ironfan 3.1.0.rc1 → 3.1.1

data/lib/chef/knife/cluster_vagrant.rb

@@ -0,0 +1,144 @@
+#
+# Author:: Philip (flip) Kromer (<flip@infochimps.com>)
+# Copyright:: Copyright (c) 2011 Infochimps, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Knife
+
+    #
+    # Vagrant support is VERY rough. It will
+    #
+    # * change the ui/commandline args, at the worst possible moment for you to adapt
+    # * show you info that is inaccurate, even beyond the obvious fact that it reports AWS properties.
+    # * translate your documents into swahili, make your TV record Gigli -- [tracker issue here](http://bit.ly/vrsalert)
+    #
+    # Vagrant has a really strong narcissistic streak, even more so than chef
+    # and ironfan already do.  I don't want to fight (it's probably that way for
+    # good reasons), so the following oddball procedure may persist until it a)
+    # stops working well or b) someone recommends a better approach.
+    #
+    # when you run `knife cluster vagrant command cluster-[facet-[indexes]]` we:
+    #
+    # * identify all servers defined on that cluster
+    # * find (or make) the directory config.vagrant_path
+    #   - if unset, will use `{homebase}/vagrants/{cluster_name}`
+    # * copy a special-purpose vagrantfile into that directory
+    #   - it is called vagrantfile, but won't work in a standalone way.
+    #
+    #
+    class ClusterVagrant < Knife
+      IRONFAN_DIR = File.dirname(File.realdirpath(__FILE__))
+      require File.expand_path('ironfan_knife_common', IRONFAN_DIR)
+      include Ironfan::KnifeCommon
+
+      deps do
+        Ironfan::KnifeCommon.load_deps
+        require 'vagrant'
+        require File.expand_path('vagrant/ironfan_environment',  IRONFAN_DIR)
+        require File.expand_path('vagrant/ironfan_provisioners', IRONFAN_DIR)
+      end
+
+      banner "knife cluster vagrant CMD CLUSTER-[FACET-[INDEXES]] (options) - runs the given command against a vagrant environment created from your cluster definition. EARLY, use at your own risk"
+
+      option :cloud,
+        :long        => "--cloud PROVIDER",
+        :short       => "-p",
+        :description => "cloud provider to target, or 'false' to skip cloud-targeted steps. (default false)",
+        :default     => false,
+        :boolean     => false
+
+      def run
+        # The subnet for this world
+        Chef::Config.host_network_blk   ||= '33.33.33'
+        # Location that cookbooks, roles, etc will be mounted on vm
+        # set to false to skip
+        Chef::Config.homebase_on_vm_dir "/homebase" if Chef::Config.homebase_on_vm_dir.nil?
+        # yuck. necessary until cloud agnosticism shows up
+        Chef::Config[:cloud] = config[:cloud] = false
+        # TODO: make this customizable
+        Chef::Config[:vagrant_path] = File.expand_path("vagrants", Chef::Config.homebase)
+
+        # standard ironfan knife preamble
+        load_ironfan
+        die("Missing command or slice:\n#{banner}") if @name_args.length < 2
+        die("Too many args:\n#{banner}")            if @name_args.length > 2
+        configure_dry_run
+        ui.warn "Vagrant support is VERY rough: the ui will change, displays are inaccurate, may translate your documents into swahili"
+
+        #
+        # Load the servers. Note carefully: this is subtly different from all
+        # the other `knife cluster` commands. Vagrant provides idempotency, but
+        # we want the vagrant file to be invariant to the particular servers
+        # you're asking it to diddle.
+        #
+        # So we configure VMs for all servers in the cluster, but only issue the
+        # cli command against the ones given by the server slice.
+        #
+        vagrant_command, slice_string = @name_args
+        target      = get_slice(slice_string)
+        all_servers = target.cluster.servers
+        display(target)
+
+        # Pre-populate information in chef
+        section("Sync'ing to chef and cloud")
+        target.sync_to_chef
+
+        # FIXME: I read somewhere that global variables are a smell for something
+        $ironfan_target = all_servers
+
+        #
+        # Prepare vagrant
+        #
+        section("Configuring vagrant", :green)
+
+        cluster_vagrant_dir  = File.expand_path(target.cluster.name.to_s, Chef::Config.vagrant_path)
+        skeleton_vagrantfile = File.expand_path('vagrant/skeleton_vagrantfile.rb', IRONFAN_DIR)
+
+        # using ':vagrantfile_name => skeleton_vagrantfile' doesn't seem to work
+        # in vagrant - the VM comes out incompletely configured in a way I don't
+        # totally understand. Plus it wants its own directory anyhow. So, make a
+        # directory to hold vagrantfiles and push the skeleton in there
+        FileUtils.mkdir_p cluster_vagrant_dir
+        FileUtils.cp      skeleton_vagrantfile, File.join(cluster_vagrant_dir, 'vagrantfile')
+
+        log_level = [0, (3 - config.verbosity)].max
+        env = Vagrant::IronfanEnvironment.new(
+          :ui_class    => Vagrant::UI::Colored,
+          :cwd         => cluster_vagrant_dir,
+          :log_level   => log_level,
+          )
+
+        #
+        # Run command
+        #
+        section("issuing command 'vagrant #{vagrant_command}'", :green)
+
+        target.servers.each do |server|
+          env.cli(vagrant_command, server.fullname)
+        end
+      end
+
+      def display(target)
+        super(target.cluster.servers,
+          ["Name", "InstanceID", "State", "Flavor", "Image", "AZ", "Public IP", "Private IP", "Created At", 'Volumes', 'Elastic IP']) do |svr|
+          { 'targeted?' => (target.include?(svr) ? "[blue]true[reset]" : '-' ), }
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/knife/{knife_common.rb → ironfan_knife_common.rb}

