News
Analyzed 4 days
ago based on code collected 4 days ago.
|
Posted
2 days
ago
Following NetBSD's release scheme, two new releases are available now.
NetBSD 6.1 is the next release from the netbsd-6 release, and it contains security fixes, bug fixes and some new feature. NetBSD 6.0.2 is the second stability ... [More] update for NetBSD 6.0, and it also contains bugfixes and security fixes, but no new features. See the release map graph on the NetBSD website for a visual representation of the relationship between releases. Major news in 6.1 include: Security: prevent kernel panics via userland requests from kqueue, a random number generator update to prevent weak cryptographic keys and a vulnerability in grep. Networking: many updates to NetBSD's new packet filter npf, and improved SMP operations. Embedded: Raspberry Pi now has working USB and ethernet, support for the watchdog timer in some Marvell SoCs, fixes to the Kirkwood IRQ code Platforms: device driver for Hydra and ASDG Zorro2 bus network cards on Amiga, x68k's bootloader can now boot from CD and network, and dtrace support on amd64. Drivers: add LSI Thunderbolt (SAS2208) controllers, Apple's Thunderbolt to Gigabit Ethernet adapter, and improve stability with multiple concurrent file system snapshots. ... plus numerous bugfixes. For more details see the release notes of NetBSD 6.1 and NetBSD 6.0.2. NetBSD is a volunteer project ran by a non-profit organization and with no commercial backing. As such, your donations are very important to the project, and can fund developing in various areas, including: Improving network stack concurrency and performance. Development of modern file systems and improvement of existing ones. Features which are useful in embedded environments, such as high resolution timers and execute in place (XIP) support. Automatic testing and quality assurance. For more information about donating, visit http://www.NetBSD.org/donations/ The NetBSD Foundation is a 501(c)(3) organization in the US, and donations may be tax deductible. [Less] |
||||||
|
Posted
4 days
ago
|
||||||
|
Posted
4 days
ago
|
||||||
|
Posted
20 days
ago
by
Jeff Rizzo
The fourth release candidate of NetBSD 6.1 is now available for download at:
http://ftp.NetBSD.org/pub/NetBSD/NetBSD-6.1_RC4/. It is expected that this will be the final release candidate, with the official release following very ... [More] soon. (Please note that while the third release candidate (RC3) was tagged and built, it was never officially released) NetBSD 6.1 will be the first feature update for the NetBSD 6 branch. There are many new drivers, some new features, and many bug fixes! Fixes since RC2 include: Updated the fix for SA-2013-003 (RNG bug may result in weak cryptographic keys) Fixes to npfctl(8) parsing and error handling Fix sendto(2) issue with IPv6 UDP datagrams. http://ftp.NetBSD.org/pub/NetBSD/NetBSD-6.1_RC4/CHANGES-6.1 Please help us test this and any upcoming release candidates as much as possible. Remember, any feedback is good feedback. We'd love to hear from you, whether you've got a complaint or a compliment. [Less] |
||||||
|
Posted
29 days
ago
by
Antti Kantee
Ever since I realized that the
anykernel was the best way to construct a modern general purpose operating system kernel, I have been performing experiments by running unmodified NetBSD kernel drivers in rump kernels in various ... [More] environments (nb. here driver does not mean a hardware device driver, but any driver like a file system driver or TCP driver). These experiments have included userspaces of various platforms, binary kernel modules on Linux and others, and compiling kernel drivers to javascript and running them natively in a web browser. I have also claimed that the anykernel allows harnessing drivers from a general purpose OS onto more specialized embedded computing devices which are becoming the new norm. This is an attractive possibility because while writing drivers is easy, making them handle all the abnormal conditions of the real world is a time-consuming process. Since the above-mentioned experiments were done on POSIX platforms (yes, even the javascript one), the experiments did not fully support the claim. The most interesting, decidedly non-POSIX platform I could think of for experimentation was the Linux kernel. Even though it had been several years since I last worked in the Linux kernel, my hypothesis was that it would be easy and fast to get unmodified NetBSD kernel drivers running in the Linux kernel as rump kernels. A rump kernel runs on top of the rump kernel hypervisor. The hypervisor provides high level interfaces to host features, such as memory allocation and thread creation. In this case, the Linux kernel is the host. In principle, there are three steps in getting a rump kernel to run in a given environment. In reality, I prefer a more iterative approach, but the development can be divided into three steps all the same. implement generic rump kernel hypercalls, such as memory