Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1095612
  • 博文数量: 186
  • 博客积分: 4939
  • 博客等级: 上校
  • 技术积分: 2075
  • 用 户 组: 普通用户
  • 注册时间: 2010-04-08 17:15
文章分类

全部博文(186)

文章存档

2018年(1)

2017年(3)

2016年(11)

2015年(42)

2014年(21)

2013年(9)

2012年(18)

2011年(46)

2010年(35)

分类: 系统运维

2016-07-29 22:10:04

漫笔:
    1.  CloudFormation 官方啰嗦一大堆,其实就是根据amazon提供的API和规则编写json文件(stack)来实现自动创建各种资源如vpc/ec2/rds等。然后实现 infrastcture as code,就是把基础设施用code来实现,当然这是在云时代才可行的哦。BTW, 阿里云也推出了类似的工具叫资源编排(名字好奇怪啊),几乎是个拷贝,估计是方便AWS用户迁移到阿里云上吧,兼容性极好,学习起来也是零成本^_^。

    2. 好处:非常的方便,当然也包括删除资源,除非你后来手工做了改动比如加了某个Instance到自动创建的subnet,此时delete会报错(有依赖关系),不过当你手动删掉你之前手工创建的资源后,再次删除delete stack就可以了。建议既然用CF了,就不要人工的去做了。

    3. 所有的stack在console能实现的,都有对应的命令行工具。

    4. 当你创建了stack policy的时候某些资源做了限制。只有满足条件才能update等。

    5. changeset: 当stack执行完毕,若update,此时无需删除stack重来,只需修改tempalte,然后创建changset后执行即可,比如修改instance的type。但可能会造成中断等。

    6. stack分组,比如website/database,这样不影响,然后nested stack,比如把loadbalancer单独当做一个stack.如下

{
    "AWSTemplateFormatVersion" : "2010-09-09",
    "Resources" : {
        "myStackWithParams" : {
             "Type" : "AWS::CloudFormation::Stack",
           "Properties" : {
               "TemplateURL" : "https://s3.amazonaws.com/xxx/elb.template",
               "Parameters" : {
                   "InstanceType" : "t2.micro",
                   "KeyName" : "mykey"
               }
              }
        }
    }
}

##########  一个stack的大致结构  ########################
{
  "AWSTemplateFormatVersion" : "version date",

  "Description" : "JSON string",

  "Metadata" : {
    template metadata
  },

  "Parameters" : {  # 输入参数,有参数类型string等,default值,长度,以及[a-zA-Z0-9]来约束,多选,No echo(针对密码)等。还有一些aws-specfic
    set of parameters
  },

  "Mappings" : {    # 映射关系,太长懒得解释了,基本上就类似一个环境变量,多跟Fn::FindInMap结合,看官方文档吧,或者看我的代码。
    set of mappings
  },

  "Conditions" : {  # 比如你有2个环境dev/prod,假如prod的话可能需要多几个ec2,那么可以parameter来指定condition,然后resource来标记,多跟and/equals/if/not/or几个函数一起,不废话,看例子1
    set of conditions
  },

  "Resources" : {   # 这个必须有,不多说了,基本就是各种资源了比如AWS::EC2::Instance这种。
    set of resources
  },

  "Outputs" : {   # 顾名思义
    set of outputs
  }
}


例1:
{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Parameters" : {
    "EnvType" : {
      "Description" : "Environment type.",
      "Default" : "test",
      "Type" : "String",
      "AllowedValues" : ["prod", "test"],
      "ConstraintDescription" : "must specify prod or test."
    }
  },
 
  "Conditions" : {
    "CreateProdResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]},
     "CreateDevResources" : {"Fn::Not": [{"Fn::Equals" : [{"Ref" : "DBSnapshotName"}, ""]}]}
  },

  },
 
  "Resources" : {
    "EC2Instance" : {
      "Type" : "AWS::EC2::Instance",
      #  省略7788的一堆
    },

  "xxxx":{

       "DBSnapshotIdentifier" : {
          "Fn::If" : [
            ""CreateDevResources" ",                  # 跟资源结合
            {"Ref" : "DBSnapshotName"},
          ]
        }
}
    
    "MountPoint" : {
      "Type" : "AWS::EC2::VolumeAttachment",
      "Condition" : "CreateProdResources",
      "Properties" : {
        "InstanceId" : { "Ref" : "EC2Instance" },
        "Device" : "/dev/sdh"
      }
    }
  }
}


故障排除:

用aws cli的时候需要传递一个list,需要转义

ParameterKey=CIDR,ParameterValue='10.10.0.0/16\,10.10.0.0/24\,10.10.1.0/24'

现在附上我写的一个,本意是创建一个vpc/2 subnets,若干securitygroup,internet gateway, route table。然后一个opsman和nat box这2个instance在public subnet, private subnet的通过nat box上网,还有ELB等资源。当然我添加了若干注释是没用到的,仅仅是为了做笔记,实际上json不允许有任何注释。