@@ -27,10 +27,13 @@ module Ironfan
     #   You must specify a facet if you use slice_indexes.
     #
     # @return [Ironfan::ServerSlice] the requested slice
-    def get_slice(cluster_name, facet_name=nil, slice_indexes=nil)
-      if facet_name.nil? && slice_indexes.nil?
-        cluster_name, facet_name, slice_indexes = cluster_name.split(/[\s\-]/, 3)
+    def get_slice(slice_string, *args)
+      if not args.empty?
+        slice_string = [slice_string, args].flatten.join("-")
+        ui.info("")
+        ui.warn("Please specify server slices joined by dashes and not separate args:\n\n  knife cluster #{sub_command} #{slice_string}\n\n")
       end
+      cluster_name, facet_name, slice_indexes = slice_string.split(/[\s\-]/, 3)
       ui.info("Inventorying servers in #{predicate_str(cluster_name, facet_name, slice_indexes)}")
       cluster = Ironfan.load_cluster(cluster_name)
       cluster.resolve!
@@ -183,7 +186,8 @@ module Ironfan
           next if options.include?(name) || options[:except].include?(name)
           option name, info
         end
-        banner "knife cluster #{sub_command} CLUSTER_NAME [FACET_NAME [INDEXES]] (options)"
+        options[:description] ||= "#{sub_command} all servers described by given cluster slice"
+        banner "knife cluster #{"%-11s" % sub_command} CLUSTER-[FACET-[INDEXES]] (options) - #{options[:description]}"
       end
     end
     def self.included(base)

data/lib/chef/knife/{generic_command.rb → ironfan_script.rb}

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require File.expand_path(File.dirname(__FILE__)+"/knife_common.rb")
+require File.expand_path('ironfan_knife_common', File.dirname(File.realdirpath(__FILE__)))
 
