摘要: 以 WordPress 為例,講解 ROS 如何整合協力廠商配管工具 Chef 安裝設定套用。
通過阿裡雲的資源編排服務,ROS,可以很方便的建立一組資源。但是建立資源只是第一步,接下來我們需要把套用部署上去,有兩種方式供你使用,ROS的UserData 腳本或者整合組態管理工具,例如Chef 或Puppet。本文將焦點講述ROS整合Chef 實現套用的部署與設定。關於使用UserData 腳本的方式,大家可以參考《基於資源編排一鍵交付串連RDS的套用》。
通過Chef,你可以自動實現在ECS 上的部署設定套用而不用手動構建各種腳本。通過把Chef 和ROS 整合,這樣能更方便的把生產資源和部署套用整合到一塊,並且通過ROS的範本,可以實現隨時隨地無限次的搭建相同套用環境,很輕鬆的把搭建環境整合到DevOps 中去。
本文將以部署WordPress 為例,講解如何通過ROS 去構建一個高可用Web Server 環境,最後通過執行Chef 的Recipe 在高可用Web Server 基礎設施環境中安裝設定WordPress 。通過最終的這個ROS範本,你可以簡潔快速的追蹤一個WordPress 套用。當然你還可以通過Git或SVN 管理這個ROS 的範本,實現對自己WordPress 套用環境的組建控制。
此範本講建立一個高可用帶有負載平衡能力的WordPress 環境,並通過阿裡雲的RDS 提供後端的資料存放區。基本的架構如下圖所示:
在上面的架構圖裡面,通過ROS 的ALIYUN::ECS::InstanceGroup 建立多個ECS 節點,這樣就可以許諾WordPress 有多個實例,提高WordPress 的高可用工時。在ECS 的前面部署了一個SLB,來許諾均衡後端ECS 的負載,給用戶公開唯一的WordPress 存取位址,同時能夠在新增或減少後端ECS 伺服器的時候,用戶無感知。SLB通過ALIYUN::SLB::LoadBalancer 建立。通過ALIYUN::SLB::Listener 設定SLB監聽那些埠,ALIYUN::SLB::BackendServerAttachment 把後端伺服器ECS 上線到SLB監聽清單中。通過使用RDS 提供WordPress 的後端資料存放區能力。ROS通過ALIYUN::RDS::DBInstance 建立RDS 實例設定資料庫。以上所有的資源都部署在一個安全性群組裡面,通過安全性群組控制資料出入規則,提高安全性。
最終,當ECS 實例啟動的時候,ROS通過利用Chef 的本地圖樣安裝和設定WordPress。Chef 的本地圖樣是使用本地的Chef 倉庫來管理cookbook 而不用通過Chef Server。
點選一鍵部署後,預設會在華北2region 部署WordPress。如果你需要調整region,請點選網頁右下角的【上一步】,然後重新選擇region,接著點選【下一步】,你只需要填入如下圖中必填的資訊或者根據你的需求調整資訊後,點選【建立】按鈕就可以部署一套WordPress 高可用環境。
在本例中,所有資源的都處於VPC網路下,許諾網路的隔離性和安全性。為了許諾ECS 能夠存取外網,追蹤到Chef 的安裝包,下載到WordPress 的cookbook,我們設定了VPC 的SNAT 閘道。請參考《新玩法,ROS幫你一鍵搭建NatGateway讓VPC與Internet的互訪》,瞭解如何詳細的設定你的VPC 網路。
"SNatEntry": {
"Type": "ALIYUN::ECS::SNatEntry",
"DependsOn": "WPLoadBalancer",
"Properties": {
"SNatIp": {
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"NatGateway",
"BandwidthPackageIps"
]
}
]
},
"SourceVSwitchId": {
"Fn::GetAtt": [
"VSwitch",
"VSwitchId"
]
},
"SNatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
}
}
},
"NatGateway": {
"Type": "ALIYUN::ECS::NatGateway",
"Properties": {
"Spec": "Small",
"NatGatewayName": "NatGateway",
"BandwidthPackage": [
{
"IpCount": 1,
"Bandwidth": 5
}
],
"VSwitchId": {
"Ref": "VSwitch"
},
"VpcId": {
"Fn::GetAtt": [
"Vpc",
"VpcId"
]
}
}
},
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": "192.168.33.0/24",
"ZoneId": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": {
"Ref": "ALIYUN::Region"
}
}
]
},
"VpcId": {
"Fn::GetAtt": [
"Vpc",
"VpcId"
]
}
}
}
在本例中,所有的ECS都上線到一個預設安全性群組。同時,給安全性群組資源設定允許外部使用者可通過80和22埠存取WordPress 部署環境。
"DefaultSecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"Description": "DDC default security group",
"SecurityGroupIngress": [
{
