Chapter 9 Configuration as Code

Question 1

Difference b/t ( aws Opworks for Chef Automate / AWS OpsWorks for Puppet Enterprise) and AWS OpsWorks Stack

Answer 1

OpsWorks Stacks does not provision an EC2 instance w/ puppet/chef software. Thee other two do.

OpsWorks Stacks uses and ‘in memory’ chef server and a ‘chef client’.

Question 2

T/F: You must replace instances in order to update cookbooks in AWS OpsWorks

Answer 2

True

Question 3

How to package cookbook dependencies?

Answer 3

Use a tool called berkshelf. Good for packaging dependencies before you upload it to S3 (and then set it as cookbook source)

Question 4

T/F: When you create a resource in the stack, such as an instance, it is available only from the endpoint you specify when you create the stack.

Answer 4

True

Question 5

If you want to use a custom AMI in OpsWorks, what are the requirements?

Answer 5

1. AMI must be based off of AMI which OpsWorks supports
2. must be 64 bit
3. must support instance types you want to launch

Question 6

In chef terminology, a ‘layer’ is equivalent to what?

Answer 6

a ‘role’

Question 7

For EBS backed instances, the IP address will 1. ___ when instance restarts; for instance store backed instances, it will 2. ____.

Answer 7

1. stay the same

2. change

Question 8

In regard to EBS volumes, when volumes are added or removed from a layer, only ______ will receive the updated configuration.

Answer 8

New instances. Existing instance volumes do not change.

Question 9

What are the three types of instances supported by OpsWorks Stacks?

Answer 9

1. 24/7: they run until you stop them
2. Time based instances: they run on specified schedules. (good for handling predictable load on your stack)
3. Load based instances: they start and stop based on load metrics like ‘NetworkOut’ and ‘CPUUtilization’

Question 10

Caveat about using load based and time based instances with OpsWorks Stacks

Answer 10

Unlike auto scaling groups, you must set these up ahead of time via console or CLI.

Question 11

Do instances automatically install security and package updates?

Answer 11

No, this occurs only when the instance is first started.

Question 12

An alternative to updating instances directly via OpsWorks is to ….

Answer 12

regularly launch new instances to replace old ones

Question 13

Within OpsWorks can you register instances in separate accounts or even on prem instances? How?

Answer 13

Yes, by installing the OpsWorks agent on the target instances.

Question 14

What is ‘auto healing’ in the context of OpsWorks?

Answer 14

When an instance can’t communicate with the OpsWorks service for 5 minutes, it will restart automatically. Enabled by default.

NOTE: health check itself performed every minute

Question 15

When an app update occurs, will instances in OpsWorks automatically update with the new app?

Answer 15

No, but new instances will.

Question 16

T/F: OpWorks stack users are associated with a specific region and cannot be given access to stacks in another region.

Answer 16

True

Question 17

What are the four stack level permissions you can give a user?

Answer 17

1. Deny: no action allowed on stack
2. Show: user can only view stack configuration
3. Deploy: user can view and deploy stacks
4. Manage: view, deploy, manage

Question 18

How are Chef recipes executed?

Answer 18

Via lifecycle events or manually.

Question 19

Any time an instance in a stack comes online or goes offline, all instances in the same stack will undergo a ______ lifecycle event

Answer 19

Configure

Question 20

When will an instance run the ‘DEPLOY’ lifecycle event?

Answer 20

Only after it has run the initial SETUP and CONFIGURE lifecycle events. After this, it must be run manually each time you want to run it.

Question 21

What is the name of the lifecycle event which removes an app from an OpsWorks layer?

Answer 21

UNDEPLOY

Question 22

What is a lifecycle event associated with tasks like taking snapshots and copying log files to S3 for later use?

Answer 22

SHUTDOWN

Question 23

If an AWS resource like RDS is registered with a stack and attach to an instance, is it deleted when instance is deleted?

Answer 23

No, you must manually delete it via console or CLI

Question 24

What is an important limitation regarding EBS volumes with OpsWorks Stack?

Answer 24

You cannot attach EBS volumes to Windows stacks.

Also, you can only register EBS volumes to one stack at a time.

Question 25

Can you register an RDS instance with multiple apps in the same stack?

Answer 25

Yes

Question 26

Any data that you define at the _____ level overrides the data set at the layer or stack levels.

