Lawrence has done wonderful things over the years with Creative Commons.

http://www.punpunthailand.org

This is a wonderful talk from Ron Finley about ‘guerilla gardening’. Let’s get to planting, people!

If you are not aware, there are thousands of machine instances running in AWS and Amazon only has a limited number of IPv4 addresses in their block(s), so all of the virtual machines are provided with DHCP addresses via NAT inside Amazon’s network. This means that most of the time when you reboot an instance it will come up with a new IP address/hostname, so the setup described below not only provides us with an easy to remember hostname, it also dynamically updates our Route53 DNS with the new hostname provided by Amazon. One other reason you might use the information here is that Amazon limits the number of Elastic IPs that you receive with your account (5). You can request more, but with this setup and/or utilizing Elastic Load Balancing (ELB) you won’t need to.

We are also going to make sure our script we use to update our DNS information uses the Name tag of the instance for the hostname. This is a great way to set hostnames automatically with configuration management or your preferred tool for provisioning. I use salt-cloud to spin up instances and it automatically sets the Name tag to the name you provide when initiating your instance. Perhaps there will be a post here about salt-cloud in the future.

It should be noted that the info below is specific to CentOS instances. With a little massaging this can easily be adapted to your distribution of choice. Let’s get started.

First things first…Setup Route53 as your DNS Provider

If you are a very large organization, you might only want to delegate a subdomain to Route53. To do that, go here for direction to make this happen.

If you are wanting Route53 to handle everything for your domain, it’s super easy to setup as well. Go here for easy instructions on how to do this.

Setup IAM role and permissions for updating Route53

We will want to setup a new user and group in IAM that will have specific permissions to update our DNS and read our Name tag. Let’s create a group in IAM first. I called my group dns-admin, but feel free to name your group whatever you want as long as you can remember what the group is for. When you are creating the group, select “No Permissions” in the wizard when it asks about setting a policy. Once you have the group created you need to add two policies to it. The first policy described here is to give any user within the dns-admin group permission to read the tags associated with an instance. Remember, we are going to use the Name tag of our instance to set our hostname. The second policy will be used to give permissions to update Route53 with the correct information.

So, select the group you just created and go to the “Permissions” tab. You will see a button to “Attach a Policy”. Click it and select “Custom Policy”. For the policy name, I used ‘describe-tags’ for my first policy. In the policy document area you will want to copy and paste the text from below:

{
  "Statement": [
    {
      "Sid": "Stmt1358183399710",
      "Action": [
        "ec2:DescribeTags"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}

Repeat the above process, but this time name your policy ‘edit-dns’ and copy and paste the text from below in the policy document form field. NOTE: Make sure you change the text where it says YOUR_ZONE_ID with the zone id for the domain you are using in Route53. To get the ID, just go to the Route53 web console, select the domain zone and you will see the Hosted Zone ID number in the right side column.

{
   "Statement":[
      {
         "Action":[
            "route53:ChangeResourceRecordSets",
            "route53:GetHostedZone",
            "route53:ListResourceRecordSets"
         ],
         "Effect":"Allow",
         "Resource":[
            "arn:aws:route53:::hostedzone/YOUR_ZONE_ID"
         ]
      },
      {
         "Action":[
            "route53:ListHostedZones"
         ],
         "Effect":"Allow",
         "Resource":[
            "*"
         ]
      }
   ]
}

Now, let’s create the user that we will add to this group. I named my user the same as my group, ‘dns-admin’. You will be asked to download the credentials/keys for this user as soon as you create the user. If you’ve created users before, you know that this is the ONLY time you get this information, so make sure you download it and keep it safe. We will need these keys in a minute.
Once you download your keys, add the user to the group we just created and we are done with IAM.

Fire up an instance

Once you have Route53 and your IAM user/group setup to use with your domain, fire up and instance using your base AMI. I’m sure you already have a base AMI that you configure with an init script or perhaps configuration management tools like Salt, Puppet or Chef. Right?

After your instance comes up we need to log into the instance and grab the tools that we will utilize in our scripts.

