Ngaqala ukusebenza ukwakheka kwamafu Eminyakeni engu-4 edlule. Kusukela lapho ngiphule ingqalasizinda eminingi, ngisho nalezo ebezivele zikhiqizwa. Kodwa ngaso sonke isikhathi lapho ngimosha okuthile, ngafunda okusha. Ngalokhu okuhlangenwe nakho, ngizokwabelana ngezinye zezifundo ezibaluleke kakhulu engizifundile.
Π£ΡΠΎΠΊ 1: ΠΏΡΠΎΠ²Π΅ΡΡΠΉΡΠ΅ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΡ ΠΏΠ΅ΡΠ΅Π΄ ΡΠ΅ΠΌ, ΠΊΠ°ΠΊ ΡΠ°Π·Π²Π΅ΡΠ½ΡΡΡ ΠΈΡ
Ngafunda lesi sifundo ngokushesha ngemva kokuqala ukusebenza ukwakheka kwamafu. Angikhumbuli ukuthi yini ngempela engaphula ngaleso sikhathi, kodwa ngiyakhumbula nakanjani ukuthi ngasebenzisa umyalo isibuyekezo se-aws cloudformation. Lo myalo uvele ukhiphe isifanekiso ngaphandle kokuqinisekiswa kwezinguquko ezizosetshenziswa. Angicabangi ukuthi kukhona incazelo edingekayo yokuthi kungani kufanele uhlole zonke izinguquko ngaphambi kokuzisebenzisa.
Ngemva kwalokhu kwehluleka, ngashintsha ngokushesha ipayipi yokuthunyelwa, esikhundleni somyalo wokubuyekeza ngomyalo dala-shintsha-setha
# OPERATION is either "UPDATE" or "CREATE"
changeset_id=$(aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "$OPERATION"
--parameters "$PARAMETERS"
--output text
--query Id)
aws cloudformation wait
change-set-create-complete --change-set-name "$changeset_id"
Uma isethi yoshintsho seyidaliwe, ayinawo umthelela kusitaki esikhona. Ngokungafani nomyalo wokuvuselela, indlela ye-changeset ayibangeli ukuthunyelwa kwangempela. Kunalokho, idala uhlu lwezinguquko ongazibuyekeza ngaphambi kokusetshenziswa. Ungabuka izinguquko kusixhumi esibonakalayo se-aws console. Kepha uma ukhetha ukwenza ngokuzenzakalelayo konke ongakwenza, bese ubheka ku-CLI:
# this command is presented only for demonstrational purposes.
# the real command should take pagination into account
aws cloudformation describe-change-set
--change-set-name "$changeset_id"
--query 'Changes[*].ResourceChange.{Action:Action,Resource:ResourceType,ResourceId:LogicalResourceId,ReplacementNeeded:Replacement}'
--output tableLo myalo kufanele ukhiqize okukhiphayo okufana nokulandelayo:
--------------------------------------------------------------------
| DescribeChangeSet |
+---------+--------------------+----------------------+------------+
| Action | ReplacementNeeded | Resource | ResourceId |
+---------+--------------------+----------------------+------------+
| Modify | True | AWS::ECS::Cluster | MyCluster |
| Replace| True | AWS::RDS::DBInstance| MyDB |
| Add | None | AWS::SNS::Topic | MyTopic |
+---------+--------------------+----------------------+------------+Naka kakhulu izinguquko lapho kukhona Isenzo Faka esikhundleni, Susa noma kuphi ReplacementNeeded β True. Lezi izinguquko eziyingozi kakhulu futhi ngokuvamile ziholela ekulahlekelweni kolwazi.
Uma izinguquko sezibuyekeziwe, zingase zisetshenziswe
aws cloudformation execute-change-set --change-set-name "$changeset_id"
operation_lowercase=$(echo "$OPERATION" | tr '[:upper:]' '[:lower:]')
aws cloudformation wait "stack-${operation_lowercase}-complete"
--stack-name "$STACK_NAME"Isifundo 2: Sebenzisa inqubomgomo yesitaki ukuze uvimbele izinsiza ezisemthethweni ukuthi zingashintshwa noma zisuswe
Ngezinye izikhathi ukumane ubuke izinguquko akwanele. Sonke singabantu futhi siyawenza amaphutha. Ngokushesha ngemva kokuba siqale ukusebenzisa ama-changeset, ozakwethu weqembu ngokungazi wenze ukuthunyelwa okuholele ekubuyekezweni kwedathabheyisi. Akukho okubi okwenzekile ngoba bekuyindawo yokuhlola.
