Basic Puppet...

Puppet

A Configuration Management Tool
A framework for Systems Automation
A Declarative Domain Specific Language ()
An OpenSource software in written Ruby
Works on Linux, Unix (Solaris, AIX, *BSD), MacOS, Windows
Developed by Labs
Used by (http://puppetlabs.com/customers/companies/) ...
... and many others

Configuration Management advantages

Infrastructure as Code: Track, Test, Deploy, Reproduce, Scale
Code commits log shows the history of change on the infrastructure
Reproducible setups: Do once, repeat forever
Scale quickly: Done for one, use on many
Coherent and consistent server setups
Aligned Environments for devel, test, qa, prod nodes

References and Ecosystem

Labs - The Company behind
- The OpenSource version
Enterprise - The commercial version
The Community - Active and vibrant
Documentation - Main and Official reference
Modules on: Module Forge and GitHub
Software related to :
MCollective - Infrastructure Orchestration framework
Hiera - Key-value lookup tool where data can be placed
PuppetDB - An Inventory Service and StoredConfigs backend
DashBoard - A Web frontend and External Node Classifier (ENC)
The Foreman - A well-known third party provisioning tool and ENC
Geppetto - A IDE based on Eclipse

Installation

Debian, Ubuntu
Available by default

# On clients (nodes):
apt-get install puppet

# On server (master):
apt-get install puppetmaster

RedHat, Centos, Fedora
Add EPEL repository or RHN Extra channel

# On clients (nodes):
yum install puppet

# On server (master):
yum install puppet-server

Use PuppetLabs repositories for latest updates
Installation Instructions for different OS

Puppet configuration: puppet.conf

It's main configuration file.
On opensource is generally in:

/etc/puppet/puppet.conf

On Enterprise:

/etc/puppetlabs/puppet/puppet.conf

When running as a normal user can be placed in the home directory:

/home/user/.puppet/puppet.conf

Configurations are divided in [stanzas] for different sub commands
Common for all commands: [main]
For puppet agent (client): [agent] (Was [puppetd] in pre 2.6)
For puppet apply (client): [user] (Was [puppet])
For puppet master (server): [master] (Was [puppetmasterd] and [puppetca])
Hash (#) can be used for comments.

Configuration options

To view all or a specific configuration setting:

puppet config print all
puppet config print modulepath

Important options under [main] section:
vardir: Path where stores dynamic data.
ssldir: Path where SSL certifications are stored.
Under [agent] section:
server: Host name of the PuppetMaster. (Default: puppet)
certname: Certificate name used by the client. (Default is the hostname)
runinterval: Number of minutes between runs, when running as service. (Default: 30)
report: If to send runs' reports to the **report_server. (Default: true)
Under [master] section:
autosign: If new clients certificates are automatically signed. (Default: false)
reports: How to manage clients' reports (Default: store)
storeconfigs: If to enable store configs to support exported resources. (Default: false)
Full configuration reference

Common command-line parameters

All configuration options can be overriden by command-line options.
Run puppet agent in foreground and verbose mode.
A very common option used when you want to see immediately the effect of a run.
It's actually the combination of: -onetime, -verbose, -ignorecache, -no-daemonize, -no-usecacheonfailure, -detailed-exit-codes, -no-splay, and -show_diff

puppet agent --test

Run puppet agent in foreground and debug mode

puppet agent --test --debug

Run puppet without making any change to the system

puppet agent --test --noop

Run puppet using an environment different from the default one

puppet agent --environment testing

Wait for certificate approval (by default 120 seconds) in the first Run
Useful during automated first fime installation if PuppetMaster's autosign is false

puppet agent --test --waitforcert 120

Other configuration files:

auth.conf
Defines ACLs to access 's REST interface. Details
fileserver.conf
Used to manage ACL on files served from sources different than modules Details
puppetdb.conf
Settings for connection to PuppetDB, if used. Details
tagmail.conf , autosign.conf , device.conf , routes.yaml
These are other configuration files for specific functions. Details

