《理解亞馬遜 Amazon AWS CloudFormation》要點：
本文介紹了理解亞馬遜 Amazon AWS CloudFormation，希望對您有用。如果有疑問，可以聯系我們。

Amazon最初始推出AWS時候,提供給用戶的是虛擬機(EC2),存儲(Volume),彈性IP(Elastic IP)等這些在云計算中被劃分為基礎設施層(I層)的資源.
稍后AWS又推出了RDS(Relation Database Service),用戶可以申請MySQL,Oracle,Postgres,SQLServer這些數據庫實例(DBInstance).這個在云計算中被劃分為平臺層(P層).
到目前位置,AWS的利潤也只是上面說到的I層和P層資源得到,用戶只有使用了這些資源,才需要付費.

AWS為了方便用戶申請這些資源.開發了CloudFormation這個工具.
CloudFormation實現的功能是維護一個資源申請模版的生命周期.包括資源的申明,創建,銷毀,監控(通過CloudWatch監控,CloudWatch是AWS提供的監控服務).
這個模板在AWS中命名為Stack.

因此我們學習CloudFormation,就是需要掌握Stack的含義.

在學習Stack之前,需要再補充說明亮點：

1. AWS根據一些用戶典型場景,定義了一些典型場景下的Stack模版,供用戶使用.如安裝一個WordPress服務器的模板.安裝Wordpress服務器,需要至少一個服務器,一個EIP,一個MySQL實例.
2. Stack模板中有很多關于安全的資源定義,如SecurityGroup,這些我們不講解.我們只關注I層和P層資源的申請.

我們以Wordpress的Stack模板,講解如何通過Stack申請資源(I層和P層資源).我們以注解方式說明,綠色為注解.
講解使用的Sample Stack下載地址：https://s3.amazonaws.com/cloudformation-templates-us-east-1/WordPress_Single_Instance_With_RDS.template

Stack是一個JSON文件.

{
//Stack的版本信息,下面的JSON格式是2010-09-09版本的.
“AWSTemplateFormatVersion” : “2010-09-09”,

//Stack描述信息
“Description” : “AWS CloudFormation Sample Template WordPress_Single_Instance_With_RDS: WordPress is web software you can use to create a beautiful website or blog. This template installs a single-instance WordPress deployment using an Amazon RDS database instance for storage. It demonstrates using the AWS CloudFormation bootstrap scripts to install packages and files at instance launch time. **WARNING** This template creates an Amazon EC2 instance and an Amazon RDS database instance. You will be billed for the AWS resources used if you create a stack from this template.”,

//Stack的參數.這些參數會在執行Stack時候,生成界面,讓用戶輸入.
//參數可以被Stack中其他元素通過名稱引用.
“Parameters” : {

“KeyName”: {
“Description” : “Name of an existing EC2 KeyPair to enable SSH access to the instances”,
“Type”: “String”,
“MinLength”: “1”,
“MaxLength”: “255”,
“AllowedPattern” : “[\\x20-\\x7E]*”,
“ConstraintDescription” : “can contain only ASCII characters.”
},

“InstanceType” : {
“Description” : “WebServer EC2 instance type”,
“Type” : “String”,
“Default” : “m1.small”,
“AllowedValues” : [ “t1.micro”,”m1.small”,”m1.medium”,”m1.large”,”m1.xlarge”,”m2.xlarge”,”m2.2xlarge”,”m2.4xlarge”,”m3.xlarge”,”m3.2xlarge”,”c1.medium”,”c1.xlarge”,”cc1.4xlarge”,”cc2.8xlarge”,”cg1.4xlarge”],
“ConstraintDescription” : “must be a valid EC2 instance type.”
},

“DBClass” : {
“Default” : “db.m1.small”,
“Description” : “Database instance class”,
“Type” : “String”,
“AllowedValues” : [ “db.m1.small”, “db.m1.large”, “db.m1.xlarge”, “db.m2.xlarge”, “db.m2.2xlarge”, “db.m2.4xlarge” ],
“ConstraintDescription” : “must select a valid database instance type.”
},

