Kuv pib ua haujlwm nrog huab tsim 4 xyoo dhau los. Txij thaum ntawd los kuv tau tawg ntau cov kev tsim kho vaj tse, txawm tias cov uas twb muaj lawm. Tab sis txhua zaus kuv messed ib yam dab tsi, kuv kawm ib yam dab tsi tshiab. Los ntawm qhov kev paub no, kuv yuav qhia qee qhov tseem ceeb tshaj plaws uas kuv tau kawm.
Zaj Lus Qhia 1: Kev sim hloov ua ntej xa mus
Kuv kawm zaj lus qhia no sai sai tom qab kuv pib ua hauj lwm nrog huab tsim. Kuv tsis nco qab qhov tseeb kuv tau tawg thaum ntawd, tab sis kuv nco ntsoov tias kuv siv cov lus txib aws cloudformation update. Cov lus txib no tsuas yog dov tawm cov qauv yam tsis muaj kev lees paub ntawm cov kev hloov pauv uas yuav raug xa mus. Kuv tsis xav tias yuav tsum muaj kev piav qhia vim li cas koj yuav tsum sim txhua qhov kev hloov pauv ua ntej xa lawv.
Tom qab qhov ua tsis tiav no, kuv tau hloov tam sim ntawd xa tawm qhov raj xa dej, hloov cov lus txib hloov tshiab nrog cov lus txib tsim-hloov-set
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Thaum ib qho kev hloov pauv tau tsim, nws tsis cuam tshuam rau pawg uas twb muaj lawm. Tsis zoo li cov lus txib hloov tshiab, txoj hauv kev hloov pauv tsis ua rau qhov kev xa tawm tiag tiag. Hloov chaw, nws tsim cov npe ntawm cov kev hloov pauv uas koj tuaj yeem tshuaj xyuas ua ntej xa mus. Koj tuaj yeem saib cov kev hloov pauv hauv aws console interface. Tab sis yog tias koj xav kom automate txhua yam koj ua tau, ces xyuas lawv hauv CLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableCov lus txib no yuav tsum tsim cov zis zoo ib yam li cov hauv qab no:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Ua tib zoo saib xyuas tshwj xeeb rau kev hloov pauv qhov twg Action yog Hloov, Rho tawm los yog qhov twg HloovNeeded - Muaj tseeb. Cov no yog cov kev hloov pauv txaus ntshai tshaj plaws thiab feem ntau ua rau poob ntawm cov ntaub ntawv.
Thaum cov kev hloov pauv tau raug tshuaj xyuas, lawv tuaj yeem siv tau
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Zaj Lus Qhia 2: Siv txoj cai tswjfwm txhawm rau tiv thaiv cov peev txheej ntawm lub xeev los ntawm kev hloov lossis tshem tawm
Qee zaum tsuas yog saib cov kev hloov pauv tsis txaus. Peb txhua tus yog tib neeg thiab peb txhua tus ua yuam kev. Tsis ntev tom qab peb pib siv cov kev hloov pauv, kuv tus phooj ywg ua haujlwm tsis paub txog kev xa tawm uas ua rau muaj kev hloov kho cov ntaub ntawv. Tsis muaj dab tsi phem tshwm sim vim nws yog qhov chaw sim.
Txawm hais tias peb cov ntawv sau tau tso tawm cov npe ntawm cov kev hloov pauv thiab thov kom lees paub, qhov hloov pauv tau hla vim tias cov npe hloov pauv loj heev uas nws tsis haum rau ntawm qhov screen. Thiab txij li qhov no yog qhov hloov tshiab ib txwm nyob hauv ib puag ncig kev sim, tsis muaj kev saib xyuas ntau rau cov kev hloov pauv.
Muaj cov peev txheej uas koj tsis xav hloov lossis tshem tawm. Cov no yog cov kev pabcuam hauv lub xeev, xws li RDS database piv txwv lossis ib pawg elasticsearch, thiab lwm yam. Nws yuav zoo yog tias aws yuav cia li tsis kam xa tawm yog tias qhov kev ua haujlwm tau ua yuav xav tau tshem tawm cov peev txheej no. Luckily, cloudformation muaj ib txoj hauv kev los ua qhov no. Qhov no yog hu ua pawg txoj cai, thiab koj tuaj yeem nyeem ntxiv txog nws hauv :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Zaj Lus Qhia 3: Siv UsePreviousValue thaum hloov kho ib pawg nrog cov tsis pub leejtwg paub
Thaum koj tsim RDS mysql qhov chaw, AWS xav kom koj muab MasterUsername thiab MasterUserPassword. Txij li thaum nws yog qhov zoo dua tsis txhob khaws cov lus zais hauv qhov chaws thiab kuv xav ua kom muaj txhua yam, Kuv tau siv lub "ntse mechanism" uas ua ntej xa cov ntawv pov thawj yuav tau txais los ntawm s3, thiab yog tias tsis pom daim ntawv pov thawj, cov ntawv pov thawj tshiab tau tsim thiab khaws cia hauv s3.