Puppet Language

A Declarative Domain Specific Language ()
Defines STATES (Not procedures)
code stays in manifests (files .pp)
Code contains resources that affects elements of the systme (file, package, service ...)
Resources are often grouped in classes which are generally organized in modules
Variables may be defined nodes and can be Facts (generated from the node) or User defined
On the Master are defined the resources or classes to include on the nodes (clients)
All the resources to apply on a node are defined in the catalog, generated by the Master

Resource Types (Types)

Resources are single units of configuration composed by:
A type (package, service, file, user, mount, exec ...)
A title (how is called and referred)
One or more arguments

type { 'title':
  argument  => value,
  other_arg => value,
}

Example for a file resource type:

file { 'motd':
  path    => '/etc/motd',
  content => 'Tomorrow is another day',
}

Complete Type Reference Online or at the command line

puppet describe file

Give a glance to code for the list of native resource types:

ls $(facter rubysitedir)/puppet/type

Simple samples of resources

Installation of OpenSSH package

package { 'openssh':
  ensure => present,
}

Creation of /etc/motd file

file { 'motd':
  path => '/etc/motd',
}

Start of httpd service

service { 'httpd':
  ensure => running,
  enable => true,
}

More Complex examples of resources

Installation of Apache package with the correct name for different OS

package { 'apache':
  ensure => present,
  name   => $operatingsystem ? {
    /(?i:Ubuntu|Debian|Mint)/ => 'apache2',
    default                   => 'httpd',
  }
}

Management of nginx service with parameters defined in module's variables

service { 'nginx':
  ensure     => $nginx::manage_service_ensure,
  name       => $nginx::service,
  enable     => $nginx::manage_service_enable,
}

Creation of nginx.conf with content retrived from different sources (first found is served)

file { 'nginx.conf':
  ensure  => present,
  path    => '/etc/nginx/nginx.conf',
  source  => [ "puppet:///modules/site/nginx/nginx.conf--${fqdn}",
               "puppet:///modules/site/nginx/nginx.conf-${role}",
               "puppet:///modules/site/nginx/nginx.conf" ],
  }
}

Resource Abstraction Layer

Resources are abstracted from the underlining OS
Resource Types have different providers for different OS
Package type is known for the great number of providers

ls $(facter rubysitedir)/puppet/provider/package

Use puppet resource to interrogate the RAL:

puppet resource user

puppet resource user root

puppet resource package

puppet resource service

Or to directly modify resources:

puppet resource service httpd ensure=running enable=true

Classes

Classes are containers of different resources. Since 2.6 they can have parameters
Example of a class definition:

class mysql {
  package { 'mysql-server':
    ensure => present,
  }
  service { 'mysql':
    ensure    => running,
  }
  [...]
}

Usage (declaration) of "old style" classea (without parameters):
Even if a class is a singleton, you can include it multiple times: it's applied only once.

include mysql

Usage (declaration) of a parametrized classes
You can declare a parametrized class only once for a node

class { 'mysql':
  required_param => 'my_value',
  optional_param => 'dont_like_defaults',
}

Defines

Also called: Defined resource types or defined types
Similar to parametrized classes but can be used multi times, with different parameters
Definition example:

define apache::virtualhost (
  $template = 'apache/virtualhost.conf.erb' ,
  [...] ) {

  file { "ApacheVirtualHost_${name}":
    ensure  => $ensure,
    content => template("${template}"),
  }
}

Usage example (declaration):

apache::virtualhost { 'www.example42.com':
  template => 'site/apache/www.example42.com-erb'
}

Variables

You need them to provide different configurations for different kind of servers
Can be provided by client nodes as facts
Facter runs on clients and collects facts that the server can use as variables

al$ facter

architecture => x86_64
fqdn => Macante.example42.com
hostname => Macante
interfaces => lo0,eth0
ipaddress => 10.42.42.98
ipaddress_eth0 => 10.42.42.98
kernel => Linux
macaddress => 20:c9:d0:44:61:57
macaddress_eth0 => 20:c9:d0:44:61:57
memorytotal => 16.00 GB
netmask => 255.255.255.0
operatingsystem => Centos
operatingsystemrelease => 6.3
osfamily => RedHat
virtual => physical

Or can be defined by users

User Variables

You can define custom variables in different ways:
In manifests:

$role = 'mail'

$package = $operatingsystem ? {
  /(?i:Ubuntu|Debian|Mint)/ => 'apache2',
  default                   => 'httpd',
}