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "22/22"
},
{
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "443/443"
},
{
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "80/80"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "all",
"DestCidrIp": "0.0.0.0/0",
"NicType": "intranet",
"PortRange": "-1/-1",
"Priority": 1
}
],
"VpcId": {
"Ref": "Vpc"
}
}
}
本例中,建立了兩種ECS 實例,一種是用ALIYUN::ECS::InstanceGroup 建立用來部署WordPress 的ECS實例,這個資源可以通過MaxAmount 來指定一次建立多少台ECS 實例。一個是用ALIYUN::ECS::Instance 建立一台運維使用的跳板機。跳板機也部署在相同的VPC 網路中,但是給跳板機配置了公網IP。
"WPEcsInstance": {
"Type": "ALIYUN::ECS::InstanceGroup",
"DependsOn": "SNatEntry",
"Properties": {
"IoOptimized": {
"Ref": "WPEcsIoOptimized"
},
"ImageId": {
"Ref": "WPEcsImageId"
},
"SecurityGroupId": {
"Fn::GetAtt": [
"DefaultSecurityGroup",
"SecurityGroupId"
]
},
"Password": {
"Ref": "WPEcsInstancePassword"
},
"MinAmount": {
"Ref": "WPEcsMaxAmount"
},
"AllocatePublicIP": "false",
"SystemDiskCategory": {
"Ref": "WPEcsSystemDiskCategory"
},
"UserData": {
"Fn::Replace": [
{
"ros-notify": {
"Fn::GetAtt": [
"WPEcsConditionHandle",
"CurlCli"
]
}
},
{
"Fn::Join": [
"",
[
"#!/bin/sh ",
"apt-get update ",
"apt-get install -y rails ",
"apt-get install -y unzip ",
" ",
"wget -P /tmp http://ros-om-dependence.oss-cn-shanghai.aliyuncs.com/chef-ubuntu-64/chef_12.18.31-1_amd64.deb ",
"dpkg -i /tmp/chef_12.18.31-1_amd64.deb ",
"wget -P /tmp http://ros-om-dependence.oss-cn-shanghai.aliyuncs.com/chef-ubuntu-64/chefdk_1.2.22-1_amd64.deb ",
"dpkg -i /tmp/chefdk_1.2.22-1_amd64.deb ",
" ",
"mkdir -p /var/chef/chef-repo/.chef ",
"# chef local repo setting ",
"# wget -P /tmp http://github.com/opscode/chef-repo/tarball/master/chef-boneyard-chef-repo-605eeda.tar.gz ",
"wget -P /tmp http://ros-om-dependence.oss-cn-shanghai.aliyuncs.com/chef-ubuntu-64/chef-boneyard-chef-repo-605eeda.tar.gz ",
"tar -xzf /tmp/chef-boneyard-chef-repo-605eeda.tar.gz -C /var/chef/chef-repo ",
"cp -rf /var/chef/chef-repo/chef-boneyard-chef-repo-605eeda/* /var/chef/chef-repo ",
"rm -rf /var/chef/chef-repo/chef-boneyard-chef-repo-605eeda ",
"echo install chef > /tmp/log ",
"# set default knife.rb ",
"echo "cookbook_path [ '/var/chef/chef-repo/cookbooks' ]" > /var/chef/chef-repo/.chef/knife.rb ",
"echo "node_path [ '/var/chef/chef-repo/nodes' ]" >> /var/chef/chef-repo/.chef/knife.rb ",
" ",
"# set default client.rb ",
"echo "cookbook_path [ '/var/chef/chef-repo/cookbooks' ]" > /var/chef/chef-repo/.chef/client.rb ",
"echo "node_path [ '/var/chef/chef-repo/nodes' ]" >> /var/chef/chef-repo/.chef/client.rb ",