  1. {
  2.     "AWSTemplateFormatVersion": "2010-09-09",
  3.     "Description": "Initilize Network infrastructure which hosted OpsManger/natbox for China",
  4.     "Parameters": {
  5.         "KeyName": {
  6.             "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
  7.             "Type": "AWS::EC2::KeyPair::KeyName"
  8.         },
  9.         "SshFrom": {
  10.             "Description": "ip range that could be access OpsManager (default can be accessible anywhere)",
  11.             "Type": "String",
  12.             "MinLength": "9",
  13.             "MaxLength": "18",
  14.             "Default": "0.0.0.0/0",
  15.             "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
  16.             "ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
  17.         },
  18.         "RdsDBName": {
  19.             "Type": "String",
  20.             "MinLength": "4",
  21.             "Default": "bosh",
  22.             "Description": "BOSH database name"
  23.         },
  24.         "RdsUsername": {
  25.             "Type": "String",
  26.             "Description": "BOSH database username"
  27.         },
  28.         "RdsPassword": {
  29.             "Type": "String",
  30.             "NoEcho": "true",
  31.             "MinLength": "8",
  32.             "Description": "BOSH database password"
  33.         },
  34.         "SSLCertARN": {
  35.             "Type": "String",
  36.             "Description": "ARN for pre-uploaded SSL certificate"
  37.         },
  38.         "NATInstanceType": {
  39.             "Description": "Nat Box EC2 instance type",
  40.             "Type": "String",
  41.             "Default": "m3.large",
  42.             "AllowedValues": [
  43.                 "t2.micro",
  44.                 "t2.small",
  45.                 "t2.medium",
  46.                 "t2.large",
  47.                 "m1.small",
  48.                 "m1.medium",
  49.                 "m1.large",
  50.                 "m1.xlarge",
  51.                 "m2.xlarge",
  52.                 "m2.2xlarge",
  53.                 "m2.4xlarge",
  54.                 "m3.medium",
  55.                 "m3.large",
  56.                 "m3.xlarge",
  57.                 "m3.2xlarge",
  58.                 "m4.large",
  59.                 "m4.xlarge",
  60.                 "m4.2xlarge",
  61.                 "m4.4xlarge",
  62.                 "m4.10xlarge",
  63.                 "c1.medium",
  64.                 "c1.xlarge",
  65.                 "c3.large",
  66.                 "c3.xlarge",
  67.                 "c3.2xlarge",
  68.                 "c3.4xlarge",
  69.                 "c3.8xlarge",
  70.                 "c4.large",
  71.                 "c4.xlarge",
  72.                 "c4.2xlarge",
  73.                 "c4.4xlarge",
  74.                 "c4.8xlarge",
  75.                 "g2.2xlarge",
  76.                 "g2.8xlarge",
  77.                 "r3.large",
  78.                 "r3.xlarge",
  79.                 "r3.2xlarge",
  80.                 "r3.4xlarge",
  81.                 "r3.8xlarge",
  82.                 "i2.xlarge",
  83.                 "i2.2xlarge",
  84.                 "i2.4xlarge",
  85.                 "i2.8xlarge",
  86.                 "d2.xlarge",
  87.                 "d2.2xlarge",
  88.                 "d2.4xlarge",
  89.                 "d2.8xlarge",
  90.                 "hi1.4xlarge",
  91.                 "hs1.8xlarge",
  92.                 "cr1.8xlarge",
  93.                 "cc2.8xlarge",
  94.                 "cg1.4xlarge"
  95.             ],
  96.             "ConstraintDescription": "must be a valid EC2 instance type."
  97.         },
  98.         "OpsmanInstanceType": {
  99.             "Description": "ops manager EC2 instance type",
  100.             "Type": "String",
  101.             "Default": "m3.large",
  102.             "AllowedValues": [
  103.                 "t2.micro",
  104.                 "t2.small",
  105.                 "t2.medium",
  106.                 "t2.large",
  107.                 "m1.small",
  108.                 "m1.medium",
  109.                 "m1.large",
  110.                 "m1.xlarge",
  111.                 "m2.xlarge",
  112.                 "m2.2xlarge",
  113.                 "m2.4xlarge",
  114.                 "m3.medium",
  115.                 "m3.large",
  116.                 "m3.xlarge",
  117.                 "m3.2xlarge",
  118.                 "m4.large",
  119.                 "m4.xlarge",
  120.                 "m4.2xlarge",
  121.                 "m4.4xlarge",
  122.                 "m4.10xlarge",
  123.                 "c1.medium",
  124.                 "c1.xlarge",
  125.                 "c3.large",
  126.                 "c3.xlarge",
  127.                 "c3.2xlarge",
  128.                 "c3.4xlarge",
  129.                 "c3.8xlarge",
  130.                 "c4.large",
  131.                 "c4.xlarge",
  132.                 "c4.2xlarge",
  133.                 "c4.4xlarge",
  134.                 "c4.8xlarge",
  135.                 "g2.2xlarge",
  136.                 "g2.8xlarge",
  137.                 "r3.large",
  138.                 "r3.xlarge",
  139.                 "r3.2xlarge",
  140.                 "r3.4xlarge",
  141.                 "r3.8xlarge",
  142.                 "i2.xlarge",
  143.                 "i2.2xlarge",
  144.                 "i2.4xlarge",
  145.                 "i2.8xlarge",
  146.                 "d2.xlarge",
  147.                 "d2.2xlarge",
  148.                 "d2.4xlarge",
  149.                 "d2.8xlarge",
  150.                 "hi1.4xlarge",
  151.                 "hs1.8xlarge",
  152.                 "cr1.8xlarge",
  153.                 "cc2.8xlarge",
  154.                 "cg1.4xlarge"
  155.             ],
  156.             "ConstraintDescription": "must be a valid EC2 instance type."
  157.         }
  158.     },
  159.     "Mappings": {
  160.         "Region2VPC": {
  161.             "us-east-1": {
  162.                 "VPC": "10.0.0.0/16",
  163.                 "Public": "10.0.10.0/24",
  164.                 "Private": "10.0.11.0/24"
  165.             },
  166.             "cn-north-1": {
  167.                 "VPC": "10.0.0.0/16",
  168.                 "Public": "10.0.10.0/24",
  169.                 "Private": "10.0.80.0/20",
  170.                 "Rds1": "10.0.3.0/24",
  171.                 "Rds2": "10.0.2.0/24"
  172.             }
  173.         },
  174.         "ArnSuffix": {
  175.             "us-east-1": {"Value": "aws"},
  176.             "cn-north-1": {"Value": "aws-cn"}
  177.         },
  178.         "AWSNATAMI": {
  179.             "us-east-1": {
  180.                 "AMI": "ami-c6699baf"
  181.             },
  182.             "us-west-2": {
  183.                 "AMI": "ami-52ff7262"
  184.             },
  185.             "us-west-1": {
  186.                 "AMI": "ami-3bcc9e7e"
  187.             },
  188.             "cn-north-1": {
  189.                 "AMI": "ami-1848da21"
  190.             }
  191.         },
  192.         "AWSInstanceType2Arch": {
  193.             "t1.micro": {
  194.                 "Arch": "64"
  195.             },
  196.             "m1.small": {
  197.                 "Arch": "64"
  198.             },
  199.             "m1.medium": {
  200.                 "Arch": "64"
  201.             },
  202.             "m1.large": {
  203.                 "Arch": "64"
  204.             },
  205.             "m1.xlarge": {
  206.                 "Arch": "64"
  207.             },
  208.             "m2.xlarge": {
  209.                 "Arch": "64"
  210.             },
  211.             "m2.2xlarge": {
  212.                 "Arch": "64"
  213.             },
  214.             "m2.4xlarge": {
  215.                 "Arch": "64"
  216.             },
  217.             "m3.large": {
  218.                 "Arch": "64"
  219.             },
  220.             "m3.xlarge": {
  221.                 "Arch": "64"
  222.             },
  223.             "m3.2xlarge": {
  224.                 "Arch": "64"
  225.             },
  226.             "c1.medium": {
  227.                 "Arch": "64"
  228.             },
  229.             "c1.xlarge": {
  230.                 "Arch": "64"
  231.             },
  232.             "cc1.4xlarge": {
  233.                 "Arch": "64Cluster"
  234.             },
  235.             "cc2.8xlarge": {
  236.                 "Arch": "64Cluster"
  237.             },
  238.             "cg1.4xlarge": {
  239.                 "Arch": "64GPU"
  240.             }
  241.         },
  242.         "AWSRegionArch2AMI": {
  243.             "us-east-1": {
  244.                 "32": "ami-a0cd60c9",
  245.                 "64": "ami-aecd60c7"
  246.             },
  247.             "us-west-2": {
  248.                 "32": "ami-46da5576",
  249.                 "64": "ami-48da5578"
  250.             },
  251.             "us-west-1": {
  252.                 "32": "ami-7d4c6938",
  253.                 "64": "ami-734c6936"
  254.             },
  255.             "cn-north-1": {
  256.                 "32": "N/A",
  257.                 "64": "ami-2e02c843"
  258.             }
  259.         }
  260.     },
  261.     "Resources": {
  262.         "VPC": {
  263.             "Type": "AWS::EC2::VPC",
  264.             "Properties": {
  265.                 "CidrBlock": {
  266.                     "Fn::FindInMap": [
  267.                         "Region2VPC",
  268.                         {
  269.                             "Ref": "AWS::Region"
  270.                         },
  271.                         "VPC"
  272.                     ]
  273.                 },
  274.                 "Tags": [
  275.                     {
  276.                         "Key": "Name",
  277.                         "Value": {
  278.                             "Ref": "AWS::StackName"
  279.                         }
  280.                     }
  281.                 ]
  282.             }
  283.         },
  284.         "PublicSubnet": {
  285.             "Type": "AWS::EC2::Subnet",
  286.             "Properties": {
  287.                 "VpcId": {
  288.                     "Ref": "VPC"
  289.                 },
  290.                 "CidrBlock": {
  291.                     "Fn::FindInMap": [
  292.                         "Region2VPC",
  293.                         {
  294.                             "Ref": "AWS::Region"
  295.                         },
  296.                         "Public"
  297.                     ]
  298.                 },
  299.                 "AvailabilityZone": {
  300.                     "Fn::Select": [
  301.                         "0",
  302.                         {
  303.                             "Fn::GetAZs": {
  304.                                 "Ref": "AWS::Region"
  305.                             }
  306.                         }
  307.                     ]
  308.                 },
  309.                 "Tags": [
  310.                     {
  311.                         "Key": "Name",
  312.                         "Value": {
  313.                             "Ref": "AWS::StackName"
  314.                         }
  315.                     },
  316.                     {
  317.                         "Key": "Network",
  318.                         "Value": "Public"
  319.                     }
  320.                 ]
  321.             }
  322.         },
  323.         "InternetGateway": {
  324.             "Type": "AWS::EC2::InternetGateway",
  325.             "Properties": {
  326.                 "Tags": [
  327.                     {
  328.                         "Key": "Name",
  329.                         "Value": {
  330.                             "Ref": "AWS::StackName"
  331.                         }
  332.                     },
  333.                     {
  334.                         "Key": "Network",
  335.                         "Value": "Public"
  336.                     }
  337.                 ]
  338.             }
  339.         },
  340.         "GatewayToInternet": {
  341.             "Type": "AWS::EC2::VPCGatewayAttachment",
  342.             "Properties": {
  343.                 "VpcId": {
  344.                     "Ref": "VPC"
  345.                 },
  346.                 "InternetGatewayId": {
  347.                     "Ref": "InternetGateway"
  348.                 }
  349.             }
  350.         },
  351.         "PublicRouteTable": {
  352.             "Type": "AWS::EC2::RouteTable",
  353.             "Properties": {
  354.                 "VpcId": {
  355.                     "Ref": "VPC"
  356.                 },
  357.                 "Tags": [
  358.                     {
  359.                         "Key": "Name",
  360.                         "Value": {
  361.                             "Ref": "AWS::StackName"
  362.                         }
  363.                     },
  364.                     {
  365.                         "Key": "Network",
  366.                         "Value": "Public"
  367.                     }
  368.                 ]
  369.             }
  370.         },
  371.         "PublicRoute": {
  372.             "Type": "AWS::EC2::Route",
  373.             "DependsOn": "GatewayToInternet",
  374.             "Properties": {
  375.                 "RouteTableId": {
  376.                     "Ref": "PublicRouteTable"
  377.                 },
  378.                 "DestinationCidrBlock": "0.0.0.0/0",
  379.                 "GatewayId": {
  380.                     "Ref": "InternetGateway"
  381.                 }
  382.             }
  383.         },
  384.         "PublicSubnetRouteTableAssociation": {
  385.             "Type": "AWS::EC2::SubnetRouteTableAssociation",
  386.             "Properties": {
  387.                 "SubnetId": {
  388.                     "Ref": "PublicSubnet"
  389.                 },
  390.                 "RouteTableId": {
  391.                     "Ref": "PublicRouteTable"
  392.                 }
  393.             }
  394.         },
  395.         "PrivateSubnet": {
  396.             "Type": "AWS::EC2::Subnet",
  397.             "Properties": {
  398.                 "VpcId": {
  399.                     "Ref": "VPC"
  400.                 },
  401.                 "CidrBlock": {
  402.                     "Fn::FindInMap": [
  403.                         "Region2VPC",
  404.                         {
  405.                             "Ref": "AWS::Region"
  406.                         },
  407.                         "Private"
  408.                     ]
  409.                 },
  410.                 "AvailabilityZone": {
  411.                     "Fn::Select": [
  412.                         "1",
  413.                         {
  414.                             "Fn::GetAZs": {
  415.                                 "Ref": "AWS::Region"
  416.                             }
  417.                         }
  418.                     ]
  419.                 },
  420.                 "Tags": [
  421.                     {
  422.                         "Key": "Name",
  423.                         "Value": {
  424.                             "Ref": "AWS::StackName"
  425.                         }
  426.                     },
  427.                     {
  428.                         "Key": "Network",
  429.                         "Value": "Private"
  430.                     }
  431.                 ]
  432.             }
  433.         },
  434.         "PrivateRouteTable": {
  435.             "Type": "AWS::EC2::RouteTable",
  436.             "Properties": {
  437.                 "VpcId": {
  438.                     "Ref": "VPC"
  439.                 },
  440.                 "Tags": [
  441.                     {
  442.                         "Key": "Name",
  443.                         "Value": {
  444.                             "Ref": "AWS::StackName"
  445.                         }
  446.                     },
  447.                     {
  448.                         "Key": "Network",
  449.                         "Value": "Private"
  450.                     }
  451.                 ]
  452.             }
  453.         },
  454.         "PrivateSubnetRouteTableAssociation": {
  455.             "Type": "AWS::EC2::SubnetRouteTableAssociation",
  456.             "Properties": {
  457.                 "SubnetId": {
  458.                     "Ref": "PrivateSubnet"
  459.                 },
  460.                 "RouteTableId": {
  461.                     "Ref": "PrivateRouteTable"
  462.                 }
  463.             }
  464.         },
  465.         "PrivateRoute": {
  466.             "Type": "AWS::EC2::Route",
  467.             "Properties": {
  468.                 "RouteTableId": {
  469.                     "Ref": "PrivateRouteTable"
  470.                 },
  471.                 "DestinationCidrBlock": "0.0.0.0/0",
  472.                 "InstanceId": {
  473.                     "Ref": "NatBox"
  474.                 }
  475.             }
  476.         },
  477.         "NATIPAddress": {
  478.             "Type": "AWS::EC2::EIP",
  479.             "DependsOn": "GatewayToInternet",
  480.             "Properties": {
  481.                 "Domain": "vpc",
  482.                 "InstanceId": {
  483.                     "Ref": "NatBox"
  484.                 }
  485.             }
  486.         },
  487.         "NatBox": {
  488.             "Type": "AWS::EC2::Instance",
  489.             "Properties": {
  490.                 "InstanceType": {
  491.                     "Ref": "NATInstanceType"
  492.                 },
  493.                 "KeyName": {
  494.                     "Ref": "KeyName"
  495.                 },
  496.                 "SubnetId": {
  497.                     "Ref": "PublicSubnet"
  498.                 },
  499.                 "SourceDestCheck": "false",
  500.                 "ImageId": {
  501.                     "Fn::FindInMap": [
  502.                         "AWSNATAMI",
  503.                         {
  504.                             "Ref": "AWS::Region"
  505.                         },
  506.                         "AMI"
  507.                     ]
  508.                 },
  509.                 "SecurityGroupIds": [
  510.                     {
  511.                         "Ref": "NATSecurityGroup"
  512.                     }
  513.                 ],
  514.                 "Tags": [
  515.                     {
  516.                         "Key": "Name",
  517.                         "Value": "Nat-Box-CN"
  518.                     }
  519.                 ]
  520.             }
  521.         },
  522.         "NATSecurityGroup": {
  523.             "Type": "AWS::EC2::SecurityGroup",
  524.             "Properties": {
  525.                 "GroupDescription": "Enable internal access to the NAT Box",
  526.                 "VpcId": {
  527.                     "Ref": "VPC"
  528.                 },
  529.                 "SecurityGroupIngress": [
  530.                     {
  531.                         "CidrIp": {
  532.                             "Fn::FindInMap": [
  533.                                 "Region2VPC",
  534.                                 {
  535.                                     "Ref": "AWS::Region"
  536.                                 },
  537.                                 "VPC"
  538.                             ]
  539.                         },
  540.                         "IpProtocol": "-1"
  541.                     }
  542.                 ]
  543.             }
  544.         },
  545.         "OpsManagerIPAddress": {
  546.             "Type": "AWS::EC2::EIP",
  547.             "DependsOn": "GatewayToInternet",
  548.             "Properties": {
  549.                 "Domain": "vpc",
  550.                 "InstanceId": {
  551.                     "Ref": "OpsMananger"
  552.                 }
  553.             }
  554.         },
  555.         "OpsMananger": {
  556.             "Type": "AWS::EC2::Instance",
  557. ######################################################### Metadata 被cfn-init 调用 #######################
  558.     "Metadata": {
  559.       "AWS::CloudFormation::Init": {
  560.         "configSets": {
  561.           "MyConfigSet": [
  562.             "Set1",
  563.             "Set2"
  564.           ]
  565.         },
  566.         "Set1": {
  567.           "packages": {
  568.             "yum": {
  569.               "php": [],
  570.               "mysql": []
  571.             }
  572.           },