In an External Node Classifier ( DashBoard, the Foreman, Enterprise)
In an Hiera backend

$syslog_server = hiera(syslog_server)

Nodes

A node is identified by the PuppetMaster by its hostname or certname
You can decide what resources, classes and variables to assign to a node in 2 ways:
Using language ( Starting from /etc/manifests/site.pp )

node 'web01' {
  include apache
}

Using an External Node Classifier (DashBoard, Foreman or custom scripts)
When a client connects a PuppetMaster builds a catalog with all the resources to apply on the client
The catalog is in Pson format (a version of Json)

Modules

Self Contained and Distributable recipes contained in a directory with a predefined structure
Used to manage an application, system's resources, a local site or more complex structures
Modules must be placed in the Master's modulepath

puppet config print modulepath
/etc/puppet/modules:/usr/share/puppet/modules

module tool to interface with Modules Forge

puppet help module
[...]
ACTIONS:
  build        Build a module release package.
  changes      Show modified files of an installed module.
  generate     Generate boilerplate for a new module.
  install      Install a module from the Puppet Forge or an archive.
  list         List installed modules
  search       Search the Puppet Forge for a module.
  uninstall    Uninstall a puppet module.
  upgrade      Upgrade a puppet module.

GitHub, also, is full of modules

Paths of a module

Modules have a standard structure:

mysql/            # Main module directory

mysql/manifests/  # Manifests directory. Puppet code here. Required.
mysql/lib/        # Plugins directory. Ruby code here
mysql/templates/  # ERB Templates directory
mysql/files/      # Static files directory
mysql/spec/       # Puppet-rspec test directory
mysql/tests/      # Tests / Usage examples directory

mysql/Modulefile  # Module's metadata descriptor

This layout enables useful conventions

Modules paths conventions

Classes and defines autoloading:

include mysql
# Main mysql class is placed in: $modulepath/mysql/manifests/init.pp

include mysql::server
# This class is defined in: $modulepath/mysql/manifests/server.pp

mysql::conf { ...}
# This define is defined in: $modulepath/mysql/manifests/conf.pp

include mysql::server::ha
# This class is defined in: $modulepath/mysql/manifests/server/ha.pp

Provide files based on Erb Templates (Dynamic content)

content => template('mysql/my.cnf.erb'),
# Template is in: $modulepath/mysql/templates/my.cnf.erb

Provide static files (Static content). Note you can use content OR source for the same file.

source => 'puppet:///modules/mysql/my.cnf'
# File is in: $modulepath/mysql/files/my.cnf

Erb templates

Files provisioned by can be Ruby ERB templates
In a template all the variables (facts or user assigned) can be used :

# File managed by Puppet on <%= @fqdn %>
search <%= @domain %>

But also more elaborated Ruby code

<% @dns_servers.each do |ns| %>
nameserver <%= ns %>
<% end %>

The computed template content is placed directly inside the catalog
(Sourced files, instead, are retrieved from the puppetmaster during catalog application)

Principes behind a Reusable Module

Data Separation

- Configuration data is defined outside the module (or even Puppet manifests)
- Module's behavior is managed via APIs
- Allow module's extension and override via external data

Reusability

- Support different OS. Easily allow new additions.
- Customize behavior without changing module code
- Do not force author's idea on how configurations should be provided

Standardization

- Follow PuppetLabs style guidelines (puppet-lint)
- Have coherent, predictable and intuitive interfaces
- Provide contextual documentation (puppet-doc)

Interoperability

- Limit cross-module dependencies
- Allow easy modules' cherry picking
- Be self contained, do not interfere with other modules' resources

What's a Good Module anyway?

The most reusable and customizable
The one full of features
The one that works for you
The most essential, and optimized (but not reusable) one
The quickest one to do now
as usual... your mileage may vary
In 's world the concept of "Best Practices" is somehow fluid... :-)
(It follows the language's features evolution and the blog post of the moment...)