“DBName” : {
“Default”: “wordpress”,
“Description” : “The WordPress database name”,
“Type”: “String”,
“MinLength”: “1”,
“MaxLength”: “64”,
“AllowedPattern” : “[a-zA-Z][a-zA-Z0-9]*”,
“ConstraintDescription” : “must begin with a letter and contain only alphanumeric characters.”
},

“DBUsername” : {
“Default”: “admin”,
“NoEcho”: “true”,
“Description” : “The WordPress database admin account username”,
“Type”: “String”,
“MinLength”: “1”,
“MaxLength”: “16”,
“AllowedPattern” : “[a-zA-Z][a-zA-Z0-9]*”,
“ConstraintDescription” : “must begin with a letter and contain only alphanumeric characters.”
},

“DBPassword” : {
“Default”: “password”,
“NoEcho”: “true”,
“Description” : “The WordPress database admin account password”,
“Type”: “String”,
“MinLength”: “8”,
“MaxLength”: “41”,
“AllowedPattern” : “[a-zA-Z0-9]*”,
“ConstraintDescription” : “must contain only alphanumeric characters.”
},

“DBAllocatedStorage” : {
“Default”: “5”,
“Description” : “The size of the database (Gb)”,
“Type”: “Number”,
“MinValue”: “5”,
“MaxValue”: “1024”,
“ConstraintDescription” : “must be between 5 and 1024Gb.”
},
“SSHLocation” : {
“Description” : ” The IP address range that can be used to SSH to the EC2 instances”,
“Type”: “String”,
“MinLength”: “9”,
“MaxLength”: “18”,
“Default”: “0.0.0.0/0”,
“AllowedPattern”: “(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})”,
“ConstraintDescription”: “must be a valid IP CIDR range of the form x.x.x.x/x.”
}
},

//EC2的配置與CPU架構的映射關系.t1.micro是EC2的一個配置,用戶只能選擇某個EC2配置,而不能隨意指定.
//EC2的配置包含CPU內存的配置.
“Mappings” : {
“AWSInstanceType2Arch” : {
“t1.micro” : { “Arch” : “64” },
“m1.small” : { “Arch” : “64” },
“m1.medium” : { “Arch” : “64” },
“m1.large” : { “Arch” : “64” },
“m1.xlarge” : { “Arch” : “64” },
“m2.xlarge” : { “Arch” : “64” },
“m2.2xlarge” : { “Arch” : “64” },
“m2.4xlarge” : { “Arch” : “64” },
“m3.xlarge” : { “Arch” : “64” },
“m3.2xlarge” : { “Arch” : “64” },
“c1.medium” : { “Arch” : “64” },
“c1.xlarge” : { “Arch” : “64” },
“cc1.4xlarge” : { “Arch” : “64HVM” },
“cc2.8xlarge” : { “Arch” : “64HVM” },
“cg1.4xlarge” : { “Arch” : “64HVM” }
},

//AMI與CPU架構和AWS Zone的映射關系.AMI是AWS Machine Image,對應傳統服務器就是鏡像.
“AWSRegionArch2AMI” : {
“us-east-1” : { “32” : “ami-31814f58”, “64” : “ami-1b814f72”, “64HVM” : “ami-0da96764” },
“us-west-2” : { “32” : “ami-38fe7308”, “64” : “ami-30fe7300”, “64HVM” : “NOT_YET_SUPPORTED” },
“us-west-1” : { “32” : “ami-11d68a54”, “64” : “ami-1bd68a5e”, “64HVM” : “NOT_YET_SUPPORTED” },
“eu-west-1” : { “32” : “ami-973b06e3”, “64” : “ami-953b06e1”, “64HVM” : “NOT_YET_SUPPORTED” },
“ap-southeast-1” : { “32” : “ami-b4b0cae6”, “64” : “ami-beb0caec”, “64HVM” : “NOT_YET_SUPPORTED” },
“ap-southeast-2” : { “32” : “ami-b3990e89”, “64” : “ami-bd990e87”, “64HVM” : “NOT_YET_SUPPORTED” },
“ap-northeast-1” : { “32” : “ami-0644f007”, “64” : “ami-0a44f00b”, “64HVM” : “NOT_YET_SUPPORTED” },
“sa-east-1” : { “32” : “ami-3e3be423”, “64” : “ami-3c3be421”, “64HVM” : “NOT_YET_SUPPORTED” }
}
},