  573.           "commands": {
  574.             "01command": {
  575.               "command": {
  576.                 "Fn::Join": [
  577.                   "",
  578.                   [
  579.                     {
  580.                       "Ref": "xxxxx"
  581.                     },
  582.                     "abcd"
  583.                   ]
  584.                 ]
  585.               },
  586.               "test": {}
  587.             }
  588.           },
  589.           "files": {
  590.             "File1": {
  591.               "content": {
  592.                 "Fn::Join": [
  593.                   "",
  594.                   [
  595.                     "ABC\n"
  596.                   ]
  597.                 ]
  598.               },
  599.               "mode": "000400",
  600.               "owner": "root",
  601.               "group": "root"
  602.             },
  603.             "File2": {
  604.      "source": {
  605.               "Fn::Join": [
  606.                 "",
  607.                 [
  608.                   "https://s3.amazonaws.com/",
  609.                   {
  610.                     "Ref": "PrivateBucket"
  611.                   },
  612.                   "/id_rsa.pub"
  613.                 ]
  614.               ]
  615.             },
  616.             "mode": "000500",
  617.             "owner": "root",
  618.             "group": "root",
  619.             "authentication": "S3AccessCreds"}
  620.           },
  621.           "services": {
  622.             "sysvinit": {
  623.               "Service1": {
  624.                 "enable": "true",
  625.                 "ensureRunning": "true",
  626.                 "files": [
  627.                   "file_confg"
  628.                 ]
  629.               }
  630.             }
  631.           }
  632.         },
  633.         "Set2": {},
  634.                     "AWS::CloudFormation::Authentication": {
  635.                         "S3AccessCreds": {
  636.                             "type": "S3",
  637.                             "accessKeyId": {
  638.                                 "Ref": "IamUserAccessKey"
  639.                             },
  640.                             "secretKey": {
  641.                                 "Fn::GetAtt": [
  642.                                     "IamUserAccessKey",
  643.                                     "SecretAccessKey"
  644.                                 ]
  645.                             },
  646.                             "buckets": [
  647.                                 {
  648.                                     "Ref": "PrivateBucket"
  649.                                 },
  650.                                 {
  651.                                     "Ref": "PublicBucket"
  652.                                 }
  653.                             ]
  654.                         }
  655.                     }
  656.       },
  657.       "Propterties": {
  658.         "KeyName": {
  659.           "Ref": "YourKeyName"
  660.         }

