Ndakatanga kushanda naye cloudformation 4 years ago. Kubva ipapo ndakatyora zvivakwa zvakawanda, kunyangwe izvo zvanga zvatove mukugadzirwa. Asi pese pandaikanganisa chimwe chinhu, ndaidzidza chimwe chinhu chitsva. Kuburikidza nechiitiko ichi, ndichagovera zvimwe zvezvidzidzo zvakakosha zvandakadzidza.
Chidzidzo 1: Shanduko dzekuyedza usati wadzitumira
Ndakadzidza chidzidzo ichi ndichangotanga kushanda naye cloudformation. Handiyeuke kuti chii chaizvo chandakatyora ipapo, asi ndinorangarira kuti ndakashandisa murairo aws cloudformation update. Uyu murairo unongoburitsa template pasina kusimbiswa kwekuchinja kunozoiswa. Ini handifunge kuti chero tsananguro inodiwa yekuti nei uchifanira kuyedza shanduko dzese usati wadzitumira.
Mushure mekukundikana uku, ndakabva ndachinja kusvitsa pipeline, kutsiva iyo yekuvandudza command nekuraira kugadzira-chinja-set
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Kana shanduko yagadzirwa, haina mhedzisiro pane iripo stack. Kusiyana nemurairo wekuvandudza, shanduko yekuchinja haikonzere kutumira chaiko. Pane kudaro, inogadzira runyoro rwekuchinja kwaunogona kuongorora usati watumirwa. Iwe unogona kuona shanduko muaws console interface. Asi kana ukasarudza kuita otomatiki zvese zvaunogona, wozozvitarisa muCLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableUyu murairo unofanirwa kuburitsa zvinobuda zvakafanana neinotevera:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Nyatsoteerera kune shanduko pane Action Dzorera, Kudzima kana kupi Kutsiva Kunodiwa - Chokwadi. Idzi ndidzo shanduko dzine njodzi uye kazhinji dzinotungamira mukurasikirwa neruzivo.
Kana shanduko dzaongororwa, dzinogona kuiswa
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Chidzidzo 2: Shandisa stack policy kudzivirira zviwanikwa zvehurumende kubva pakutsiviwa kana kubviswa
Dzimwe nguva kungoona shanduko hakuna kukwana. Tese tiri vanhu uye tinokanganisa. Nguva pfupi mushure mekunge tatanga kushandisa shanduko, wandaishanda naye asingazivi akaita deployment izvo zvakakonzera kuvandudzwa kwedatabase. Hapana chakaipa chakaitika nekuti yaive nharaunda yekuyedza.
Kunyangwe zvinyorwa zvedu zvakaratidza runyoro rwekuchinja uye kukumbira kusimbiswa, iyo Replace shanduko yakasvetuka nekuti rondedzero yekuchinja yaive yakakura zvekuti yaisakwana pachiratidziri. Uye sezvo ichi chaive chigadziriso chakajairwa munzvimbo yekuyedza, hapana kutarisisa kwakawanda kwakabhadharwa kune shanduko.
Pane zviwanikwa zvausingade kutsiva kana kubvisa. Aya masevhisi akazara, senge RDS dhatabhesi muenzaniso kana elasticsearch cluster, zvichingodaro. Zvingave zvakanaka kana aws achizoramba kushandiswa kana oparesheni iri kuitwa ichida kudzima sosi yakadaro. Neraki, cloudformation ine yakavakirwa-mukati nzira yekuita izvi. Izvi zvinonzi stack policy, uye unogona kuverenga zvakawanda nezvazvo mukati :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Chidzidzo 3: Shandisa UsePreviousValue paunenge uchigadziridza stack ine zvakavanzika paramita
Paunogadzira RDS mysql entity, AWS inoda kuti iwe upe MasterUsername uye MasterUserPassword. Sezvo zviri nani kusachengeta zvakavanzika mune kodhi kodhi uye ini ndaida kuita otomatiki zvese zvese, ndakashandisa "smart mechanism" apo ndisati ndaendesa zvitupa zvichawanikwa kubva s3, uye kana zvitupa zvikasawanikwa, humbowo hutsva hunogadzirwa uye yakachengetwa mus3.
