aws(学习笔记第十五课)
- 如何从灾难中恢复
学习内容:
- 使用
CloudWatch对服务器进行监视与恢复 - 区域(
region),可用区(available zone)和子网(subnet) - 使用自动扩展(
AutoScalingGroup)
1. 使用CloudWatch对服务器进行监视与恢复
- 整体架构
这里模拟Jenkins Server在灾难时候,可以由AWS Cloudwatch Alarm监视到,之后将其recover。
在这里,elastic ip定义了,并且将其指向了Jenkins Server。为什么平时没有使用elastic ip,这里特意使用它呢。
因为默认如果让AWS自动配置给ec2的internet ip,都是临时的ip,每次ec2实例重启了之后,都会重新分配ip。但是作为Jenkins Server来使用,并且一旦从灾难中recover之后,ip address变化的话,运用起来将会特别不方便。
2. 代码解析
- 代码
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": " (Jenkins (CI server) running on EC2 with AWS CloudWatch recovery)", "Parameters": { "KeyName": { "Description": "Key Pair name", "Type": "AWS::EC2::KeyPair::KeyName", "Default": "my-cli-key" }, "JenkinsAdminPassword": { "Description": "Password for Jenkins admin user", "Type": "String", "AllowedPattern" : "[a-zA-Z0-9]*", "MinLength" : "8", "MaxLength" : "42" } }, "Mappings": { "EC2RegionMap": { "ap-northeast-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb"}, "ap-southeast-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a"}, "ap-southeast-2": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7"}, "eu-central-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5"}, "eu-west-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6"}, "sa-east-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8"}, "us-east-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776"}, "us-west-1": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295"}, "us-west-2": { "AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7"} } }, "Resources": { "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "CidrBlock": "10.0.0.0/16", "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] } }, "Subnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPC" }, "AvailabilityZone": { "Fn::Select": ["0", { "Fn::GetAZs": ""}]}, "CidrBlock": "10.0.0.0/24", "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] } }, "InternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] } }, "GatewayToInternet": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPC" }, "InternetGatewayId": { "Ref": "InternetGateway" } } }, "RouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] } }, "InternetRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "RouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "InternetGateway" } }, "DependsOn": "GatewayToInternet" }, "RouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "Subnet" }, "RouteTableId": { "Ref": "RouteTable" } } }, "NetworkAcl": { "Type": "AWS::EC2::NetworkAcl", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] } }, "NetworkAceSSH": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "10", "Protocol": "6", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "22", "To": "22" } } }, "NetworkAceJenkinsHTTP": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "11", "Protocol": "6", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "8080", "To": "8080" } } }, "NetworkAceNTP": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "20", "Protocol": "17", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "123", "To": "123" } } }, "NetworkAceICMP": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "30", "Protocol": "1", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "Icmp": { "Code": "-1", "Type": "-1" } } }, "NetworkAceHighPortsTCP": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "40", "Protocol": "6", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "1024", "To": "65535" } } }, "NetworkAceHighPortsUDP": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "41", "Protocol": "17", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "1024", "To": "65535" } } }, "NetworkAceEgress": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "10", "Protocol": "-1", "RuleAction": "allow", "Egress": "true", "CidrBlock": "0.0.0.0/0", "PortRange": { "From": "0", "To": "65535" } } }, "NetworkAclAssociation": { "Type": "AWS::EC2::SubnetNetworkAclAssociation", "Properties": { "SubnetId": { "Ref": "Subnet" }, "NetworkAclId": { "Ref": "NetworkAcl" } } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "SecurityGroupforjenkins", "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ], "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "8080", "ToPort": "8080", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "icmp", "FromPort": "-1", "ToPort": "-1", "CidrIp": "0.0.0.0/0" } ] } }, "ElasticIP": { "Type": "AWS::EC2::EIP", "Properties": { "InstanceId": { "Ref": "Server"}, "Domain": "vpc" }, "DependsOn": "GatewayToInternet" }, "Server": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Fn::FindInMap": ["EC2RegionMap", { "Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]}, "InstanceType": "t2.micro", "KeyName": { "Ref": "KeyName"}, "SecurityGroupIds": [{ "Ref": "SecurityGroup"}], "SubnetId": { "Ref": "Subnet"}, "UserData": { "Fn::Base64": { "Fn::Join": ["", [ "#!/bin/bash -ex\n", "wget http://pkg.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm\n", "rpm --install jenkins-1.616-1.1.noarch.rpm\n", "sed -i -e 's/JENKINS_ARGS=\\\"\\\"/JENKINS_ARGS=\\\"--argumentsRealm.passwd.admin=", { "Ref": "JenkinsAdminPassword"}, " --argumentsRealm.roles.admin=admin\\\"/g' /etc/sysconfig/jenkins\n", "echo \"<?xml version='1.0' encoding='UTF-8'?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class=\\\"hudson.security.FullControlOnceLoggedInAuthorizationStrategy\\\"/><securityRealm class=\\\"hudson.security.LegacySecurityRealm\\\"/></hudson>\" > /var/lib/jenkins/config.xml\n", "service jenkins start\n" ]]}}, "Tags": [ { "Key": "Name", "Value": "jenkins-recovery" } ] }, "DependsOn": "GatewayToInternet" }, "RecoveryAlarm": { "Type": "AWS::CloudWatch::Alarm", &#
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