  661.       },

  662.     }
  663. ######################################################
  664.             "Properties": {
  665.                 "InstanceType": {
  666.                     "Ref": "OpsmanInstanceType"
  667.                 },
  668.                 "KeyName": {
  669.                     "Ref": "KeyName"
  670.                 },

  671. ###################################################
  672.         "UserData": {
  673.           "Fn::Base64": {
  674.             "Fn::Join": [
  675.               "",
  676.               [
  677.                 "#!/bin/bash -ex\n",
  678.                 "yum update -y aws-cfn-bootstrap\n",
  679.                 "/opt/aws/bin/cfn-init -v ",
  680.                 " --stack ",
  681.                 {
  682.                   "Ref": "AWS::StackName"
  683.                 },
  684.                 " --resource OpsMananger",
  685.                 " --configsets MyconfigSet",
  686.                 " --region ",
  687.                 {
  688.                   "Ref": "AWS::Region"
  689.                 },
  690.                 "\n",
  691.                 "/opt/aws/bin/cfn-signal -e $? ",
  692.                 " --stack ",
  693.                 {
  694.                   "Ref": "AWS::StackName"
  695.                 },
  696.                 " --resource OpsMananger",
  697.                 " --region ",
  698.                 {
  699.                   "Ref": "AWS::Region"
  700.                 },
  701.                 "\n"
  702.               ]
  703.             ]
  704.           }
  705.         }
  706. ####################################

  707.  cfn-init专门来安装、配置,启动服务等,定义在上面的metadata里面,详细的介绍看http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-sources
  708. ### createpolicy接受cf-signal的信号,或者timeout,可以确保资源成功创建。目前 AWS::AutoScaling::AutoScalingGroup, AWS::EC2::Instance, and AWS::CloudFormation::WaitCondition支持。