" ",
"# set init chef conf ",
"orig_home=$HOME ",
"export HOME='/var/chef' ",
" ",
"# create node list ",
"cd /var/chef/chef-repo ",
"chef-client -z -c /var/chef/chef-repo/.chef/client.rb ",
"echo config chef repo >> /tmp/log ",
" ",
" ",
"# download wordpress cookbook ",
"wget -P /tmp http://ros-om-dependence.oss-cn-shanghai.aliyuncs.com/chef-ubuntu-64/wordpress.tar.gz ",
"tar -xzf /tmp/wordpress.tar.gz -C /var/chef/chef-repo/cookbooks ",
" ",
"# set default knife.rb ",
"echo "cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]" > /var/chef/chef-repo/.chef/knife.rb ",
"echo "node_path [ '/var/chef/chef-repo/nodes' ]" >> /var/chef/chef-repo/.chef/knife.rb ",
" ",
"# set default client.rb ",
"echo "cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]" > /var/chef/chef-repo/.chef/client.rb ",
"echo "node_path [ '/var/chef/chef-repo/nodes' ]" >> /var/chef/chef-repo/.chef/client.rb ",
"echo config wordpress cookbook >> /tmp/log ",
" ",
" ",
"# set wordpress datebase conf ",
"echo "normal['wordpress']['db']['pass'] = '",
{
"Ref": "WPDBPassword"
},
"'" > /var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks/wordpress/attributes/aliyun_rds_config.rb ",
"echo "normal['wordpress']['db']['user'] = '",
{
"Ref": "WPDBUser"
},
"'" >> /var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks/wordpress/attributes/aliyun_rds_config.rb ",
"echo "normal['wordpress']['db']['host'] = '",
{
"Fn::GetAtt": [
"WPDBDatabase",
"InnerConnectionString"
]
},
"'" >> /var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks/wordpress/attributes/aliyun_rds_config.rb ",
"echo "normal['wordpress']['db']['name'] = '",
{
"Ref": "WPDBName"
},
"'" >> /var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks/wordpress/attributes/aliyun_rds_config.rb ",
" ",
" ",
"echo run install wordpress cookbook >> /tmp/log ",
"knife node run_list add -z `knife node list -z` recipe[wordpress] ",
" ",
"chef-client -z -c /var/chef/chef-repo/.chef/client.rb | tee -a /tmp/chef_runing_log ",
"ros-notify "
]
]
}
]
},
"MaxAmount": {
"Ref": "WPEcsMaxAmount"
},
"VSwitchId": {
"Ref": "VSwitch"
},
"VpcId": {
"Ref": "Vpc"
},
"InstanceType": {
"Ref": "WPEcsInstanceType"
}
}
},
"JumpHost": {
"Type": "ALIYUN::ECS::Instance",
"Properties": {
"IoOptimized": "optimized",
"ImageId": {
"Ref": "WPEcsImageId"
},
"SecurityGroupId": {
"Fn::GetAtt": [
"DefaultSecurityGroup",
"SecurityGroupId"
]
},
"Password": {
"Ref": "WPEcsInstancePassword"
},
"AllocatePublicIP": "true",
"SystemDiskCategory": "cloud_efficiency",
