AWSTags¶

The AWSTags plugin is a connector that retrieves tags from instances in EC2, and can optionally assign group membership based on patterns in the tags. See Using Tags for details on using tags in EC2.

AWSTags queries EC2 for instances whose private-dns-name property matches the hostname of the client.

Setup¶

Add AWSTags to the plugins option in /etc/bcfg2.conf
Configure AWS credentials in /etc/bcfg2.conf (See Configuration below for details.)
Optionally, create AWSTags/config.xml (See Assigning Groups below for details.)
Restart the Bcfg2 server.

Using Tag Data¶

AWSTags exposes the data in templates as a dict available as metadata.AWSTags. E.g., in a Genshi template, you could do:

Known tags on ${metadata.hostname}:
{% for key, val in metadata.AWSTags.items() %}\
${key}  ${val}
{% end %}\

This would produce something like:

Known tags on foo.example.com:
Name  foo.example.com
some random tag  the value

Assigning Groups¶

AWSTags can assign groups based on the tag data. This functionality is configured in AWSTags/config.xml.

Example¶

<AWSTags>
  <Tag name="^foo$">
    <Group>foo</Group>
  </Tag>
  <Tag name="^bar$" value="^bar$">
    <Group>bar</Group>
  </Tag>
  <Tag name="^bcfg2 group$" value="(.*)">
    <Group>$1</Group>
  </Tag>
</AWSTags>

In this example, any machine with a tag named foo would be added to the foo group. Any machine with a tag named bar whose value was also bar would be added to the bar group. Finally, any machine with a tag named bcfg2 group would be added to the group named in the value of that tag.

Note that both the name and value attributes are always regular expressions.

If a <Tag/> element has only a name attribute, then it only checks for existence of a matching tag. If it has both name and value, then it checks for a matching tag with a matching value.

You can use backreferences ($1, $2, etc.) in the group names. If only name is specified, then the backreferences will refer to groups in the name regex. If name and value are both specified, then backreferences will refer to groups in the value regex. If you specify both name and value, it is not possible to refer to groups in the name regex.

Schema Reference¶

Configuration¶

AWSTags recognizes several options in /etc/bcfg2.conf; at a minimum, you must configure an AWS access key ID and secret key. All of the following options are in the [awstags] section:

Option	Description
`access_key_id`	The AWS access key ID
`secret_access_key`	The AWS secret access key
`cache`	Whether or not to cache tag lookups. See Caching for details. Default is to cache.

Caching¶

Since the AWS API isn’t always very quick to respond, AWSTags caches its results by default. The cache is fairly short-lived: the cache for each host is expired when it starts a client run, so it will start the run with fresh data.

If you frequently update tags on your instances, you may wish to disable caching. That’s probably a bad idea, and would tend to suggest that updating tags frequently is perhaps the Wrong Thing.

AWSTags¶

Setup¶

Using Tag Data¶

Assigning Groups¶

Example¶

Schema Reference¶

Configuration¶

Caching¶

Table Of Contents

Previous topic

Next topic

This Page