//資源的申明.必選.
//AWS定義了一個資源清單,每個資源有一個Type,Type的值只能從已有的資源類型選擇,不能隨意指定.
“Resources” : {

//申請一個EC2實例.這個實例的邏輯名稱為WebServer.
//每個資源有一個邏輯名稱,在Stack中唯一；當資源創建出來之后,有一個全局唯一的物理ID(PhysicalID),由AWS分配.邏輯名稱與PhysicalID對應.
“WebServer”: {
“Type”: “AWS::EC2::Instance”,
“Metadata” : {
“AWS::CloudFormation::Init” : {
“config” : {
“packages” : {
“yum” : {
“httpd” : [],
“php” : [],
“php-mysql” : []
}
},
“sources” : {
“/var/www/html” : “http://wordpress.org/latest.tar.gz”
},
“files” : {
“/var/www/html/wordpress/wp-config.php” : {
“content” : { “Fn::Join” : [“”, [
“<?php\n”,
“define(‘DB_NAME’, ‘”, {“Ref” : “DBName”}, “‘);\n”,
“define(‘DB_USER’, ‘”, {“Ref” : “DBUsername”}, “‘);\n”,
“define(‘DB_PASSWORD’, ‘”, {“Ref” : “DBPassword” }, “‘);\n”,
“define(‘DB_HOST’, ‘”, {“Fn::GetAtt” : [“DBInstance”, “Endpoint.Address”]},”‘);\n”,
“define(‘DB_CHARSET’, ‘utf8’);\n”,
“define(‘DB_COLLATE’, ”);\n”
]] },
“mode” : “000644”,
“owner” : “root”,
“group” : “root”
}
},
“services” : {
“sysvinit” : {
“httpd” : { “enabled” : “true”, “ensureRunning” : “true” },
“sendmail” : { “enabled” : “false”, “ensureRunning” : “false” }
}
}
}
}
},
“Properties”: {
//在屬性中指定EC2的鏡像包AMI.Stack支持FindInMap函數和Ref函數.
//ImageId的值就是通過在AWSRegionArch2AMI這個Map中找指定Zone的鏡像.
//其中Zone的名稱引用引用AWS::Region這個全局函數返回的值,就是獲取當前租戶的Zone.
“ImageId” : { “Fn::FindInMap” : [ “AWSRegionArch2AMI”, { “Ref” : “AWS::Region” },
{ “Fn::FindInMap” : [ “AWSInstanceType2Arch”, { “Ref” : “InstanceType” }, “Arch” ] } ] },
//EC2實例的類型,引用前面Paramters定義的InstanceType值,這個值由用戶輸入.
“InstanceType” : { “Ref” : “InstanceType” },
“SecurityGroups” : [ {“Ref” : “WebServerSecurityGroup”} ],
“KeyName” : { “Ref” : “KeyName” },

//Stack還支持用戶鉤子腳本執行配置EC2的操作
“UserData” : { “Fn::Base64” : { “Fn::Join” : [“”, [
“#!/bin/bash\n”,
“yum update -y aws-cfn-bootstrap\n”,

“/opt/aws/bin/cfn-init -s “, { “Ref” : “AWS::StackId” }, ” -r WebServer “,
” –region “, { “Ref” : “AWS::Region” }, “\n”,