 module Ironfan
   class Script < Chef::Knife

data/lib/chef/knife/vagrant/ironfan_environment.rb

@@ -0,0 +1,18 @@
+module Vagrant
+  class IronfanEnvironment < Vagrant::Environment
+
+    def initialize(opts={})
+      super(opts)
+      munge_logger(opts)
+    end
+
+
+  protected
+    def munge_logger(opts)
+      logger = Log4r::Logger.new("vagrant")
+      logger.outputters = Log4r::Outputter.stderr
+      logger.level = opts[:log_level] || 3
+      logger.info( "ironfan vagrant (#{self}) - cwd: #{cwd}")
+    end
+  end
+end

data/lib/chef/knife/vagrant/ironfan_provisioners.rb

@@ -0,0 +1,27 @@
+module Vagrant
+  module Provisioners
+    class IronfanChefClient < Vagrant::Provisioners::ChefClient
+      class Config < Vagrant::Provisioners::ChefClient::Config
+        attr_accessor :upload_client_key
+      end
+      def self.config_class() Config ; end
+
+      def upload_validation_key
+        super()
+        if config.upload_client_key
+          # env[:ui].info I18n.t("vagrant.provisioners.chef.upload_client_key")
+          host_client_key = File.expand_path(config.upload_client_key)
+          env[:vm].channel.upload(host_client_key, tmp_client_key_path)
+          env[:vm].channel.sudo("mv #{tmp_client_key_path} #{config.client_key_path}")
+          env[:vm].channel.sudo("chown root #{config.client_key_path}")
+          env[:vm].channel.sudo("chmod 600  #{config.client_key_path}")
+        end
+      end
+
+      def tmp_client_key_path
+        File.join(config.provisioning_path, "client.pem")
+      end
+
+    end
+  end
+end

data/lib/chef/knife/vagrant/skeleton_vagrantfile.rb

@@ -0,0 +1,116 @@
+#
+# ~~ DO NOT EDIT ~~
+#
+
+unless defined?(Chef::Config)
+  puts <<-EOL
+    Warning!
+
+    This might *look* like a vagrantfile.  However it's only useful when you use
+    `knife cluster vm` to manipulate it.  Any changes you put here will be
+    clobbered, and you can't edit the original if you install ironfan as a gem.
+    Annoying, but concentrate on the magic of the jetpack-powered ridiculous
+    cybernetic future magic that's going on here.
+
+    Instead, issue commands like
+
+        knife cluster vagrant COMMAND CLUSTER[-FACET-[INDEXES]]
+
+    Where command is something like
+
+        status up provision reload resume suspend ssh destroy or halt
+
+EOL
+  exit(2)
+end
+
+
+Vagrant::Config.run do |config|
+
+  #
+  # FIXME: the things in this first section need to go somewhere else; need to
+  # learn more abt vagrant to figure out where.
+  #
+
+  def ip_for(svr)
+    "#{Chef::Config.host_network_blk}.#{30 + svr.facet_index}"
+  end
+
+  # FIXME: things like this should be imputed by the `cloud` statement
+  ram_mb           = 640
+  video_ram_mb     = 10
+  cores            = 2
+
+  # ===========================================================================
+  #
+  # Configure VM
+  #
+
+  # Boot with a GUI so you can see the screen. (Default is headless)
+  config.vm.boot_mode = :gui
+
+  # Mount this to see all our chefs and stuff: [type, vm_path, host_path]
+  config.vm.share_folder "homebase", Chef::Config.homebase_on_vm_dir, Chef::Config.homebase
+
+  #
+  # Define a VM for all the targeted servers in the cluster.
+  #
+  # * vm name   - server's fullname ('el_ridiculoso-gordo-2')
+  # * vm box    - cloud.image_name
+  # * creates host network on the subnet defined in Chef::Config[:host_network_blk]
+  # * populates chef provisioner from the server's run_list
+  #
+  $ironfan_target.servers.each do |svr|
+    config.vm.define svr.fullname.to_sym do |cfg|
+
+      cfg.vm.box     = svr.cloud.image_name
+      cfg.vm.network  :hostonly, ip_for(svr)
+
+      #
+      # See http://www.virtualbox.org/manual/ch08.html#idp12418752
+      # for the craziness
+      #
+      vm_customizations = {}
+      vm_customizations[:name]   = svr.fullname.to_s
+      vm_customizations[:memory] = ram_mb.to_s       if ram_mb
+      vm_customizations[:vram]   = video_ram_mb.to_s if video_ram_mb
+      vm_customizations[:cpus]   = cores.to_s        if cores
+      # Use the host resolver for DNS so that VPN continues to work within the VM
+      vm_customizations[:natdnshostresolver1] = "on"
+      #
+      cfg.vm.customize ["modifyvm", :id, vm_customizations.map{|k,v| ["--#{k}", v]} ].flatten
+
+      # Assign this VM to a bridged network, allowing you to connect directly to a
+      # network using the host's network device. This makes the VM appear as another
+      # physical device on your network.
+      # cfg.vm.network :bridged
+
+      # Forward a port from the guest to the host, which allows for outside
+      # computers to access the VM, whereas host only networking does not.
+      # cfg.vm.forward_port 80, 8080
+
+      cfg.vm.provision Vagrant::Provisioners::IronfanChefClient do |chef|
+        #
+        chef.node_name              = svr.fullname
+
+        chef.chef_server_url        = svr.chef_server_url
+        chef.validation_client_name = svr.validation_client_name
+        chef.validation_key_path    = svr.validation_key
+        chef.upload_client_key      = svr.client_key.filename if svr.client_key
+
+        chef.environment            = svr.environment
+        chef.json                   = svr.cloud.user_data
+
+        svr.combined_run_list.each do |run_list_entry|
+          case run_list_entry
+          when /^role\[(\w+)\]$/   then chef.add_role($1)                # role[foo]
+          when /^recipe\[(\w+)\]$/ then chef.add_recipe($1)              # recipe[foo]
+          else                          chef.add_recipe(run_list_entry)  # foo
+          end
+        end
+
+      end
+    end
+  end
+
+end

