Waxaan bilaabay inaan la shaqeeyo daruuro samaynta 4 sano ka hor. Tan iyo markaas waxaan jabiyay kaabayaal badan, xitaa kuwa horeba ugu jiray wax soo saarka. Laakiin mar kasta oo aan wax khaldamo, waxaan bartay wax cusub. Waayo-aragnimadan, waxaan wadaagi doonaa qaar ka mid ah casharradii ugu muhiimsanaa ee aan bartay.
Casharka 1: Tijaabi isbeddelada ka hor inta aan la dirin
Waxaan bartay casharkan wax yar ka dib markii aan bilaabay la shaqaynta daruuro samaynta. Ma xasuusto waxa dhabta ah ee aan jebiyey markaas, laakiin waxaan xaqiiqdii xasuustaa inaan isticmaalay amarka aws Cloudformation update. Amarkani wuxuu si fudud u soo saarayaa qaab-dhismeedka iyada oo aan la xaqiijinin isbeddellada la diri doono. Uma maleynayo in loo baahan yahay wax sharraxaad ah sababta aad u tijaabinayso dhammaan isbeddellada ka hor inta aanad geynin.
Fashilkan ka dib, isla markiiba waan bedelay dhuumaha geynta, ku beddelashada amarka cusbooneysiinta abuur-isbeddel-dhigid
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Marka la sameeyo changeet, wax saamayn ah kuma yeelanayso xidhmada jira. Si ka duwan amarka cusboonaysiinta, habka Changeset ma kicinayo keenista dhabta ah. Taa beddelkeeda, waxay abuurtaa liis isbedel ah oo aad dib u eegi karto ka hor inta aan la dirin. Waxaad ka arki kartaa isbeddelada ku jira interface-ka aws console. Laakiin haddii aad doorbidayso inaad otomaatig ka dhigto wax kasta oo aad awooddo, ka dibna ka hubi CLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableAmarkani waa inuu soo saaraa wax soo saar la mid ah kuwan soo socda:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Si gaar ah u fiirso isbeddelada halka ay Talaabadu taal Bedel, delete ama halkee Beddelka Loo Baahan Yahay - Run. Kuwani waa isbeddelada ugu khatarta badan waxayna badanaa keenaan luminta macluumaadka.
Marka isbedelada dib loo eego, waa la diri karaa
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Casharka 2: Adeegso siyaasad xidhmo si aad uga hortagto in ilaha dawladeed la beddelo ama meesha laga saaro
Mararka qaarkood in si fudud loo daawado isbeddellada kuma filna. Dhammaanteen waxaynu nahay bini'aadam, dhammaanteenna waynu khaladaadnaa. Wax yar ka dib markii aan bilownay adeegsiga isbeddelka, saaxiibkay ayaa si aan ogeyn u sameeyay hawlgelin taasoo keentay in la cusbooneysiiyo xogta xogta. Wax xun ma dhicin sababtoo ah waxay ahayd deegaan tijaabo ah.
In kasta oo qoraalladayadu ay soo bandhigeen liis isbeddello ah oo ay codsadeen xaqiijin, beddelka beddelka waa la booday sababtoo ah liiska isbeddellada ayaa ahaa mid aad u weyn oo aan ku habboonayn shaashadda. Oo maadaama ay tani ahayd cusboonaysiinta caadiga ah ee deegaanka tijaabada, fiiro gaar ah looma siin isbeddellada.
Waxaa jira kheyraad aadan weligaa rabin inaad bedesho ama meesha ka saarto. Kuwani waa adeegyo rasmi ah, sida tusaale ahaan kaydka xogta RDS ama kooxda elasticsearch, iwm. Way fiicnaan lahayd haddii aws ay si toos ah u diidi lahayd in la diro haddii hawlgalka la qabanayo uu u baahan doono tirtirka kheyraadkaas. Nasiib wanaag, Cloudformation waxay leedahay hab la dhisay oo tan lagu sameeyo. Tan waxa loo yaqaan siyaasadda stack, waxaadna wax badan oo ku saabsan ka akhrin kartaa gudaha :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Casharka 3: Isticmaal UsePreviousValue marka aad cusboonaysiinayso xidhmo leh cabbirro sir ah
Markaad abuurto cidda RDS mysql, AWS waxay kaaga baahan tahay inaad bixiso MasterUsername iyo MasterUserPassword. Maaddaama ay ka wanaagsan tahay inaanan siraha ku hayn koodhka isha oo aan rabay inaan si otomaatig ah u sameeyo wax walba, waxaan hirgaliyay "hab casri ah" halkaasoo ka hor inta aan la dirin shahaadooyinka laga heli doono s3, iyo haddii shahaadooyinka aan la helin, shahaadooyin cusub ayaa la soo saaray ku kaydsan s3.