Modules documentation with Puppet Doc

Puppetdoc generates documentation from manifests comments:

$ puppetdoc [--all] --mode rdoc [--outputdir ] [--debug|--verbose] [--trace]
  [--modulepath ] [--manifestdir ] [--config ]

Comment classes as below:

# Class: apache
#
# This module manages Apache
#
# Parameters:
#
# Actions:
#
# Requires:
#
# [Remember: No empty lines between comments and class definition]
class apache {
  ...
}

Node AWS with Puppet

lib/puppet/face/node_aws.rb

require 'puppet/face'



Puppet::Face.define(:node_aws, '0.0.1') do

  copyright "Puppet Labs", 2011 .. 2013

  license   "Apache 2 license; see COPYING"



  summary "View and manage Amazon AWS EC2 nodes."

  description <<-'EOT'

    This subcommand provides a command line interface to work with Amazon EC2

    machine instances.  The goal of these actions is to easily create new

    machines, install Puppet onto them, and tear them down when they're no longer

    required.

  EOT

end

Puppet Agent to be seen by PM

Now We will configure our puppet agent to fetch configuration(although we do not have any configuration to be applied as of now) from our puppet master server(slashroot1). We have already started puppet master on the machine slashroot1. Our master server is listening connections on the port 8140.
the first step i will suggest doing is to edit the /etc/hosts file of your puppet agent server(slashroot2 in our case), and add puppet master server's ip and hostname(if you have your DNS entry configured for the master server then its well and fine.).
I believe that you have already installed the packages puppet & facter on your agent server as shown in the post "installing puppet agent and master".
Now lets connect our puppet agent to puppet master server for the first time. And see what happens.

?

1 2 3 4 5 6 7 8 9 10 11 12 13

[root@slashroot2 ~]# puppet agent --server slashroot1.slashroot.in --no-daemonize --verbose info: Creating a new SSL key for slashroot2.slashroot.in warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for slashroot2.slashroot.in info: Certificate Request fingerprint (md5): 59:7A:AE:2C:7B:15:DA:E5:A8:14:7D:FF:1F:5B:7A:66 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate

As shown in the above example you can see that, an SSL key is made for this agent machine and is waiting for the corresponding certificate to be signed by the puppet master server.
An Important fact to note here is a notice shown in the above command result, which says that "notice: Did not receive certificate".
--server in the above command specifies the puppet master server hostname
--no-daemonize tells the puppet agent to not to run as a daemon, and also output the messages to the screen. If you run puppet agent without this option, then you will not get the messages on the screen.
Note: If you do not specify the option --server, puppet agent will look for a host named "puppet". This is the main reason of keeping the puppet master hostname as puppet.
The ssl certificate signing is done only the first time an agent connects to the server.
The notice message(notice: Did not receive certificate)will keep on coming on the screen until the certificate request is signed by the puppet master.

 

How to Sign the SSL certificate from puppet Master?

Now as the client node (slashroot2) is waiting for its certificate to be signed, lets go and sign the certificate request from slashroot1(our puppet master server)
On your puppet master run the below command to show the certificate signing requests.

[root@slashroot1 ~]# puppetca --list
  slashroot2.slashroot.in (59:7A:AE:2C:7B:15:DA:E5:A8:14:7D:FF:1F:5B:7A:66)
[root@slashroot1 ~]#

#puppetca --list command will show you the agent certificate requests that are waiting to be signed.
#puppet cert list command will also show you the same thing
Now lets sign the certificate by the following method.

[root@slashroot1 ~]# puppetca --sign slashroot2.slashroot.in
notice: Signed certificate request for slashroot2.slashroot.in
notice: Removing file Puppet::SSL::CertificateRequest slashroot2.slashroot.in at '/var/lib/puppet/ssl/ca/requests/slashroot2.slashroot.in.pem'

Now from the above output you can clearly see that the puppet master server signed the certificate and also removed the old certificate signing request.
Now as soon as the certificate gets signed from the master server you will get the below message on the puppet agent's screen(because we ran puppet agent command with --no-daemonize option on our agent).

notice: Did not receive certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for slashroot2.slashroot.in
notice: Starting Puppet client version 2.7.9
info: Caching certificate_revocation_list for ca
info: Caching catalog for slashroot2.slashroot.in
info: Applying configuration version '1355395673'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.14 seconds

Now what does that message mean?

