我需要创建不使用自动缩放的ECS群集。
这是由于ASG不支持专用主机(DH),租户=主机。 DH主要用于节省成本,在某些情况下,即使我们不能使用ASG,节省费用也是值得的。
我知道可以使用Macros和使用Lambda备份的自定义资源]或使用Troposphere遍历实例来完成此操作。
但是从相同或任何其他方法的任何示例开始,将不胜感激。
下面是我的appsec.yaml模板文件:
AWSTemplateFormatVersion: 2010-09-09
Description: Provision Platform Container Service
Parameters:
PlatformCluster:
Type: String
PlatformClusterNotifications:
Type: String
PlatformClusterLifecycleNotification:
Type: String
Product:
Type: String
Environment:
Type: String
CDRevisionLoc:
Type: String
ClusterIdentifier:
Type: Number
ClusterMinSize:
Type: Number
ClusterMaxSize:
Type: Number
ClusterSubnets:
Type: List<AWS::EC2::Subnet::Id>
NodeImageId:
Type: AWS::EC2::Image::Id
NodeOSVolumeSize:
Type: Number
MinValue: 8
NodeInstanceRole:
Type: String
NodeInstanceProfile:
Type: String
NodeKeyName:
Type: AWS::EC2::KeyPair::KeyName
NodeInstanceType:
Type: String
NodeSecurityGroups:
Type: List<AWS::EC2::SecurityGroup::Id>
HanoverSchedule:
Type: String
Mappings:
InstanceStoreDevices:
"i3.2xlarge":
DEVS: "/dev/nvme0n1"
"i3.4xlarge":
DEVS: "/dev/nvme0n1 /dev/nvme1n1"
"i3.8xlarge":
DEVS: "/dev/nvme0n1 /dev/nvme1n1 /dev/nvme2n1 /dev/nvme3n1"
"m5d.2xlarge":
DEVS: "/dev/nvme1n1"
"m5d.4xlarge":
DEVS: "/dev/nvme1n1 /dev/nvme2n1"
"c5d.2xlarge":
DEVS: "/dev/nvme1n1"
"c5d.4xlarge":
DEVS: "/dev/nvme1n1"
"c5d.9xlarge":
DEVS: "/dev/nvme1n1"
Resources:
PlatformClusterLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Init:
configSets:
all: [install_cfn, update_ecs_agent, faro_self_install]
install_cfn:
files:
/etc/cfn/cfn-hup.conf:
content: !Sub |
[main]
stack=${AWS::StackId}
region=${AWS::Region}
interval=5
mode: '000400'
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
runas=root
triggers=post.update
path=Resources.PlatformClusterLaunchConfiguration.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource PlatformClusterLaunchConfiguration --configsets all --region ${AWS::Region}
mode: '000400'
owner: root
group: root
services:
sysvinit:
cfn-hup:
enabled: True
ensureRunning: True
files: [/etc/cfn/cfn-hup.conf, /etc/cfn/hooks.d/cfn-auto-reloader.conf]
update_ecs_agent:
commands:
update_agent:
command: yum update -y ecs-init
faro_self_install:
packages:
yum:
ruby: []
aws-cli: []
python27: []
python27-boto3: []
epel-release: []
unzip: []
ack: []
wget: []
jq: []
commands:
self_install:
command: !Sub |
#!/bin/bash
yum -y --security update
mkdir -p /etc/salt
cd $(mktemp -d)
REVNAME=$(basename ${CDRevisionLoc})
aws --region ${AWS::Region} s3 cp ${CDRevisionLoc} $REVNAME.zip
unzip -o $REVNAME.zip -d $REVNAME
chmod +x $REVNAME/install.sh
./$REVNAME/install.sh
Properties:
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref NodeOSVolumeSize
VolumeType: gp2
DeleteOnTermination: True
- DeviceName: /dev/xvdcz
VirtualName: ephemeral0
EbsOptimized: True
IamInstanceProfile: !Ref NodeInstanceProfile
ImageId: !Ref NodeImageId
InstanceMonitoring: True
InstanceType: !Ref NodeInstanceType
KeyName: !Ref NodeKeyName
SecurityGroups: !Ref NodeSecurityGroups
UserData:
Fn::Base64:
Fn::Sub:
- |
Content-Type: multipart/mixed; boundary="**"
MIME-Version: 1.0
--**
MIME-Version: 1.0
Content-Type: text/cloud-boothook; charset="us-ascii"
cloud-init-per once yum_update yum update -y
cloud-init-per once install_aws_cfn_bootstrap yum -y install aws-cfn-bootstrap
cloud-init-per instance custom_docker_options cat <<'EOF' > /etc/sysconfig/docker
DAEMON_MAXFILES=1048576
DAEMON_PIDFILE_TIMEOUT=10
OPTIONS="--default-ulimit nofile=1024:4096"
EOF