  709. EC2/Auto Scaling建议使用。还有个waitcondition跟这个类似,但具体区别看不明白,看文档官方以后要去掉waitcondition了吧。

  710.       "CreatePolicy": {
  711.         "ResourceSignal": {
  712.           "Timeout": "PT15M"
  713.         }
  714.       }
  715. ####################################
  716.                 "SubnetId": {
  717.                     "Ref": "PublicSubnet"
  718.                 },
  719.                 "ImageId": {
  720.                     "Fn::FindInMap": [
  721.                         "AWSRegionArch2AMI",
  722.                         {
  723.                             "Ref": "AWS::Region"
  724.                         },
  725.                         {
  726.                             "Fn::FindInMap": [
  727.                                 "AWSInstanceType2Arch",
  728.                                 {
  729.                                     "Ref": "OpsmanInstanceType"
  730.                                 },
  731.                                 "Arch"
  732.                             ]
  733.                         }
  734.                     ]
  735.                 },
  736.                 "Tags": [
  737.                     {
  738.                         "Key": "Name",
  739.                         "Value": "OpsManager"
  740.                     }
  741.                 ],
  742.                 "SecurityGroupIds": [
  743.                     {
  744.                         "Ref": "OpsManSecurityGroup"
  745.                     }
  746.                 ]
  747.             }
  748.         },
  749. ######################################## Auto Scaling ######################
  750.   "WebServerGroup": {
  751.     "Type": "AWS::AutoScaling::AutoScalingGroup",
  752.     "Properties": {
  753.       "AvailabilityZones": {
  754.         "Fn::GetAZs": ""
  755.       },
  756.       "LaunchConfigurationName": {
  757.         "Ref": "LaunchConfig"
  758.       },
  759.       "MinSize": "1",
  760.       "MaxSize": "5",
  761.       "DesiredCapacity": {
  762.         "Ref": "WebServerCapacity"
  763.       },
  764.       "LoadBalancerNames": [
  765.         {
  766.           "Ref": "PublicElasticLoadBalancer"
  767.         }
  768.       ]
  769.     },
  770.     "CreationPolicy": {
  771.       "ResourceSignal": {
  772.         "Timeout": "PT30M"
  773.       }
  774.     },
  775.     "UpdatePolicy": {
  776.       "AutoScalingRollingUpdate": {
  777.         "MinInstancesInService": "1",
  778.         "MaxBatchSize": "1",
  779.         "PauseTime": "PT30M",
  780.         "WaitOnResourceSignals": "true"
  781.       }
  782.     }
  783.   },
  784.   "LaunchConfig": {
  785.     "Type": "AWS::AutoScaling::LaunchConfiguration",
  786.     "Metadata": {
  787.       "AWS::CloudFormation::Init": { #也可以设置 metadata来初始化
  788.         "configSets": {
  789.           "xxxx": []
  790.         },
  791.         "xxx": {
  792.           "files": {}
  793.         }
  794.       }
  795.     },
  796. "Properties":{
  797.   "ImageId": {},
  798.   "InstanceType": {},
  799.   "SecurityGroups": [
  800.     {}
  801.   ],
  802.   "KeyName": {},
  803.   "UserData": {
  804.     "Fn::Base64": {
  805.       "Fn::Join": [
  806.         "",
  807.         [
  808.           "#!/bin/bash -xe\n",
  809.           "yum update -y aws-cfn-bootstrap\n",
  810.           "/opt/aws/bin/cfn-init -v ",
  811.           " --stack ",
  812.           {
  813.             "Ref": "AWS::StackId"
  814.           },
  815.           " --resource LaunchConfig ",
  816.           " --configsets full_install ",
  817.           " --region ",
  818.           {
  819.             "Ref": "AWS::Region"
  820.           },
  821.           "\n",
  822.           "/opt/aws/bin/cfn-signal -e $? ",
  823.           " --stack ",
  824.           {
  825.             "Ref": "AWS::StackId"
  826.           },
  827.           " --resource WebServerGroup ",
  828.           " --region ",
  829.           {
  830.             "Ref": "AWS::Region"
  831.           },
  832.           "\n"
  833.         ]
  834.       ]
  835.     }
  836.   }
  837. }
  838.   }
  839. ##################### Auto Scaling ##############

