aws summit devops 云端多环境自动化运维和部署
TRANSCRIPT
©2016,AmazonWebServices,Inc.oritsAffiliates.Allrightsreserved.
LeonLi,李磊,AWS解决方案架构师
2016/09/08
AWS云端多环境自动化运维和部署
议程
基础设施代码化
云端的多环境管理
高效的自动化部署
为什么基础设施代码化很重要
结构化 高效 健壮 安全
基础设施即代码的实现
监控配置部署测试构建代码
Elastic Beanstalk
OpsWorks
CloudWatch
CloudFormation
CodeDeploy
CodeCommit
CodePipeline
软件开发类比基础设施代码化
应用程序
Sourcecode
Interpreter
Desiredapplicationstate
基础设施
JSON
AWSServiceAPI
Desiredinfrastructurestate
软件开发类比基础设施代码化
应用程序
软件代码
Interpreter
Desiredapplicationstate
基础设施
JSON
AWSServiceAPI
Desiredinfrastructurestate
软件开发类比基础设施代码化
应用程序
软件代码
编译器/运行时
Desiredapplicationstate
基础设施
JSON
AWS服务API
Desiredinfrastructurestate
软件开发类比基础设施代码化
应用程序
软件代码
编译器/运行时
目标应用程序状态
基础设施
JSON
AWS服务API
目标基础设施状态
重用
扩展
测试
维护
重用–多环境
Development
IaC Template
Development
Production
IaC Template
重用–多环境
Development
Production
Forensics Analysis
IaC Template
重用–多环境
维护–与CI/CD集成
AppDevelopers
IaCTemplate
Story
AppSourceCode
AppDevelopers
IaCTemplate
Story
AWSCodeCommitSourceControl
AppSourceCode
维护–与CI/CD集成
AWSCloudFormation
AppDevelopers
AWSCodePipeline
IaCTemplate
Story
AWSCodeCommitSourceControl
AWSCodeDeploy
AppSourceCode
维护–与CI/CD集成
AWSCloudFormation
AppDevelopers
AWSCodePipeline
Dev
Staging
Prod
IaCTemplate
Story
AWSCodeCommitSourceControl
AWSCodeDeploy
AppSourceCode
维护–与CI/CD集成
AWSCloudFormation
AppDevelopers
AWSCodePipeline
Dev
Staging
Prod
IaCTemplate
Story
AWSCodeCommitSourceControl
AWSCodeDeploy
AppSourceCode
维护–与CI/CD集成
扩展– AWSLambda自定义资源
IaC Template
IaC Template
AWS Lambda
扩展– AWSLambda自定义资源
Cross-stack reference: VPC
Cross-stack reference: Security Group
Cross-stack reference: SubnetLook up AMI ID
Utility function – e.g., string reversal
IaC Template
扩展– AWSLambda自定义资源
Cross-stack reference: VPC
Cross-stack reference: Security Group
Cross-stack reference: SubnetLook up AMI ID
Utility function – e.g., string reversal
IaC Template
扩展– AWSLambda自定义资源
测试 –蓝绿部署
ExampleApp V1
IaC Template
测试 –蓝绿部署
AWS CodeDeployExampleApp V1
ExampleApp V2
IaC Template
测试 –蓝绿部署
AWS CodeDeployExampleApp V1
ExampleApp V2
IaC Template
模板 CloudFormation 堆栈
JSON 格式的文件参数定义
需要的资源
具体配置
配置好的AWS资源完整的SAWS服务支持
可定制化
框架
创建堆栈
更新堆栈
错误检查和回滚
CloudFormation – 组件和技术实现
价格
$0.00
CloudFormation示例
{
"Description" : "A text description for the template usage",
"Parameters": {
// A set of inputs used to customize the template per deployment
},
"Resources" : {
// The set of AWS resources and relationships between them
},
"Outputs" : {
// A set of values to be made visible to the stack creator
},
"AWSTemplateFormatVersion" : "2010-09-09”
}
Reference{ "Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-7a11e213”
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" :"0.0.0.0/0" } ]
}
}
} }
InputReference
{
"Parameters" : {
"KeyPair" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instance",
"Type" : "String"
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" }],
"KeyName" : { "Ref" : "KeyPair"},
"ImageId" : "" }
},
…
} }
自定义input参数
"WordPressUser": {
"Default": "admin",
"Description" : "The WordPress database admin account username",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*"
},
使用下列属性来验证input参数 :
Maxlength, MinLength, MaxValue, MinValue, AllowedPattern, AllowedValues
Mappings{"Mappings" : {
"RegionMap" : {
"us-east-1" : { "AMI" : "ami-76f0061f" },
"us-west-1" : { "AMI" : "ami-655a0a20" },
"eu-west-1" : { "AMI" : "ami-7fd4e10b" },
"ap-southeast-1" : { "AMI" : "ami-72621c20" },
"ap-northeast-1" : { "AMI" : "ami-8e08a38f" } } },
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
“ImageId" : {
"Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}
}
}
} }
服务器初始化- UserData
AWS code services
AWS CodeCommit AWS CodePipeline AWS CodeDeploy
源码控制 - CodeCommitPrivate Git repositories hosted on Amazon S3
• 基于Amazon的私有Git Repositories• 完全兼容Git• 充分利用云的优势 (扩展性,持久性, 可靠性, 按需付费以降低成本)• Repositories没有大小限制• 在线代码工具,支持browse, edit, diff• IAM用户管理
持续交付 - CodePipeline
• 可自定义的自动化版本发布,并且集成了编译和测试
• 对自定义的版本发布工作流建模、可视化
(源代码è编译è beta è gamma è线上生产)• 自动化编译、测试和部署
• 执行自定义规则
• 与第三方工具集成
36
持续部署 - CodeDeploy
• 协调服务器的软件更新,滚动更新以避免宕机时间
• 针对部署的健康检测,以及回滚
• 集成自动扩展(Auto Scaling)• 对所有应用程序适用
• 重用已有的部署工具(Bash, Powershell, Chef, Puppet…)
38
工作流
9/25/14 Slidesnotintendedforredistribution. 40
AppSpec fileos: linuxfiles:- source: Config/config.txtdestination: webapps/Config
- source: Servicedestination: /webapps/DogSuit
hooks:ApplicationStop:- location: Scripts/Deactivate_Service
BeforeInstall:- location: Scripts/Flush_Logs.sh
AfterInstall:- location: Scripts/Decrypt_Secrets.sh
ApplicationStart:- location: Scripts/Start_Pooch_Service.shtimeout: 3600
ValidateService:- location: Scripts/Check_Dogs_Barking.shrunas: codedeployuser
ApplicationStop
BeforeInstall
AfterInstall
ApplicationStart
ValidateService
DownloadBundle
Install
Start
End
部署配置
v2 v2 v2 v2 v2 v2 v2 v2All-at-onceMin. healthy hosts = 0
v2 v2 v2 v2 v1 v1 v1 v1Half-at-a-timeMin. healthy hosts = 50%
v2 v2 v1 v1 v1 v1 v1 v1[Custom]Min. healthy hosts = 75%
v2 v1 v1 v1 v1 v1 v1 v1One-at-a-timeMin. healthy hosts = 99%
第三方工具集成
AWS DevOps服务
运维
Elastic Beanstalk
CloudWatchCloudFormationCodeDeploy
CodePipeline
Opsworks
Elastic Container Service
监控搭建部署测试构建开发
Lambda
CloudTrail
版本管理 持续集成持续交付
持续部署
自动化运维
配置管理
自动化监控基础设施即代码
日志管理
CodeCommit
Thankyou.