Cov ntaub ntawv pov thawj no yuav dhau los ua qhov tsis haum rau cloudformation tsim-hloov-set hais kom ua. Thaum sim nrog tsab ntawv, nws tau tshwm sim tias kev sib txuas rau s3 tau ploj, thiab kuv "ntse mechanism" tau kho nws raws li lub teeb liab los tsim cov ntawv pov thawj tshiab.
Yog tias kuv pib siv tsab ntawv no hauv ib puag ncig tsim khoom thiab qhov teeb meem kev sib txuas tau tshwm sim dua, nws yuav hloov kho cov pawg nrog cov ntawv pov thawj tshiab. Hauv qhov tshwj xeeb no, tsis muaj dab tsi phem yuav tshwm sim. Txawm li cas los xij, kuv tau tso tseg txoj hauv kev no thiab pib siv lwm qhov, muab cov ntaub ntawv pov thawj tsuas yog ib zaug - thaum tsim cov pawg. Thiab tom qab ntawd, thaum pawg xav tau kev hloov kho tshiab, tsis yog qhia tus nqi zais cia ntawm qhov ntsuas, kuv tsuas yog siv UsePreviousValue = tseeb:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Zaj Lus Qhia 4: Siv rollback configuration
Lwm pab neeg uas kuv tau ua haujlwm nrog siv lub luag haujlwm huab tsim, npe rollback configuration. Kuv tsis tau tuaj hla nws ua ntej thiab sai sai pom tau hais tias nws yuav ua rau deploying kuv stacks txawm txias. Tam sim no kuv siv nws txhua zaus kuv xa kuv cov lej rau lambda lossis ECS siv cloudformation.
Nws ua haujlwm li cas: koj qhia CloudWatch tswb arn hauv parameter --rollback-configurationthaum koj tsim ib qho kev hloov pauv. Tom qab ntawd, thaum koj ua tiav cov kev hloov pauv, aws saib xyuas lub tswb rau tsawg kawg ib feeb. Nws thim rov qab qhov kev xa tawm yog lub tswb hloov lub xeev rau ALARM lub sijhawm no.
Hauv qab no yog ib qho piv txwv ntawm ib tug template excerpt huab tsimuas kuv tsim cloudwatch tswb, uas taug qab ib tus neeg siv huab metric raws li tus naj npawb ntawm qhov yuam kev hauv huab cav (tus metric yog tsim los ntawm MetricFilter):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesTam sim no lub tswb tuaj yeem siv ua ntaj neeb tshwm sim thaum executing toolbox:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Zaj Lus Qhia 5: Xyuas kom tseeb tias koj siv qhov tseeb version ntawm tus qauv
Nws yog ib qho yooj yim rau deploy ib tug tsawg dua-tsawg version ntawm cloudformation template, tab sis ua li ntawd yuav ua rau muaj kev puas tsuaj ntau. Qhov no tau tshwm sim rau peb ib zaug: tus tsim tawm tsis tau thawb qhov hloov tshiab tshiab los ntawm Git thiab tsis paub txog kev xa tawm ib qho dhau los ntawm pawg. Qhov no ua rau lub sijhawm poob rau daim ntawv thov uas siv pawg no.
Tej yam yooj yim li kev ntxiv ib daim tshev saib seb cov ceg puas tuaj yeem hloov kho ua ntej nws yuav zoo (piv txwv tias git yog koj cov cuab yeej tswj hwm version):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiZaj Lus Qhia 6: Tsis txhob rov kho lub log
Nws yuav zoo li deploy nrog huab tsim - nws yooj yim. Koj tsuas yog xav tau ib pawg ntawm bash scripts executing aws cli commands.
4 xyoo dhau los kuv pib nrog cov ntawv yooj yim hu ua aws cloudformation create-stack command. Tsis ntev tsab ntawv no tsis yooj yim. Txhua zaj lus qhia tau ua rau tsab ntawv nyuaj dua. Nws tsis yog qhov nyuaj xwb, tab sis kuj muaj cov kab mob tag nrho.
Tam sim no kuv ua hauj lwm hauv ib chav IT me. Kev paub tau pom tias txhua pab pawg muaj nws tus kheej txoj hauv kev siv cloudformation pawg. Thiab qhov phem. Nws yuav zoo dua yog tias sawv daws coj tib txoj hauv kev. Luckily, muaj ntau yam cuab yeej muaj los pab koj siv thiab teeb tsa cloudformation pawg.
Cov lus qhia no yuav pab koj kom tsis txhob yuam kev.
Tau qhov twg los: www.hab.com