AWS CloudFormation 'UserData' 似乎不起作用
AWS CloudFormation 'UserData' Doesn't seem to work
我正在编写 AWS CloudFormation 脚本来构建 EC2 实例。我想通过安装一些软件包、下载一些存储库和 运行 一些脚本来提供实例。 Amazon 告诉我可以在 CloudFormation 中使用 UserData 字段执行此操作。但是,它似乎根本不起作用。
这是我目前正在使用的东西:
DWHServer:
Type: "AWS::EC2::Instance"
Properties:
DisableApiTermination: false # no termination protection
EbsOptimized: false # optimize for elastic block store
IamInstanceProfile: !Ref DWHServerIAMIP
ImageId: "ami-5189a661" # ubunty-trusty-14.04-amd64-server-20150325
InstanceInitiatedShutdownBehavior: "terminate"
InstanceType: "t2.medium"
KeyName: !FindInMap [EnvMap, KeyPair, !Ref EnvType]
Monitoring: true
SecurityGroupIds:
- !Ref DWHServerSG
SourceDestCheck: true # ??
SubnetId: "subnet-aed2ecf6" # Stage-etl-2c
UserData: !Base64
"Fn::Join": ["", ["#!/bin/bash -xe\n", "touch ~/confirm_work.txt\n"]]
这是最简单的例子。我只是想让它制作一个文件来证明它是 运行。但它甚至没有这样做。文档说要查看名为 /var/log/cloud-init-output.log 的东西。我看了看那里,但没有看到有关 UserData 的任何信息。似乎确实存在某种网络错误,但我不确定如何解释它或如何处理它。
以下是实例上的 cloud-init-output.log 文件的内容:
Cloud-init v. 0.7.5 running 'init-local' at Sat, 04 Mar 2017 02:40:07 +0000. Up 3.85 seconds.
Cloud-init v. 0.7.5 running 'init' at Sat, 04 Mar 2017 02:40:09 +0000. Up 6.01 seconds.
ci-info: +++++++++++++++++++++++++Net device info+++++++++++++++++++++++++
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: | Device | Up | Address | Mask | Hw-Address |
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | . |
ci-info: | eth0 | True | 10.0.7.84 | 255.255.255.0 | 0a:3a:b0:a4:96:5d |
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: ++++++++++++++++++++++++++++++Route info++++++++++++++++++++++++++++++
ci-info: +-------+-------------+----------+---------------+-----------+-------+
ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
ci-info: +-------+-------------+----------+---------------+-----------+-------+
ci-info: | 0 | 0.0.0.0 | 10.0.7.1 | 0.0.0.0 | eth0 | UG |
ci-info: | 1 | 10.0.7.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
ci-info: +-------+-------------+----------+---------------+-----------+-------+
Mar 4 02:40:11 ubuntu pollinate[723]: ERROR: Network communication failed [60]\n02:40:10.394529 * Hostname was NOT found in DNS cache
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 002:40:10.407240 * Trying 91.189.94.24...
02:40:10.550022 * Connected to entropy.ubuntu.com (91.189.94.24) port 443 (#0)
02:40:10.551661 * successfully set certificate verify locations:
02:40:10.551698 * CAfile: /etc/pollinate/entropy.ubuntu.com.pem
CApath: /dev/null
02:40:10.551804 * SSLv3, TLS handshake, Client hello (1):
02:40:10.551832 } [data not shown]
02:40:10.711080 * SSLv3, TLS handshake, Server hello (2):
02:40:10.711129 { [data not shown]
02:40:10.711191 * SSLv3, TLS handshake, CERT (11):
02:40:10.711216 { [data not shown]
02:40:10.711490 * SSLv3, TLS alert, Server hello (2):
02:40:10.711520 } [data not shown]
02:40:10.711602 * SSL certificate problem: unable to get local issuer certificate
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
02:40:10.711732 * Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
2017-03-04 02:40:11,144 - util.py[WARNING]: Running seed_random (<module 'cloudinit.config.cc_seed_random' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_seed_random.pyc'>) failed
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
0c:54:09:ab:bc:b8:63:b5:6c:d2:d5:47:21:4a:38:6f root@ip-10-0-7-84
The key's randomart image is:
+--[ RSA 2048]----+
| .oo.. |
| o...o . |
| +o. . . |
| . .Eo . |
| o. .S. |
| .... . . |
| .+.o . |
| +.= |
| ..+ |
+-----------------+
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
89:26:94:17:79:6d:45:15:fc:5f:37:95:31:2e:e9:f7 root@ip-10-0-7-84
The key's randomart image is:
+--[ DSA 1024]----+
| .. . oooo+o|
| .... o +.o|
| o .. . o o.|
| . . . . . ..+|
| . o S . .=|
| o . o|
| E|
| |
| |
+-----------------+
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
af:a2:c7:b3:95:5c:17:2e:ce:69:b3:f6:39:c7:67:91 root@ip-10-0-7-84
The key's randomart image is:
+--[ECDSA 256]---+
| |
| |
| . |
| . . |
| S o o .|
| . * + E |
| . + B . .|
| =. o.o..o o|
| .o.+....oo o |
+-----------------+
Cloud-init v. 0.7.5 running 'modules:config' at Sat, 04 Mar 2017 02:40:14 +0000. Up 11.53 seconds.