data/lib/ironfan/chef_layer.rb

@@ -145,7 +145,7 @@ module Ironfan
     def chef_client_script_content
       return @chef_client_script_content if @chef_client_script_content
       return unless cloud.chef_client_script
-      script_filename = File.expand_path("../../config/#{cloud.chef_client_script}", File.dirname(__FILE__))
+      script_filename = File.expand_path("../../config/#{cloud.chef_client_script}", File.dirname(File.realdirpath(__FILE__)))
       @chef_client_script_content = safely{ File.read(script_filename) }
     end
 
@@ -202,7 +202,7 @@ module Ironfan
     def set_chef_node_attributes
       step("  setting node runlist and essential attributes")
       @chef_node.run_list = Chef::RunList.new(*@settings[:run_list])
-      @chef_node.normal[  :organization] = Chef::Config[:organization] if Chef::Config[:organization]
+      @chef_node.normal[:organization]   = organization if organization
       @chef_node.override[:cluster_name] = cluster_name
       @chef_node.override[:facet_name]   = facet_name
       @chef_node.override[:facet_index]  = facet_index

data/lib/ironfan/fog_layer.rb

@@ -20,23 +20,26 @@ module Ironfan
     end
 
     def fog_launch_description
+      user_data_hsh =
+        if client_key.body then cloud.user_data.merge({ :client_key     => client_key.body })
+        else                    cloud.user_data.merge({ :validation_key => cloud.validation_key }) ; end
+      #
       {
-        :image_id          => cloud.image_id,
-        :flavor_id         => cloud.flavor,
-        #
-        :groups            => cloud.security_groups.keys,
-        :key_name          => cloud.keypair.to_s,
+        :image_id             => cloud.image_id,
+        :flavor_id            => cloud.flavor,
+        :groups               => cloud.security_groups.keys,
+        :key_name             => cloud.keypair.to_s,
         # Fog does not actually create tags when it creates a server.
-        :tags              => {
-          :cluster => cluster_name,
-          :facet   => facet_name,
-          :index   => facet_index, },
-        :user_data         => JSON.pretty_generate(cloud.user_data),
-        :block_device_mapping    => block_device_mapping,
+        :tags                 => {
+          :cluster            => cluster_name,
+          :facet              => facet_name,
+          :index              => facet_index, },
+        :user_data            => JSON.pretty_generate(user_data_hsh),
+        :block_device_mapping => block_device_mapping,
+        :availability_zone    => self.default_availability_zone,
+        :monitoring           => cloud.monitoring,
         # :disable_api_termination => cloud.permanent,
         # :instance_initiated_shutdown_behavior => instance_initiated_shutdown_behavior,
-        :availability_zone => self.default_availability_zone,
-        :monitoring => cloud.monitoring,
       }
     end
 

data/lib/ironfan/private_key.rb

@@ -70,7 +70,7 @@ module Ironfan
     end
 
     def key_dir
-      Chef::Config.client_key_dir || '/tmp/client_keys'
+      Chef::Config.client_key_dir || "/tmp/#{ENV['USER']}-client_keys"
