文章目录
- aws(学习笔记第三十四课) dockerized-app with asg-alb
- 学习内容:
- 1. 整体架构
- 1.1 代码链接
- 1.2 代码手动修改部分
- 1.2.1 `rds_stack.py`
- 1.2.2 `efs_stack.py`
- 1.2.3 `asg_stack.py`
- 1.2.4 `userdata.sh`
- 1.2 整体架构
- 2.代码解析
- 2.1 全体`app.py`
- 2.2 `NetworkStatck`网络
- 2.3 `MySQL`数据库
- 2.4 创建`efs`
- 2.5 对`efs`创建`mount target`
- 3.部署执行
- 3.1.部署`NetworkStack`
- 3.2.部署`RDSStack`
- 3.3.部署`StorageStack`
- 3.4 修改`userdata.sh`文件
- 3.5 最后部署`ASGStack`
aws(学习笔记第三十四课) dockerized-app with asg-alb
- 使用
cdk生成dockerized-app并使用AutoScalingGroup和ApplicationLoaderBalancer
学习内容:
- 使用
cdk生成dockerized-app并使用AutoScalingGroup和ApplicationLoaderBalancer - 在
AutoScalingGroup中使用efs以及RDS
1. 整体架构
1.1 代码链接
代码链接(docker-app-with-asg-alb)
1.2 代码手动修改部分
这里的代码没有完全实现是理想的部署就能运行,需要修改几个地方。
1.2.1 rds_stack.py
修改instance_type=ec2.InstanceType.of这里的参数。不修改的话创建数据库运行失败。
修改后的代码:
from aws_cdk import (aws_rds as rds,aws_ec2 as ec2,RemovalPolicy, Stack)
from constructs import Constructclass RDSStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)# Creates a security group for AWS RDSsg_rds = ec2.SecurityGroup(self,id="sg_rds",vpc=props['vpc'],security_group_name="sg_rds")# Adds an ingress rule which allows resources in the VPC's CIDR# to access the database.sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"),connection=ec2.Port.tcp(3306))# Master username is 'admin' and database password is automatically# generated and stored in AWS Secrets Managermy_sql = rds.DatabaseInstance(self, "RDS",engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),vpc=props['vpc'],port=3306,instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G,ec2.InstanceSize.LARGE,),removal_policy=RemovalPolicy.DESTROY,security_groups=[sg_rds])
1.2.2 efs_stack.py
修改了efs创建和security group的创建顺序
修改后的代码:
from aws_cdk import (aws_efs as efs,aws_ec2 as ec2,Stack)
from constructs import Constructclass StorageStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)sg_efs = ec2.SecurityGroup(self,id="sg_efs",vpc=props['vpc'],security_group_name="sg_efs")sg_efs.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"),connection=ec2.Port.tcp(2049))elasticfilestore = efs.CfnFileSystem(self, "efs-storage",encrypted=False,lifecycle_policies=None# security_group_ids=[sg_efs.security_group_id])
1.2.3 asg_stack.py
这里主要是因为AutoScalingGroup默认使用的是config方式来创建,但是最新版aws已经不支持config方式,这里主要改成launchTemplate方式。而且AutoScalingGroup启动的ec2是在private subnet,因此,需要public ec2进行访问,这里Allows only the IP of "123.123.123.123"换成自己的公网的ec2。
from aws_cdk.aws_ec2 import SubnetType
from aws_cdk import (aws_ec2 as ec2,aws_autoscaling as autoscaling,aws_elasticloadbalancingv2 as elbv2,Stack)
from constructs import Constructclass ASGStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)userdata_file = open("./userdata.sh", "rb").read()# Creates a userdata object for Linux hostsuserdata = ec2.UserData.for_linux()# Adds one or more commands to the userdata object.userdata.add_commands(str(userdata_file, 'utf-8'))# Creates a security group for our applicationsg_nextcloud = ec2.SecurityGroup(self,id="sg_nextcloud",vpc=props['vpc'],security_group_name="sg_nextcloud")# Allows only the IP of "123.123.123.123"# to access this security group for SSHsg_nextcloud.add_ingress_rule(peer=ec2.Peer.ipv4("18.183.236.249/32"),connection=ec2.Port.tcp(22))# create