allocation, thread creation and synchronization figure out how to compile and run the rump kernel plus hypervisor in the target environment implement I/O related hypercalls for whatever I/O you plan to do Getting basic functionality up and running was a relatively straightforward process. The only issue that required some thinking was an application binary interface (ABI) mismatch. I was testing on x86 where Linux kernel ABI uses -mregparm=3, which means that function arguments are passed in registers where possible. NetBSD always passes arguments on the stack. When two ABIs collide, the code may run, but since function arguments passed between the two ABIs result in garbage, eventually an error will be hit perhaps in the form of accessing invalid memory. The C code was easy enough to "fix" by applying the appropriate compiler flags. In addition to C code, a rump kernel uses a handful of assembly routines from NetBSD, mostly pertaining to optimizations (e.g. ffs()), but also to access the atomic memory operations of the platform. After assembly routines had been handled, it was possible to load a Linux kernel module which bootstraps a rump kernel in the Linux kernel and does some file system operations on the fictional kernfs file system. A screenshot of the resulting dmesg output is shown below. It is one thing to execute a computation and an entirely different thing to perform I/O. To test I/O capabilities, I ran a rump kernel providing a TCP/IP driver inside the Linux kernel. For a networking stack to be able to do anything sensible, the interface layer needs to be able to shuffle packets. The quickest way to implement the hypercalls for packet shuffling was to use the same method as a userspace virtual TCP/IP stack might use: read/write packets using the tap device. Some might say that doing this from inside the kernel is cheating, but given that the alternative was to copypaste the tuntap driver and edit it slightly, I call my approach constructive laziness. The demo itself opens a TCP socket to port 80 on vger.kernel.org (IP address 0x43b484d1 if you want to be really precise), does a HTTP get for "/" and displays the last 500 bytes of the result. TCP/IP is handled by the rump kernel, not by the Linux kernel. Think of it as the Linux kernel having two alternative TCP/IP stacks. Again, a screenshot of the resulting dmesg is shown below. Note that unlike in the first screenshot, there is no printout for the root file system because the configuration used here does not include any file system support. Yes, you can ping 10.0.2.17. As hypothesized, a rump kernel hypervisor for the Linux kernel was easy and straightforward to implement. Furthermore, it could be done without making any changes to the existing hypercall interface thereby reinforcing the belief that unmodified NetBSD kernel drivers can run on top of most any embedded firmwares just by implementing a light hypervisor layer. There were no challenges in the experiment, only annoyances. As Linux does not support rump kernels, I had to revert back to the archaic full OS approach to kernel development. The drawbacks of the full OS approach include for example suffering multi-second reboot cycles during iterative development. The other tangential issue that I spent a disproportionately large amount of time with was thinking about how releasing this code would affect existing NetBSD code due to GPL involvement. My conclusion was that this does not matter since all code used by the current demo is open source anyway, and if someone wants to use my code in a product, it is their problem, not mine. For people interested in examining the implementation, I put the source code for the hypervisor along with the test code in a git repo here. The repository also contains the demos linked from this article. The NetBSD kernel drivers I used are available from ftp.netbsd.org or by getting buildrump.sh and running ./buildrump.sh checkout. [Less] |
||||||
|
Posted
about 1 month
ago
News is out that
NetBSD is part of Google's Summer of Code 2013 (GSoC) again. GSoC is about students doing work for Open Source projects over the summer, and getting paid while doing so. By Google. For projects proposed by both ... [More] students and the Open Source projects. Click on the above link for more information on GSoC in general, there is also a list of proposed projects for this year in NetBSD. Next steps are: April 9 - 21: Would-be student participants discuss application ideas with mentoring organizations. April 22, 19:00 UTC: Student application period opens. May 3, 19:00 UTC: Student application deadline. Interim Period: Mentoring organizations review and rank student proposals; where necessary, mentoring organizations may request further proposal detail from the student applicant. May 6: Mentoring organizations should have requested slots via their profile in Melange by this point. May 8: Slot allocations published to mentoring organizations From there, students work on their projects with the help of their mentors. There's a "midterm" report due with a first part of the money paid, the rest is paid if the project is finished successfully. During the project, students are encouraged to publish news about their process to the world in blogs and other ways found appropriate by their mentoring organizations. Past NetBSD projects can be found on SourceForce. Interested? Act now! [Less] |
