Chapter 9 Configuration as Code Flashcards
Difference b/t ( aws Opworks for Chef Automate / AWS OpsWorks for Puppet Enterprise) and AWS OpsWorks Stack
OpsWorks Stacks does not provision an EC2 instance w/ puppet/chef software. Thee other two do.
OpsWorks Stacks uses and ‘in memory’ chef server and a ‘chef client’.
T/F: You must replace instances in order to update cookbooks in AWS OpsWorks
True
How to package cookbook dependencies?
Use a tool called berkshelf. Good for packaging dependencies before you upload it to S3 (and then set it as cookbook source)
T/F: When you create a resource in the stack, such as an instance, it is available only from the endpoint you specify when you create the stack.
True
If you want to use a custom AMI in OpsWorks, what are the requirements?
- AMI must be based off of AMI which OpsWorks supports
- must be 64 bit
- must support instance types you want to launch
In chef terminology, a ‘layer’ is equivalent to what?
a ‘role’
For EBS backed instances, the IP address will 1. ___ when instance restarts; for instance store backed instances, it will 2. ____.
- stay the same
2. change
In regard to EBS volumes, when volumes are added or removed from a layer, only ______ will receive the updated configuration.
New instances. Existing instance volumes do not change.
What are the three types of instances supported by OpsWorks Stacks?
- 24/7: they run until you stop them
- Time based instances: they run on specified schedules. (good for handling predictable load on your stack)
- Load based instances: they start and stop based on load metrics like ‘NetworkOut’ and ‘CPUUtilization’
Caveat about using load based and time based instances with OpsWorks Stacks
Unlike auto scaling groups, you must set these up ahead of time via console or CLI.
Do instances automatically install security and package updates?
No, this occurs only when the instance is first started.
An alternative to updating instances directly via OpsWorks is to ….
regularly launch new instances to replace old ones
Within OpsWorks can you register instances in separate accounts or even on prem instances? How?
Yes, by installing the OpsWorks agent on the target instances.
What is ‘auto healing’ in the context of OpsWorks?
When an instance can’t communicate with the OpsWorks service for 5 minutes, it will restart automatically. Enabled by default.
NOTE: health check itself performed every minute
When an app update occurs, will instances in OpsWorks automatically update with the new app?
No, but new instances will.
T/F: OpWorks stack users are associated with a specific region and cannot be given access to stacks in another region.
True
What are the four stack level permissions you can give a user?
- Deny: no action allowed on stack
- Show: user can only view stack configuration
- Deploy: user can view and deploy stacks
- Manage: view, deploy, manage
How are Chef recipes executed?
Via lifecycle events or manually.
Any time an instance in a stack comes online or goes offline, all instances in the same stack will undergo a ______ lifecycle event
Configure
When will an instance run the ‘DEPLOY’ lifecycle event?
Only after it has run the initial SETUP and CONFIGURE lifecycle events. After this, it must be run manually each time you want to run it.
What is the name of the lifecycle event which removes an app from an OpsWorks layer?
UNDEPLOY
What is a lifecycle event associated with tasks like taking snapshots and copying log files to S3 for later use?
SHUTDOWN
If an AWS resource like RDS is registered with a stack and attach to an instance, is it deleted when instance is deleted?
No, you must manually delete it via console or CLI
What is an important limitation regarding EBS volumes with OpsWorks Stack?
You cannot attach EBS volumes to Windows stacks.
Also, you can only register EBS volumes to one stack at a time.
Can you register an RDS instance with multiple apps in the same stack?
Yes
Any data that you define at the _____ level overrides the data set at the layer or stack levels.
deployment
Any data set at the _____ level overrides the data set at the stack level.
layer
list basic metrics displayed in OpsWorks dashboard
- cpu
- memory utilization
- load
- processes
cloudwatch events supports which event types from OpsWorks?
- Instance state change
- Command state change
- Deployment state change
- Alerts
Is instance monitoring the same b/t Linux and Windows?
No, Windows based stacks provide only basic EC2 metrics
What is standard service limit threshold for stacks, layers per stack, instances per stack, and apps per stack?
40
Can an instance with 1 vCPU run a container which requires 2vCPUs?
No
Does scaling out a cluster increase the running task count?
No, service auto scaling performs that task.
What is a major restriction of Fargate containers?
They cannot be run in ‘privileged’ mode. You can verify a given task definition is acceptable by running the ‘requires capabilities’ option in the console or CLI.
What is a ‘task definition’ with regards to containers?
JSON document which describes what containers launch for an application. It can specify up to 10 containers and their requirements.
What are conditions under which containers should be added to the same task definition?
- containers share same lifecycle
- containers need to run on the same host/instance
- containers need to share the same resources
What is a ‘service’ in the context of containers.
Process/entity created by specifying task definition and number of task to maintain.
If any containers in service become unhealthy, the service is responsible and launches a replacement task.
Service also defines min/max healthy thresholds for deployment strategies.
Classic load balancers register/deregister instances. What is an implication of this fact?
Any tasks being run on the classic load balancer all exist on the same container instance.
An alternative to this is the application load balancer ALB.
Target Tracking Policies
determine when to scale the number of tasks based on a target metric
Step Scaling Policies
task scaling policy which grows with multiple ‘step’ based metrics. So for example it can grow based on reaching 70% cpu utilization and yet again when 80% threshold met.
Task Scaling Policies
These describe on which instances tasks launch or which tasks terminate during scaling actions. v
Policies implemented on best effort basis (‘try to do it, and if I can’t just settle on whatever works’)
ECS Service Discovery
Allows you to assign Route 53 DNS entries to tasks your service manages
ECS Container Agent
Responsible for monitoring the status of tasks running on cluster instances. Monitors health of containers and replaces them if necessary. Automatically available in ECS optimized AMIs
Note: instance must be restarted if trying to update agent on Windows.
Can you create an ECS cluster when setting up a CodePipeline?
No, it must be created ahead of time.
Unlike ECS, Fargate requires no ____
agent management (ECS manages clusters via agent)
Clusters consist of 1. ______ which contain an installed 2. ______ responsible for receiving scheduling/shutdown commands from the ECS service and reporting health of containers.
- EC2 Instances
2. agent
How do you allow a user cross region access to a stack?
You have to copy the user to another region.
List the lifecycle events
setup, configure, deploy, undeploy, shutdown
Note: CONFIGURE run on all instance in stack if any instance comes online or goes offline
Can you raise limits on Stack limits?
no
After updating a custom cookbook repository, will
any currently online instances automatically receive the updated cookbooks?
no, You must run the ‘Update Custom Cookbooks’ command.
When will an AWS OpsWorks Stacks instance register and deregister from an Elastic Load Balancing load balancer associated with the layer?
Instances will be registered when they enter an online state and are deregistered when they leave an online state.
Why should instances in a single AWS OpsWorks Stacks layer have the same functionality and purpose?
Because all instances in a layer run the same recipes
How many containers can a single task definition describe?
10
