当前位置: 首页 > news >正文

aws(学习笔记第十五课) 如何从灾难中恢复(recover)

news 2024/12/1 13:02:09

aws(学习笔记第十五课)

  • 如何从灾难中恢复

学习内容:

  • 使用CloudWatch对服务器进行监视与恢复
  • 区域(region),可用区(available zone)和子网(subnet)
  • 使用自动扩展(AutoScalingGroup)

1. 使用CloudWatch对服务器进行监视与恢复

  1. 整体架构
    这里模拟Jenkins Server在灾难时候,可以由AWS Cloudwatch Alarm监视到,之后将其recover
    在这里,elastic ip定义了,并且将其指向了Jenkins Server。为什么平时没有使用elastic ip,这里特意使用它呢。
    因为默认如果让AWS自动配置给ec2internet ip,都是临时的ip,每次ec2实例重启了之后,都会重新分配ip。但是作为Jenkins Server来使用,并且一旦从灾难中recover之后,ip address变化的话,运用起来将会特别不方便。

在这里插入图片描述
2. 代码解析

  • 代码
    {"AWSTemplateFormatVersion": "2010-09-09","Description": " (Jenkins (CI server) running on EC2 with AWS CloudWatch recovery)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"},"JenkinsAdminPassword": {"Description": "Password for Jenkins admin user","Type": "String","AllowedPattern" : "[a-zA-Z0-9]*","MinLength" : "8","MaxLength" : "42"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7"}}},"Resources": {"VPC": {"Type": "AWS::EC2::VPC","Properties": {"EnableDnsSupport": "true","EnableDnsHostnames": "true","CidrBlock": "10.0.0.0/16","Tags": [{"Key": "Name","Value": "jenkins-recovery"}]}},"Subnet": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","Tags": [{"Key": "Name","Value": "jenkins-recovery"}]}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {"Tags": [{"Key": "Name","Value": "jenkins-recovery"}]}},"GatewayToInternet": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"RouteTable": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-recovery"}]}},"InternetRoute": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTable"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "GatewayToInternet"			},"RouteTableAssociation": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "Subnet"},"RouteTableId": {"Ref": "RouteTable"}}},"NetworkAcl": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-recovery"}]}},"NetworkAceSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "22","To": "22"}}},"NetworkAceJenkinsHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "11","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "8080","To": "8080"}}},"NetworkAceNTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "20","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "123","To": "123"}}},"NetworkAceICMP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "30","Protocol": "1","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","Icmp": {"Code": "-1","Type": "-1"}}},"NetworkAceHighPortsTCP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "40","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceHighPortsUDP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "41","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceEgress": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "-1","RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0","PortRange": {"From": "0","To": "65535"}}},"NetworkAclAssociation": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "Subnet"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"SecurityGroup": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "SecurityGroupforjenkins","VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-recovery"}],"SecurityGroupIngress": [{"IpProtocol": "tcp","FromPort": "22","ToPort": "22","CidrIp": "0.0.0.0/0"},{"IpProtocol": "tcp","FromPort": "8080","ToPort": "8080","CidrIp": "0.0.0.0/0"},{"IpProtocol": "icmp","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0"}]}},"ElasticIP": {"Type": "AWS::EC2::EIP","Properties": {"InstanceId": {"Ref": "Server"},"Domain": "vpc"},"DependsOn": "GatewayToInternet"},"Server": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"SecurityGroupIds": [{"Ref": "SecurityGroup"}],"SubnetId": {"Ref": "Subnet"},"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","wget http://pkg.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm\n","rpm --install jenkins-1.616-1.1.noarch.rpm\n","sed -i -e 's/JENKINS_ARGS=\\\"\\\"/JENKINS_ARGS=\\\"--argumentsRealm.passwd.admin=", {"Ref": "JenkinsAdminPassword"}, " --argumentsRealm.roles.admin=admin\\\"/g' /etc/sysconfig/jenkins\n","echo \"<?xml version='1.0' encoding='UTF-8'?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class=\\\"hudson.security.FullControlOnceLoggedInAuthorizationStrategy\\\"/><securityRealm class=\\\"hudson.security.LegacySecurityRealm\\\"/></hudson>\" > /var/lib/jenkins/config.xml\n","service jenkins start\n"]]}},"Tags": [{"Key": "Name","Value": "jenkins-recovery"}]},"DependsOn": "GatewayToInternet"},"RecoveryAlarm": {"Type": "AWS::CloudWatch::Alarm","Properties": {"AlarmDescription": "Recover server when underlying hardware fails.","Namespace": "AWS/EC2" ,"MetricName": "StatusCheckFailed_System","Statistic": "Minimum","Period": "60","EvaluationPeriods": "5","ComparisonOperator": "GreaterThanThreshold","Threshold": "0","AlarmActions": [{"Fn::Join": ["", ["arn:aws:automate:", { "Ref": "AWS::Region"}, ":ec2:recover"]]}],"Dimensions": [{"Name": "InstanceId", "Value": {"Ref": "Server"}}]}}},"Outputs": {"JenkinsURL": {"Description": "URL to access web interface of Jenkins server.","Value": {"Fn::Join": ["", ["http://", {"Ref": "ElasticIP"}, ":8080"]]}},"User": {"Description": "Administrator user for Jenkins.","Value": "admin"},"Password": {"Description": "Password for Jenkins administrator user.","Value": {"Ref": "JenkinsAdminPassword"}}}
}
  • 分析
    • 这里使用了AWS:CloudWatch:Alarm,如下所示。
      "RecoveryAlarm": {"Type": "AWS::CloudWatch::Alarm","Properties": {"AlarmDescription": "Recover server when underlying hardware fails.","Namespace": "AWS/EC2" ,"MetricName": "StatusCheckFailed_System","Statistic": "Minimum","Period": "60","EvaluationPeriods": "5","ComparisonOperator": "GreaterThanThreshold","Threshold": "0","AlarmActions": [{"Fn::Join": ["", ["arn:aws:automate:", { "Ref": "AWS::Region"}, ":ec2:recover"]]}],"Dimensions": [{"Name": "InstanceId", "Value": {"Ref": "Server"}}]}}
      这里,设置了AWS::CloudWatch::Alarm,每隔60秒检查下ec2的状态,如有ec2有问题,那么使用arn:aws:automate:进行在其他的Available Zone恢复,但是这里无法让ec2 server模拟出问题的场合,所以这里不能实际上让arn:aws:automate:ec2:recover发生。