launch templatelaunch_template = ec2.LaunchTemplate(self, "MyLaunchTemplate",machine_image=ec2.AmazonLinuxImage(generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2),instance_type=ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.XLARGE),security_group=sg_nextcloud,user_data=userdata,key_name="***", # )asg = autoscaling.AutoScalingGroup(self,"app-asg",vpc=props['vpc'],vpc_subnets=ec2.SubnetSelection(subnet_type=SubnetType.PRIVATE_WITH_NAT),launch_template=launch_template,min_capacity=1,max_capacity=3,)# Creates a security group for the application load balancersg_alb = ec2.SecurityGroup(self,id="sg_alb",vpc=props['vpc'],security_group_name="sg_alb")# Allows connections from security group "sg_alb"# inside the "sg_nextcloud" security group to access port 8080# where our app listenssg_nextcloud.connections.allow_from(sg_alb, ec2.Port.tcp(8080), "Ingress")# Creates an application load balancelb = elbv2.ApplicationLoadBalancer(self,"ALB",vpc=props['vpc'],security_group=sg_alb,internet_facing=True)listener = lb.add_listener("Listener", port=80)# Adds the autoscaling group's (asg) instance to be registered# as targets on port 8080listener.add_targets("Target", port=8080, targets=[asg])# This creates a "0.0.0.0/0" rule to allow every one to access the# applicationlistener.connections.allow_default_port_from_any_ipv4("Open to the world")
1.2.4 userdata.sh
这里主要修改docker-compose的版本,因为太低的版本已经不支持了。
另外DB的设置,要根据实际的RDSStack创建的DB进行重新设置。后面会详细说明。
#!/bin/shyum install docker -y
yum install -y amazon-efs-utils# makes a directory
mkdir /nextclouddata
mount -t efs fs-d48c7f8c:/ /nextclouddata# enable and start docker
systemctl enable docker
systemctl start docker# bootstraps "docker compose"
yum install libxcrypt-compat
curl -L "https://github.com/docker/compose/releases/download/v2.34.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
usermod -aG docker ec2-user# Gets local-persist
curl -fsSL https://raw.githubusercontent.com/CWSpear/local-persist/master/scripts/install.sh | bash
docker volume create -d local-persist -o mountpoint=/nextclouddata/nextcloud-data --name=nextcloud-data# Heredoc for a docker-compose.yaml file
cat << 'EOF' > /home/ec2-user/docker-compose.yaml
version: '2'volumes:nextcloud-data:external: trueservices:app:image: nextcloudports:- 8080:80volumes:- nextcloud-data:/var/www/htmlrestart: alwaysenvironment:- MYSQL_DATABASE=nextcloud- MYSQL_USER=admin- MYSQL_PASSWORD=bflbfl1980314- MYSQL_HOST=nextcloud.csetrrtzbxti.ap-northeast-1.rds.amazonaws.com
EOFdocker-compose -f /home/ec2-user/docker-compose.yaml up
1.2 整体架构
这里,整体的架构已经被分为四个stack,并且其他三个stack都依赖NetworkStack。
- 首先构建网络,
VPC和public subnet以及private subnet,之后构筑MySQL数据库,以及EFS存储,最后构建AutoScalingGroup以及ApplicationLoaderBalancer。AutoScalingGroup需要每个主机共享存储,所以需要构建EFS。
2.代码解析
2.1 全体app.py
props = {'namespace': 'NetworkStack '}
app = App()
ns = NetworkStack(app, "NetworkStack", props)rds = RDSStack(app, "RDSStack", ns.outputs)
rds.add_dependency(ns)asg = ASGStack(app, "ASGStack", ns.outputs)
asg.add_dependency(ns)efs = StorageStack(app, "StorageStack", ns.outputs)
app.synth()
每个stack独立定义,都可以独立执行,也可以-all进行执行。
cdk --require-approval never deploy -all
