如何解决AWS CloudFormation,堆栈更新不会修改我的 EC2 配置
我试图确保我的 CloudFormation 创建了一个可以使用 Update 或 ChangeSets 修改的堆栈。我意识到我必须使用 cfn-hup 和 init 脚本来实现这一点,而且我似乎可以在我的 CloudFormation 文件中更新 SecurityGroups,但它根本不会改变实际的网络服务器基础设施。我以为我可以添加/删除包或更新配置文件,并且这些更改会得到反映。
这不可能吗? (我使用的是亚马逊 Linux 2)
这是我的文件。我觉得这应该是更新 Nginx 配置文件(如果它发生变化)?
据我所知,使用 services.sysvinit.Nginx.files
阅读 AWS 文档应该跟踪我列出的 Nginx 配置,如果检测到更改,则在迁移后重新加载 Nginx。它还应该使用对我拥有的 server {}
块的任何新更改来更新 Nginx 文件。
AWstemplateFormatVersion: "2010-09-09"
Parameters:
VPC:
Description: "ID of VPC"
Type: String
AMI:
Description: "ID of base image"
Type: String
KeyName:
Description: "Name of an existing EC2 KeyPair to enable SSH access to the instance"
Type: "AWS::EC2::KeyPair::KeyName"
ConstraintDescription: "Must be the name of an existing EC2 KeyPair."
InstanceType:
Description: "Amazon Instance Type"
Default: t2.micro
Type: String
SSHLocation:
Description: "IP address range that can be used to SSH to EC2 Instance"
Type: String
MinLength: 9
MaxLength: 18
Default: 0.0.0.0/0
Resources:
ApiEc2Instance:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
configSets:
InstallAndRun:
- Configure
- Install
# install packages and setup files
Install:
packages:
yum:
PHP: []
PHP-fpm: []
PHP-mbstring: []
PHP-bcmath: []
PHP-pdo: []
Nginx: []
files:
/etc/Nginx/conf.d/default.conf:
content: !Sub |
server {
listen 80;
root /var/www/html;
index index.PHP index.html index.htm;
gzip on;
gzip_vary off;
gzip_proxied static;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain application/json;
charset utf-8;
location / {
try_files $uri $uri/ /index.PHP?$query_string;
}
location ~ \.PHP$ {
try_files $uri /index.PHP =404;
fastcgi_split_path_info ^(.+\.PHP)(/.+)$;
fastcgi_pass unix:/var/run/PHP-fpm/www.sock;
fastcgi_index index.PHP;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
/etc/PHP.d/default.ini:
content: !Sub |
display_errors = On
/etc/cfn/cfn-hup.conf:
content: !Sub |
[main]
stack=${AWS::StackId}
region=${AWS::Region}
verbose=1
interval=5
mode: 000400
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
triggers=post.update
path=Resources.ApiEc2Instance.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource ApiEc2Instance --configsets InstallAndRun --region ${AWS::Region}
runas=root
mode: 000400
owner: root
group: root
services:
sysvinit:
Nginx:
enabled: true
ensureRunning: true
files:
- /etc/Nginx/conf.d/default.conf
cfn-hup:
enabled: true
ensureRunning: true
files:
- /etc/cfn/cfn-hup.conf
- /etc/cfn/hooks.d/cfn-auto-reloader.conf
# configure any separate execution scripts
Configure:
commands:
01_update_PHP:
command: "amazon-linux-extras enable PHP7.4 Nginx1 ansible2"
test: "! grep -Fxq '[amzn2extra-PHP7.4]' /etc/yum.repos.d/amzn2-extras.repo"
Properties:
ImageId: !Ref "AMI"
InstanceType: !Ref "InstanceType"
SecurityGroupIds:
- !Ref ApiSSHSecurityGroup
- !Ref ApiWebSecurityGroup
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: "API SandBox"
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
yum update -y aws-cfn-bootstrap
# Install the files and packages from the Metadata
/opt/aws/bin/cfn-init -v \
--stack ${AWS::StackName} \
--resource ApiEc2Instance \
--configsets InstallAndRun \
--region ${AWS::Region}
# Signal the status from cfn-init
/opt/aws/bin/cfn-signal -e $? \
--stack ${AWS::StackName} \
--resource ApiEc2Instance \
--region ${AWS::Region}
#
service Nginx reload
CreationPolicy:
ResourceSignal:
Timeout: PT5M
ApiSSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: API SSH Admins
GroupDescription: Enable public access via port 22
VpcId: !Ref "VPC"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref "SSHLocation"
ApiWebSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: API Public Web
GroupDescription: Enable public web access via multiple ports
VpcId: !Ref "VPC"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
解决方法
基于聊天讨论。
hup
需要 default 15 分钟来刷新。因此,这个问题是由于这次没有等待导致的,因为 hup
似乎在 15 分钟内失败或什么都不做。
可以使用 interval
变量调整时间,如 docs 所示。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。