Tools we need

• cli53 – https://github.com/barnybug/cli53
• ec2 API Tools – http://aws.amazon.com/developertools/351
• ec2-metadata – http://aws.amazon.com/code/1825

Install and configure cli53

cli53 is a great tool that interfaces easily with the Route53 API, making it easy to do updates. The easiest way to install cli53 is to just use ‘pip’. On CentOS machines, pip’s executable is ‘pip-python’. Other distributions just use the name ‘pip’. Run the following command to check if the ‘python-pip’ package is installed. If it’s not, the command will install it for you.

command -v pip-python >/dev/null 2>&1 || { yum install -y python-pip; }

Now, the command to install ‘cli53′ using pip.

pip-python install cli53

Now, let’s configure the cli53 tool with our AWS keys and other settings. We will create the the file ‘/etc/route53/config’ and enter the details there. Enter the following to create the file and set permissions correctly:

mkdir /etc/route53; chmod 700 /etc/route53; touch /etc/route53/config; chmod 600 /etc/route53/config

Paste the following in the ‘/etc/route52/config’ file. Make sure to replace the text within the quotes for each setting with your own keys, domain/subdomain and TTL. I use a very short TTL because sometimes instances will be initiated and shortly thereafter rebooted. Use the keys that you downloaded earlier when we created the ‘dns-admin’ user in IAM.

# Set access and secret key of a user that 
#only has access to the following AWS objects/privileges:
#"ec2:DescribeTags"
#"route53:ChangeResourceRecordSets",
#"route53:GetHostedZone",
#"route53:ListResourceRecordSets"
#"route53:ListHostedZones"

AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY_ID_HERE"
AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY_HERE"
ZONE="THE_NAME_OF_YOUR_DOMAIN_OR_SUBDOMAIN"
TTL="30"

Install and configure ec2 API Tools

The ec2 API tools require Java. The application servers I use require Oracle’s Java, so I bake that into my base AMI. Therefore my $JAVA_HOME env variable is set accordingly. Just make sure that if you use the openjdk or jre, that you point $JAVA_HOME to the correct place in the config below. So, install java however you like and then continue on.

Run the following commands to install the API tools to /opt/aws

mkdir -p /opt/aws
wget --q http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
unzip -qq ec2-api-tools.zip
rsync -a --no-o --no-g ec2-api-tools-*/ /opt/aws/

Make sure to add ‘/opt/aws’ to your PATH and set the following env variables. You can do so by editing or creating the file ‘/etc/profile.d/aws.sh’ and adding the following:

export EC2_HOME=/opt/aws/ec2
for i in $EC2_HOME
do
  PATH=$i/bin:$PATH
done
PATH=/opt/aws/:$PATH

source /etc/profile.d/aws.sh

Also, as mentioned above, make sure the $JAVA_HOME is set. I do this by creating the file ‘/etc/profile.d/java.sh’ and adding the following for Oracle Java:

JAVA_HOME=/usr/java/default
export JAVA_HOME

Install and configure ec2-metadata

The only thing we have to do to install ‘ec2-metadata’ is to download it from the link above, place it in ‘/opt/aws’ and make it executable. That’s it!

cd /opt/aws
wget -q http://s3.amazonaws.com/ec2metadata/ec2-metadata
chmod +x ec2-metadata

Create the script to update Route53 and set hostname

Next on our list is to create the script we will use that will update Route53 and set our hostname based on the Name tag of our instance. Create the file /usr/sbin/update-dns-route53 and paste the script printed below into the file. Make sure to replace the YOUR_DOMAIN_HERE text with the domain you are using. Also, make the file executable after saving it.

#!/bin/sh
 
#This script will get the Name tag of the instance from EC2 and apply it both as a CNAME record
#in Route53 for the specified domain below and update the hostname on the machine and
#in the hosts file.
 
# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
 
# Load configuration
. /etc/route53/config
. /etc/profile.d/java.sh
. /etc/profile.d/aws.sh
 
# Export access key ID and secret for our tools
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
 
# Replace this with your domain
DOMAIN=YOUR_DOMAIN_HERE
 
HOSTNAME=$(/opt/aws/ec2/bin/ec2-describe-tags \
  --filter "resource-type=instance" \
  --filter "resource-id=$(/opt/aws/ec2-metadata -i | cut -d ' ' -f2)" \
  --filter "key=Name" | cut -f5)
 