“/opt/aws/bin/cfn-signal -e $? ‘”, { “Ref” : “WaitHandle” }, “‘\n”,

“# Setup correct file ownership\n”,
“chown -R apache:apache /var/www/html/wordpress\n”,

“# Add keys and salts to the config file\n”,
“wp_config=/var/www/html/wordpress/wp-config.php\n”,
“GET https://api.wordpress.org/secret-key/1.1/salt/ >> $wp_config\n”,
“echo \”define(‘WPLANG’ , ”);\” >> $wp_config\n”,
“echo \”define(‘WP_DEBUG’ , false);\” >> $wp_config\n”,
“echo \”\\$table_prefix = ‘wp_’;\” >> $wp_config\n”,
“echo \”if ( !defined(‘ABSPATH’) )\” >> $wp_config\n”,
“echo \” define(‘ABSPATH’, dirname(__FILE__) . ‘/’);\” >> $wp_config\n”,
“echo \”require_once(ABSPATH . ‘wp-settings.php’);\” >> $wp_config\n”

]]}}
}
},

“WaitHandle” : {
“Type” : “AWS::CloudFormation::WaitConditionHandle”
},

“WaitCondition” : {
“Type” : “AWS::CloudFormation::WaitCondition”,
“DependsOn” : “WebServer”,
“Properties” : {
“Handle” : {“Ref” : “WaitHandle”},
“Timeout” : “600”
}
},

//數據庫實例.AWS提供給用戶的是數據庫實例,而不是某個數據庫.用戶得到數據庫實例的信息之后,可以自行創建數據庫.
//AWS還支持創建實例的時候創建數據庫,這種場景通常是一個實例一個數據庫.下面的DBName參數是可選的.
“DBInstance” : {
“Type”: “AWS::RDS::DBInstance”,
“Properties”: {
“DBName” : { “Ref” : “DBName” },
“Engine” : “MySQL”,
“MasterUsername” : { “Ref” : “DBUsername” },
“DBInstanceClass” : { “Ref” : “DBClass” },
“DBSecurityGroups” : [{ “Ref” : “DBSecurityGroup” }],
“AllocatedStorage” : { “Ref” : “DBAllocatedStorage” },
“MasterUserPassword”: { “Ref” : “DBPassword” }
}
},

“DBSecurityGroup”: {
“Type”: “AWS::RDS::DBSecurityGroup”,
“Properties”: {
“DBSecurityGroupIngress”: { “EC2SecurityGroupName”: { “Ref”: “WebServerSecurityGroup”} },
“GroupDescription” : “Frontend Access”
}
},

“WebServerSecurityGroup” : {
“Type” : “AWS::EC2::SecurityGroup”,
“Properties” : {
“GroupDescription” : “Enable HTTP access via port 80 and SSH access”,
“SecurityGroupIngress” : [
{“IpProtocol” : “tcp”, “FromPort” : “80”, “ToPort” : “80”, “CidrIp” : “0.0.0.0/0”},
{“IpProtocol” : “tcp”, “FromPort” : “22”, “ToPort” : “22”, “CidrIp” : { “Ref” : “SSHLocation”}}
]
}
}
},

//用戶自定義的輸出.這個是Stack創建完成了之后,暴露給外部訪問的入口.
//如這里的一個Output為Wordpress安裝好了之后的訪問地址.
//同學們可能會由疑問,Wordpress在哪里安裝好的呢?在AMI鏡像包中包含了Wordpress安裝包!
“Outputs” : {
“WebsiteURL” : {
“Value” : { “Fn::Join” : [“”, [“http://”, { “Fn::GetAtt” : [ “WebServer”, “PublicDnsName” ]}, “/wordpress”]] },
“Description” : “WordPress Website”
}
}
}

轉載請注明本頁網址：
http://www.snjht.com/jiaocheng/4629.html