Izvi zvitupa zvinozopfuudzwa semaparamita kune iyo cloudformation gadzira-chinja-set command. Ndichiri kuyedza script, zvakaitika kuti kubatana kune s3 kwakarasika, uye yangu "smart mechanism" yakaitora sechiratidzo chekugadzira humbowo hutsva.
Kana ndikatanga kushandisa script iyi mukugadzira uye dambudziko rekubatanidza rikaitika zvakare, raizovandudza stack nemagwaro matsva. Muchiitiko ichi, hapana chakaipa chichaitika. Nekudaro, ndakasiya nzira iyi ndokutanga kushandisa imwe, ndichipa zvitupa kamwe chete - pakugadzira stack. Uye gare gare, kana stack ichida kuvandudzwa, pane kutsanangura kukosha kwakavanzika kweparameter, ini ndaingoshandisa. UsePreviousValue=chokwadi:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Chidzidzo 4: Shandisa rollback configuration
Rimwe boka randakashanda naro rakashandisa basa racho cloudformationakadaidzwa rollback configuration. Ndakanga ndisati ndambosangana nazvo uye ndakakurumidza kuona kuti zvaizoita kuti kuendesa mirwi yangu kuve kunotonhorera. Zvino ini ndinoishandisa pese pandinoisa kodhi yangu ku lambda kana ECS ndichishandisa cloudformation.
Iyo inoshanda sei: iwe unotsanangura CloudWatch alarm mune parameter --rollback-configurationpaunogadzira shanduko. Gare gare, kana iwe waita seti yekuchinja, aws inotarisisa alarm kweinenge miniti imwe. Iyo inodzosera kumashure kutumirwa kana alarm yachinja nyika kuALARM panguva ino.
Pazasi pane muenzaniso we template chidimbu cloudformationyandinosika mairi cloudwatch alarm, iyo inoteedzera gore mushandisi metric sehuwandu hwekukanganisa mumabhuku egore (iyo metric inogadzirwa kuburikidza MetricFilter):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesIye zvino Alarm inogona kushandiswa se kudzokera shure trigger paunenge uchiita bhokisi rekushandisa:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Chidzidzo 5: Ita shuwa kuti waendesa yazvino vhezheni yetemplate
Zviri nyore kuendesa yakaderera-kupfuura-yazvino vhezheni ye cloudformation template, asi kuita kudaro kunokonzeresa kukuvadza kwakawanda. Izvi zvakaitika kwatiri kamwechete: mugadziri haana kusundira shanduko dzichangoburwa kubva kuGit uye nekusaziva akaisa shanduro yapfuura ye stack. Izvi zvakakonzera kuderera kwekushandisa kwakashandisa stack iyi.
Chimwe chinhu chakareruka sekuwedzera cheki kuti uone kana bazi riri kuenderana usati wazvipira kwariri zvingave zvakanaka (uchifunga kuti git ndiyo yako vhezheni yekudzora chishandiso):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiChidzidzo 6: Usadzorere vhiri
Zvinogona kuita sekunge kuendesa ne cloudformation - zviri nyore. Iwe unongoda boka rezvinyorwa zvebash kuita aws cli commands.
Makore mana apfuura ndakatanga nemagwaro akareruka anonzi aws cloudformation kugadzira-stack command. Nenguva isipi script yakanga isisiri nyore. Chidzidzo chega chega chakadzidzwa chakaita kuti chinyorwa chiwedzere kuoma. Yakanga isiri yakaoma chete, asiwo yakazara netsikidzi.
Ini parizvino ndinoshanda mudiki IT department. Zvakaitika zvakaratidza kuti timu yega yega ine nzira yayo yekuendesa cloudformation stacks. Uye zvakaipa. Zvingava nani kudai munhu wose akatora nzira imwe cheteyo. Neraki, kune akawanda maturusi aripo ekukubatsira kuendesa uye kugadzirisa cloudformation stacks.
Zvidzidzo izvi zvichakubatsira kudzivisa kukanganisa.
Source: www.habr.com