2. 区域(region),可用区(available zone)和子网(subnet)

  1. 区域(region),可用区(available zone)
    • 一个区域(region)里面,包含多个可用区(available zone),每个可用区(available zone)有多个数据中心(DataCenter)。
    • 不同区域(region)的之间通过低延时的链路链接。可以想象,在同一个region的服务之前的网络延时会非常小。
      在这里插入图片描述
  2. 全球性的服务跨多个区域
    • 各种服务的不同区域
      在这里插入图片描述
  3. VPC,区域(region)以及子网(subnet
    • VPC一定会属于一个区域(region
    • 子网(subnet)一定属于一个可用区(Availibility Zone
      在这里插入图片描述

3. 使用自动扩展(AutoScalingGroup)

  1. 使用自动扩展(AutoScalingGroup),可以保证执行数量的虚拟服务器一直运行。

    • 代码
      {"AWSTemplateFormatVersion": "2010-09-09","Description": "(Jenkins (CI server) running with Auto Scaling Group over multiple AZs)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"},"JenkinsAdminPassword": {"Description": "Password for Jenkins admin user","Type": "String","AllowedPattern" : "[a-zA-Z0-9]*","MinLength" : "8","MaxLength" : "42"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7"}}},"Resources": {"VPC": {"Type": "AWS::EC2::VPC","Properties": {"EnableDnsSupport": "true","EnableDnsHostnames": "true","CidrBlock": "10.0.0.0/16","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetA": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetB": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["1", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"GatewayToInternet": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"RouteTable": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetRoute": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTable"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "GatewayToInternet"},"RouteTableAssociationA": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"RouteTableId": {"Ref": "RouteTable"}}},"RouteTableAssociationB": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"RouteTableId": {"Ref": "RouteTable"}}},"NetworkAcl": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"NetworkAceSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "22","To": "22"}}},"NetworkAceJenkinsHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "11","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "8080","To": "8080"}}},"NetworkAceNTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "20","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "123","To": "123"}}},"NetworkAceICMP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "30","Protocol": "1","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","Icmp": {"Code": "-1","Type": "-1"}}},"NetworkAceHighPortsTCP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "40","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceHighPortsUDP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "41","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceEgress": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "-1","RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0","PortRange": {"From": "0","To": "65535"}}},"NetworkAclAssociationA": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"NetworkAclAssociationB": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"SecurityGroupJenkins": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "SecurityGroupforjenkins","VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}],"SecurityGroupIngress": [{"IpProtocol": "tcp","FromPort": "22","ToPort": "22","CidrIp": "0.0.0.0/0"},{"IpProtocol": "tcp","FromPort": "8080","ToPort": "8080","CidrIp": "0.0.0.0/0"},{"IpProtocol": "icmp","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0"}]}},"LaunchTemplate": {"Type": "AWS::EC2::LaunchTemplate","Properties": {"LaunchTemplateName": "LaunchTemplate","LaunchTemplateData":{"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"KeyName": {"Ref": "KeyName"},"NetworkInterfaces":[{"DeviceIndex":0,"AssociatePublicIpAddress":true,"Groups":[{"Ref": "SecurityGroupJenkins"}],"DeleteOnTermination":true}],"InstanceType": "t2.micro","UserData": {"Fn::Base64": {"Fn::Join": ["",["#!/bin/bash -ex\n","wget http://pkg.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm\n","rpm --install jenkins-1.616-1.1.noarch.rpm\n","sed -i -e 's/JENKINS_ARGS=\\\"\\\"/JENKINS_ARGS=\\\"--argumentsRealm.passwd.admin=", {"Ref": "JenkinsAdminPassword"}, " --argumentsRealm.roles.admin=admin\\\"/g' /etc/sysconfig/jenkins\n","echo \"<?xml version='1.0' encoding='UTF-8'?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class=\\\"hudson.security.FullControlOnceLoggedInAuthorizationStrategy\\\"/><securityRealm class=\\\"hudson.security.LegacySecurityRealm\\\"/></hudson>\" > /var/lib/jenkins/config.xml\n","service jenkins start\n"]]}}}}},"AutoScalingGroup": {"Type": "AWS::AutoScaling::AutoScalingGroup","Properties": {"LaunchTemplate" : {"LaunchTemplateId" : {"Ref" : "LaunchTemplate"},"Version" : {"Fn::GetAtt" : ["LaunchTemplate","LatestVersionNumber"]}},"Tags": [{"Key": "Name","Value": "jenkins-multiaz","PropagateAtLaunch": true}],"DesiredCapacity": 1,"MinSize": 1,"MaxSize": 1,"VPCZoneIdentifier": [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}],"HealthCheckGracePeriod": 600,"HealthCheckType": "EC2"},"DependsOn": "GatewayToInternet"}}
}
    • 代码解析
      • AutoScalingGroup设定了两个subnet,可以在一个subnetEC2 server出现问题的时候,在另一个subnet启动另一个EC2 server
        在这里插入图片描述
      • subnet Asubnet B
        每个subnet都在不同的Availability Zone
        在这里插入图片描述
    • 创建一个jenkins task
      在这里插入图片描述
    • 删除jenkins实例
      在这里插入图片描述
    • 检测Auto Scaling Group的动作
      可以看到Auto Scaling Group会马上启动另一个EC2 server来支持jenkins服务。

    在这里插入图片描述
    注意,这里,IP地址和建立的jenkins task都已经没有了,接下来解决两个问题。

  2. 使用AMI进行恢复。

    • 在现在的jenkins server上建立task
      在这里插入图片描述
    • 对当前的jenkins server保存镜像
      Dell@DESKTOP-DHMQMJG MINGW64 ~/.ssh
$ aws ec2 create-image --instance-id i-05593a7ba7b94e566 --name jenkins-multiaz
{"ImageId": "ami-01ed9b718c5a467c4"
}
    • cloudformation进行更新
      *在参数中增加AMISnapshot,稍后更新CloudFormation的时候会选择上面建立的AMI
      在这里插入图片描述

      • cloudformation进行更新,LaunchTemplate里面设定AMI参数

        • 在参数中增加AMISnapshot,稍后更新CloudFormation的时候会选择上面建立的AMI

        在这里插入图片描述

        • cloudformation进行更新
          在这里插入图片描述

      • Cloudformation更新成功
        在这里插入图片描述
        *删除当前的Jenkins server
        在这里插入图片描述

      • 重启之后的jenkins server确认
        可以看到上面建立的jenkins task已经保留过来了,原因是使用了AMI,对当前的EBS进行了保存。
        在这里插入图片描述

