CloudFormation/EC2 - 在模板中访问 EC2 实例的 IP 地址？

Question

我正在尝试定义一个 Cassandra 节点集群，以及一些其他实例（一些中间件和应用程序服务器）。我希望能够将 Cassandra 节点的（内部）IP 地址添加到中间件的配置中，并将第一个 Cassandra 节点的 IP 添加到其他节点的配置中，作为种子节点。我可以完全从模板中实现这一点吗？（在AMI中调用脚本是可以的，集中配置或平台没有提供的任何类型的远程数据库都不是）

谢谢！安德拉斯

编辑：我忘了提到我还需要使用实例的 IP 更新相关的安全组。

Answer 1

在对 AWS 文档进行了一些挖掘之后，我发现您可以引用在同一模板中创建的资源的属性，只要它们 a) 在您的引用之前定义 b) 不要指向正在创建的资源（没有循环依赖）

b) 意味着要找出 EC2 节点自己的 IP，我确实必须调用上面提到的 aws URL ceejayoz

这是我为 Cassandra 节点定义的实例资源。请注意，我在配置文件中放置了标记以便能够安全地插入正确的值，但您始终可以恢复为简单地替换默认值（例如，“initial_token: 0”与“initial_token: 123”）

    "Cas1" : {

        "Type" : "AWS::EC2::Instance",
        "Metadata" : {
            "AWS::CloudFormation::Init" : {
                "config" : {
                    "packages" : {
                        "yum" : {
                            "opscenter-free" : [],
                            "pyOpenSSL" : []
                        }
                    }
                },

                "services" : {
                    "sysvinit" : {
                        "cassandra" : {
                            "enabled" : "true",
                            "ensureRunning" : "true"
                        },
                        "opscenterd" : {
                            "enabled" : "true",
                            "ensureRunning" : "true"
                        }
                    }
                }
            }
        },

        "Properties" : {
            "SecurityGroups" : [ { "Ref" : "CommonSecurityGroup" }, { "Ref" : "OpsCenterSecurityGroup" } ],
            "KeyName" : { "Ref" : "KeyName" },
            "InstanceType" : { "Ref" : "CassandraInstanceType" },
            "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" },{ "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "CassandraInstanceType" }, "Arch" ] } ] },
            "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
            "#!/bin/bash -v\n",

            "MY_IP=`(curl http://169.254.169.254/latest/meta-data/local-ipv4)`\n",
            "sed -i 's/REPLACE_WITH_TOKEN/0/g' /etc/cassandra/conf/cassandra.yaml\n",
            "sed -i 's/REPLACE_WITH_MY_IP/'$MY_IP'/g' /etc/cassandra/conf/cassandra.yaml\n",
            "sed -i 's/REPLACE_WITH_SEED_IP/'$MY_IP'/g' /etc/cassandra/conf/cassandra.yaml\n",
            "sed -i 's/REPLACE_WITH_MAX_HEAP_SIZE/8G/g' /etc/cassandra/conf/cassandra-env.sh\n",
            "sed -i 's/REPLACE_WITH_HEAP_NEWSIZE/4G/g' /etc/cassandra/conf/cassandra-env.sh\n",

            "yum update -y aws-cfn-bootstrap\n",

            "/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackName" }, " -r Cas1 ",
            "    --access-key ",  { "Ref" : "HostKeys" },
            "    --secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},
            "    --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n",

            "sed -i 's/127.0.0.1/'$MY_IP'/g' /etc/opscenter/opscenterd.conf\n",
            "sed -i 's/#passwd_file/passwd_file/g' /etc/opscenter/opscenterd.conf\n",
            "echo 'xxx:xxx:admin' > /etc/opscenter/.passwd\n",

            "rm -fR /var/lib/cassandra/data\n",
            "rm -fR /var/lib/cassandra/commitlog\n",
            "mkdir /var/lib/cassandra/data\n",
            "mkdir /var/lib/cassandra/commitlog\n",
            "chown -R cassandra:cassandra /var/lib/cassandra\n",

            "service cassandra start\n",
            "service opscenterd start\n"

            ]]}}
        }

    },

后续节点的配置都是一样的，除了线路

            "sed -i 's/REPLACE_WITH_SEED_IP/'$MY_IP'/g' /etc/cassandra/conf/cassandra.yaml\n",

引用种子（第一个）节点的 IP 地址

            "sed -i 's/REPLACE_WITH_SEED_IP/", { "Fn::GetAtt" : ["Cas1", "PrivateIp"] }, "/g' /etc/cassandra/conf/cassandra.yaml\n",

关于将实例 IP 添加到安全组，这似乎是不必要的，您可以创建一个组并向其中添加 Ingress 资源，在其中引用该组作为源

    "CommonSecurityGroup" : {
        "Type" : "AWS::EC2::SecurityGroup",
        "Properties" : {
            "GroupDescription" : "Enables",
            "SecurityGroupIngress" : [ {
                "IpProtocol" : "tcp",
                "FromPort" : "22",
                "ToPort" : "22",
                "CidrIp" : "0.0.0.0/0"
            } ]
        }
    },

    "OpsCenterSecurityGroup" : {
        "Type" : "AWS::EC2::SecurityGroup",
        "Properties" : {
            "GroupDescription" : "Enables",
            "SecurityGroupIngress" : [ {
                "IpProtocol" : "tcp",
                "FromPort" : "8888",
                "ToPort" : "8888",
                "CidrIp" : "0.0.0.0/0"
            },
            "SecurityGroupIngress" : [ {
                "IpProtocol" : "tcp",
                "FromPort" : "61620",
                "ToPort" : "61621",
                "SourceSecurityGroupName" : { "Ref": "CommonSecurityGroup" }
            } ]
        }
    },

    "CassandraThriftIngress" : {
        "Type" : "AWS::EC2::SecurityGroupIngress",
        "Properties" : {
            "GroupName": { "Ref": "CommonSecurityGroup" },
            "IpProtocol" : "tcp",
            "FromPort" : "9160",
            "ToPort" : "9160",
            "SourceSecurityGroupName" : { "Ref": "CommonSecurityGroup" }
        }
    },

    "CassandraData" : {
        "Type" : "AWS::EC2::SecurityGroupIngress",
        "Properties" : {
            "GroupName": { "Ref": "CommonSecurityGroup" },
            "IpProtocol" : "tcp",
            "FromPort" : "7000",
            "ToPort" : "7001",
            "SourceSecurityGroupName" : { "Ref": "CommonSecurityGroup" }
        }
    },

    "CassandraJMX" : {
        "Type" : "AWS::EC2::SecurityGroupIngress",
        "Properties" : {
            "GroupName": { "Ref": "CommonSecurityGroup" },
            "IpProtocol" : "tcp",
            "FromPort" : "7199",
            "ToPort" : "7199",
            "SourceSecurityGroupName" : { "Ref": "OpsCenterSecurityGroup" }
        }
    },