cloudformation 未创建某些资源

Posted

技术标签:

【中文标题】cloudformation 未创建某些资源【英文标题】:Some resources are not getting created by cloudformation 【发布时间】:2017-06-12 22:46:55 【问题描述】:

我正在创建一个 cloudformation 模板,该模板创建一个堆栈、一个层、一个应用程序、该层的 2 个实例以及一个负载均衡器和一个 Auto Scaling 组。这是完整的模板:


  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "AWS CloudFormation Template : Building the opsworks stack",


  "Mappings": 

    "Region2Principal": 

      "us-east-1": 
        "EC2Principal": "ec2.amazonaws.com",
        "OpsWorksPrincipal": "opsworks.amazonaws.com"
      ,
      "us-west-2": 
        "EC2Principal": "ec2.amazonaws.com",
        "OpsWorksPrincipal": "opsworks.amazonaws.com"
      ,
      "us-west-1": 
        "EC2Principal": "ec2.amazonaws.com",
        "OpsWorksPrincipal": "opsworks.amazonaws.com"
      ,
      "eu-west-1": 
        "EC2Principal": "ec2.amazonaws.com",
        "OpsWorksPrincipal": "opsworks.amazonaws.com"
      
    ,

    "RegionMap" : 
      "us-east-1" :  "64" : "ami-5ac2cd4d" ,
      "us-west-1" :  "64" : "ami-7790c617" ,
      "eu-west-1" :  "64" : "ami-b9b394ca" ,
      "us-west-2" :  "64" : "ami-30e65350" 
    

  ,

  "Parameters": 

    "OpsWorksStackColor": 
      "Description": "RGB Color to use for OpsWorks Stack",
      "Type": "String",
      "Default": "rgb(38, 146, 168)"
    ,

    "Region" : 
      "Type":"String",
      "Description": "Region location of the template resources",
      "Default": "eu-west-1",
      "AllowedValues" : [ "us-east-1", "us-west-1", "us-west-2", "eu-west-1" ]
    ,

    "EnvironnementParam" : 
      "Type" : "String",
      "Description" : "Environnement variable for the stack benchmark layer",
      "Default" : "dev"
    ,

    "SecurityGroupIds": 
      "Description": "Security groups that can be used to access the EC2 instances, do not select more than 5 SG",
      "Type": "List<AWS::EC2::SecurityGroup::Id>",
      "ConstraintDescription": "must be list of EC2 security group ids"
    ,

    "VpcId": 
      "Type": "AWS::EC2::VPC::Id",
      "Description": "VPC associated with the provided subnets",
      "ConstraintDescription": "must be an existing VPC ID"
    ,

    "SubnetId": 
      "Type": "String",
      "ConstraintDescription": "must be an existing subnet ID"
    ,

    "InstanceType" : 
      "Type" : "String",
      "Default" : "t2.medium",
      "AllowedValues" : ["t2.micro","t2.medium", "m1.small", "m1.large","m4.large","m4.xlarge","m4.2xlarge","m4.4xlarge","m4.10xlarge","m4.16xlarge","c4.large" , "c4.xlarge" ,"c4.2xlarge" , "c4.4xlarge","c4.8xlarge" , "c3.large" , "c3.xlarge", "c3.2xlarge", "c3.4xlarge" ,"c3.8xlarge"],
      "ConstraintDescription": "must be a valid EC2 instance type"
    ,

    "SSLCertificateIdForELB": 
      "Description" : "Choose the ID of an existing certificate from AWS Certificate Manager to configure the ELB Listeners. If no certificate is available, leave an empty string. The certificate will be created by CloudFormation",
      "Type" : "String"
    ,
    "KeyPairName": 
      "Type": "AWS::EC2::KeyPair::KeyName",
      "ConstraintDescription": "must be the name of an existing EC2 KeyPair"
    ,

    "Instance1AZ": 
      "Description": "Select the Availablity zone of the instance silo import 1, must be the same AZ as the volume of the instance, insert 0,1 or 2",
      "Type" : "String",
      "Default": "0"
    ,

    "Instance2AZ": 
      "Description": "Select the Availablity zone of the instance silo import 2, must be the same AZ as the volume of the instance, insert 0,1 or 2",
      "Type" : "String",
      "Default": "0"
    