    • cloudformation代码
      {"AWSTemplateFormatVersion": "2010-09-09","Description": "AWS in Action: chapter 11 (Jenkins (CI server) running with Auto Scaling Group over multiple AZs)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"},"JenkinsAdminPassword": {"Description": "Password for Jenkins admin user","Type": "String","AllowedPattern" : "[a-zA-Z0-9]*","MinLength" : "8","MaxLength" : "42"},"AMISnapshot": {"Description": "AMI ID to start virtual server from.","Type": "String","AllowedPattern" : "[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\r\n\t]*","MinLength" : "1","MaxLength" : "255"}},"Resources": {"VPC": {"Type": "AWS::EC2::VPC","Properties": {"EnableDnsSupport": "true","EnableDnsHostnames": "true","CidrBlock": "10.0.0.0/16","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetA": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetB": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["1", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"GatewayToInternet": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"RouteTable": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetRoute": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTable"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "GatewayToInternet"},"RouteTableAssociationA": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"RouteTableId": {"Ref": "RouteTable"}}},"RouteTableAssociationB": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"RouteTableId": {"Ref": "RouteTable"}}},"NetworkAcl": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"NetworkAceSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "22","To": "22"}}},"NetworkAceJenkinsHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "11","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "8080","To": "8080"}}},"NetworkAceNTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "20","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "123","To": "123"}}},"NetworkAceICMP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "30","Protocol": "1","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","Icmp": {"Code": "-1","Type": "-1"}}},"NetworkAceHighPortsTCP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "40","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceHighPortsUDP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "41","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceEgress": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "-1","RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0","PortRange": {"From": "0","To": "65535"}}},"NetworkAclAssociationA": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"NetworkAclAssociationB": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"SecurityGroupJenkins": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "SecurityGroupforjenkins","VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}],"SecurityGroupIngress": [{"IpProtocol": "tcp","FromPort": "22","ToPort": "22","CidrIp": "0.0.0.0/0"},{"IpProtocol": "tcp","FromPort": "8080","ToPort": "8080","CidrIp": "0.0.0.0/0"},{"IpProtocol": "icmp","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0"}]}},"LaunchTemplate": {"Type": "AWS::EC2::LaunchTemplate","Properties": {"LaunchTemplateName": "LaunchTemplate","LaunchTemplateData":{"ImageId": {"Ref": "AMISnapshot"},"KeyName": {"Ref": "KeyName"},"NetworkInterfaces":[{"DeviceIndex":0,"AssociatePublicIpAddress":true,"Groups":[{"Ref": "SecurityGroupJenkins"}],"DeleteOnTermination":true}],"InstanceType": "t2.micro","UserData": {"Fn::Base64": {"Fn::Join": ["",["#!/bin/bash -ex\n","wget http://pkg.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm\n","rpm --install jenkins-1.616-1.1.noarch.rpm\n","sed -i -e 's/JENKINS_ARGS=\\\"\\\"/JENKINS_ARGS=\\\"--argumentsRealm.passwd.admin=", {"Ref": "JenkinsAdminPassword"}, " --argumentsRealm.roles.admin=admin\\\"/g' /etc/sysconfig/jenkins\n","echo \"<?xml version='1.0' encoding='UTF-8'?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class=\\\"hudson.security.FullControlOnceLoggedInAuthorizationStrategy\\\"/><securityRealm class=\\\"hudson.security.LegacySecurityRealm\\\"/></hudson>\" > /var/lib/jenkins/config.xml\n","service jenkins start\n"]]}}}}},"AutoScalingGroup": {"Type": "AWS::AutoScaling::AutoScalingGroup","Properties": {"LaunchTemplate" : {"LaunchTemplateId" : {"Ref" : "LaunchTemplate"},"Version" : {"Fn::GetAtt" : ["LaunchTemplate","LatestVersionNumber"]}},"Tags": [{"Key": "Name","Value": "jenkins-multiaz","PropagateAtLaunch": true}],"DesiredCapacity": 1,"MinSize": 1,"MaxSize": 1,"VPCZoneIdentifier": [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}],"HealthCheckGracePeriod": 600,"HealthCheckType": "EC2"},"DependsOn": "GatewayToInternet"}}
}

