Using Puppet to manage AWS agents (on Ubuntu)

One of the first thing any cloud-ification and/or devops-ification project needs to do is figure out how they are going to manage their assets. In my case, I use puppet.

AWS is starting to do more intensive integrations into things using agents that sits in your environment. This is a good, if not great, thing. Except if you want to, oh, you know, control what is installed and how in said environment.

Now, it would be extremely nice if AWS took the approach of Puppet Labs and host a package repository which would mean that one could do this in a manifest to install the Code Deploy Agent.

  package { 'codedeploy-agent':
    ensure => latest,
  service { 'codedeploy-agent':
    ensure  => running,
    enable  => true,
    require => Package[ 'codedeploy-agent' ],

Nothing is ever that easy of course. If I was using RedHat or AWSLinux I could just use the source attribute of the package type such as below to get around the lack of repository but I’m using Ubuntu.

  package { 'codedeploy-agent':
    ensure   => present,
    source   => "",
    provider => rpm,

So down the rabbit hole I go…

First, I needed a local repository which I setup via the puppet-reprepro module. Which worked well — except for the GPG part. What. A. Pain.

After that, I cracked the install script and fetched the .deb file to install…

$ aws s3 cp s3://aws-codedeploy-us-west-2/latest/VERSION . --region us-west-2
download: s3://aws-codedeploy-us-west-2/latest/VERSION to ./VERSION
$ aws s3 cp s3://aws-codedeploy-us-west-2/releases/codedeploy-agent_1.0-1.751_all.deb . --region us-west-2
download: s3://aws-codedeploy-us-west-2/releases/codedeploy-agent_1.0-1.751_all.deb to ./codedeploy-agent_1.0-1.751_all.deb

…and dropped it into the directory the repo slurps files from.

Aaaannnnnd, nothing.

Turns out that the .deb AWS provides doesn’t provide an optional trait in its control file. But reprepro wants it to be mandatory. No problem.

$ mkdir contents
$ cd contents/
$ dpkg-deb -x ../codedeploy-agent_1.0-1.751_all.deb .
$ dpkg-deb -e ../codedeploy-agent_1.0-1.751_all.deb ./DEBIAN
$ grep Priority DEBIAN/control

Alright. Add in our line.

$ grep Priority DEBIAN/control
Priority: Optional

And now to package it all back up

$ dpkg-deb -b . ../codedeploy-agent_1.0-1.751_all.deb
dpkg-deb: building package 'codedeploy-agent' in '../codedeploy-agent_1.0-1.751_all.deb'.

Ta-da! The package is now able to be hosted by a local repository and installed through the standard package type.

But we’re not through yet. AWS wants to check daily to update the package. Sounds good ‘in theory’, but I want to control when packages are updated. Necessitating

  cron { 'codedeploy-agent-update':
    ensure  => absent

Now we’re actually in control.

A few final comments;

  • It’d be nice if AWS would provide a repository to install their agents via apt — so I can selfishly stop managing a repo
  • It’d be nice if the Code Deploy agent had the Priority line in the control file — so I can selfishly stop hacking the .deb myself. The Inspector team’s package does…
  • It’d be nice if AWS didn’t install update scripts for their agents
  • The install script for Code Deploy and Inspector is remarkably different. The teams should talk to each other.
  • The naming convention of the packages for Code Deploy and Inspector are different. The teams should talk to each other.

(Whinging aside, I really do like Code Deploy. And Inspector looks pretty cool too.)

Post a Comment

Your email is never published nor shared. Required fields are marked *