Answer 26

deployment

Question 27

Any data set at the _____ level overrides the data set at the stack level.

Answer 27

layer

Question 28

list basic metrics displayed in OpsWorks dashboard

Answer 28

1. cpu
2. memory utilization
3. load
4. processes

Question 29

cloudwatch events supports which event types from OpsWorks?

Answer 29

1. Instance state change
2. Command state change
3. Deployment state change
4. Alerts

Question 30

Is instance monitoring the same b/t Linux and Windows?

Answer 30

No, Windows based stacks provide only basic EC2 metrics

Question 31

What is standard service limit threshold for stacks, layers per stack, instances per stack, and apps per stack?

Answer 31

40

Question 32

Can an instance with 1 vCPU run a container which requires 2vCPUs?

Answer 32

No

Question 33

Does scaling out a cluster increase the running task count?

Answer 33

No, service auto scaling performs that task.

Question 34

What is a major restriction of Fargate containers?

Answer 34

They cannot be run in ‘privileged’ mode. You can verify a given task definition is acceptable by running the ‘requires capabilities’ option in the console or CLI.

Question 35

What is a ‘task definition’ with regards to containers?

Answer 35

JSON document which describes what containers launch for an application. It can specify up to 10 containers and their requirements.

Question 36

What are conditions under which containers should be added to the same task definition?

Answer 36

1. containers share same lifecycle
2. containers need to run on the same host/instance
3. containers need to share the same resources

Question 37

What is a ‘service’ in the context of containers.

Answer 37

Process/entity created by specifying task definition and number of task to maintain.

If any containers in service become unhealthy, the service is responsible and launches a replacement task.

Service also defines min/max healthy thresholds for deployment strategies.

Question 38

Classic load balancers register/deregister instances. What is an implication of this fact?

Answer 38

Any tasks being run on the classic load balancer all exist on the same container instance.

An alternative to this is the application load balancer ALB.

Question 39

Target Tracking Policies

Answer 39

determine when to scale the number of tasks based on a target metric

Question 40

Step Scaling Policies

Answer 40

task scaling policy which grows with multiple ‘step’ based metrics. So for example it can grow based on reaching 70% cpu utilization and yet again when 80% threshold met.

Question 41

Task Scaling Policies

Answer 41

These describe on which instances tasks launch or which tasks terminate during scaling actions. v

Policies implemented on best effort basis (‘try to do it, and if I can’t just settle on whatever works’)

Question 42

ECS Service Discovery

Answer 42

Allows you to assign Route 53 DNS entries to tasks your service manages

Question 43

ECS Container Agent

Answer 43

Responsible for monitoring the status of tasks running on cluster instances. Monitors health of containers and replaces them if necessary. Automatically available in ECS optimized AMIs

Note: instance must be restarted if trying to update agent on Windows.

Question 44

Can you create an ECS cluster when setting up a CodePipeline?

Answer 44

No, it must be created ahead of time.

Question 45

Unlike ECS, Fargate requires no ____

Answer 45

agent management (ECS manages clusters via agent)

Question 46

Clusters consist of 1. ______ which contain an installed 2. ______ responsible for receiving scheduling/shutdown commands from the ECS service and reporting health of containers.

Answer 46

1. EC2 Instances

2. agent

Question 47

How do you allow a user cross region access to a stack?

Answer 47

You have to copy the user to another region.

Question 48

List the lifecycle events

Answer 48

setup, configure, deploy, undeploy, shutdown

Note: CONFIGURE run on all instance in stack if any instance comes online or goes offline

Question 49

Can you raise limits on Stack limits?

Answer 49

no

Question 50

After updating a custom cookbook repository, will

any currently online instances automatically receive the updated cookbooks?

Answer 50

no, You must run the ‘Update Custom Cookbooks’ command.

Question 51

When will an AWS OpsWorks Stacks instance register and deregister from an Elastic Load Balancing load balancer associated with the layer?

Answer 51

Instances will be registered when they enter an online state and are deregistered when they leave an online state.

Question 52

Why should instances in a single AWS OpsWorks Stacks layer have the same functionality and purpose?

Answer 52

Because all instances in a layer run the same recipes

Question 53

How many containers can a single task definition describe?

Answer 53

10