IPV4=`/usr/bin/curl -s http://169.254.169.254/latest/meta-data/public-ipv4`
 
# Set the host name
/bin/hostname $HOSTNAME.$DOMAIN
echo $HOSTNAME.$DOMAIN > /etc/hostname
 
# Set host name on Red Hat variants
/bin/sed -i '/HOSTNAME/d' /etc/sysconfig/network
echo HOSTNAME=$HOSTNAME.$DOMAIN >> /etc/sysconfig/network
 
# Add fqdn to hosts file
/bin/cat<<EOF > /etc/hosts
# This file is automatically genreated by /usr/sbin/update-route53-dns script
127.0.0.1 localhost
$IPV4 $HOSTNAME.$DOMAIN $HOSTNAME
 
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
EOF
 
# Use command line scripts to get public hostname
PUBLIC_HOSTNAME=$(/opt/aws/ec2-metadata | grep 'public-hostname:' | cut -d ' ' -f 2)
 
# Create a new CNAME record on Route 53, replacing the old entry if nessesary
/usr/bin/cli53 rrcreate "$ZONE" "$HOSTNAME" CNAME "$PUBLIC_HOSTNAME" --replace --ttl "$TTL"

Now that we have our script, we will want to run it at boot time every time the instance is started. To do that, let’s put the following in ‘/etc/rc.local’

/bin/bash /usr/sbin/update-route53-dns 1> /tmp/updatedns 2>&1

Create ‘delete-dns-route53′ script and initscript

So, we’ll want to delete these entries each time the machine shuts down, so we need a delete script, too. Create a new file ‘/usr/sbin/delete-dns-route53′ and paste the following into it. Also, make sure to make the file executable after saving it.

#!/bin/sh
 
# This script will delete the hostname from Route53 on shutdown of the machine
#
 
# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
 
# Load configuration
. /etc/route53/config
. /etc/profile.d/java.sh
. /etc/profile.d/aws.sh
 
# Export access key ID and secret for our tools
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
 
HOSTNAME=$(/opt/aws/ec2/bin/ec2-describe-tags \
  --filter "resource-type=instance" \
  --filter "resource-id=$(/opt/aws/ec2-metadata -i | cut -d ' ' -f2)" \
  --filter "key=Name" | cut -f5)
 
# Delete the hostname from DNS on shutdown
/usr/bin/cli53 rrdelete "$ZONE" "$HOSTNAME"

We want to make sure this delete script runs every time the machine is powered down, because every single time it’s powered down, could be it’s last and we don’t want our zone to become full of obsolete entries. Create the file ‘/etc/init.d/removednsfromroute53′ and add paste the following text in it:

#!/bin/bash
 
# chkconfig: 35 10 10
# description: Removed DNS entries from Route53
#              
 
. /etc/init.d/functions
lockfile=/var/lock/subsys/removednsfromroute53
 
case "$1" in
    start)
        touch $lockfile
        ;;
    stop)
        /usr/sbin/delete-dns-route53 1> /tmp/deletedns 2>&1
        rm -f $lockfile
        ;;
    restart)
        $0 stop
        $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
        ;;
esac
 
exit 0

As you can see, we call the ‘delete-dns-route53′ script within the init script.
Now, add it to the correct runlevels by issuing the following command:

chkconfig --add removednsfromroute53

Well, there you have it…short and sweet, right? You might now want to create a new AMI based on this instance for your new base image. Moving forward if you spin up your instances with a Name tag, the name within the tag will be set as the hostname, the hosts file will be updated and a new CNAME will be created within Route53. Get DNS’ing…or something like that!

Want more information on holistic management. Go here: http://holisticmanagement.org/

For those of you that don’t know what permaculture is, the definition of it changes ever so slightly depending on the person you are talking to in the ever growing community, but I particularly like this one:

per·ma·cul·ture /ˈpərməˌkəlCHər/
Noun:

Permaculture is the study of the design of those sustainable or enduring systems that support human society, both agricultural & intellectual, traditional & scientific, architectural, financial & legal. It is the study of integrated systems, for the purpose of better design & application of such systems.

At it’s core, permaculture adheres to three ethics:

• Earth care
• People care
• Fair share

There are also twelve design principles involved. You can see in the graphic below the three ethics in the middle and the twelve design principles circling them.