Generating locales... en_US.UTF-8... up-to-date
Generation complete.
Cloud-init v. 0.7.5 running 'modules:final' at Sat, 04 Mar 2017 02:40:17 +0000. Up 13.61 seconds.
+ touch /root/confirm_work.txt
Cloud-init v. 0.7.5 finished at Sat, 04 Mar 2017 02:40:17 +0000. Datasource DataSourceEc2. Up 13.83 seconds
如有任何提示,我们将不胜感激。谢谢!
提示:始终在脚本中使用完全限定路径。为你的用户数据试试这个。有帮助吗?
UserData: !Base64
"Fn::Join": ["\n", ["#!/bin/bash -xe", "/bin/touch /tmp/confirm_work.txt"]]
查看日志中的倒数第二个条目:
+ touch /root/confirm_work.txt
命令确实被调用了。请注意,您的 EC2 用户数据中的所有命令都将显示在该日志文件 (/var/log/cloud-init-output.log) 中,并在其前面加上一个加号(如上所示)。触摸命令可能不存在吗?那将是令人惊讶的。但是在触摸之前添加一个“echo”命令,您应该会看到输出并确认一切正常。也许您正在尝试访问您无权访问的目录。也许尝试触摸 /tmp 中的文件以缩小范围...
我正在编写 AWS CloudFormation 脚本来构建 EC2 实例。我想通过安装一些软件包、下载一些存储库和 运行 一些脚本来提供实例。 Amazon 告诉我可以在 CloudFormation 中使用 UserData 字段执行此操作。但是,它似乎根本不起作用。
这是我目前正在使用的东西:
DWHServer:
Type: "AWS::EC2::Instance"
Properties:
DisableApiTermination: false # no termination protection
EbsOptimized: false # optimize for elastic block store
IamInstanceProfile: !Ref DWHServerIAMIP
ImageId: "ami-5189a661" # ubunty-trusty-14.04-amd64-server-20150325
InstanceInitiatedShutdownBehavior: "terminate"
InstanceType: "t2.medium"
KeyName: !FindInMap [EnvMap, KeyPair, !Ref EnvType]
Monitoring: true
SecurityGroupIds:
- !Ref DWHServerSG
SourceDestCheck: true # ??
SubnetId: "subnet-aed2ecf6" # Stage-etl-2c
UserData: !Base64
"Fn::Join": ["", ["#!/bin/bash -xe\n", "touch ~/confirm_work.txt\n"]]
这是最简单的例子。我只是想让它制作一个文件来证明它是 运行。但它甚至没有这样做。文档说要查看名为 /var/log/cloud-init-output.log 的东西。我看了看那里,但没有看到有关 UserData 的任何信息。似乎确实存在某种网络错误,但我不确定如何解释它或如何处理它。
以下是实例上的 cloud-init-output.log 文件的内容:
Cloud-init v. 0.7.5 running 'init-local' at Sat, 04 Mar 2017 02:40:07 +0000. Up 3.85 seconds.