     end
   end
 
@@ -89,7 +89,7 @@ module Ironfan
 
     def key_dir
       return Chef::Config.data_bag_key_dir if Chef::Config.data_bag_key_dir
-      dir = "#{ENV['HOME']}/.chef/data_bag_keys"
+      dir = "#{ENV['HOME']}/.chef/credentials/data_bag_keys"
       warn "Please set 'data_bag_key_dir' in your knife.rb. Will use #{dir} as a default"
       dir
     end
@@ -120,7 +120,7 @@ module Ironfan
       if Chef::Config.ec2_key_dir
         return Chef::Config.ec2_key_dir
       else
-        dir = "#{ENV['HOME']}/.chef/ec2_keys"
+        dir = "#{ENV['HOME']}/.chef/credentials/ec2_keys"
         warn "Please set 'ec2_key_dir' in your knife.rb. Will use #{dir} as a default"
         dir
       end

data/lib/ironfan/server.rb

@@ -37,7 +37,7 @@ module Ironfan
     end
 
     def servers
-      Ironfan::ServerGroup.new(cluster, [self])
+      Ironfan::ServerSlice.new(cluster, [self])
     end
 
     def bogosity val=nil
@@ -101,6 +101,10 @@ module Ironfan
       @tags[key]
     end
 
+    def chef_server_url()        Chef::Config.chef_server_url        ; end
+    def validation_client_name() Chef::Config.validation_client_name ; end
+    def validation_key()         Chef::Config.validation_key         ; end
+    def organization()           Chef::Config.organization           ; end
     #
     # Resolve:
     #
@@ -113,19 +117,18 @@ module Ironfan
       cloud.reverse_merge!(cluster.cloud)
       #
       cloud.user_data({
-          :chef_server            => Chef::Config.chef_server_url,
-          :validation_client_name => Chef::Config.validation_client_name,
+          :chef_server            => chef_server_url,
+          :validation_client_name => validation_client_name,
           #
           :node_name              => fullname,
+          :organization           => organization,
           :cluster_name           => cluster_name,
           :facet_name             => facet_name,
           :facet_index            => facet_index,
           #
-          :run_list               => run_list,
+          :run_list               => combined_run_list,
         })
       #
-      if client_key.body then cloud.user_data({ :client_key     => client_key.body, })
-      else                    cloud.user_data({ :validation_key => cloud.validation_key }) ; end
       cloud.keypair(cluster_name) if cloud.keypair.nil?
       #
       self

data/lib/ironfan/server_slice.rb

@@ -33,6 +33,17 @@ module Ironfan
         ServerSlice.new cluster, @servers.send(method, *args, &block)
       end
     end
+    # true if slice contains a server with the given fullname (if arg is a
+    # string) or same fullname as the given server (if a Server)
+    #
+    # @overload include?(server_fullname)
+    #   @param [String] server_fullname checks for a server with that fullname
+    # @overload include?(server)
+    #   @param [Ironfan::Server] server checks for server with same fullname
+    def include?(server)
+      fullname = server.is_a?(String) ? server : server.fullname
+      @servers.any?{|svr| svr.fullname == fullname }
+    end
 