  ,

  "Conditions" : 
    "CreateCertificateSSL":  "Fn::Equals" :[ "Ref" : "SSLCertificateIdForELB" , ""] 
  ,

  "Resources": 

    "OpsWorksInstanceRole": 
      "Type": "AWS::IAM::Role",
      "Properties": 
        "AssumeRolePolicyDocument": 
          "Version" : "2012-10-17",
          "Statement": [ 
            "Effect": "Allow",
            "Principal": 
              "Service" : [ "Fn::FindInMap": [ "Region2Principal",  "Ref": "AWS::Region" ,"EC2Principal" ]  ] ,
            "Action"  : [ "sts:AssumeRole" ]
          ]
        ,
        "Path": "/",
        "Policies":
        [
          "PolicyName": "Fn::Join" : ["",["Ref" : "AWS::StackName","Instance"] ] ,
          "PolicyDocument": 
            "Statement": [
              "Effect": "Allow",
              "Action": "*",
              "Resource": "*"
            ]
          
        ]
      
    ,

    "OpsWorksServiceRole": 
      "Type": "AWS::IAM::Role",
      "Properties": 
        "AssumeRolePolicyDocument": 
          "Version" : "2012-10-17",
          "Statement": [ 
            "Effect": "Allow",
            "Principal": 
              "Service": [  "Fn::FindInMap": [ "Region2Principal", "Ref": "AWS::Region" ,"OpsWorksPrincipal" ]  ] ,
            "Action" : [ "sts:AssumeRole" ]
          ]
        ,
        "Path": "/",
        "Policies": [ 
          "PolicyName": "OpsworksService",
          "PolicyDocument": 
            "Version" : "2012-10-17",
            "Statement": [ 
              "Effect": "Allow",
              "Action": "*",
              "Resource": "*"
            ]
          
        ]
      
    ,

    "myStack": 
      "Type": "AWS::OpsWorks::Stack",
      "Properties": 
        "AgentVersion" : "LATEST",
        "Name":  "Ref": "AWS::StackName" ,
        "Attributes":  "Color":  "Ref": "OpsWorksStackColor"  ,
        "ChefConfiguration":  "BerkshelfVersion" : "3.2.0", "ManageBerkshelf" : true ,
        "ConfigurationManager":  "Name": "Chef", "Version": "11.10" ,
        "CustomCookbooksSource": 
          "Type": "git",
          "Url": "git://github.com/amazonwebservices/opsworks-example-cookbooks.git"
        ,
        "DefaultInstanceProfileArn":  "Fn::GetAtt": [ "InstanceProfile","Arn" ] ,
        "DefaultOs": "Ubuntu 14.04 LTS",
        "DefaultRootDeviceType": "ebs",
        "DefaultSshKeyName":  "Ref": "KeyPairName" ,
        "DefaultSubnetId" : "Ref" : "SubnetId" ,
        "ServiceRoleArn":  "Fn::GetAtt": ["OpsWorksServiceRole", "Arn"] ,
        "UseCustomCookbooks": true,
        "UseOpsworksSecurityGroups" : true,
        "VpcId" :  "Ref" : "VpcId" 
      
    ,

    "InstanceProfile": 
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": 
        "Path": "/",
        "Roles": [  "Ref": "OpsWorksInstanceRole"  ]
      
    ,

    "myLayer": 
      "Type": "AWS::OpsWorks::Layer",
      "DependsOn" : "OpsWorksServiceRole",
      "Properties": 
        "AutoAssignElasticIps" : false,
        "AutoAssignPublicIps" : true,
        "CustomSecurityGroupIds" :  "Ref" : "SecurityGroupIds" ,
        "EnableAutoHealing" : true,
        "InstallUpdatesOnBoot": false,
        "LifecycleEventConfiguration": 
          "ShutdownEventConfiguration": 
            "DelayUntilElbConnectionsDrained": false,
            "ExecutionTimeout": 120 
          ,
          "Name": "layer",
          "Shortname" : "layer",
          "StackId":  "Ref": "myStack" ,
          "Type": "custom",
          "UseEbsOptimizedInstances": false,
          "VolumeConfigurations": [ 
            "Iops": 10000,
            "MountPoint": "/mountp",
            "NumberOfDisks": 1,
            "Size": 20,
            "VolumeType": "gp2"
          ]
      
