All of our deploy scripts are built with capistrano, the entire knowledge of how to build a cluster is captured in our cap scripts.
We can create the roles via scalr from the base shared images, update a stage file, and deploy. The cap scripts dynamically enumerate all members of the roles by connecting to mysql-master. Since I have everything embodied in cap scripts, I can easily run more shell commands to tell the instances that I just configured to bundle themselves up. I think scalr has a soap interface to do things with the scalr web interface, but that means I'd have to implement some kind of soap interface to interact with the cap scripts, create a way to enumerate what the farm id's are, etc, certainly doable, but just more time consuming and more moving parts to debug when things don't work right. Also if I use the cap scripts to update a running cluster that may have multiple members of a role. What I would like to do is just update the first member of the role, then tell it to synchronize all then I wouldn't have to worry about figuring out which instance I actually connected to, updated, and now need to synchronize. After I sent the message I realized this had some significant security implications, in that if one instance becomes compromised it would be a trivial and brutally effective way to compromise the rest of that role. At least when synchronize all is limited to the scalr web interface they wouldn't know our scalr credentials. However I think a script on the box would still be OK provided it prompted for the scalr credentials (can we leverage checking for the farms private key if we use ssh -A). I can script that easily enough with cap, rather than doing work with some other kind of interface to the scalr web interface. Is there a more preferred path anyone can suggest? On Thu, Jan 29, 2009 at 7:40 AM, Arie Fishler <[email protected]> wrote: > I am curious :) why do you need such a feature? Hope it is ok to ask..... > > On Thu, Jan 29, 2009 at 5:37 PM, Donovan Bray <[email protected]> wrote: >> >> Can this be a feature request then? >> >> Provide a script in. /usr/local/aws to synchronize this instances role >> from this instance. >> >> On Jan 29, 2009, at 3:32 AM, Nickolas Toursky <[email protected]> wrote: >> >> > >> > Synchronize to all option is available only through the Scalr CP. >> > /usr/local/aws/bin/rebundle.sh will bundle the instance and create a >> > new AMI, but Scalr does not know what to do with it. >> > >> > On Jan 28, 8:21 pm, Donovan <[email protected]> wrote: >> >> is executing /usr/local/aws/bin/rebundle.sh while ssh'd into an >> >> instance enough to properly bundle the role? >> >> >> >> It was a customized role that had already been synchronized_all and >> >> renamed, I had assumed it would just rebundle with the same role >> >> name. >> >> >> >> The results I got when the role scaled appeared to be the ami from >> >> the >> >> last synchronize_all. >> > > >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/scalr-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
