Ndaqala ukusebenza kunye ukwakheka kwamafu Kwiminyaka emi-4 eyadlulayo. Ukusukela ngoko ndophule amaziko amaninzi, nalawo ebesele ekwimveliso. Kodwa ngalo lonke ixesha ndimosha into ethile, ndifunda into entsha. Ngala mava, ndiza kwabelana ngezona zifundo zibalulekileyo endizifundileyo.
Isifundo 1: Iinguqu zovavanyo ngaphambi kokuba zisetyenziswe
Ndifunde esi sifundo kungekudala emva kokuba ndiqalise ukusebenza kunye ukwakheka kwamafu. Andikhumbuli ukuba yintoni kanye kanye endayaphulayo ngoko, kodwa ngokuqinisekileyo ndiyakhumbula ukuba ndisebenzise umyalelo uhlaziyo lwelifu lwe-aws. Lo myalelo ukhupha nje ithempleyithi ngaphandle kokuqinisekiswa kotshintsho oluza kusetyenziswa. Andiqondi ukuba nayiphi na ingcaciso iyafuneka ukuba kutheni kufuneka uvavanye lonke utshintsho ngaphambi kokuba uzibeke.
Emva koku kusilela, ndatshintsha ngoko nangoko umbhobho wokuhambisa, endaweni yomyalelo wohlaziyo ngomyalelo yenza utshintsho-seti
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Nje ukuba isethi yotshintsho yenziwe, ayinasiphumo kwisitaki esikhoyo. Ngokungafaniyo nomyalelo wohlaziyo, indlela yokutshintsha ayiqalisi ukuthunyelwa kwangempela. Endaweni yoko, idala uluhlu lotshintsho onokuthi uluphonononge ngaphambi kokuthunyelwa. Unokujonga utshintsho kwi-interface ye-aws console. Kodwa ukuba ukhetha ukwenza yonke into onokuyenza, emva koko ujonge kwi-CLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableLo myalelo kufuneka uvelise imveliso efana nale ilandelayo:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Nika ingqwalaselo eyodwa kwiinguqu apho iSenzo ikhoyo Misela, Susa okanye phi Ukutshintshwa kuyafuneka-Yinyani. Olu lolona tshintsho luyingozi kwaye ludla ngokukhokelela ekulahlekeni kolwazi.
Emva kokuba utshintsho luhlolisisiwe, lunokusasazwa
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Isifundo 2: Sebenzisa umgaqo-nkqubo wokupakisha ukuthintela ubutyebi obuphezulu ukuba bangatshintshwa okanye basuswe
Ngamanye amaxesha ukujonga nje utshintsho akwanele. Sonke singabantu kwaye siyazenza iimpazamo. Kungekudala emva kokuba siqale ukusebenzisa iiseti zokutshintsha, iqabane lam ngokungazi lenze ukuthunyelwa okubangele uhlaziyo lwedatha. Akukho nto imbi yenzekileyo kuba ibiyindawo yovavanyo.
Nangona izikripthi zethu zibonise uluhlu lweenguqu kwaye zicele ukuqinisekiswa, i-Replace utshintsho yatsitywa ngenxa yokuba uluhlu lotshintsho lwalukhulu kangangokuba aluzange lungene kwisikrini. Kwaye ekubeni olu luhlaziyo oluqhelekileyo kwindawo yokuvavanya, akukho ngqalelo ingako ihlawulwe kwiinguqu.
Kukho izibonelelo ongaze ufune ukuzibuyisela okanye ukuzisusa. Ezi ziinkonzo ezipheleleyo, ezinje ngomzekelo wesiseko sedatha ye-RDS okanye i-elasticsearch cluster, njl.njl. Kuya kuba kuhle ukuba ii-aws ziyala ukusasazwa ngokuzenzekelayo ukuba umsebenzi owenziwayo unokufuna ukucinywa kweso sixhobo. Ngethamsanqa, i-cloudformation inendlela eyakhelweyo yokwenza oku. Oku kubizwa ngokuba yipolisi yestack, kwaye unokufunda ngakumbi ngayo kuyo :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Isifundo 3: Sebenzisa UsePreviousValue xa uhlaziya isitakhi ngeeparamitha eziyimfihlo
Xa usenza i-mysql ye-RDS, i-AWS ifuna ukuba unikeze i-MasterUsername kunye ne-MasterUserPassword. Kuba kungcono ukungagcini iimfihlo kwikhowudi yomthombo kwaye bendifuna ukwenza yonke into ngokuzenzekelayo, ndiphumeze "indlela ehlakaniphileyo" apho ngaphambi kokuthunyelwa iziqinisekiso ziya kufunyanwa kwi-s3, kwaye ukuba iziqinisekiso azifumaneki, iziqinisekiso ezintsha ziyenziwa kwaye. igcinwe kwi-s3.