    ,

    "ELBSecurityGroup" : 
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : 
        "GroupDescription" : "api-elb",
        "VpcId" : "Ref" : "VpcId" ,
        "SecurityGroupIngress" : [
          
            "IpProtocol" : "tcp",
            "FromPort" : "80",
            "ToPort" : "80",
            "CidrIp" : "0.0.0.0/0"
          ],
          "SecurityGroupEgress" : [
            "IpProtocol" : "-1",
            "FromPort" : "-1",
            "ToPort" : "-1",
            "CidrIp" : "0.0.0.0/0"
          ]
      
    ,

    "ELB": 
      "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
      "Properties": 
        "ConnectionDrainingPolicy" : 
          "Enabled" : true,
          "Timeout" : 300
        ,
        "ConnectionSettings" : 
          "IdleTimeout" : 60
        ,
        "CrossZone" : true,
        "HealthCheck" : 
          "HealthyThreshold" : "3",
          "Interval" : "30",
          "Target" : "HTTP:80/ping",
          "Timeout" : "5",
          "UnhealthyThreshold" : "2"
        ,
        "Instances" : [ "Ref" : "Instance1" , "Ref" : "Instance2"],
        "LoadBalancerName" : "api-ELB",
        "Listeners" : [
          
            "InstancePort" : "443",
            "InstanceProtocol" : "HTTPS",
            "LoadBalancerPort" : "443",
            "Protocol" : "HTTPS"
          ,
          
            "InstancePort" : "80",
            "InstanceProtocol" : "HTTP",
            "LoadBalancerPort" : "80",
            "Protocol" : "HTTP",
            "PolicyNames" :[ "ELBSecurityPolicy-2015-05" ],
            "SSLCertificateId" : "Fn::If": ["CreateCertificateSSL", "Ref" : "ELBCertificate" ,  "Ref" : "SSLCertificateIdForELB"  ] 
          
        ],
        "Scheme" : "internal",
        "SecurityGroups" :  "Ref" : "ELBSecurityGroup" ,
        "Subnets" : [ "Ref" : "SubnetId"  ]
      
    ,

    "ELBAttachment" :
      "Type": "AWS::OpsWorks::ElasticLoadBalancerAttachment",
      "Properties": 
        "ElasticLoadBalancerName" : "Ref" : "ELB" ,
        "LayerId" :  "Ref" : "myLayer"
      
    ,

    "LaunchConfig" : 
      "Type" : "AWS::AutoScaling::LaunchConfiguration",
      "Properties" : 
        "AssociatePublicIpAddress" : true,
        "BlockDeviceMappings" : [
          "DeviceName" : "/dev/sdi",
          "Ebs":
            "VolumeType" : "gp2",
            "Iops" : "10000",
            "DeleteOnTermination" : "false",
            "VolumeSize" : "20"
          
        ],
        "EbsOptimized" : false,
        "IamInstanceProfile" :  "Fn::GetAtt" :[ "InstanceProfile", "Arn" ] ,
        "ImageId" :  "Fn::FindInMap" : [ "RegionMap",  "Ref" : "AWS::Region" , "64"],
        "InstanceType" : "Ref" : "InstanceType" ,
        "SecurityGroups" : [ "Ref" : "ELBSecurityGroup" ]
      
    ,

    "ASG" : 
      "Type" : "AWS::AutoScaling::AutoScalingGroup",
      "Properties" : 
        "AvailabilityZones" :  "Fn::GetAZs" :  "Ref" : "AWS::Region"  ,
        "Cooldown" : "1",
        "HealthCheckGracePeriod" : 3,
        "HealthCheckType" : "ELB",
        "LaunchConfigurationName" : "Ref" : "LaunchConfig" ,
        "LoadBalancerNames" : [ "Ref" : "ELB" ],
        "MaxSize" : "5",
        "MetricsCollection" : [  "Granularity" : "5Minute"  ],
        "MinSize" : "2",
        "Tags" : [
          