 

It means that our puppet agent got a signed certificate and the certificate is cached. Also the agents tells us that its applying a configuration version number "1355395673" based on the catalog given by the master server.

From now onwards we can restart and stop our puppet agent whenever required.

 

Note: Keep all the client nodes and the puppet server synchronized with one single ntp source. Because ssl connection rely heavily on time being synchronized.

We ran the command #puppet agent --server slashroot1.slashroot.in --no-daemonize --verbose, just for showing the output on the screen as example.In normal cases you can add the puppet server address in the puppet.conf file of your agent machine.

 

So on our agent we will add server address in the [main] section as shown below.

server=slashroot1.slashroot.in

After adding this server option in puppet.conf file simply restarting puppet agent will start it as a daemon. Which will periodically fetch data from the master server.

 

You can start/restart your puppet agent using the below commands.

 

/etc/init.d/puppet start

 

or

 

puppet agent

puppet master

Puppet.conf is the main configuration file of puppet. On most of the distribution this file is located under, /etc/puppet/ directory. Most of the times this file (/etc/puppet/puppet.conf) is automatically created during the installation. But if it is not there, you can easily create it by the following command.
[root@slashroot1 ~]# puppetmasterd --genconfig > /etc/puppet/puppet.conf
Puppet.conf file is easier to understand, and is very much self explanatory. Its divided into different sections as the following.

[agent] -- this section is for mentioning agent specific parameters.
[master] -- this section is for specifying options for puppet master.
[main] -- this section will contain all global configuration options.

Main section will contain options like the log directory,pid directory etc.(don't worry we will go ahead and configure all those, be patient)
The first step is to configure the /etc/hosts file and DNS entries with the ip of puppet master and its FQDN(Fully Qualified Domain Name).
Am keeping my puppet master name as puppet.slashroot.in. So my host entries will be something like the below.

[root@slashroot1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               slashroot1.slashroot.in slashroot1 localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.0.102 slashroot1.slashroot.in puppet puppet.slashroot.in

Also don't forget to add the same DNS entry in DNS server for your infra.
Now lets configure the [master] section of our puppet.conf file.
We will only be adding certname parameter in [master] section as of now. If you don't have the master section in your puppet.conf file then create it. My master section looks like the below.
[master]
certname=puppet.slashroot.in
Now lets configure an important file in puppet master configuration. Its the site.pp file. This is the file which tells what are the configurations that needs to be applied to the clients(agents).
We will be placing this site.pp file in /etc/puppet/manifests/ directory. Just create a file called site.pp there with no content. We will be adding configuration content inside this file later.

 

What are manifests in puppet?

manifest is nothing but a name that puppet calls those files which contain the configuration options for the clients.
An important fact to note is that all manifest files will also have a .pp extension just the same as site.pp file
You can alter the location of manifests and site.pp file with the help of manifestdir and manifest options in puppet.conf file.
As i have mentioned in my post How does Puppet Work Puppet does all its communication through SSL. And the default directory for SSL certificates is /var/lib/puppet.

[root@slashroot1 ~]# ls /var/lib/puppet/
bucket        client_data  facts  reports  server_data  state
clientbucket  client_yaml  lib    rrd      ssl          yaml

Now lets start puppetmaster, which will start master server listening on the port 8140. Starting puppet master server will also create a self signed certificate for the master server which can be found at /var/lib/puppet/ssl/ca/signed/

[root@slashroot1 signed]# /etc/init.d/puppetmaster start
Starting puppetmaster:
[root@slashroot1 signed]# ls /var/lib/puppet/ssl/ca/signed/
puppet.slashroot.in.pem
[root@slashroot1 signed]# lsof -i :8140
COMMAND    PID   USER   FD   TYPE DEVICE SIZE NODE NAME
puppetmas 3552 puppet    7u  IPv4   9583       TCP *:8140 (LISTEN)
[root@slashroot1 signed]#

As shown in the above example we have started puppet master, which inturn created a signed certificate for our puppet master, (note the fact that the certificate name is exactly the same as the certname in puppet.conf file).

 

What methods can be used to start puppet master server?