||||||
|
Updated Security Advisory: NetBSD-SA2013-003 RNG Bug May Result in Weak Cryptographic Keys (REVISED)
Posted
about 1 month
ago
|
||||||
|
Posted
about 1 month
ago
As follower of my blog you have
seen the steps towards getting NetBSD instances started in Amazon's EC2 cloud with a simple web application deployed on one EC2 instance and the database on another one. These ... [More] blog articles were very detailed on purpose, to have full logfiles available just in case needed. I have used these logs to prepare my pkgsrcCon 2013 talk about Ansible and Amazon's EC2, so things can be looked at without actually running anything. As it turns out this was good, because the 32bit NetBSD instances that I've used during my pkgsrcCon demonstration actually decided to do a kernel panic, and the presentation was a bit more on the theoretical side than I originally planned. Now after pkgsrcCon is over, I would like to publish the presentation slides with all the details, and especially the playbooks and all other files to look at - enjoy! [Less] |
||||||
|
Posted
about 1 month
ago
by
Matthew Sporleder
We get a lot of comments asking for tips on using the raspberry pi so I thought I would point out some docs:
evbarm/rpi wiki docs An example of the rpi.img can be found ... [More] here: http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/201303221130Z/evbarm/binary/gzimg/ notice the HEAD (NetBSD -current), datestamp, arch path for future reference There are also some concerns about building a kernel/img on your own. building NetBSD build.sh is one of the best features of NetBSD. You can cross compile from almost any other unix-like system with very little difficulty. [Less] |
||||||
|
Posted
2 months
ago
In the fourth and last step on my journey to use
Ansible to bring a non-trivial system of a Web server and a DB server into Amazon's EC2 cloud, this is the final step. After starting out with a local VMware VM and making first ... [More] steps with Ansible and EC2, the previous step was to push a single system into the cloud. Now, the final step is to setup two distinct VMs, one for the database and one for the webserver, and then make them known to each other. The single steps are: Prepare the two VMs Basic setup for all systems Install the database server Install the webserver Connect database and webserver Again, here are all the steps in detail: As before, ensure local time is correct when talking to Amazon, and also make sure the SSH agent has the proper key loaded. % date Thu Mar 21 00:45:37 CET 2013 % ssh-add -l 2048 d5:25:19:3d:59:40:35:32:03:f7:c5:83:de:19:b6:d0 ../../euca2ools/key-eucaHF.pem (RSA) Make sure security groups are setup properly. We use one group for the database server, and one for the webserver. This defines the access permissions from the internet, and also allows to identify systems for their individual configuration and also for connecting them in the final step: % euca-describe-groups ... GROUP sg-ae54b3c5 749335780469 ec2-dbservers Database servers PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-dbservers ALLOWS tcp 3306 3306 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-dbservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 GROUP sg-a854b3c3 749335780469 ec2-webservers Web servers PERMISSION 749335780469 ec2-webservers ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0 PERMISSION 749335780469 ec2-webservers ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 Now, run our playbook to setup the two VMs. This uses the single playbook from the previous milestone, and just runs it twice with different security groups: % ansible-playbook -i hosts-HF config-ec2-prepare-db+web-vm.yml PLAY [localhost] ********************* TASK: [ec2-webservers | Launch new EC2 instance] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Give the system 30 seconds to boot up] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Fix /usr/bootstrap.sh to run pkgin with -y] ********************* changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [ec2-webservers | Install pkgin via /usr/bootstrap.sh] ********************* changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [ec2-webservers | Copy over Ansible binary package] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Install Ansible dependencies] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Install Ansible package (manually)] ********************* changed: [127.0.0.1] TASK: [ec2-webservers | Setup lame /usr/bin/python symlink] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Launch new