cloud-init-per instance custom_docker_storage_options cat <<'EOF' > /etc/sysconfig/docker-storage-setup
DEVS="${InstanceStoreDevices}"
STORAGE_DRIVER="devicemapper"
VG=docker
DATA_SIZE=99%FREE
AUTO_EXTEND_POOL=yes
LV_ERROR_WHEN_FULL=yes
EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.fs=ext4 --storage-opt dm.use_deferred_deletion=true --storage-opt dm.basesize=20G"
EOF
cloud-init-per instance custom_ecs_options cat <<'EOF' > /etc/ecs/ecs.config
ECS_CLUSTER=${PlatformCluster}
ECS_ENABLE_TASK_IAM_ROLE=true
ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=true
ECS_DISABLE_PRIVILEGED=true
ECS_AVAILABLE_LOGGING_DRIVERS=["json-file", "awslogs", "splunk"]
ECS_SELINUX_CAPABLE=false
ECS_APPARMOR_CAPABLE=false
ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION=10m
ECS_CONTAINER_STOP_TIMEOUT=1m
ECS_DISABLE_IMAGE_CLEANUP=false
ECS_IMAGE_CLEANUP_INTERVAL=30m
ECS_IMAGE_MINIMUM_CLEANUP_AGE=30m
ECS_NUM_IMAGES_DELETE_PER_CYCLE=50
ECS_UPDATES_ENABLED=false
ECS_DISABLE_METRICS=false
ECS_ENABLE_CONTAINER_METADATA=true
ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES=["169.254.120.120/32"]
EOF
--**
MIME-Version: 1.0
Content-Type: text/x-shellscript; charset="us-ascii"
#!/bin/bash
set -e
# set sysctl before doing anything
echo "net.ipv4.conf.all.forwarding = 1" >> /etc/sysctl.d/99-local.conf
sysctl net.ipv4.conf.all.forwarding=1
/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource PlatformClusterLaunchConfiguration --configsets all --region ${AWS::Region}
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource PlatformClusterASG --region ${AWS::Region}
- PlatformCluster: !Ref PlatformCluster
InstanceStoreDevices: !FindInMap [InstanceStoreDevices, !Ref NodeInstanceType, "DEVS"]
PlatformClusterASG:
Type: "AWS::AutoScaling::AutoScalingGroup"
DependsOn:
- PlatformClusterLaunchConfiguration
Properties:
Cooldown: 900
HealthCheckGracePeriod: 600
HealthCheckType: EC2
LaunchConfigurationName: !Ref PlatformClusterLaunchConfiguration
VPCZoneIdentifier: !Ref ClusterSubnets
MaxSize: !Ref ClusterMaxSize
MinSize: !Ref ClusterMinSize
DesiredCapacity: !Ref ClusterMinSize
MetricsCollection:
-
Granularity: 1Minute
NotificationConfigurations:
-
NotificationTypes:
- autoscaling:EC2_INSTANCE_LAUNCH_ERROR
- autoscaling:EC2_INSTANCE_TERMINATE_ERROR
TopicARN: !Ref PlatformClusterNotifications
TerminationPolicies:
- NewestInstance
Tags:
- Key: Name
Value: !Sub ${Product}${Environment}-pcs${ClusterIdentifier}
PropagateAtLaunch: true
- Key: Product
Value: !Ref Product
PropagateAtLaunch: true
- Key: Environment
Value: !Ref Environment
PropagateAtLaunch: true
- Key: Service
Value: !Sub gtn:${Environment}:pcs
PropagateAtLaunch: true
- Key: Schedule
Value: !Ref HanoverSchedule
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Timeout: PT20M
UpdatePolicy:
AutoScalingRollingUpdate:
WaitOnResourceSignals: True
PauseTime: PT20M
AutoScalingScheduledAction:
IgnoreUnmodifiedGroupSizeProperties: True
PlatformClusterTeardownLifecycleHook:
Type: "AWS::AutoScaling::LifecycleHook"
DependsOn:
- PlatformClusterASG
Properties:
AutoScalingGroupName: !Ref PlatformClusterASG
DefaultResult: ABANDON
HeartbeatTimeout: 900
LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING
NotificationTargetARN: !Ref PlatformClusterLifecycleNotification
RoleARN: !Ref NodeInstanceRole
Outputs:
ECSAutoScalingGroup:
Value: !Ref PlatformClusterASG
我需要在不使用自动缩放的情况下创建ECS群集。这是因为ASG不支持专用主机(DH),所以Tenancy = Host。卫生署主要是为了节省成本和...
ASG仅是使用指定的启动配置启动相同实例的便捷方法。