"VSwitchId": {
"Ref": "VSwitch"
},
"VpcId": {
"Ref": "Vpc"
},
"InstanceType": {
"Ref": "WPEcsInstanceType"
}
}
},
ROS 通過UserData 整合了Chef,首先安裝Chef 所依賴的ruby 環境。由於網路原因,我們把Chef 的安裝包,本地倉庫和相應的cookbook 都做了鏡像,方便大家在國內存取。然後設定Chef 的knife.rb 和client.rb 檔案指向本地倉庫中的cookbook。叫用chef-client -z 指定本地圖樣生成node list。然後新增RDS實例中的資料庫名稱,使用者名稱,密碼和機器名稱到WordPress cookbook 的attributes 中,許諾Chef 能正確設定WordPress 數據庫屬性。最後叫用下面的Chef 指令,在本機上安裝設定WordPress 實例。
knife node run_list add -z `knife node list -z` recipe[wordpress]
chef-client -z -c /var/chef/chef-repo/.chef/client.rb
要高可用環境,SLB 是必不可少的一個資源。通過 SLB 即可均衡配置要求到後端服務,更可以做用戶無感知地增加,減少或者取代有問題的後端ECS 實例。同時,通過SLB 可以給用戶提供一個唯一的WordPress存取位址。本例中,建立SLB 後,設定了SLB 監聽後端的ECS 的80埠。
"WPLoadBalancerListener80": {
"Type": "ALIYUN::SLB::Listener",
"DependsOn": "WPLoadBalancer",
"Properties": {
"Persistence": {
"StickySession": "on",
"PersistenceTimeout": 600
},
"HealthCheck": {
"Timeout": "2",
"Port": "80",
"Interval": "5",
"HealthyThreshold": "2",
"UnhealthyThreshold": "4"
},
"LoadBalancerId": {
"Ref": "WPLoadBalancer"
},
"BackendServerPort": "80",
"Protocol": "tcp",
"Bandwidth": -1,
"ListenerPort": "80"
}
},
"WPSLBAttachment": {
"Type": "ALIYUN::SLB::BackendServerAttachment",
"Properties": {
"BackendServerList": {
"Fn::GetAtt": [
"WPEcsInstance",
"InstanceIds"
]
},
"LoadBalancerId": {
"Ref": "WPLoadBalancer"
}
}
},
"WPLoadBalancer": {
"Type": "ALIYUN::SLB::LoadBalancer",
"Properties": {
"LoadBalancerName": "WordPressLoadBalancer",
"AddressType": "internet"
}
},
WordPress 需要隱藏使用者的博文和評論,後端資料庫是必不可少的一個元件。阿裡雲RDS 資源是一個很好的選擇。通過ROS 可以簡便的把建立RDS 實例和設定資料庫一步搞定。
"WPDBDatabase": {
"Type": "ALIYUN::RDS::DBInstance",
"DependsOn": "SNatEntry",
"Properties": {
"DBInstanceClass": {
"Ref": "WPDBInstanceClass"
},
"DBMappings": [
{
"DBName": {
"Ref": "WPDBName"
},
"CharacterSetName": "utf8"
}
],
"ZoneId": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": {
"Ref": "ALIYUN::Region"
}
}
]
},
"DBInstanceStorage": {
"Ref": "WPDBInstanceStorage"
},
"VSwitchId": {
"Ref": "VSwitch"
},
"Engine": {
"Ref": "WPDBEngine"
},
"MasterUserPassword": {
"Ref": "WPDBPassword"
},
"MasterUsername": {
"Ref": "WPDBUser"
},
"PreferredBackupPeriod": [
"Monday",
"Wednesday"
],
"VPCId": {
"Ref": "Vpc"
},
"EngineVersion": {
"Ref": "WPDBEngineVersion"
},
"PreferredBackupTime": "23:00Z-24:00Z",
"SecurityIPList": "0.0.0.0/0"
}
},
從本例來看,不僅通過ROS 能安裝設定套用,也可以通過整合協力廠商的官配工具實現相同的目的。本例以Chef為例相大家閱聽了ROS 如何通過整合協力廠商配管工具。希望通過這個例子,大家通過Chef 不光能部署WordPress ,更能部署自己的套用。關於ROS 的詳細指導請參考這裡。
相關產品:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