Cloud-init v. 0.7.5 running 'init' at Sat, 04 Mar 2017 02:40:09 +0000. Up 6.01 seconds.
ci-info: +++++++++++++++++++++++++Net device info+++++++++++++++++++++++++
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: | Device | Up | Address | Mask | Hw-Address |
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | . |
ci-info: | eth0 | True | 10.0.7.84 | 255.255.255.0 | 0a:3a:b0:a4:96:5d |
ci-info: +--------+------+-----------+---------------+-------------------+
ci-info: ++++++++++++++++++++++++++++++Route info++++++++++++++++++++++++++++++
ci-info: +-------+-------------+----------+---------------+-----------+-------+
ci-info: | Route | Destination | Gateway | Genmask | Interface | Flags |
ci-info: +-------+-------------+----------+---------------+-----------+-------+
ci-info: | 0 | 0.0.0.0 | 10.0.7.1 | 0.0.0.0 | eth0 | UG |
ci-info: | 1 | 10.0.7.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
ci-info: +-------+-------------+----------+---------------+-----------+-------+
Mar 4 02:40:11 ubuntu pollinate[723]: ERROR: Network communication failed [60]\n02:40:10.394529 * Hostname was NOT found in DNS cache
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 002:40:10.407240 * Trying 91.189.94.24...
02:40:10.550022 * Connected to entropy.ubuntu.com (91.189.94.24) port 443 (#0)
02:40:10.551661 * successfully set certificate verify locations:
02:40:10.551698 * CAfile: /etc/pollinate/entropy.ubuntu.com.pem
CApath: /dev/null
02:40:10.551804 * SSLv3, TLS handshake, Client hello (1):
02:40:10.551832 } [data not shown]
02:40:10.711080 * SSLv3, TLS handshake, Server hello (2):
02:40:10.711129 { [data not shown]
02:40:10.711191 * SSLv3, TLS handshake, CERT (11):
02:40:10.711216 { [data not shown]
02:40:10.711490 * SSLv3, TLS alert, Server hello (2):
02:40:10.711520 } [data not shown]
02:40:10.711602 * SSL certificate problem: unable to get local issuer certificate
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
02:40:10.711732 * Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
2017-03-04 02:40:11,144 - util.py[WARNING]: Running seed_random (<module 'cloudinit.config.cc_seed_random' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_seed_random.pyc'>) failed
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
0c:54:09:ab:bc:b8:63:b5:6c:d2:d5:47:21:4a:38:6f root@ip-10-0-7-84
The key's randomart image is:
+--[ RSA 2048]----+
| .oo.. |
| o...o . |
| +o. . . |
| . .Eo . |
| o. .S. |
| .... . . |
| .+.o . |
| +.= |
| ..+ |
+-----------------+
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
89:26:94:17:79:6d:45:15:fc:5f:37:95:31:2e:e9:f7 root@ip-10-0-7-84
The key's randomart image is:
+--[ DSA 1024]----+
| .. . oooo+o|
| .... o +.o|
| o .. . o o.|
| . . . . . ..+|
| . o S . .=|
| o . o|
| E|
| |
| |
+-----------------+
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
af:a2:c7:b3:95:5c:17:2e:ce:69:b3:f6:39:c7:67:91 root@ip-10-0-7-84
The key's randomart image is:
+--[ECDSA 256]---+
| |
| |
| . |
| . . |
| S o o .|
| . * + E |
| . + B . .|
| =. o.o..o o|
| .o.+....oo o |
+-----------------+
Cloud-init v. 0.7.5 running 'modules:config' at Sat, 04 Mar 2017 02:40:14 +0000. Up 11.53 seconds.
Generating locales... en_US.UTF-8... up-to-date
Generation complete.
Cloud-init v. 0.7.5 running 'modules:final' at Sat, 04 Mar 2017 02:40:17 +0000. Up 13.61 seconds.
+ touch /root/confirm_work.txt
Cloud-init v. 0.7.5 finished at Sat, 04 Mar 2017 02:40:17 +0000. Datasource DataSourceEc2. Up 13.83 seconds
如有任何提示,我们将不胜感激。谢谢!
提示:始终在脚本中使用完全限定路径。为你的用户数据试试这个。有帮助吗?
UserData: !Base64
"Fn::Join": ["\n", ["#!/bin/bash -xe", "/bin/touch /tmp/confirm_work.txt"]]
查看日志中的倒数第二个条目:
+ touch /root/confirm_work.txt
命令确实被调用了。请注意,您的 EC2 用户数据中的所有命令都将显示在该日志文件 (/var/log/cloud-init-output.log) 中,并在其前面加上一个加号(如上所示)。触摸命令可能不存在吗?那将是令人惊讶的。但是在触摸之前添加一个“echo”命令,您应该会看到输出并确认一切正常。也许您正在尝试访问您无权访问的目录。也许尝试触摸 /tmp 中的文件以缩小范围...