Aqoonsigan ayaa markaa loo gudbin doonaa sida cabbiraadaha daruuraha abuurista-beddelka amarka. Intii aan tijaabinayay qoraalka, waxaa dhacday in xiriirkii s3 uu lumay, "habka casrigayga" wuxuu ula dhaqmay sidii calaamad si loo abuuro aqoonsiyo cusub.
Haddii aan bilaabay isticmaalka qoraalkan soo saarista iyo dhibaatada isku xidhka ayaa mar kale dhacday, waxay cusbooneysiin doontaa xirmooyinka aqoonsiyo cusub. Xaaladdan gaarka ah, wax xun ma dhici doono. Si kastaba ha ahaatee, waan ka tagay habkan oo waxaan bilaabay adeegsiga mid kale, anigoo bixinaya aqoonsiyo hal mar oo kaliya - markii aan abuurayo xirmooyinka. Kadibna, marka xirmadu u baahan tahay cusboonaysiin, halkii aan ka sheegi lahaa qiimaha sirta ah ee cabbirka, waxaan si fudud u isticmaali lahaa IsticmaalPreviousValue=run:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Casharka 4: Isticmaal dib-u-qaabaynta
Koox kale oo aan la shaqeeyay ayaa adeegsatay shaqada daruuro samayntaloo yaqaan qaabeynta dib-u-celinta. Hore uma aan kulmin oo si degdeg ah ayaan u ogaaday in ay ka dhigi doonto sii daynta xidhmooyinkayga mid qabow. Hadda waxaan isticmaalaa mar kasta oo aan geeyo koodka lambda ama ECS anigoo isticmaalaya Cloudformation.
Sida ay u shaqeyso: adiga ayaa cayimay CloudWatch alaarmiga in parameter --rogid-ku-habayntamarka aad abuurto changeet. Ka dib, marka aad sameyso isbeddelo kala duwan, aws waxay kormeeraysaa alaarmiga ugu yaraan hal daqiiqo. Waxay dib u rogi doontaa hawlgelinta haddii qaylo-dhaantu u beddesho xaalad ALARM inta lagu jiro wakhtigan.
Hoos waxaa ku yaal tusaale ka mid ah qoraallada template daruuro samayntataas oo aan ku abuuro alaarmiga saacada Cloud, kaas oo la socda mitirka isticmaalaha daruuraha sida tirada khaladaadka ku jira diiwaanka daruuraha MetricFilter):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesHadda alarm waxaa loo isticmaali karaa sida dib u laabashada kiciya marka la fulinayo sanduuqa qalabka:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Casharka 5: Hubi in aad geysay qaabkii ugu dambeeyay
Way fududahay in la geeyo nooc ka yar kii ugu dambeeyay ee qaabka Cloudformation, laakiin haddii la sameeyo waxay sababi doontaa waxyeelo badan. Tani waxay nagu dhacday hal mar: horumariye ma riixin isbeddelladii ugu dambeeyay ee Git wuxuuna si ula kac ah u geeyay nooc hore oo xirmo ah. Tani waxay keentay wakhti dhimis arjiga isticmaalay xidhmadan.
Wax u fudud sida ku darista jeeg si loo eego haddii laantu ay casri tahay ka hor inta aanad samayn way fiicnaan lahayd (iyada oo loo maleynayo in git uu yahay qalabkaaga nooca gacanta):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiCasharka 6: Dib ha u curin giraanta
Waxa laga yaabaa inay u ekaato sidii la geyn lahaa daruuro samaynta - way fududahay. Kaliya waxaad u baahan tahay farabadan qoraallada bash fulinta aws cli amarada.
4 sano ka hor waxaan ku bilaabay qoraalo fudud oo loo yaqaan aws Cloudformation create-stack Command. Dhawaan qoraalku ma fududa. Cashar kasta oo la bartay ayaa qoraalka ka dhigay mid aad u adag. Ma ahayn kaliya mid adag, laakiin sidoo kale waxaa ka buuxay cayayaanka.
Hadda waxaan ka shaqeeyaa qayb yar oo IT ah. Waayo-aragnimadu waxay muujisay in koox kastaa ay leedahay hab u gaar ah oo ay u geyso xirmooyinka Cloudformation. Taasina waa xun. Way fiicnaan lahayd haddii qof kastaa uu qaato hab isku mid ah. Nasiib wanaag, waxaa jira qalabyo badan oo la heli karo si ay kaaga caawiyaan inaad geyso oo aad habayso xirmooyinka Cloudformation.
Casharadan ayaa kaa caawin doona inaad ka fogaato khaladaadka.
Source: www.habr.com