The importance of all of this cannot be stressed enough. Trust me that when I say that you will be infected by knowledge, ideas, process and action once you really start to educate yourself on all of these things. During your education, self or otherwise, you will see examples of changing landscapes at massive scale that will invigorate you to no end. You will see how simple observation and small actions can lead to major change. You will ask yourself, “Why hasn’t anyone pointed all of this out to me before?”. There will be a lot of moments where dots that were seemingly at odds, connect. There will be what I like to call “lightbulb” moments happening at every page turn of a book on the subject, every click on a permaculture topic, or every video you take in.

A lot of what I will post here will be targeted at people who don’t necessarily have a lot of land to work with. In essence, small scale permaculture that you can practice nearly anywhere. There will be some posts in the future about large scale regenerative design, but for now we’ll get everyone excited about designing and creating these systems in neighborhoods and small lots. Some of these resources will be posted just to get you excited and to show you what is possible by utilizing permaculture to it’s fullest extent. This isn’t an exhaustive list by any means, but one to get you motivated and taking action in your local community. For instance, I’ve not listed the original Permaculture: Designers Manual book by one of the founders of permaculture, Bill Mollison. As it suggests, the manual is a textbook and will be a huge resource for you in the future, but for now let’s get you motivated!

Permaculture resources to help get started

Video

• Redesigning Civilization — with Permaculture
• Green Gold – Documentary by John D. Liu
• Peter Bane – How I’m Preparing for the Local Future: Permaculture
• Permaculture Research Institute Zaytuna Farm Tour – Apr/May 2012 w/ Geoff Lawton
• Farming with Nature – A Case Study of Successful Temperate Permaculture w/ Sepp Holzer
• Mark Shepard on Restoration Agriculture
• Permaculture Keyline Water Systems: Don Tipping @ Seven Seeds Farm
• Establishing a Food Forest the Permaculture Way
• Backyard Permaculture
• The Agro Rebel w/ Sepp Holzer

Books

• Gaia’s Garden, Second Edition: A Guide To Home-Scale Permaculture
• Permaculture: Principles and Pathways Beyond Sustainability
• The One-Straw Revolution: An Introduction to Natural Farming (New York Review Books Classics)
• The Vegetable Gardener’s Guide to Permaculture: Creating an Edible Ecosystem
• Restoration Agriculture: Perennial Permaculture for the Farm
• The Resilient Farm and Homestead: An Innovative Permaculture and Whole Systems Design Approach
• Paradise Lot: Two Plant Geeks, One-Tenth of an Acre, and the Making of an Edible Garden Oasis in the City

Websites

• Permaculture: Wikipedia Entry
• The Permaculture Institute
• Permaculture Principles
• Bill Mollison: Co-developer of permaculture
• David Holmgren: Co-developer of permaculture
• Edible Forest Gardens w/ Dave Jacke
• Permaculture forums at permies.com
• Worldwide Permaculture Network

Permaculture design courses

• I must point out that one of the quickest ways to dive straight in is to take a permaculture design course (PDC). These are intensive training courses taught by people who themselves at some point took a PDC and have a lot of information and knowledge to share. If you are looking to take a course near middle Tennessee, my good friends Cliff Davis, Jennifer Albanese and Jessie Smith have courses setup quite frequently. You can visit Cliff and Jen’s family business website here to register for a course: Spiral Ridge Permaculture

  Below you can find a list of other places that you can take a permaculture design course.

• Whole Systems Design – Vermont
• Siskiyou Permaculture – Oregon
• Midwest Permaculture – Illinois
• Regenerative Design Institute – Northern California

There are a number of other places offering permaculture design courses. If you don’t see one in your area listed here, just search around and you will find one. If you run a course and want it listed here, please contact me.

I genuinely hope that the information here moves you to action. I know that nearly everyone I introduce these concepts to becomes engulfed with them. I’m quite available for your questions and love to share information.
Do you have some resources that I should post here? Contact me, let me know and I will add it.

I’ve written about Open Source Ecology a while back. I think it’s a super important project and I’m always keeping up with how things are progressing. They’ve recently created this video in hopes of landing a $100k prize from the Focus Forward competition. Enjoy the video and please vote if you enjoy what they are doing.

Last week we were out driving trying to find a possible site for our eco-village. A cold front was coming from the north and could be spotted through this hollow.