  840.         "OpsManSecurityGroup": {
  841.             "Type": "AWS::EC2::SecurityGroup",
  842.             "Properties": {
  843.                 "GroupDescription": "Enable access to the OpsManager ",
  844.                 "VpcId": {
  845.                     "Ref": "VPC"
  846.                 },
  847.                 "SecurityGroupIngress": [
  848.                     {
  849.                         "IpProtocol": "tcp",
  850.                         "FromPort": "22",
  851.                         "ToPort": "22",
  852.                         "CidrIp": {
  853.                             "Ref": "SshFrom"
  854.                         }
  855.                     },
  856.                     {
  857.                         "IpProtocol": "tcp",
  858.                         "FromPort": "80",
  859.                         "ToPort": "80",
  860.                         "CidrIp": {
  861.                             "Ref": "SshFrom"
  862.                         }
  863.                     },
  864.                     {
  865.                         "IpProtocol": "tcp",
  866.                         "FromPort": "443",
  867.                         "ToPort": "443",
  868.                         "CidrIp": {
  869.                             "Ref": "SshFrom"
  870.                         }
  871.                     },
  872.                     {
  873.                         "IpProtocol": "tcp",
  874.                         "FromPort": "25555",
  875.                         "ToPort": "25555",
  876.                         "CidrIp": {
  877.                             "Fn::FindInMap": [
  878.                                 "Region2VPC",
  879.                                 {
  880.                                     "Ref": "AWS::Region"
  881.                                 },
  882.                                 "VPC"
  883.                             ]
  884.                         }
  885.                     },
  886.                     {
  887.                         "IpProtocol": "tcp",
  888.                         "FromPort": "6868",
  889.                         "ToPort": "6868",
  890.                         "CidrIp": {
  891.                             "Fn::FindInMap": [
  892.                                 "Region2VPC",
  893.                                 {
  894.                                     "Ref": "AWS::Region"
  895.                                 },
  896.                                 "VPC"
  897.                             ]
  898.                         }
  899.                     }
  900.                 ]
  901.             }
  902.         },
  903.         "VmsSecurityGroup": {
  904.             "Type": "AWS::EC2::SecurityGroup",
  905.             "Properties": {
  906.                 "GroupDescription": "PCF VMs Security Group",
  907.                 "VpcId": {
  908.                     "Ref": "VPC"
  909.                 },
  910.                 "SecurityGroupIngress": [
  911.                     {
  912.                         "IpProtocol": "-1",
  913.                         "CidrIp": {
  914.                             "Fn::FindInMap": [
  915.                                 "Region2VPC",
  916.                                 {
  917.                                     "Ref": "AWS::Region"
  918.                                 },
  919.                                 "VPC"
  920.                             ]
  921.                         }
  922.                     }
  923.                 ]
  924.             }
  925.         },
  926.         "MysqlSecurityGroup": {
  927.             "Type": "AWS::EC2::SecurityGroup",
  928.             "Properties": {
  929.                 "GroupDescription": "PCF MySQL Security Group",
  930.                 "VpcId": {
  931.                     "Ref": "VPC"
  932.                 },
  933.                 "SecurityGroupIngress": [
  934.                     {
  935.                         "IpProtocol": "tcp",
  936.                         "FromPort": "3306",
  937.                         "ToPort": "3306",
  938.                         "CidrIp": {
  939.                             "Fn::FindInMap": [
  940.                                 "Region2VPC",
  941.                                 {
  942.                                     "Ref": "AWS::Region"
  943.                                 },
  944.                                 "VPC"
  945.                             ]
  946.                         }
  947.                     }
  948.                 ]
  949.             }
  950.         },
  951.         "PublicElasticLoadBalancer": {
  952.             "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
  953.             "Properties": {
  954.                 "LoadBalancerName": "pcf-china",
  955.                 "CrossZone": true,
  956.                 "ConnectionSettings": {
  957.                     "IdleTimeout": 3600
  958.                 },
  959.                 "SecurityGroups": [
  960.                     {
  961.                         "Ref": "PublicLoadBalancerSecurityGroup"
  962.                     }
  963.                 ],
  964.                 "Subnets": [
  965.                     {
  966.                         "Ref": "PrivateSubnet"
  967.                     }
  968.                 ],
  969.                 "Listeners": [
  970.                     {
  971.                         "LoadBalancerPort": "80",
  972.                         "InstancePort": "80",
  973.                         "Protocol": "HTTP"
  974.                     },
  975.                     {
  976.                         "LoadBalancerPort": "443",
  977.                         "InstancePort": "80",
  978.                         "Protocol": "HTTPS",
  979.                         "SSLCertificateId": {
  980.                             "Ref": "SSLCertARN"
  981.                         }
  982.                     },
  983.                     {
  984.                         "LoadBalancerPort": "4443",
  985.                         "InstancePort": "443",
  986.                         "Protocol": "SSL",
  987.                         "SSLCertificateId": {
  988.                             "Ref": "SSLCertARN"
  989.                         }
  990.                     }
  991.                 ],
  992.                 "HealthCheck": {
  993.                     "Target": "TCP:80",
  994.                     "HealthyThreshold": "10",
  995.                     "UnhealthyThreshold": "2",
  996.                     "Interval": "30",
  997.                     "Timeout": "6"
  998.                 }
  999.             }
  1000.         },
  1001.         "PublicLoadBalancerSecurityGroup": {
  1002.             "Type": "AWS::EC2::SecurityGroup",
  1003.             "Properties": {
  1004.                 "GroupDescription": "Public ELB Security Group with HTTP access on port 80 from the internet",
  1005.                 "VpcId": {
  1006.                     "Ref": "VPC"
  1007.                 },
  1008.                 "SecurityGroupIngress": [
  1009.                     {
  1010.                         "IpProtocol": "tcp",
  1011.                         "FromPort": "80",
  1012.                         "ToPort": "80",
  1013.                         "CidrIp": "0.0.0.0/0"
  1014.                     },
  1015.                     {
  1016.                         "IpProtocol": "tcp",
  1017.                         "FromPort": "443",
  1018.                         "ToPort": "443",
  1019.                         "CidrIp": "0.0.0.0/0"
  1020.                     },
  1021.                     {
  1022.                         "IpProtocol": "tcp",
  1023.                         "FromPort": "4443",
  1024.                         "ToPort": "4443",
  1025.                         "CidrIp": "0.0.0.0/0"
  1026.                     }
  1027.                 ]
  1028.             }
  1029.         },
  1030.         "SSHElasticLoadBalancer": {
  1031.             "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
  1032.             "Properties": {
  1033.                 "LoadBalancerName": "ssh-elb",
  1034.                 "CrossZone": true,
  1035.                 "ConnectionSettings": {
  1036.                     "IdleTimeout": 3600
  1037.                 },
  1038.                 "SecurityGroups": [
  1039.                     {
  1040.                         "Ref": "SSHLoadBalancerSecurityGroup"
  1041.                     }
  1042.                 ],
  1043.                 "Subnets": [
  1044.                     {
  1045.                         "Ref": "PrivateSubnet"
  1046.                     }
  1047.                 ],
  1048.                 "Listeners": [
  1049.                     {
  1050.                         "LoadBalancerPort": "2222",
  1051.                         "InstancePort": "2222",
  1052.                         "Protocol": "tcp"
  1053.                     }
  1054.                 ],
  1055.                 "HealthCheck": {
  1056.                     "Target": "TCP:2222",
  1057.                     "HealthyThreshold": "10",
  1058.                     "UnhealthyThreshold": "2",
  1059.                     "Interval": "30",
  1060.                     "Timeout": "6"
  1061.                 }
  1062.             }
  1063.         },
  1064.         "SSHLoadBalancerSecurityGroup": {
  1065.             "Type": "AWS::EC2::SecurityGroup",
  1066.             "Properties": {
  1067.                 "GroupDescription": "ssh ELB Security Group",
  1068.                 "VpcId": {
  1069.                     "Ref": "VPC"
  1070.                 },
  1071.                 "SecurityGroupIngress": [
  1072.                     {
  1073.                         "IpProtocol": "tcp",
  1074.                         "FromPort": "2222",
  1075.                         "ToPort": "2222",
  1076.                         "CidrIp": "0.0.0.0/0"
  1077.                     }
  1078.                 ]
  1079.             }
  1080.         },
  1081.         "RdsSubnet1": {
  1082.             "Type": "AWS::EC2::Subnet",
  1083.             "Properties": {
  1084.                 "AvailabilityZone": {
  1085.                     "Fn::Select": [
  1086.                         "0",
  1087.                         {
  1088.                             "Fn::GetAZs": {
  1089.                                 "Ref": "AWS::Region"
  1090.                             }
  1091.                         }
  1092.                     ]
  1093.                 },
  1094.                 "CidrBlock": {
  1095.                     "Fn::FindInMap": [
  1096.                         "Region2VPC",
  1097.                         {
  1098.                             "Ref": "AWS::Region"
  1099.                         },
  1100.                         "Rds1"
  1101.                     ]
  1102.                 },
  1103.                 "VpcId": {
  1104.                     "Ref": "VPC"
  1105.                 },
  1106.                 "Tags": [
  1107.                     {
  1108.                         "Key": "Name",
  1109.                         "Value": "rds-subnet-1"
  1110.                     }
  1111.                 ]
  1112.             }
  1113.         },
  1114.         "RdsSubnet2": {
  1115.             "Type": "AWS::EC2::Subnet",
  1116.             "Properties": {
  1117.                 "AvailabilityZone": {
  1118.                     "Fn::Select": [
  1119.                         "1",
  1120.                         {
  1121.                             "Fn::GetAZs": {
  1122.                                 "Ref": "AWS::Region"
  1123.                             }
  1124.                         }
  1125.                     ]
  1126.                 },
  1127.                 "CidrBlock": {
  1128.                     "Fn::FindInMap": [
  1129.                         "Region2VPC",
  1130.                         {
  1131.                             "Ref": "AWS::Region"
  1132.                         },
  1133.                         "Rds2"
  1134.                     ]
  1135.                 },
  1136.                 "VpcId": {
  1137.                     "Ref": "VPC"
  1138.                 },
  1139.                 "Tags": [
  1140.                     {
  1141.                         "Key": "Name",
  1142.                         "Value": "rds-subnet-2"
  1143.                     }
  1144.                 ]
  1145.             }
  1146.         },
  1147.         "RdsSubnet1tRouteTableAssociation": {
  1148.             "Type": "AWS::EC2::SubnetRouteTableAssociation",
  1149.             "Properties": {
  1150.                 "SubnetId": {
  1151.                     "Ref": "RdsSubnet1"
  1152.                 },
  1153.                 "RouteTableId": {
  1154.                     "Ref": "PublicRouteTable"
  1155.                 }
  1156.             }
  1157.         },
  1158.         "RdsSubnet2tRouteTableAssociation": {
  1159.             "Type": "AWS::EC2::SubnetRouteTableAssociation",
  1160.             "Properties": {
  1161.                 "SubnetId": {
  1162.                     "Ref": "RdsSubnet2"
  1163.                 },
  1164.                 "RouteTableId": {
  1165.                     "Ref": "PublicRouteTable"
  1166.                 }
  1167.             }
  1168.         },
  1169.         "OpsManS3Bucket": {
  1170.             "Type": "AWS::S3::Bucket",
  1171.             "Properties": {
  1172.                 "Tags": [
  1173.                     {
  1174.                         "Key": "Name",
  1175.                         "Value": "PCF Ops Manager S3 Bucket"
  1176.                     }
  1177.                 ]
  1178.             }
  1179.         },
  1180.         "IamUser": {
  1181.             "Type": "AWS::IAM::User",
  1182.             "DependsOn": [
  1183.                 "OpsManS3Bucket"
  1184.             ],
  1185.             "Properties": {
  1186.                 "Policies": [
  1187.                     {
  1188.                         "PolicyName": "Policy",
  1189.                         "PolicyDocument": {
  1190.                             "Version": "2012-10-17",
  1191.                             "Statement": [
  1192.                                 {
  1193.                                     "Effect": "Deny",
  1194.                                     "Action": [
  1195.                                         "iam:*"
  1196.                                     ],
  1197.                                     "Resource": [
  1198.                                         "*"
  1199.                                     ]
  1200.                                 },
  1201.                                 {
  1202.                                     "Sid": "OpsManS3Permissions",
  1203.                                     "Effect": "Allow",
  1204.                                     "Action": [
  1205.                                         "s3:*"
  1206.                                     ],
  1207.                                     "Resource": [
  1208.                                         {
  1209.                                             "Fn::Join": [
  1210.                                                 "",
  1211.                                                 [
  1212.                                                     "arn:",
  1213.                                                     {
  1214.                                                         "Fn::FindInMap": [
  1215.                                                             "ArnSuffix",
  1216.                                                             {"Ref": "AWS::Region"
  1217.                                                             },
  1218.                                                             "Value"
  1219.                                                         ]
  1220.                                                     },