Puppet master can be started by the below methods.
#/etc/init.d/puppetmasterd start
OR
#puppetmasterd
OR
#puppet  master
For troubleshooting purposes you can run puppet master as the following.
#puppet master --verbose --no-daemonize

Install puppet agent

https://github.com/moviepilot/puppet/blob/master/tools/install-puppet-agent.sh

#!/bin/bash

if [ "$(id -u)" != "0" ]; then

   echo "This script must be run as root" 1>&2

   exit 1

fi

# refresh package list

apt-get update

# bootstrap ruby env

apt-get -y install irb libopenssl-ruby libreadline-ruby rdoc ri ruby ruby-dev git-core augeas-lenses augeas-tools libaugeas-ruby



# get a working gem version and update it to the most recent one

cd /usr/local/src

wget http://production.cf.rubygems.org/rubygems/rubygems-1.5.2.tgz

tar -xzf rubygems-1.5.2.tgz

cd rubygems-1.5.2

ruby setup.rb

update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1

gem update --system



# install puppet itself

gem install puppet -v 2.6.8 --no-ri --no-rdoc

aws auto-scale

Eric Lucas




Once Pre-Requisites are in place - this is the command.
54.243.63.144




Part 1
as-create-launch-config jvcauto --image-id ami-e447c38d --instance-type m1.medium -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --region us-east-1 --group jukin-security-1




Results
root@matrix:/# as-create-launch-config jvcauto --image-id ami-e447c38d --instance-type m1.medium -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --region us-east-1 --group jukin-security-1
OK-Created launch config




Part 2
root@matrix:/# as-create-auto-scaling-group jukinscale --launch-configuration jvcauto -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --availability-zones us-east-1b --min-size 2 --max-size 10 --load-balancers MainLoadJV --health-check-type ELB --grace-period 300
OK-Created AutoScalingGroup




Part 2-A Modify
Create new launch-configuration
as-create-launch-config jvcm1 --image-id ami-e447c38d --instance-type m1.medium -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --region us-east-1 --group jukin-security-1




Update-scaleing group
root@matrix:/home/macross# as-update-auto-scaling-group jukinscale --launch-configuration jvm1 -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y
OK-Updated AutoScalingGroup






2B modify max size
as-update-auto-scaling-group jukinscale --launch-configuration jvm1 -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --availability-zones us-east-1b --min-size 0 --max-size 3




Part 3
root@matrix:/# as-put-scaling-policy --auto-scaling-group jukinscale -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --name scale-up --adjustment 1 --type ChangeInCapacity --cooldown 300
arn:aws:autoscaling:us-east-1:838069323424:scalingPolicy:4186cee9-06cd-4bf0-968a-e99359e86f58:autoScalingGroupName/jukinscale:policyName/scale-up




Part 4
root@matrix:/# as-put-scaling-policy --auto-scaling-group jukinscale -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --name scale-dn "--adjustment=-1" --type ChangeInCapacity --cooldown 300
arn:aws:autoscaling:us-east-1:838069323424:scalingPolicy:53389773-a8f6-4c54-850d-7b797a9e8529:autoScalingGroupName/jukinscale:policyName/scale-dn




Part 5
mon-put-metric-alarm --alarm-name auto-scale-up -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --alarm-description "Scale up at 80% load" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average  --period 60 --threshold 80 --comparison-operator GreaterThanThreshold --dimensions InstanceId=i-52a36c2d --evaluation-periods 3  --unit Percent --alarm-actions arn:aws:autoscaling:us-east-1:838069323424:scalingPolicy:4186cee9-06cd-4bf0-968a-e99359e86f58:autoScalingGroupName/jukinscale:policyName/scale-up
OK-Created Alarm




mon-put-metric-alarm --alarm-name auto-scale-dn -I AKIAJEJVKDX6WSEOAZRQ -S mVKWOxwnKDmH5j0QOrYW8YkAAh1Y13eb63+s7v7Y --alarm-description "Scale down at 20% load" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 60 --threshold 20 --comparison-operator LessThanThreshold --dimensions InstanceId=i-52a36c2d --evaluation-periods 3 --unit Percent --alarm-actions arn:aws:autoscaling:us-east-1:838069323424:scalingPolicy:4186cee9-06cd-4bf0-968a-e99359e86f58:autoScalingGroupName/jukinscale:policyName/scale-up