  3. 使用elastic IP进行对网络接口进行固定。

    • IP地址每次都要发生变化,还是不理想。
    • 利用elastic IP进行网络接口的固定
    • 修改的代码
      • 设定IamRole
        "IamRole": {"Type": "AWS::IAM::Role","Properties": {"AssumeRolePolicyDocument": {"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": ["ec2.amazonaws.com"]},"Action": ["sts:AssumeRole"]}]},"Path": "/","Policies": [{"PolicyName": "root","PolicyDocument": {"Version": "2012-10-17","Statement": [{"Action": ["ec2:AssociateAddress"],"Resource": ["*"],"Effect": "Allow"}]}}]}},"IamInstanceProfile": {"Type": "AWS::IAM::InstanceProfile","Properties": {"Path": "/","Roles": [{"Ref": "IamRole"}]}},
        在这里插入图片描述
        • LaunchTemplate设定IamRole参数
          这里主要是为了给EC2 server实例设定IamRole,以便EC2 server能够执行aws ec2 associate-address命令,在灾难恢复的时候设定固定的Elastic IP
          在这里插入图片描述
        • 更新cloudformation堆栈
          在这里插入图片描述
          *Elastic IP整体代码
          {"AWSTemplateFormatVersion": "2010-09-09","Description": "AWS in Action: chapter 11 (Jenkins (CI server) running with Auto Scaling Group over multiple AZs)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"},"JenkinsAdminPassword": {"Description": "Password for Jenkins admin user","Type": "String","AllowedPattern" : "[a-zA-Z0-9]*","MinLength" : "8","MaxLength" : "42"},"AMISnapshot": {"Description": "AMI ID to start virtual server from.","Type": "String","AllowedPattern" : "[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\r\n\t]*","MinLength" : "1","MaxLength" : "255"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7"}}},"Resources": {"VPC": {"Type": "AWS::EC2::VPC","Properties": {"EnableDnsSupport": "true","EnableDnsHostnames": "true","CidrBlock": "10.0.0.0/16","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetA": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"SubnetB": {"Type": "AWS::EC2::Subnet","Properties": {"VpcId": {"Ref": "VPC"},"AvailabilityZone": {"Fn::Select": ["1", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"GatewayToInternet": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"RouteTable": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"InternetRoute": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTable"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "GatewayToInternet"},"RouteTableAssociationA": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"RouteTableId": {"Ref": "RouteTable"}}},"RouteTableAssociationB": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"RouteTableId": {"Ref": "RouteTable"}}},"NetworkAcl": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}]}},"NetworkAceSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "22","To": "22"}}},"NetworkAceJenkinsHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "11","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "8080","To": "8080"}}},"NetworkAceNTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "20","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "123","To": "123"}}},"NetworkAceICMP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "30","Protocol": "1","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","Icmp": {"Code": "-1","Type": "-1"}}},"NetworkAceHighPortsTCP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "40","Protocol": "6","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceHighPortsUDP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "41","Protocol": "17","RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0","PortRange": {"From": "1024","To": "65535"}}},"NetworkAceEgress": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAcl"},"RuleNumber": "10","Protocol": "-1","RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0","PortRange": {"From": "0","To": "65535"}}},"NetworkAclAssociationA": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetA"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"NetworkAclAssociationB": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetB"},"NetworkAclId": {"Ref": "NetworkAcl"}}},"SecurityGroupJenkins": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "SecurityGroupforjenkins","VpcId": {"Ref": "VPC"},"Tags": [{"Key": "Name","Value": "jenkins-multiaz"}],"SecurityGroupIngress": [{"IpProtocol": "tcp","FromPort": "22","ToPort": "22","CidrIp": "0.0.0.0/0"},{"IpProtocol": "tcp","FromPort": "8080","ToPort": "8080","CidrIp": "0.0.0.0/0"},{"IpProtocol": "icmp","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0"}]}},"IamRole": {"Type": "AWS::IAM::Role","Properties": {"AssumeRolePolicyDocument": {"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": ["ec2.amazonaws.com"]},"Action": ["sts:AssumeRole"]}]},"Path": "/","Policies": [{"PolicyName": "root","PolicyDocument": {"Version": "2012-10-17","Statement": [{"Action": ["ec2:AssociateAddress"],"Resource": ["*"],"Effect": "Allow"}]}}]}},"IamInstanceProfile": {"Type": "AWS::IAM::InstanceProfile","Properties": {"Path": "/","Roles": [{"Ref": "IamRole"}]}},"ElasticIP": {"Type": "AWS::EC2::EIP","Properties": {"Domain": "vpc"},"DependsOn": "GatewayToInternet"},"LaunchTemplate": {"Type": "AWS::EC2::LaunchTemplate","Properties": {"LaunchTemplateName": "LaunchTemplate","LaunchTemplateData":{"ImageId": {"Ref": "AMISnapshot"},"KeyName": {"Ref": "KeyName"},"NetworkInterfaces":[{"DeviceIndex":0,"AssociatePublicIpAddress":true,"Groups":[{"Ref": "SecurityGroupJenkins"}],"DeleteOnTermination":true}],"InstanceType": "t2.micro","UserData": {"Fn::Base64": {"Fn::Join": ["",["#!/bin/bash -ex\n","aws configure set default.region ", {"Ref": "AWS::Region"},"\n","INSTANCE_ID=`curl -s http://169.254.169.254/latest/meta-data/instance-id`\n","aws ec2 associate-address --instance-id $INSTANCE_ID --allocation-id ", {"Fn::GetAtt": ["ElasticIP", "AllocationId"]}, "\n","wget http://pkg.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm\n","rpm --install jenkins-1.616-1.1.noarch.rpm\n","sed -i -e 's/JENKINS_ARGS=\\\"\\\"/JENKINS_ARGS=\\\"--argumentsRealm.passwd.admin=", {"Ref": "JenkinsAdminPassword"}, " --argumentsRealm.roles.admin=admin\\\"/g' /etc/sysconfig/jenkins\n","echo \"<?xml version='1.0' encoding='UTF-8'?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class=\\\"hudson.security.FullControlOnceLoggedInAuthorizationStrategy\\\"/><securityRealm class=\\\"hudson.security.LegacySecurityRealm\\\"/></hudson>\" > /var/lib/jenkins/config.xml\n","service jenkins start\n"]]}}}}},"AutoScalingGroup": {"Type": "AWS::AutoScaling::AutoScalingGroup","Properties": {"LaunchTemplate" : {"LaunchTemplateId" : {"Ref" : "LaunchTemplate"},"Version" : {"Fn::GetAtt" : ["LaunchTemplate","LatestVersionNumber"]}},"Tags": [{"Key": "Name","Value": "jenkins-elasticip","PropagateAtLaunch": true}],"DesiredCapacity": 1,"MinSize": 1,"MaxSize": 1,"VPCZoneIdentifier": [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}],"HealthCheckGracePeriod": 600,"HealthCheckType": "EC2"},"DependsOn": "GatewayToInternet"}},"Outputs": {"JenkinsURL": {"Description": "URL to access web interface of Jenkins server.","Value": {"Fn::Join": ["", ["http://", {"Ref": "ElasticIP"}, ":8080"]]}},"User": {"Description": "Administrator user for Jenkins.","Value": "admin"},"Password": {"Description": "Password for Jenkins administrator user.","Value": {"Ref": "JenkinsAdminPassword"}}}
}