  1221.                                                     ":s3:::",
  1222.                                                     {
  1223.                                                         "Ref": "OpsManS3Bucket"
  1224.                                                     }
  1225.                                                 ]
  1226.                                             ]
  1227.                                         },
  1228.                                         {
  1229.                                             "Fn::Join": [
  1230.                                                 "",
  1231.                                                 [
  1232.                                                     "arn:",
  1233.                                                     {
  1234.                                                         "Fn::FindInMap": [
  1235.                                                             "ArnSuffix",
  1236.                                                             {"Ref": "AWS::Region"
  1237.                                                             },
  1238.                                                             "Value"
  1239.                                                         ]
  1240.                                                     },

  1241.                                                     ":s3:::",
  1242.                                                     {
  1243.                                                         "Ref": "OpsManS3Bucket"
  1244.                                                     },
  1245.                                                     "/*"
  1246.                                                 ]
  1247.                                             ]
  1248.                                         }
  1249.                                     ]
  1250.                                 },
  1251.                                 {
  1252.                                     "Sid": "OpsManEc2Permissions",
  1253.                                     "Effect": "Allow",
  1254.                                     "Action": [
  1255.                                         "ec2:DescribeAccountAttributes",
  1256.                                         "ec2:DescribeAddresses",
  1257.                                         "ec2:AssociateAddress",
  1258.                                         "ec2:DisassociateAddress",
  1259.                                         "ec2:DescribeAvailabilityZones",
  1260.                                         "ec2:DescribeImages",
  1261.                                         "ec2:DescribeInstances",
  1262.                                         "ec2:RunInstances",
  1263.                                         "ec2:RebootInstances",
  1264.                                         "ec2:TerminateInstances",
  1265.                                         "ec2:DescribeKeypairs",
  1266.                                         "ec2:DescribeRegions",
  1267.                                         "ec2:DescribeSnapshots",
  1268.                                         "ec2:CreateSnapshot",
  1269.                                         "ec2:DeleteSnapshot",
  1270.                                         "ec2:DescribeSecurityGroups",
  1271.                                         "ec2:DescribeSubnets",
  1272.                                         "ec2:DescribeVpcs",
  1273.                                         "ec2:CreateTags",
  1274.                                         "ec2:DescribeVolumes",
  1275.                                         "ec2:CreateVolume",
  1276.                                         "ec2:AttachVolume",
  1277.                                         "ec2:DeleteVolume",
  1278.                                         "ec2:DetachVolume"
  1279.                                     ],
  1280.                                     "Resource": [
  1281.                                         "*"
  1282.                                     ]
  1283.                                 },
  1284.                                 {
  1285.                                     "Sid": "OpsManElbPermissions",
  1286.                                     "Effect": "Allow",
  1287.                                     "Action": [
  1288.                                         "elasticloadbalancing:DescribeLoadBalancers",
  1289.                                         "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
  1290.                                         "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
  1291.                                     ],
  1292.                                     "Resource": [
  1293.                                         "*"
  1294.                                     ]
  1295.                                 }
  1296.                             ]
  1297.                         }
  1298.                     }
  1299.                 ]
  1300.             }
  1301.         },
  1302.         "IamUserAccessKey": {
  1303.             "Type": "AWS::IAM::AccessKey",
  1304.             "DependsOn": "IamUser",
  1305.             "Properties": {
  1306.                 "UserName": {
  1307.                     "Ref": "IamUser"
  1308.                 }
  1309.             }
  1310.         },
  1311.         "RdsSubnetGroup": {
  1312.             "Type": "AWS::RDS::DBSubnetGroup",
  1313.             "Properties": {
  1314.                 "DBSubnetGroupDescription": "PCF RDS Subnet Group",
  1315.                 "SubnetIds": [
  1316.                     {
  1317.                         "Ref": "RdsSubnet1"
  1318.                     },
  1319.                     {
  1320.                         "Ref": "RdsSubnet2"
  1321.                     }
  1322.                 ]
  1323.             }
  1324.         },
  1325.         "Rds": {
  1326.             "Type": "AWS::RDS::DBInstance",
  1327.             "Properties": {
  1328.                 "AllocatedStorage": "100",
  1329.                 "DBInstanceClass": "db.m3.large",
  1330.                 "Engine": "MySQL",
  1331.                 "EngineVersion": "5.6.22",
  1332.                 "MultiAZ": "True",
  1333.                 "DBName": {
  1334.                     "Ref": "RdsDBName"
  1335.                 },
  1336.                 "Iops": "1000",
  1337.                 "MasterUsername": {
  1338.                     "Ref": "RdsUsername"
  1339.                 },
  1340.                 "MasterUserPassword": {
  1341.                     "Ref": "RdsPassword"
  1342.                 },
  1343.                 "PubliclyAccessible": "False",
  1344.                 "VPCSecurityGroups": [
  1345.                     {
  1346.                         "Ref": "MysqlSecurityGroup"
  1347.                     }
  1348.                 ],
  1349.                 "DBSubnetGroupName": {
  1350.                     "Ref": "RdsSubnetGroup"
  1351.                 }
  1352.             }
  1353.         }
  1354.     },
  1355.     "Outputs": {
  1356.         "OpsManager": {
  1357.             "Description": "IP Address of the OpsManager host",
  1358.             "Value": {
  1359.                 "Ref": "OpsManagerIPAddress"
  1360.             }
  1361.         },
  1362.         "VmsSecurityGroup": {
  1363.             "Value": {
  1364.                 "Ref": "VmsSecurityGroup"
  1365.             }
  1366.         },
  1367.         "VPCId": {
  1368.             "Value": {
  1369.                 "Ref": "VPC"
  1370.             }
  1371.         },
  1372.         "PublicSubnet": {
  1373.             "Value": {
  1374.                 "Ref": "PublicSubnet"
  1375.             }
  1376.         },
  1377.         "IamUserName": {
  1378.             "Value": {
  1379.                 "Ref": "IamUser"
  1380.             }
  1381.         },
  1382.         "IamUserAccessKey": {
  1383.             "Value": {
  1384.                 "Ref": "IamUserAccessKey"
  1385.             }
  1386.         },
  1387.         "IamUserSecretAccessKey": {
  1388.             "Value": {
  1389.                 "Fn::GetAtt": [
  1390.                     "IamUserAccessKey",
  1391.                     "SecretAccessKey"
  1392.                 ]
  1393.             }
  1394.         },
  1395.         "S3Bucket": {
  1396.             "Value": {
  1397.                 "Ref": "OpsManS3Bucket"
  1398.             }
  1399.         },
  1400.         "PrivateSubnet": {
  1401.             "Value": {
  1402.                 "Ref": "PrivateSubnet"
  1403.             }
  1404.         },
  1405.         "PrivateSubnetAvailabilityZone": {
  1406.             "Value": {
  1407.                 "Fn::GetAtt": [
  1408.                     "PrivateSubnet",
  1409.                     "AvailabilityZone"
  1410.                 ]
  1411.             }
  1412.         },
  1413.         "PublicSubnetAvailabilityZone": {
  1414.             "Value": {
  1415.                 "Fn::GetAtt": [
  1416.                     "PublicSubnet",
  1417.                     "AvailabilityZone"
  1418.                 ]
  1419.             }
  1420.         },
  1421.         "RdsAddress": {
  1422.             "Value": {
  1423.                 "Fn::GetAtt": [
  1424.                     "Rds",
  1425.                     "Endpoint.Address"
  1426.                 ]
  1427.             }
  1428.         },
  1429.         "RdsPort": {
  1430.             "Value": {
  1431.                 "Fn::GetAtt": [
  1432.                     "Rds",
  1433.                     "Endpoint.Port"
  1434.                 ]
  1435.             }
  1436.         },
  1437.         "RdsUsername": {
  1438.             "Value": {
  1439.                 "Ref": "RdsUsername"
  1440.             }
  1441.         },
  1442.         "RdsPassword": {
  1443.             "Value": {
  1444.                 "Ref": "RdsPassword"
  1445.             }
  1446.         },
  1447.         "RdsDBName": {
  1448.             "Value": {
  1449.                 "Ref": "RdsDBName"
  1450.             }
  1451.         },
  1452.         "CidrBlock": {
  1453.             "Value": {
  1454.                 "Fn::FindInMap": [
  1455.                     "Region2VPC",
  1456.                     {
  1457.                         "Ref": "AWS::Region"
  1458.                     },
  1459.                     "Private"
  1460.                 ]
  1461.             }
  1462.         },
  1463.         "KeyPairName": {
  1464.             "Value": {
  1465.                 "Ref": "KeyName"
  1466.             }
  1467.         }
  1468.     }
  1469. }