EC2 instance] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Give the system 30 seconds to boot up] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Get rid of SSH "Are you sure you want to continue connecting (yes/no)?" query] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Fix /usr/bootstrap.sh to run pkgin with -y] ********************* changed: [127.0.0.1] => (item={'cmd': 'install /usr/bootstrap.sh /usr/bootstrap.sh.orig'}) changed: [127.0.0.1] => (item={'cmd': 'chmod +w /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'sed "s,bin/pkgin update,bin/pkgin -y update," /usr/bootstrap.sh'}) changed: [127.0.0.1] => (item={'cmd': 'chmod -w /usr/bootstrap.sh'}) TASK: [ec2-dbservers | Install pkgin via /usr/bootstrap.sh] ********************* changed: [127.0.0.1] => (item={'cmd': u'env PATH=/usr/sbin:${PATH} /usr/bootstrap.sh binpkg'}) TASK: [ec2-dbservers | Copy over Ansible binary package] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Install Ansible dependencies] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Install Ansible package (manually)] ********************* changed: [127.0.0.1] TASK: [ec2-dbservers | Setup lame /usr/bin/python symlink] ********************* changed: [127.0.0.1] PLAY RECAP ********************* 127.0.0.1 : ok=18 changed=18 unreachable=0 failed=0 Just to make sure, check that the two instances run properly, and are in the right security groups, ec2-webservers and ec2-dbservers: % euca-describe-instances RESERVATION r-a419f9d9 749335780469 ec2-webservers INSTANCE i-21b7c441 ami-5d0f8034 ... RESERVATION r-641efe19 749335780469 ec2-dbservers INSTANCE i-54a2ab3e ami-5d0f8034 ... Next, bring the two freshly setup systems (which are already capable of acting as ansible targets) up to our basic system setup: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-basic.yml PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] ********************* TASK: [ping] ********************* ok: [ec2-54-235-44-118.compute-1.amazonaws.com] ok: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install tcsh] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Add user feyrer] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Create ~feyrer/.ssh directory] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable ssh login with ssh-key] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install sudo] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PW-less sudo-access for everyone in group 'wheel'] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Disable ssh logins as root] ********************* ok: [ec2-54-235-44-118.compute-1.amazonaws.com] ok: [ec2-54-234-139-151.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-54-234-139-151.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0 ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=6 unreachable=0 failed=0 Check: % ssh ec2-54-234-139-151.compute-1.amazonaws.com id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) % % ssh ec2-54-235-44-118.compute-1.amazonaws.com id uid=1000(feyrer) gid=100(users) groups=100(users),0(wheel) Now that the two machines run with our basline configuration, install their individual software and settings. First the database server: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-dbserver.yml PLAY [security_group_ec2-dbservers] ********************* TASK: [Install mysql] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Install MySQL rc.d script] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Start MySQL service] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Install python-mysqldb (for mysql_user module)] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Setup DB] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Add db-user] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Copy over DB template] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Import DB data] ********************* changed: [ec2-54-235-44-118.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-54-235-44-118.compute-1.amazonaws.com : ok=8 changed=8 unreachable=0 failed=0 Check and see if the database works as expected: % ssh -t ec2-54-235-44-118.compute-1.amazonaws.com mysql -u webapp -p webapp Enter password: **** ... mysql> show tables; +------------------+ | Tables_in_webapp | +------------------+ | names | +------------------+ 1 row in set (0.01 sec) mysql> select * from names; +----+--------+------+ | id | first | last | +----+--------+------+ | 1 | Donald | Duck | | 2 | Daisy | Duck | +----+--------+------+ 2 rows in set (0.00 sec) mysql> bye Excellent. Now setup the webserver, too: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-webserver.yml PLAY [security_group_ec2-webservers] ********************* TASK: [Installing ap24-php53 package and dependencies] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install Apache rc.d script] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable and start Apache service] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PHP in Apache config file] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'LoadModule.