cdk --require-approval never deploy NetworkStack
cdk --require-approval never deploy RDSStack
cdk --require-approval never deploy StorageStack
cdk --require-approval never deploy ASGStack
注意,这里后三个stack依赖NetowokStack。
2.2 NetworkStatck网络
class NetworkStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)# Subnet configurations for a public and private tiersubnet1 = SubnetConfiguration(name="Public",subnet_type=SubnetType.PUBLIC,cidr_mask=24)subnet2 = SubnetConfiguration(name="Private",subnet_type=SubnetType.PRIVATE_WITH_NAT,cidr_mask=24)vpc = Vpc(self,"TheVPC",cidr="10.0.0.0/16",enable_dns_hostnames=True,enable_dns_support=True,max_azs=2,nat_gateway_provider=NatProvider.gateway(),nat_gateways=1,subnet_configuration=[subnet1, subnet2])# This will export the VPC's ID in CloudFormation under the key# 'vpcid'CfnOutput(self, "vpcid", value=vpc.vpc_id)# Prepares output attributes to be passed into other stacks# In this case, it is our VPC and subnets.self.output_props = props.copy()self.output_props['vpc'] = vpcself.output_props['subnets'] = vpc.public_subnets@propertydef outputs(self):return self.output_props
这里构建如下:
- 构建整个
vpc - 构建一个
public subnet - 构建一个
private subnet - 将
vpc和subnet作为props参数保存起来。
2.3 MySQL数据库
class RDSStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)# Creates a security group for AWS RDSsg_rds = ec2.SecurityGroup(self,id="sg_rds",vpc=props['vpc'],security_group_name="sg_rds")# Adds an ingress rule which allows resources in the VPC's CIDR# to access the database.sg_rds.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"),connection=ec2.Port.tcp(3306))# Master username is 'admin' and database password needs to be set after creationmy_sql = rds.DatabaseInstance(self, "RDS",engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),vpc=props['vpc'],port=3306,instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G,ec2.InstanceSize.LARGE,),removal_policy=RemovalPolicy.DESTROY,security_groups=[sg_rds])
构建的为绿框的部分。
主要构建如下:
- 为
RDS构建一个SecurityGroup - 设定
ingress_rule - 之后构建
RDS数据库
2.4 创建efs
因为AutoScalingGroup启动的多个ec2 instance都需要将/var/www/html使用相同的磁盘进行存储,所以要创建efs实现各个AutoScalingGroup启动的多个ec2 instance共享磁盘。
from aws_cdk import (aws_efs as efs,aws_ec2 as ec2,Stack)
from constructs import Constructclass StorageStack(Stack):def __init__(self, scope: Construct, id: str, props, **kwargs) -> None:super().__init__(scope, id, **kwargs)sg_efs = ec2.SecurityGroup(self,id="sg_efs",vpc=props['vpc'],security_group_name="sg_efs")sg_efs.add_ingress_rule(peer=ec2.Peer.ipv4("10.0.0.0/16"),connection=ec2.Port.tcp(2049))elasticfilestore = efs.CfnFileSystem(self, "efs-storage",encrypted=False,lifecycle_policies=None# security_group_ids=[sg_efs.security_group_id])
从ec2对efs进行mount如下图所示:
2.5 对efs创建mount target
aws(学习笔记第十一课) 使用AWS的EFS,以及AWS Storage Gateway,这里也对efs进行了详细的介绍。在ec2对efs进行mount之前,需要对其创建挂载目标mount target。可以认为,efs就是创建了一块磁盘,而创建挂载目标mount target就是对这块磁盘,又绑定了一个nfs server。
3.部署执行
3.1.部署NetworkStack
cdk --require-approval never deploy NetworkStack
3.2.部署RDSStack
cdk --require-approval never deploy RDSStack
3.3.部署StorageStack
cdk --require-approval never deploy StorageStack
3.4 修改userdata.sh文件
根据生成的DB和efs的具体值,重新设置userdata.sh文件。
3.5 最后部署ASGStack
cdk --require-approval never deploy ASGStack
