Na fara aiki da girgije shekaru 4 da suka gabata. Tun daga wannan lokacin na karya abubuwa da yawa, har ma wadanda aka riga aka kera su. Amma duk lokacin da na rikitar da wani abu, sai in koyi sabon abu. Ta wannan gogewar, zan raba wasu mahimman darussan da na koya.
Darasi na 1: Gwada canje-canje kafin tura su
Na koyi wannan darasi jim kadan bayan na fara aiki da shi girgije. Ban tuna ainihin abin da na karya a lokacin ba, amma tabbas na tuna cewa na yi amfani da umarnin aws cloudformation update. Wannan umarni kawai yana fitar da samfuri ba tare da wani ingantaccen canje-canjen da za a tura ba. Ba na jin ana buƙatar wani bayani game da dalilin da yasa ya kamata ku gwada duk canje-canje kafin tura su.
Bayan wannan gazawar, nan da nan na canza samar da bututun mai, maye gurbin sabunta umarnin tare da umarnin ƙirƙira-canji-saitin
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Da zarar an ƙirƙiri wani canji, ba shi da wani tasiri akan tarin da ke akwai. Ba kamar umarnin sabuntawa ba, tsarin canjin canji baya haifar da ainihin turawa. Madadin haka, yana ƙirƙirar jerin canje-canje waɗanda zaku iya bita kafin turawa. Kuna iya duba canje-canje a cikin mu'amalar aws console. Amma idan kun fi son sarrafa duk abin da za ku iya, to duba su a cikin CLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableYa kamata wannan umarni ya samar da fitarwa mai kama da mai zuwa:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Kula da hankali na musamman ga canje-canje inda Aiki yake Sauya, share ko kuma a ina Ana Bukatar Sauyawa - Gaskiya. Waɗannan su ne sauye-sauye mafi haɗari kuma yawanci suna haifar da asarar bayanai.
Da zarar an duba canje-canje, ana iya tura su
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Darasi na 2: Yi amfani da tsarin tari don hana musanyawa ko cire albarkatun ƙasa
Wani lokaci kawai kallon canje-canje bai isa ba. Mu duka mutane ne kuma muna yin kuskure. Ba da daɗewa ba bayan mun fara amfani da canje-canje, abokin aikina ya yi aiki ba da saninsa ba wanda ya haifar da sabunta bayanai. Babu wani abu mara kyau da ya faru domin yanayi ne na gwaji.
Duk da cewa rubutun mu sun nuna jerin canje-canje kuma sun nemi tabbatarwa, an tsallake canjin Canjin saboda jerin canje-canjen sun yi girma har bai dace da allon ba. Kuma tun da yake wannan sabuntawa ne na al'ada a cikin yanayin gwaji, ba a biya hankali sosai ga canje-canjen ba.
Akwai albarkatun da ba ku taɓa son musanya ko cirewa ba. Waɗannan cikakkun ayyuka ne, kamar misalin bayanan RDS ko gungu na bincike na roba, da sauransu. Zai yi kyau idan aws zai ƙi turawa kai tsaye idan aikin da ake yi yana buƙatar share irin wannan albarkatun. Sa'ar al'amarin shine, tsarin girgije yana da ginanniyar hanyar da za a yi wannan. Ana kiran wannan tsarin tsarin, kuma zaku iya karantawa game da shi a ciki :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Darasi na 3: Yi amfani da PreviousValue lokacin da ake sabunta tari tare da sigogin sirri
Lokacin da kuka ƙirƙiri mahaɗin RDS mysql, AWS yana buƙatar ku samar da Sunan mai amfani da MasterUserPassword. Tun da yake yana da kyau kada a kiyaye sirrin a cikin lambar tushe kuma ina so in sarrafa komai da komai, na aiwatar da "hanyar wayo" inda kafin turawa za a sami takaddun shaida daga s3, kuma idan ba a sami takaddun shaida ba, ana samar da sabbin takaddun shaida kuma an adana a cikin s3.