     # Return the collection of servers that are not yet 'created'
     def uncreated_servers

data/notes/Home.md

@@ -0,0 +1,30 @@
+## Overview
+
+The ironfan project is an expressive toolset for constructing scalable, resilient architectures. It works in the cloud, in the data center, and on your laptop, and makes your system diagram visible and inevitable. 
+
+### Code, documentation and support:
+
+Ironfan consists of the following:
+
+* [ironfan-homebase](https://github.com/infochimps-labs/ironfan-homebase): centralizes the cookbooks, roles and clusters. A solid foundation for any chef user.
+* [ironfan gem](https://github.com/infochimps-labs/ironfan):
+  - core models to describe your system diagram with a clean, expressive domain-specific language
+  - knife plugins to orchestrate clusters of machines using simple commands like `knife cluster launch`
+  - logic to coordinate truth among chef server and cloud providers.
+* [ironfan-pantry](https://github.com/infochimps-labs/ironfan-pantry): Our collection of industrial-strength, cloud-ready recipes for Hadoop, HBase, Cassandra, Elasticsearch, Zabbix and more.
+* [silverware cookbook](https://github.com/infochimps-labs/ironfan-homebase/tree/master/cookbooks/silverware): coordinate discovery of services ("list all the machines for `awesome_webapp`, that I might load balance them") and aspects ("list all components that write logs, that I might logrotate them, or that I might monitor the free space on their volumes".
+* [ironfan-ci](https://github.com/infochimps-labs/ironfan-ci): Continuous integration testing of not just your cookbooks but your *architecture*.
+
+* [ironfan wiki](https://github.com/infochimps-labs/ironfan/wiki): high-level documentation and install instructions
+* [ironfan issues](https://github.com/infochimps-labs/ironfan/issues): bugs, questions and feature requests for *any* part of the ironfan toolset.
+* [ironfan gem docs](http://rdoc.info/gems/ironfan): rdoc docs for ironfan
+
+Please file all issues on [ironfan issues](https://github.com/infochimps-labs/ironfan/issues).
+
+## Table of Contents
+
+@sya please complete
+
+
+* [INSTALL](https://github.com/infochimps-labs/ironfan/wiki/INSTALL) -- How to get started
+* ...