*mod_php5.so', 'l': 'LoadModule php5_module lib/httpd/mod_php5.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': 'AddHandler.*x-httpd-php', 'l': 'AddHandler application/x-httpd-php .php'}) TASK: [Make Apache read index.php] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Add simple PHP test - see http://10.0.0.181/phptest.php] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Install phpmyadmin] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable phpmyadmin in Apache config] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Fix Apache access control for phpmyadmin] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Enable PHP modules in PHP config file] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zlib.so', 'l': 'extension=zlib.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*zip.so', 'l': 'extension=zip.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysqli.so', 'l': 'extension=mysqli.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mysql.so', 'l': 'extension=mysql.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mcrypt.so', 'l': 'extension=mcrypt.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*mbstring.so', 'l': 'extension=mbstring.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*json.so', 'l': 'extension=json.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gd.so', 'l': 'extension=gd.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*gettext.so', 'l': 'extension=gettext.so'}) changed: [ec2-54-234-139-151.compute-1.amazonaws.com] => (item={'re': '^extension.*bz2.so', 'l': 'extension=bz2.so'}) TASK: [Create directory for webapp] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Deploy example webapp] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] TASK: [Create webapp symlink for easy access] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] NOTIFIED: [restart apache] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-54-234-139-151.compute-1.amazonaws.com : ok=14 changed=14 unreachable=0 failed=0 Again, test: % links -dump ec2-54-234-139-151.compute-1.amazonaws.com/ It works! % % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/phptest.php | head PHP Logo PHP Version 5.3.17 System NetBSD ip-10-80-61-33.ec2.internal 6.0.1 NetBSD 6.0.1 (XEN3PAE_DOMU) i386 Build Date Dec 14 2012 10:31:13 './configure' '--with-config-file-path=/usr/pkg/etc' '--with-config-file-scan-dir=/usr/pkg/etc/php.d' '--sysconfdir=/usr/pkg/etc' '--localstatedir=/var' % % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/ Showing table hf.names: Cannot connect to database: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)(2002) Close to optimum, but the last error is actually expectet: In order for proper operation, the Database needs to grant the webserver access, and the web server needs to know where the database server is. So let's connect them! This step is done by preparing a shell script on both systems, which will then be ran to - depending on the system's security group - perform the proper steps: % env ANSIBLE_HOSTS=./ec2.py ansible-playbook config-ec2-connections.yml PLAY [security_group_ec2-webservers;security_group_ec2-dbservers] ********************* TASK: [Collect EC2 host information] ********************* ok: [ec2-54-234-139-151.compute-1.amazonaws.com] ok: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Prepare connection-script in /tmp/do-connect-vms.sh] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] TASK: [Run connection-script] ********************* changed: [ec2-54-234-139-151.compute-1.amazonaws.com] changed: [ec2-54-235-44-118.compute-1.amazonaws.com] PLAY RECAP ********************* ec2-54-234-139-151.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0 ec2-54-235-44-118.compute-1.amazonaws.com : ok=3 changed=2 unreachable=0 failed=0 With that final step, our test web application works, and the webserver can access the database properly: % links -dump http://ec2-54-234-139-151.compute-1.amazonaws.com/webapp/ Showing table hf.names: +--------------------+ | id | first | last | |----+--------+------| | 1 | Donald | Duck | |----+--------+------| | 2 | Daisy | Duck | +--------------------+ ---------------------------------------------------------------------- Enter new values: first: _____________________ last: _____________________ [ Submit ] So much for this exercise. I'll talk about the ansible and euca2ools packages at pkgsrcCon 2013 in Berlin. Join in if you're curious about what the actual playbooks used in the above examples look like, or stay tuned to find my presentation and all the data after pkgsrcCon 2013. [Less] |
||||||
Code Data
SCM Data
Community Data
Copyright
©
2013
Black Duck Software, Inc.
and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a
Creative Commons Attribution 3.0 Unported License
. Ohloh
®
and the Ohloh logo are trademarks of
Black Duck Software, Inc.
in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.