http://www.mrgr.cn/news/78682.html

相关文章:

  • 从0开始linux(39)——线程(2)线程控制
  • 【C++】类和对象(二)
  • 数据库系列之GaussDB数据库高可用能力测试验证
  • 无线AC AP监控运维方案,保障无线网络稳定运行
  • AI开发 - GPT之魂 用Python 演示chatGPT的自注意力机制 - 机器学习
  • 宠物领养技术:SpringBoot框架应用
  • SpringBoot+Flowable快速实现工流_动态选择审批人员
  • 腾讯阅文集团Java后端开发面试题及参考答案
  • C++ STL 容器系列(三)list —— 编程世界的万能胶,数据结构中的百变精灵
  • MATLAB —— 机械臂工作空间,可达性分析
  • springboot学习-spring-boot-data-jdbc分页/排序/多表查询的例子
  • 点云处理中obb算法原理和法向量求解方法
  • PVE中VLAN的设置要点
  • 第十六届蓝桥杯模拟赛第二期题解—Java
  • 11 设计模式之代理模式(送资料案例)
  • 「Mac畅玩鸿蒙与硬件38」UI互动应用篇15 - 猜数字增强版
  • 2024前端面试经验分享
  • 【大模型实战篇】基于大模型GLM的Function Call实践
  • SQL进阶技巧:如何寻找同一批用户 | 断点分组应用【最新面试题】
  • 12 设计模式之工厂方法模式
  • 二叉搜索树讲解
  • 【C++笔记】位图和布隆过滤器
  • 开发一套ERP 第九弹 前后整合
  • burp2
  • 五:OpenStack环境准备-compute node
  • 芯片测试-射频中的单位