  1470. 以下是跟DNS操作有观的,未验证,因为route53我没用到,拷贝为了参考备忘。

  1471. "HostedZone": {
  1472.             "Type": "AWS::Route53::HostedZone",
  1473.             "Properties": {
  1474.                 "HostedZoneConfig": {
  1475.                     "Comment": "Hosted zone for example.com"
  1476.                 },
  1477.                 "Name": "example.com",
  1478.                 "VPCs": [
  1479.                     {
  1480.                         "VPCId": {
  1481.                             "Ref": "VPC"
  1482.                         },
  1483.                         "VPCRegion": {
  1484.                             "Ref": "AWS::Region"
  1485.                         }
  1486.                     }
  1487.                 ]
  1488.             }
  1489.         },
  1490.         "PuppetMasterDNSRecord": {
  1491.             "Type": "AWS::Route53::RecordSet",
  1492.             "DependsOn": "HostedZone",
  1493.             "Properties": {
  1494.                 "HostedZoneId": {
  1495.                     "Fn::Join": [
  1496.                         "",
  1497.                         [
  1498.                             "/hostedzone/",
  1499.                             {
  1500.                                 "Ref": "HostedZone"
  1501.                             }
  1502.                         ]
  1503.                     ]
  1504.                 },
  1505.                 "Name": "puppet.example.com",
  1506.                 "Type": "A",
  1507.                 "TTL": "900",
  1508.                 "ResourceRecords": [
  1509.                     {
  1510.                         "Ref": "PuppetMasterIP"
  1511.                     }
  1512.                 ]
  1513.             }
  1514.         },
  1515.         "PuppetAgentLinuxDNSRecord": {
  1516.             "Type": "AWS::Route53::RecordSet",
  1517.             "Properties": {
  1518.                 "HostedZoneId": {
  1519.                     "Fn::Join": [
  1520.                         "",
  1521.                         [
  1522.                             "/hostedzone/",
  1523.                             {
  1524.                                 "Ref": "HostedZone"
  1525.                             }
  1526.                         ]
  1527.                     ]
  1528.                 },
  1529.                 "Name": "linuxagent.example.com",
  1530.                 "Type": "A",
  1531.                 "TTL": "900",
  1532.                 "ResourceRecords": [
  1533.                     {
  1534.                         "Ref": "PuppetAgentLinuxIP"
  1535.                     }
  1536.                 ]
  1537.             }
  1538.         },
  1539.         "PuppetAgentWindowsDNSRecord": {
  1540.             "Type": "AWS::Route53::RecordSet",
  1541.             "Properties": {
  1542.                 "HostedZoneId": {
  1543.                     "Fn::Join": [
  1544.                         "",
  1545.                         [
  1546.                             "/hostedzone/",
  1547.                             {
  1548.                                 "Ref": "HostedZone"
  1549.                             }
  1550.                         ]
  1551.                     ]
  1552.                 },
  1553.                 "Name": "windowsagent.example.com",
  1554.                 "Type": "A",
  1555.                 "TTL": "900",
  1556.                 "ResourceRecords": [
  1557.                     {
  1558.                         "Ref": "PuppetAgentWindowsIP"
  1559.                     }
  1560.                 ]
  1561.             }
  1562.         }


阅读(4162) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~