Ngisho noma imibhalo yethu ibonise uhlu lwezinguquko futhi yacela ukuqinisekiswa, ushintsho lwe-Replace lweqiwa ngenxa yokuthi uhlu lwezinguquko lwalulukhulu kangangokuthi lwalungangeni esikrinini. Futhi njengoba lokhu bekuyisibuyekezo esijwayelekile endaweni yokuhlola, akunakwa kakhulu izinguquko.
Kunezinsiza ongafuni ukuzishintsha noma uzisuse. Lawa ngamasevisi aphelele, njengesibonelo sesizindalwazi se-RDS noma iqoqo le-elasticsearch, njll. Kungaba kuhle uma i-aws inganqaba ngokuzenzakalelayo ukusetshenziswa uma umsebenzi owenziwayo uzodinga ukususa insiza enjalo. Ngenhlanhla, i-cloudformation inendlela eyakhelwe ngaphakathi yokwenza lokhu. Lokhu kubizwa ngenqubomgomo yesitaki, futhi ungafunda kabanzi ngakho kuyo :
STACK_NAME=$1
RESOURCE_ID=$2
POLICY_JSON=$(cat <<EOF
{
"Statement" : [{
"Effect" : "Deny",
"Action" : [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource" : "LogicalResourceId/$RESOURCE_ID"
}]
}
EOF
)
aws cloudformation set-stack-policy --stack-name "$STACK_NAME"
--stack-policy-body "$POLICY_JSON"Isifundo 3: Sebenzisa UsePreviousValue lapho ubuyekeza isitaki esinamapharamitha ayimfihlo
Uma udala ibhizinisi le-RDS mysql, i-AWS idinga ukuthi unikeze i-MasterUsername kanye ne-MasterUserPassword. Njengoba kungcono ukungagcini izimfihlo kukhodi yomthombo futhi bengifuna ukwenza yonke into ngokuzenzakalelayo, ngenze "i-smart mechanism" lapho ngaphambi kokuthunyelwa kuzotholakala khona iziqinisekiso ezivela ku-s3, futhi uma iziqinisekiso zingatholakali, iziqinisekiso ezintsha ziyakhiqizwa futhi agcinwe ku-s3.
Lezi zifakazo zizobe sezidluliswa njengamapharamitha kumyalo we-cloudformation create-change-set. Ngenkathi ngizama ngeskripthi, kwenzeka ukuthi ukuxhumeka ku-s3 kulahleke, futhi "i-smart mechanism" yami ikuphathe njengesignali yokukhiqiza izifakazelo ezintsha.
Uma ngiqale ukusebenzisa lesi skripthi ekukhiqizeni futhi inkinga yokuxhumeka yenzeka futhi, izobuyekeza isitaki ngemininingwane entsha. Kulokhu, akukho okubi okuzokwenzeka. Kodwa-ke, ngayishiya le ndlela futhi ngaqala ukusebenzisa enye, ngihlinzeka ngemininingwane kanye kuphela - lapho ngidala isitaki. Futhi kamuva, lapho isitaki sidinga ukubuyekezwa, esikhundleni sokucacisa inani eliyimfihlo lepharamitha, ngizomane ngisebenzise UsePreviousValue=iqiniso:
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--parameters "ParameterKey=MasterUserPassword,UsePreviousValue=true"Isifundo 4: Sebenzisa ukumiswa kokuhlehlisa
Elinye iqembu engangisebenza nalo lasebenzisa lo msebenzi ukwakheka kwamafuebizwa ukucushwa kwe-rollback. Ngangingakaze ngikubone ngaphambili futhi ngokushesha ngabona ukuthi kuzokwenza ukusabalalisa izitaki zami kuphole nakakhulu. Manje ngiyisebenzisa njalo uma ngiphakela ikhodi yami ku-lambda noma ku-ECS ngisebenzisa i-cloudformation.
Isebenza kanjani: uyacacisa I-alamu ye-CloudWatch kupharamitha --rollback-configurationuma udala isethi yokushintsha. Kamuva, uma wenza isethi yezinguquko, i-aws iqapha i-alamu okungenani iminithi elilodwa. Ibuyisela ukusetshenziswa uma i-alamu ishintsha isimo sibe yi-ALARM ngalesi sikhathi.
