AWS CloudFormation 识别另一个实例的 IP - 循环依赖
AWS CloudFormation identify IP of another instance - circular dependency
我正在使用 CloudFormation 模板配置两个实例。 "MASTER" 和 "SLAVE".
在用户数据脚本中,我需要将 slave 的私有 IP 传递给 master,并将 master 的 IP 传递给 slave。
这是我的模板:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "",
"Parameters" : {
},
"Resources" : {
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Default Ports",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
]
}
},
"MASTER" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"Tags":[{"Key":"Name", "Value":"MASTER"}],
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=MASTER SLAVEIP=",?????," sh bootstrap.sh","\n"
] ] } }
}
},
"SLAVE" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"Tags":[{"Key":"Name", "Value":"SLAVE"}],
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=SLAVE MASTERIP=",?????," sh bootstrap.sh","\n"
] ] } }
}
},
},
"Outputs" : {
}
}
用什么来代替 ??????如果可能,如果不可能 - 我可以使用什么替代方案?
UPD:发现这个:{"Fn::GetAtt":["MASTER","PrivateIp"]},它自己工作正常,但如果我失败,"Template validation error: Circular dependency between resources: [SLAVE, MASTER]"我正在尝试同时设置主 IP 和从 IP。
如果您使用的是 VPC 和子网,则可以通过为每个实例创建一个 AWS::EC2::NetworkInterface 来实现。然后在用户数据中使用{ "Fn::GetAtt": [ "MyNetworkInterface", "PrimaryPrivateIpAddress" ] }引用网络接口的内部IP地址
您使用 NetworkInterfaces 属性
将网络接口与 EC2 实例相关联
...
"MasterNetInt" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId": { "Ref" : "MySubnet" }
}
},
"SlaveNetInt" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId": { "Ref" : "MySubnet" }
}
},
"Master" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"SubnetId": { "Ref" : "MySubnet" },
"NetworkInterfaces": [ { "Ref" : "MasterNetInt" } ],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=MASTER SLAVEIP=", { "Fn::GetAtt": [ "SlaveNetInt", "PrimaryPrivateIpAddress" ] }," sh bootstrap.sh","\n"
] ] } }
}
},
"Slave" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"SubnetId": { "Ref" : "MySubnet" },
"NetworkInterfaces": [ { "Ref" : "SlaveNetInt" } ],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=SLAVE MASTERIP=", { "Fn::GetAtt": [ "MasterNetInt", "PrimaryPrivateIpAddress" ] }," sh bootstrap.sh","\n"
] ] } }
}
}
...
如果您不熟悉设置 VPC 和子网,请阅读以下文档:http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
基本要求是:
AWS::EC2::VPC
AWS::EC2::InternetGateway
AWS::EC2::VPCGatewayAttachment
AWS::EC2::RouteTable
AWS::EC2::Route
AWS::EC2::Subnet
AWS::EC2::SubnetRouteTableAssociation
AWS::EC2::NetworkAcl
AWS::EC2::SubnetNetworkAclAssociation
AWS::EC2::NetworkAclEntry
AWS::EC2::NetworkInterface
AWS::EC2::Instance
我正在使用 CloudFormation 模板配置两个实例。 "MASTER" 和 "SLAVE".
在用户数据脚本中,我需要将 slave 的私有 IP 传递给 master,并将 master 的 IP 传递给 slave。
这是我的模板:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "",
"Parameters" : {
},
"Resources" : {
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Default Ports",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
]
}
},
"MASTER" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"Tags":[{"Key":"Name", "Value":"MASTER"}],
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=MASTER SLAVEIP=",?????," sh bootstrap.sh","\n"
] ] } }
}
},
"SLAVE" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"Tags":[{"Key":"Name", "Value":"SLAVE"}],
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=SLAVE MASTERIP=",?????," sh bootstrap.sh","\n"
] ] } }
}
},
},
"Outputs" : {
}
}
用什么来代替 ??????如果可能,如果不可能 - 我可以使用什么替代方案?
UPD:发现这个:{"Fn::GetAtt":["MASTER","PrivateIp"]},它自己工作正常,但如果我失败,"Template validation error: Circular dependency between resources: [SLAVE, MASTER]"我正在尝试同时设置主 IP 和从 IP。
如果您使用的是 VPC 和子网,则可以通过为每个实例创建一个 AWS::EC2::NetworkInterface 来实现。然后在用户数据中使用{ "Fn::GetAtt": [ "MyNetworkInterface", "PrimaryPrivateIpAddress" ] }引用网络接口的内部IP地址
您使用 NetworkInterfaces 属性
...
"MasterNetInt" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId": { "Ref" : "MySubnet" }
}
},
"SlaveNetInt" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId": { "Ref" : "MySubnet" }
}
},
"Master" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"SubnetId": { "Ref" : "MySubnet" },
"NetworkInterfaces": [ { "Ref" : "MasterNetInt" } ],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=MASTER SLAVEIP=", { "Fn::GetAtt": [ "SlaveNetInt", "PrimaryPrivateIpAddress" ] }," sh bootstrap.sh","\n"
] ] } }
}
},
"Slave" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : "mykey",
"ImageId" : "ami-a25415cb",
"InstanceType": "m1.large",
"SubnetId": { "Ref" : "MySubnet" },
"NetworkInterfaces": [ { "Ref" : "SlaveNetInt" } ],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -ex", "\n",
"wget https://s3.amazonaws.com/mybucket/bootstrap.sh","\n",
"ROLE=SLAVE MASTERIP=", { "Fn::GetAtt": [ "MasterNetInt", "PrimaryPrivateIpAddress" ] }," sh bootstrap.sh","\n"
] ] } }
}
}
...
如果您不熟悉设置 VPC 和子网,请阅读以下文档:http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html
基本要求是:
AWS::EC2::VPC
AWS::EC2::InternetGateway
AWS::EC2::VPCGatewayAttachment
AWS::EC2::RouteTable
AWS::EC2::Route
AWS::EC2::Subnet
AWS::EC2::SubnetRouteTableAssociation
AWS::EC2::NetworkAcl
AWS::EC2::SubnetNetworkAclAssociation
AWS::EC2::NetworkAclEntry
AWS::EC2::NetworkInterface
AWS::EC2::Instance