data/notes/INSTALL-cloud_setup.md

@@ -0,0 +1,100 @@
+## Credentials
+
+* make a credentials repo
+  - copy the knife/example-credentials directory
+  - best to not live on github: use a private server and run
+   
+    ``` 
+    repo=ORGANIZATION-credentials ; repodir=/gitrepos/$repo.git ; mkdir -p $repodir ; ( GIT_DIR=$repodir git init --shared=group --bare  && cd $repodir && git --bare update-server-info && chmod a+x hooks/post-update ) 
+    ```
+    
+  - git submodule it into knife as `knife/yourorg-credentials`
+  - or, if somebody has added it,
+  
+    ```
+    git pull
+    git submodule update --init
+    find . -iname '*.pem' -exec chmod og-rw {} \;
+    cp knife/${OLD_CHEF_ORGANIZATION}-credentials/knife-user-${CHEF_USER}.rb knife/${CHEF_ORGANIZATION}-credentials
+    cp knife/${OLD_CHEF_ORGANIZATION}-credentials/${CHEF_USER}.pem knife/${CHEF_ORGANIZATION}-credentials/
+    ```
+    
+* create AWS account
+  - [sign up for AWS + credit card + password]
+  - make IAM users for admins
+  - add your IAM keys into your {credentials}/knife-user
+
+* create opscode account
+  - download org keys, put in the credentials repo
+
+## Populate Chef Server
+
+* create `prod` and `dev` environments by using 
+  ```
+  knife environment create dev
+  knife environment create prod
+  knife environment from file environments/dev.json
+  knife environment from file environments/prod.json
+  ```
+
+  ```ruby
+  knife cookbook upload --all
+  rake roles 
+  # if you have data bags, do that too
+  ```
+
+## Create Your Initial Machine Boot-Image (AMI)
+
+* Start by launching the burninator cluster: `knife cluster launch --bootstrap --yes burninator-trogdor-0`
+  - You may have to specify the template by adding this an anargument: `--template-file ${CHEF_HOMEBASE}/vendor/ironfan/lib/chef/knife/bootstrap/ubuntu10.04-ironfan.erb`
+  - This template makes the machine auto-connect to the server upon launch and teleports the client-key into the machine.
+  - If this fails, bootstrap separately: `knife cluster bootstrap --yes burninator-trogdor-0`
+
+* Log into the burninator-trogdor and run the script /tmp/burn_ami_prep.sh: `sudo bash /tmp/burn_ami_prep.sh`
+  - You will have to ssh as the ubuntu user and pass in the burninator.pem identity file.
+  - Review the output of this script and ensure the world we have created is sane.
+
+* Once the script has been run:
+  - Exit the machine.
+  - Go to AWS console.
+  - DO NOT stop the machine.
+  - Do "Create Image (EBS AMI)" from the burninator-trogdor instance (may take a while).
+
+* Add the AMI id to your `{credentials}/knife-org.rb` in the `ec2_image_info.merge!` section and create a reference name for the image (e.g ironfan-natty).
+  - Add that reference name to the burninator-village facet in the burninator.rb cluster definition: `cloud.image_name 'ironfan_natty'`
+
+* Launch the burninator-village in order to test your newly created AMI.
+  - The village should launch with no problems, have the correct permissions and be able to complete a chef run: `sudo chef-client`.
+  
+* If all has gone well so far, you may now stop the original burninator: `knife cluster kill burninator-trogdor`
+  - Leave the burninator-village up and stay ssh'ed to assist with the next step.
+
+## Create an NFS
+
+* Make a command/control cluster definition file with an nfs facet (see clusters/demo_cnc.rb).
+  - Make sure specify the `image_name` to be the AMI you've created.
+
+* In the AWS console make yourself a 20GB drive. 
+  - Make sure the availability zone matches the one specified in your cnc_cluster definition file. 
+  - Don't choose a snapshot. 
+  - Set the device name to `/dev/sdh`.
+  - Attach to the burninator-village instance.
+
+* ssh in to burninator-village to format the nfs drive:
+```
+  dev=/dev/xvdh ; name='home_drive' ; sudo umount $dev ; ls -l $dev ; sudo mkfs.xfs $dev ; sudo mkdir /mnt/$name ; sudo mount -t xfs $dev /mnt/$name ; sudo bash -c "echo 'snapshot for $name burned on `date`' > /mnt/$name/vol_info.txt "
+  sudo cp -rp /home/ubuntu /mnt/$name/ubuntu
+  sudo umount /dev/xvdh
+  exit
+```
+* Back in the AWS console, snapshot the volume and name it {org}-home_drive. Delete the original volume as it is not needed anymore.
+  # While you're in there, make {org}-resizable_1gb a 'Minimum-sized snapshot, resizable -- use xfs_growfs to resize after launch' snapshot.
+  
+* Paste the snapshot id into your cnc_cluster definition file. 
+  - ssh into the newly launched cnc_cluster-nfs.
+  - You should restart the machine via the AWS console (may or may not be necessary, do anyway).
+
+* Manipulate security groups
+  - nfs_server group should open all UDP ports and all TCP ports to nfs_client group
+
+* Change /etc/ssh/sshd_config to be passwordful and restart the ssh service