Ngezansi kunesibonelo sengcaphuno yesifanekiso ukwakheka kwamafuengidala ngayo i-alamu ye-cloudwatch, elandelela imethrikhi yomsebenzisi wefu njengenani lamaphutha kulogi yamafu (imethrikhi ikhiqizwa nge- I-MetricFilter):
Resources:
# this metric tracks number of errors in the cloudwatch logs. In this
# particular case it's assumed logs are in json format and the error logs are
# identified by level "error". See FilterPattern
ErrorMetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: !Sub '{$.level = "error"}'
MetricTransformations:
- MetricNamespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
MetricValue: 1
DefaultValue: 0
ErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub "${AWS::StackName}-errors"
Namespace: !Sub "${AWS::StackName}-log-errors"
MetricName: Errors
Statistic: Maximum
ComparisonOperator: GreaterThanThreshold
Period: 1 # 1 minute
EvaluationPeriods: 1
Threshold: 0
TreatMissingData: notBreaching
ActionsEnabled: yesManje i-alamu ingasetshenziswa njenge ukubuyela emuva vula lapho usebenzisa ibhokisi lamathuluzi:
ALARM_ARN=$1
ROLLBACK_TRIGGER=$(cat <<EOF
{
"RollbackTriggers": [
{
"Arn": "$ALARM_ARN",
"Type": "AWS::CloudWatch::Alarm"
}
],
"MonitoringTimeInMinutes": 1
}
EOF
)
aws cloudformation create-change-set
--change-set-name "$CHANGE_SET_NAME"
--stack-name "$STACK_NAME"
--template-body "$TPL_PATH"
--change-set-type "UPDATE"
--rollback-configuration "$ROLLBACK_TRIGGER"Isifundo 5: Qiniseka ukuthi usebenzisa inguqulo yakamuva yesifanekiso
Kulula ukuphakela inguqulo encane kuneyakamuva yesifanekiso se-cloudformation, kodwa ukwenza kanjalo kuzodala umonakalo omkhulu. Lokhu kwenzeka kithi kanye: unjiniyela akazange asunduze izinguquko zakamuva ezivela ku-Git futhi ngokungazi ukhiphe inguqulo yangaphambilini yesitaki. Lokhu kubangele isikhathi sokuphumula sohlelo lokusebenza olusebenzise lesi sitaki.
Okuthile okulula njengokwengeza isheke ukuze ubone ukuthi igatsha lisesikhathini samanje ngaphambi kokuzibophezela kulo kuzolunga (kucatshangwa ukuthi i-git iyithuluzi lakho lokulawula inguqulo):
git fetch
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse master@{upstream})
if [[ "$HEADHASH" != "$UPSTREAMHASH" ]] ; then
echo "Branch is not up to date with origin. Aborting"
exit 1
fiΠ£ΡΠΎΠΊ 6: Π½Π΅ ΠΈΠ·ΠΎΠ±ΡΠ΅ΡΠ°ΠΉΡΠ΅ Π²Π΅Π»ΠΎΡΠΈΠΏΠ΅Π΄
Kungase kubonakale sengathi kuthunyelwa nge ukwakheka kwamafu - kulula. Udinga nje inqwaba yemibhalo ye-bash ekhipha imiyalo ye-aws cli.
Eminyakeni engu-4 edlule ngaqala ngemibhalo elula ebizwa ngokuthi i-aws cloudformation create-stack command. Ngokushesha umbhalo awubange usabalula. Isifundo ngasinye esifundiwe senza umbhalo waba nzima nakakhulu. Kwakungenzima nje kuphela, kodwa futhi kwakugcwele izimbungulu.
Njengamanje ngisebenza emnyangweni omncane we-IT. Isipiliyoni sikhombisile ukuthi iqembu ngalinye linendlela yalo yokuthumela izitaki ze-cloudformation. Futhi lokho kubi. Kungaba ngcono uma wonke umuntu ethatha indlela efanayo. Ngenhlanhla, kunamathuluzi amaningi atholakalayo ukukusiza ukuthi usebenzise futhi ulungiselele izitaki ze-cloudformation.
Lezi zifundo zizokusiza ugweme amaphutha.
Source: www.habr.com