            "PropagateAtLaunch": true,
            "Value": "Ref" : "EnvironnementParam" ,
            "Key": "environment"
          ,
          
            "PropagateAtLaunch": true,
            "Value": "Ref" : "myLayer" ,
            "Key": "my layer"
          ],
        "VPCZoneIdentifier" : [ "Ref" : "VpcId"  ]
      
    ,

    "ELBCertificate" :
      "Type" : "AWS::CertificateManager::Certificate",
      "Condition" : "CreateCertificateSSL",
      "Properties" : 
        "DomainName" : "example.com",
        "SubjectAlternativeNames" : [ "example.net" ]
      
    ,

    "Instance1": 
      "Type": "AWS::OpsWorks::Instance",
      "Properties": 
        "Hostname": "silo-import1",
        "AvailabilityZone" :  "Fn::Select" : [ "Ref" : "Instance1AZ",  "Fn::GetAZs" : "Ref" : "Region"  ] ,
        "RootDeviceType": "ebs",
        "StackId": "Ref": "myStack",
        "LayerIds": ["Ref": "myLayer"],
        "InstanceType": "Ref" : "InstanceType"
      
    ,

    "Instance2": 
      "Type": "AWS::OpsWorks::Instance",
      "Properties": 
        "Hostname": "silo-import2",
        "AvailabilityZone" :  "Fn::Select" : [ "Ref" : "Instance2AZ",  "Fn::GetAZs" : "Ref" : "Region"  ] ,
        "RootDeviceType": "ebs",
        "StackId": "Ref": "myStack",
        "LayerIds": ["Ref": "myLayer"],
        "InstanceType": "Ref" : "InstanceType"
    
  ,

    "AdminApiApp": 
      "Type": "AWS::OpsWorks::App",
      "Properties": 
        "AppSource" : 
          "Type" : "git",
          "Url" : "git://github.com:fap/adminphp.git",
          "Revision" : "develop"
        ,
        "Name" : "admin",
        "Shortname" : "admin",
        "StackId" : "Ref": "myStack",
        "Type" : "php"
      
    

  


我的问题是我不知道为什么没有创建自动缩放组,也没有创建弹性负载均衡器。当我测试模板时,除了这些之外的所有资源都被创建了。有什么解释吗?我已准备好尝试您的所有建议。 谢谢

【问题讨论】:

【参考方案1】:

从上面的屏幕截图中,您的堆栈状态似乎仍处于CREATE_IN_PROGRESS。您的资源之一(可能是您的AWS::OpsWorks::Instance?)未正确创建。要进行故障排除,您可以尝试 logging into the instance、检查 OpsWorks Chef Logs 或查看实例上的输出日志(/var/log/cfn-init.log/var/log/cloud-init-output.log)以查找根本原因/错误。

更一般地,请参阅 AWS 知识中心文章,How do I troubleshoot an AWS CloudFormation stack that is stuck with a status of CREATE_IN_PROGRESS or UPDATE_IN_PROGRESS?:

简短说明

这种情况通常发生在正在创建或更新的资源出现问题时,从而导致堆栈最终失败。如果没有为堆栈指定超时参数,堆栈到达CREATE_FAILEDUPDATE_FAILED状态的时间会更长。

分辨率

如果可能,请检查 CloudFormation 创建停滞的确切资源。 Auto Scaling 通常会提供明确的错误消息来描述阻止实例启动的事件。 确保您没有超出 AWS 对您要创建的资源的限制。例如,如果 CloudFormation 模板指定了两个 EC2 实例,但您的实例计数当前为 19,上限为 20,则堆栈创建失败。

另请参阅文档的Monitoring the Progress of a Stack Update 部分。

【讨论】:

以上是关于cloudformation 未创建某些资源的主要内容,如果未能解决你的问题,请参考以下文章

Cloudformation 设计器能否为未使用 CFT 启动的资源生成可视化

CloudFormation 资源创建(如果不存在)

创建没有资源的 CloudFormation 堆栈

CloudFormation 创建的资源的有效属性

如何从 aws cloudformation 模板为特定资源类型创建堆栈

具有多种资源的 Cloudformation 模板