AWSTags

The AWSTags plugin is a connector that retrieves tags from instances in EC2, and can optionally assign group membership based on patterns in the tags. See Using Tags for details on using tags in EC2.

AWSTags queries EC2 for instances whose private-dns-name property matches the hostname of the client.

Setup

  1. Add AWSTags to the plugins option in /etc/bcfg2.conf
  2. Configure AWS credentials in /etc/bcfg2.conf (See Configuration below for details.)
  3. Optionally, create AWSTags/config.xml (See Assigning Groups below for details.)
  4. Restart the Bcfg2 server.

Using Tag Data

AWSTags exposes the data in templates as a dict available as metadata.AWSTags. E.g., in a Genshi template, you could do:

Known tags on ${metadata.hostname}:
{% for key, val in metadata.AWSTags.items() %}\
${key}  ${val}
{% end %}\

This would produce something like:

Known tags on foo.example.com:
Name  foo.example.com
some random tag  the value

Assigning Groups

AWSTags can assign groups based on the tag data. This functionality is configured in AWSTags/config.xml.

Example

<AWSTags>
  <Tag name="^foo$">
    <Group>foo</Group>
  </Tag>
  <Tag name="^bar$" value="^bar$">
    <Group>bar</Group>
  </Tag>
  <Tag name="^bcfg2 group$" value="(.*)">
    <Group>$1</Group>
  </Tag>
</AWSTags>

In this example, any machine with a tag named foo would be added to the foo group. Any machine with a tag named bar whose value was also bar would be added to the bar group. Finally, any machine with a tag named bcfg2 group would be added to the group named in the value of that tag.

Note that both the name and value attributes are always regular expressions.

If a <Tag/> element has only a name attribute, then it only checks for existence of a matching tag. If it has both name and value, then it checks for a matching tag with a matching value.

You can use backreferences ($1, $2, etc.) in the group names. If only name is specified, then the backreferences will refer to groups in the name regex. If name and value are both specified, then backreferences will refer to groups in the value regex. If you specify both name and value, it is not possible to refer to groups in the name regex.

Schema Reference

schema awstags.xsd
AWSTags config schema for bcfg2
element AWSTags

Child elements:
  • element Tag

    Representation of a pattern that matches AWS tags. Tags can be matched in one of two ways:

    • If only name is specified, then AWSTags will only look for a tag with a matching name, and the value of tags is ignored.
    • If both name and value are specified, a tag must have a matching name and a matching value.
    Attributes:
    Name Description Values Required Default
    name
    The name pattern to match against. This is a regular expression. It is not anchored.
    		 string Yes None
    value
    The value pattern to match against. This is a regular expression. It is not anchored.
    		 string No None
    Child elements:
    • element Group

      The group to assign to machines with tags that match the enclosing Tag expression. More than one group can be specified.

      Group takes only text content, which may be the following values: string

  • AWSTags

Configuration

AWSTags recognizes several options in /etc/bcfg2.conf; at a minimum, you must configure an AWS access key ID and secret key. All of the following options are in the [awstags] section:

Option Description
access_key_id The AWS access key ID
secret_access_key The AWS secret access key
cache Whether or not to cache tag lookups. See Caching for details. Default is to cache.

Caching

Since the AWS API isn’t always very quick to respond, AWSTags caches its results by default. The cache is fairly short-lived: the cache for each host is expired when it starts a client run, so it will start the run with fresh data.

If you frequently update tags on your instances, you may wish to disable caching. That’s probably a bad idea, and would tend to suggest that updating tags frequently is perhaps the Wrong Thing.