什么烤成AWS AMI和如何提供使用云初始化? [英] What to bake into an AWS AMI and what to provision using cloud-init?
问题描述
我使用AWS Cloudformation网络基础设施,为我的web应用程序的设置许多元素(室性早搏,SecurityGroups,子网,自动缩放团体等)。我希望整个过程自动化。我想点击一个按钮,就能火起来的整个事情。
I'm using AWS Cloudformation to setup numerous elements of network infrastructure (VPCs, SecurityGroups, Subnets, Autoscaling groups, etc) for my web application. I want the whole process to be automated. I want click a button and be able to fire up the whole thing.
我已经成功地创建了一个Cloudformation模板,设置了这一切的网络基础设施。然而EC2实例,而不对他们的任何需要的软件目前推出。现在,我试图找出如何最好地获得该软件在他们身上。
I have successfully created a Cloudformation template that sets up all this network infrastructure. However the EC2 instances are currently launched without any needed software on them. Now I'm trying to figure out how best to get that software on them.
要做到这一点,我使用 Packer.io 创建的AMI。但是,有些人反而催促我使用云初始化。我应该使用什么样的启发来决定什么烤成的AMI和/或通过云初始化配置什么呢?
To do this, I'm creating AMIs using Packer.io. But some people have instead urged me to use Cloud-Init. What heuristic should I use to decide what to bake into the AMIs and/or what to configure via Cloud-Init?
例如,我想preconfigure一个EC2实例,让我( saqib ),以不从我自己的笔记本电脑密码登录。因此,EC2必须有一个用户。该用户必须有一个主目录。而在这家目录必须过文件的.ssh / known_hosts里面包含加密codeS。我应该烤这些目录到AMI?或者我应该使用云初始化设置它们?而且我应该怎么决定在这方面和其他类似案件?
For example, I want to preconfigure an EC2 instance to allow me (saqib) to login without a password from my own laptop. Thus the EC2 must have a user. That user must have a home directory. And in that home directory must live a file .ssh/known_hosts containing encrypted codes. Should I bake these directories into the AMI? Or should I use cloud-init to set them up? And how should I decide in this and other similar cases?
推荐答案
我想从环境配置中分离出的机器配置。
I like to separate out machine provisioning from environment provisioning.
在一般情况下,我用下面作为指导:
In general, I use the following as a guide:
构建阶段
- 在建基地机图像的类似包装机,包括运行应用程序所需的所有软件。创建AMI出于此。
- 安装的应用程序(S)到基础机器映像创建应用程序图像。标记和版本神器。不要轻易重用这个AMI在不同的环境下运行时环境中嵌入特定的东西在这里如数据库连接等,因为这precludes你。
- 确保所有服务都停止
发布阶段
- 在自旋向上的环境中,包括图像和红外要求的,使用像CFN。
- 使用云初始化
用户数据来的配置的应用环境(数据库连接,登录代理等),然后的启动的应用程序/服务
- Spin up an environment consisting of the images and infra required, using something like CFN.
- Use Cloud-Init
user-datato configure the application environment (database connections, log forwarders etc.) and then start the applications/services
该方法给出了最大的灵活性,并完全分离出来的连续输送管道的种种顾虑。
This approach gives the greatest flexibility and cleanly separates out the various concerns of a continuous delivery pipeline.
这篇关于什么烤成AWS AMI和如何提供使用云初始化?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
