

  • Boto Library: A Python library that the provisioning adapter uses to communicate with EC2.

4.3.2 EC2 Objects Mapped to PlateSpin Orchestrate Objects

After discovery, EC2 objects are represented in the Orchestrate Development Client according to the following mappings:

  • EC2 Regions: Each region creates a new virtual repository.

  • EC2 Availability Zones: Each zone creates a new VM host object.

  • AMIs: Each Amazon instance creates a new VM object.

4.3.3 Managing VMs in the EC2 Cloud

To begin managing VMs in the EC2 cloud:

  1. Define the account information in ec2.policy:

    1. (Line 27) Name the account with a unique name. The account name serves as the key for account related information.

      NOTE:Each token that needs to be replaced in the file is defined by using a %TOKEN_NAME% syntax. In other words, the text to be replaced is surrounded by “%” characters.

    2. (Line 31) Specify your AWS account ID. You can obtain this data from the EC2 Web interface.

    3. (Optional) Specify default values that will be applied to provisioning actions. Options that can be assigned across the zone are:

      • Security Groups (Line 64)

      • Keypair Names (Line 54)

      • Instance Types (Line 45 for 32-bit instance types, Line 48 for 64-bit instance types)

  2. In the Stored Credentials panel of the Orchestrate Server Authentication tab, click Add Credential to add your EC2 account credentials to the PlateSpin Orchestrate credential manager.

    The credential name must be in the form of ec2_${account_id}, where ${account_id} is the name you used as the dictionary key in ec2.policy. (See Step 1, above).

  3. Choose a node that communicates with EC2. Associate the ec2_client.policy file with that node. You can do this by:

    1. Dragging the ec2_client.policy file onto the target resource in the Explorer tree in the Development Client.

    2. Performing the following operation:

      1. In the Development Client, select the target resource.

      2. Select the Policies tab, then click Choose to display the Policy Selection dialog box.

      3. In the Policy Selection dialog box, select the ec2_policy from the Source Policies list, then click Add to move it to the associated Policies list.

  4. From the Orchestrate Development Client main menu, select Provision > Discover VM Hosts & Repositories to discover available Amazon regions.

  5. When the Discover VM Hosts and Repositories dialog box is displayed, make sure you select the ec2 provisioning adapter.

  6. From the Development Client main menu, select Provision > Discover VM Images to discover available templates and images in the Amazon cloud.

  7. From the Explorer tree, right-click a discovered Amazon VM and select an available action to begin managing templates and VMs.

4.3.4 Specifying Properties of an EC2 Template

When you want to provision a discovered Amazon EC2 template, you can specify properties for that template.

  1. In the PlateSpin Development Client select an EC2 template object to open its Info/Groups page in the admin view.

  2. Scroll to the Amazon EC2 Config subpanel of the Provisioning Information panel in the Info/Groups page.

  3. Click Define on each field to configure the settings for the EC2 provisioning adapter:

    • Instance Type: Specifies the size (measured in CPU, memory, and local storage) of the provisioned instance. For a breakdown of the available options, see the Amazon Elastic Compute Cloud Developer Guide.

    • Kernel ID: Provides the ability to use a different Linux kernel with the selected image when provisioning. For example, you might choose a Xen kernel for your instance. Another use would be to ensure that your instances are kept up-to-date with the latest security fixes and updates.

      NOTE:The architecture of the AMI, the RAM disk, and the kernel must match.

      See the Amazon EC2 User Selectable Kernels Feature Guide for more information.

    • RamdiskID: Used in conjunction with Kernel ID. Some kernels require additional drivers when they launch. The RAM disk stores the required drivers.

    • Account to Use: Select an account name from this list to limit the information in the Key Name and Security Group fields to data from the selected account.

      If no value is selected for this field, the Key Name and Security Group fields are disabled. In addition, the first account configured in the ec2.policy file is used during Resync State operations for public templates.

    • Key Name: Overrides the key name specified in the ec2PA.policy file. The key name identifies the public/private key pair that is used to ensure that only you have access to the instances you launch. The public key is stored in Amazon EC2. The private key, which you store, allows secure access to the instance. See the EC2 user guide for more information.

    • Security Group: A security group defines firewall rules for your instance. These rules specify which incoming network traffic should be delivered to your instance. All other incoming traffic will be discarded. This field lets you select multiple values.

      See the EC2 user guide for more information.