Ezi ziqinisekiso ziya kuthi emva koko zigqithiswe njengeeparamitha kwi-cloudformation dala-tshintsha-seti umyalelo. Ngelixa ulinga ngeskripthi, kwenzeka ukuba uqhagamshelo kwi-s3 lulahlekile, kwaye "indlela ehlakaniphile" yam yayiphatha njengophawu lokuvelisa iziqinisekiso ezintsha.
Ukuba ndiqalise ukusebenzisa le script kwimveliso kwaye ingxaki yoqhagamshelwano yenzeke kwakhona, iya kuhlaziya i-stack kunye neziqinisekiso ezintsha. Kule meko, akukho nto imbi iya kwenzeka. Nangona kunjalo, ndiyishiyile le ndlela kwaye ndaqalisa ukusebenzisa enye, ndinikezela ngeenkcukacha kube kanye kuphela - xa usenza istaki. Kwaye kamva, xa isitaki sifuna uhlaziyo, endaweni yokuchaza ixabiso eliyimfihlo leparameter, ndizakusebenzisa ngokulula. UsePreviousValue=yinyaniso:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Isifundo 4: Sebenzisa ubumbeko lokubuyela umva
Elinye iqela endandisebenza nalo lasebenzisa lo msebenzi ukwakheka kwamafu, ebizwa uqwalaselo lokubuyisela. Khange ndiyibone ngaphambili kwaye ndakhawuleza ndaqonda ukuba iya kwenza ukuhambisa izitaki zam kuphole nangakumbi. Ngoku ndiyisebenzisa ngalo lonke ixesha ndithumela ikhowudi yam kwi-lambda okanye kwi-ECS usebenzisa i-cloudformation.
Isebenza njani: uyacacisa CloudWatch alarm arn kwiparameter --rollback-configurationxa usenza utshintsho. Kamva, xa usenza iseti yotshintsho, i-aws ibeka iliso kwi-alam ubuncinane umzuzu omnye. Ibuyisela umva ukuthunyelwa ukuba i-alamu itshintsha isimo kwi-ALARM ngeli xesha.
Ngezantsi ngumzekelo wesicatshulwa setemplate ukwakheka kwamafuendidala ngayo cloudwatch alarm, elandelela imetric yomsebenzisi welifu njengenani leempazamo kwilog zelifu (imetric yenziwe nge Isihluzi seMetric):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesNgoku alamu ingasetyenziswa njenge ku buyiswa qalisa xa uphumeza ibhokisi yesixhobo:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Isifundo 5: Qinisekisa ukuba usebenzisa inguqulelo yamva nje yethempleyithi
Kulula ukuhambisa inguqulelo engaphantsi kuneyamva nje yetemplate ye-cloudformation, kodwa ukwenza oko kuya kubangela umonakalo omkhulu. Oku kwenzeka kuthi kanye: umphuhlisi akazange atyhale utshintsho lwamva nje olusuka kwi-Git kwaye ngokungazi wasebenzisa inguqulelo yangaphambili yesitaki. Oku kubangele ukwehla kwexesha losetyenziso olusebenzise lo mfumba.
Into elula njengokufaka itshekhi ukubona ukuba isebe lihlaziyiwe na ngaphambi kokuba lizibophelele kulo liyakulunga (ucinga ukuba i-git sisixhobo sakho solawulo lwenguqulelo):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiIsifundo 6: Musa ukuphinda uqalise ivili
Isenokubonakala ngathi ihambisa nge ukwakheka kwamafu - kulula. Ufuna nje iqela lezikripthi ze-bash ezenza imiyalelo ye-aws cli.
Kwiminyaka emi-4 eyadlulayo ndaqala ngezikripthi ezilula ezibizwa ngokuba yi-aws cloudformation create-stack command. Kungekudala umbhalo wawungasekho lula. Isifundo ngasinye esifundiweyo senza ukuba iskripthi sibe nzima ngakumbi nangakumbi. Kwakungenzima nje kuphela, kodwa kwakugcwele neencukuthu.
Ngoku ndisebenza kwisebe elincinci le-IT. Amava abonise ukuba iqela ngalinye linendlela yalo yokubeka i-cloudformation stacks. Kwaye kubi. Bekuya kuba ngcono ukuba wonke umntu ebenokuthatha indlela efanayo. Ngethamsanqa, zininzi izixhobo ezifumanekayo zokukunceda ukuba usebenzise kwaye uqwalasele izitaki zelifu.
Ezi zifundo ziya kukunceda uphephe iimpazamo.
umthombo: www.habr.com