代码之家 › 专栏 › 技术社区 › kagarlickij

cloudformation未接收到来自cfn信号的信号

amazon-cloudformation

kagarlickij · 技术社区 · 5 年前

我有带launchtemplate&asg的cloudformation模板,

当cfn init完成时,deploy cfn信号应向cloudformation发送信号并给出结果。

从 /var/log/cfn-init.log 我看到信号已经发出:

…和来自 /var/log/cfn-wire.log 我看到它收到成功:

…但CloudInformation没有接收到它,并且在超时时堆栈失败:

云信息相关代码:

AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  VPC:
    Type: AWS::EC2::VPC::Id
    Default: "vpc-f98e0683"
  Subnet1:
    Type: String
    Default: "subnet-da88f186"
  KeyName:
    Type: String
    Default: "test-aws6-virginia"
  AMI:
    Type: AWS::EC2::Image::Id
    Default: "ami-07b4156579ea1d7ba" #Ubuntu 16.04
  InstanceType:
    Type: String
    Default: "t2.micro"
  Az1:
    Type: AWS::EC2::AvailabilityZone::Name
    Default: "us-east-1a"

Resources:
  SecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupName: "SecurityGroup"
      GroupDescription: "Security Group"
      VpcId: !Ref VPC
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: "-1"
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: "-1"

  InstanceRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: "InstanceRole"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: "Allow"
          Principal:
            Service:
            - "ec2.amazonaws.com"
          Action:
          - "sts:AssumeRole"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/AdministratorAccess"

  InstanceProfile:
    Type: "AWS::IAM::InstanceProfile"
    Properties:
      Path: "/"
      Roles:
      - !Ref InstanceRole

  NetworkInterface:
    Type: "AWS::EC2::NetworkInterface"
    Properties:
      GroupSet:
        - !Ref SecurityGroup
      SubnetId: !Ref Subnet1
      Tags:
        - Key: Name
          Value: "NetworkInterface"

  ZabbixLaunchTemplate:
    Type: "AWS::EC2::LaunchTemplate"
    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          Zabbix:
          - 00-ZabbixInstall
        00-ZabbixInstall:
          commands:
            download:
              command: "wget https://repo.zabbix.com/zabbix/4.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.0-2+xenial_all.deb && dpkg -i zabbix-release_4.0-2+xenial_all.deb"
            update:
              command: "apt update"
            install:
              command: "apt -y install zabbix-server-pgsql zabbix-frontend-php php-pgsql zabbix-agent"
          services:
            sysvinit:
              zabbix-server:
                enabled: "true"
                ensureRunning: "true"
              zabbix-agent:
                enabled: "true"
                ensureRunning: "true"
              apache2:
                enabled: "true"
                ensureRunning: "true"
    Properties:
      LaunchTemplateName: "ZabbixLaunchTemplate"
      LaunchTemplateData:
        TagSpecifications:
          - ResourceType: "instance"
            Tags:
              - Key: Name
                Value: "Instance"
          - ResourceType: volume
            Tags:
              - Key: Name
                Value: "Instance"
        DisableApiTermination: false
        KeyName: !Ref KeyName
        ImageId: !Ref AMI
        InstanceType: !Ref InstanceType
        IamInstanceProfile:
          Name: !Ref InstanceProfile
        NetworkInterfaces:
        - NetworkInterfaceId: !Ref NetworkInterface
          DeviceIndex: 0
        UserData:
          Fn::Base64:
            !Join
              - ''
              - - |
                  #!/bin/bash
                - |
                - apt-get update -y && apt-get install python-pip -y && pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
                - |+

                - |
                - "cfn-init --verbose"
                - " --stack "
                - !Ref "AWS::StackName"
                - " --resource ZabbixLaunchTemplate"
                - " --configsets Zabbix"
                - " --region "
                - !Ref "AWS::Region"
                - |+

                - |
                - "cfn-signal --exit-code $?"
                - " --stack "
                - !Ref "AWS::StackName"
                - " --resource ZabbixASG"
                - " --region "
                - !Ref "AWS::Region"
                - |+

  ZabbixASG:
    Type: "AWS::AutoScaling::AutoScalingGroup"
    Properties:
      AutoScalingGroupName: "ZabbixASG"
      DesiredCapacity: "1"
      MaxSize: "1"
      MinSize: "1"
      HealthCheckType: "EC2"
      LaunchTemplate:
        LaunchTemplateId: !Ref ZabbixLaunchTemplate
        Version: !GetAtt ZabbixLaunchTemplate.LatestVersionNumber
      AvailabilityZones:
        - !Ref Az1
    CreationPolicy:
      ResourceSignal:
        Timeout: PT15M

仅当它部署在非默认的vpc中时,它才起作用,例如,如果从该模板创建vpc,它就不起作用:

AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  VpcCIDR:
    Type: String
    Default: "172.29.0.0/16"
  Subnet1CIDR:
    Type: String
    Default: "172.29.1.0/24"
  Subnet2CIDR:
    Type: String
    Default: "172.29.2.0/24"
  Az1:
    Type: String
    Default: "us-west-2a"
  Az2:
    Type: String
    Default: "us-west-2c"

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VpcCIDR
      EnableDnsHostnames: true
      EnableDnsSupport: true
      InstanceTenancy: default

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC

  Subnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref Subnet1CIDR
      AvailabilityZone: !Ref Az1
      MapPublicIpOnLaunch: true

  Subnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref Subnet2CIDR
      AvailabilityZone: !Ref Az2
      MapPublicIpOnLaunch: true

  Subnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref Subnet1

  Subnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref Subnet2

  Route:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      GatewayId: !Ref InternetGateway
      RouteTableId: !Ref RouteTable

Outputs:
  VpcId:
    Value:
      !Ref VPC
  Subnet1Id:
    Value:
      !Ref Subnet1
  Subnet2Id:
    Value:
      !Ref Subnet2

在Ubuntu 16.04和AWS Linux 2上都是一样的

有什么解决的原因和方法吗?

0 回复 | 直到 5 年前

John Rotenstein 5 年前

这一个让我难堪!

我已经设法在用您提供的模板创建的vpc和vpc向导创建的vpc中复制您的结果。

在这种情况下,云形成不承认ASG的完成。当我试图发送 cfn-signal 手动响应:

$ cfn-signal --exit-code 0 --stack s7 --resource ZabbixASG --region us-west-2

2019-06-20 23:13:24,571 [DEBUG] CloudFormation client initialized with endpoint https://cloudformation.us-west-2.amazonaws.com
2019-06-20 23:13:24,571 [DEBUG] Signaling resource ZabbixASG in stack s7 with unique ID i-07d2be90dc51c509a and status SUCCESS
ValidationError: Signal with ID i-07d2be90dc51c509a for resource ZabbixASG already exists.  Signals may only be updated with a FAILURE status.

这表示服务 已收到 信号,所以它是正确发送的。但是,ASG的状态仍然是 Resource creation Initiated .

为什么在使用默认的vpc时结果会有所不同,我不知道!没有通信差异会影响这样的信号。

我唯一能建议的就是联系AWS支持并要求他们帮助调试。