Daga nan za a wuce waɗannan takaddun shaida azaman sigogi zuwa umarnin ƙirƙirar-canji-saitin girgije. Yayin gwaji tare da rubutun, ya faru cewa haɗin kai zuwa s3 ya ɓace, kuma "na'urar fasaha" ta dauke shi azaman sigina don samar da sababbin takaddun shaida.
Idan na fara amfani da wannan rubutun a samarwa kuma matsalar haɗin gwiwa ta sake faruwa, zai sabunta tari tare da sababbin takaddun shaida. A cikin wannan yanayin, babu wani mummunan abu da zai faru. Koyaya, na watsar da wannan hanyar kuma na fara amfani da wani, tare da samar da takaddun shaida sau ɗaya kawai - lokacin ƙirƙirar tari. Kuma daga baya, lokacin da tari yana buƙatar sabuntawa, maimakon fayyace ƙimar sirrin sigar, zan yi amfani da ita kawai. AmfaniPreviousValue=gaskiya:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Darasi na 4: Yi amfani da tsarin jujjuyawa
Wata tawagar da na yi aiki da ita ta yi amfani da aikin girgije, ake kira sake dubawa. Ban ci karo da shi a baya ba kuma da sauri na gane cewa zai sanya jigilar kayana ya fi sanyaya. Yanzu ina amfani da shi duk lokacin da na tura lambara zuwa lambda ko ECS ta amfani da girgije.
Yadda yake aiki: ka ƙayyade CloudWatch ƙararrawa a cikin siga --rollback-daidaitaccelokacin da kuke ƙirƙirar canji. Daga baya, lokacin da kuka aiwatar da saitin canje-canje, aws na lura da ƙararrawa na aƙalla minti ɗaya. Yana jujjuya turawa idan ƙararrawa ta canza yanayi zuwa ALARM a wannan lokacin.
A ƙasa akwai misalin tsararren samfuri girgijewanda na halitta ƙararrawar agogon girgije, wanda ke bin ma'aunin mai amfani da gajimare azaman adadin kurakurai a cikin rajistar girgije (ana samar da ma'aunin ta hanyar MetricFilter):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesYanzu Ƙararrawa za a iya amfani da kamar yadda rollback jawo lokacin aiwatar da akwatin kayan aiki:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Darasi na 5: Tabbatar cewa kun tura sabon sigar samfur ɗin
Yana da sauƙi a tura samfurin samfurin girgijen da ba na baya-bayan nan ba, amma yin hakan zai haifar da lalacewa mai yawa. Wannan ya faru da mu sau ɗaya: mai haɓakawa bai tura sabbin canje-canje daga Git ba kuma cikin rashin sani ya tura sigar da ta gabata ta tari. Wannan ya haifar da raguwar lokacin aikace-aikacen da aka yi amfani da wannan tari.
Wani abu mai sauƙi kamar ƙara dubawa don ganin ko reshe ya sabunta kafin yin shi zai yi kyau (zaton git shine kayan aikin sarrafa sigar ku):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiDarasi na 6: Kar a sake sabunta dabaran
Yana iya zama kamar turawa da girgije - yana da sauki. Kuna buƙatar bunch of bash scripts aiwatar da aws cli umarni.
Shekaru 4 da suka gabata na fara da sauƙi rubutun da ake kira aws cloudformation create-tack order. Ba da daɗewa ba rubutun ya zama mai sauƙi. Kowane darasi da aka koya ya sa rubutun ya zama mai rikitarwa. Ba kawai wahala ba, har ma cike da kwari.
A halin yanzu ina aiki a ƙaramin sashen IT. Kwarewa ta nuna cewa kowace ƙungiya tana da nata hanyar ƙaddamar da tarin bayanan girgije. Kuma hakan mara kyau. Zai fi kyau idan kowa ya ɗauki hanya ɗaya. Sa'ar al'amarin shine, akwai kayan aiki da yawa da ke akwai don taimaka muku turawa da daidaita tarin bayanan girgije.
Wadannan darussa za su taimake ka ka guje wa kuskure.
source: www.habr.com