Powershell AWS 自动化管理 (11) - 创建一个高可用的WordPress博客(中)
理论和基本架构在上一篇已经做了说明,这一篇直接来看看具体的脚本实现吧。首先来看看前面10个步骤的实现。[*]
创建EC2-S3的Role,这个Role是分配给EC2虚拟机的,这样他们创建之后自动就有权限访问S3的内容。
[*]
创建VPC网络
[*]
创建VPC的2个子网,位于不同的AZ
[*]
创建Internet网关
[*]
配置路由表
[*]
创建并配置EC2的Security Group,确保80和22端口可用
[*]
创建高可用的MariaDB数据库
[*]
配置数据库的Security Group,确保3306端口可用
[*]
创建S3 Bucket 并配置Policy
[*]
创建CloudFront分布点,绑定S3 Bucket
[*]
准备WordPress的配置文档
[*]
准备Virtualhost的配置文档
[*]
上传配置文档到S3 Bucket中
[*]
配置Bash Shell脚本,包括LAMP,WordPress,AWS,Crontab和S3同步等等
[*]
创建EC2虚拟机,指定14步创建的BootStrap命令
[*]
更新DNS记录,指向该虚拟机
[*]
初始化WordPress界面
[*]
确认无误之后生成镜像文件
[*]
配置ELB
[*]
更新DNS记录到ELB的地址
[*]
配置Launch Configuration
[*]
配置Auto Scaling
0步, 首先我需要一个管理账号能登录到AWSimport-module AWSPowerShell
get-module AWSPowershellCreate account from IAM, download user accesskey and secretkeyGenerate, list and delete profile
Set-AWSCredentials -AccessKey AKIAJA11SDE5SXVHRQ -SecretKey Pc528Dw2/qwzOo4Pe421p2N618H+yFv1S7JVsBJ2M -StoreAs myprofile
Initialize-AWSDefaults -ProfileName myprofile -Region ap-southeast-2
1. 接下来创建一个EC2-S3的role
# 设置 Trust Relationship
$policy1=@"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]} "@
New-IAMRole -RoleName "EC2-S3" -AssumeRolePolicyDocument $policy1
设置 S3的访问权限
$policy2 = @"
{ "Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:",
"Resource": ""
}
]} "@
Write-IAMRolePolicy -PolicyDocument $policy2 -RoleName "EC2-S3" -PolicyName "allows3"
2. 创建VPC#创建一个新的VPC
New-EC2Vpc -CidrBlock 10.2.0.0/16
3. 创建VPC下的子网
#创建两个子网,位于不同AZ
$vpcid=get-ec2vpc | Where-Object {$_.Cidrblock -eq "10.2.0.0/16"} | select -ExpandProperty vpcid
New-EC2Subnet -CidrBlock 10.2.1.0/24 -VpcId $vpcid -AvailabilityZone ap-southeast-2a
New-EC2Subnet -CidrBlock 10.2.2.0/24 -VpcId $vpcid -AvailabilityZone ap-southeast-2b
Edit-EC2SubnetAttribute -SubnetId subid1 -MapPublicIpOnLaunch $true
Edit-EC2SubnetAttribute -SubnetId sbuid2 -MapPublicIpOnLaunch $true
$subid1=Get-EC2Subnet | Where-Object{$_.CidrBlock -eq "10.2.1.0/24"} | select -ExpandProperty SubnetId
添加tag注释
$tag=new-object Amazon.EC2.Model.Tag -Property @{key="Name";value="Sydney"}
New-EC2Tag -Resource $subid1 -Tag $tag
$subid2=Get-EC2Subnet | Where-Object{$_.CidrBlock -eq "10.2.2.0/24"} | select -ExpandProperty SubnetId
$tag2=new-object Amazon.EC2.Model.Tag -Property @{key="Name";value="Melbourne"}
New-EC2Tag -Resource $subid2 -Tag $tag2
允许自动匹配公网IP
Edit-EC2SubnetAttribute -SubnetId $subid1 -MapPublicIpOnLaunch $true
Edit-EC2SubnetAttribute -SubnetId $subid2 -MapPublicIpOnLaunch $true
4. 创建网关#创建Internet网关
if((Get-EC2InternetGateway | Where-Object {$_.Attachments -eq $null} | measure).count -eq 0){
New-EC2InternetGateway
}
$igwid=Get-EC2InternetGateway | Where-Object {$_.Attachments -eq $null} | select -ExpandProperty internetGateWayId
$tagigw=new-object Amazon.EC2.Model.Tag -Property @{key="Name";value="AU"}
new-EC2tag -Resource $igwid -Tag $tagigw
Get-EC2InternetGateway $igwid|Add-EC2InternetGateway -VpcId $vpcid
5. 配置VPC的路由表
#配置路由表RouteTableNew-EC2RouteTable -VpcId $vpcid
$routetable=Get-EC2RouteTable | Where-Object {$_.VpcId -eq $vpcid}Add new Route
New-EC2Route -DestinationCidrBlock "0.0.0.0/0" -GatewayId $igwid -RouteTableId $routetable.RouteTabl
6. 配置一个EC2的安全组,开放22和80端口,这样用户可以远程管理和访问博客#6.配置SecurityGroup和端口 SSH,HTTP,MySql
New-EC2SecurityGroup -GroupName WordPress -Description "WordPress Security Group" -VpcId $vpcid
$ip1=new-object Amazon.EC2.Model.IpPermission
$ip1.IpProtocol="tcp"
$ip1.FromPort=22
$ip1.ToPort="22"
$ip1.IpRange="0.0.0.0/0"
$ip2=New-Object Amazon.EC2.Model.IpPermission
$ip2.IpProtocol="tcp"
$ip2.FromPort=80
$ip2.ToPort=80
$ip2.IpRange.Add("0.0.0.0/0")
Get-EC2SecurityGroup | Where-Object {$_.GroupName -eq "WordPress"} | Grant-EC2SecurityGroupIngress -IpPermission @($ip1,$ip2)
7. 然后创建一个高可用的MariaDB,为了简单起见,数据库名字,用户名,密码都设为wordpress,注意我这里专门记录了这个数据库实例的ID号码,这个是为了后面配置WordPress需要的。
#创建RDS MultipleAZ
New-RDSDBInstance -AllocatedStorage 5 -DBInstanceIdentifier "wordpress" -MasterUsername "wordpress" -MasterUserPassword "wordpress" `
-AutoMinorVersionUpgrade $true -CopyTagsToSnapshot $false -DBInstanceClass "db.t2.micro" `
-DBName "wordpress" -Engine "mariadb" -MultiAZ $true
$rdssgid=(Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty vpcSecurityGroups).vpcsecuritygroupid
因为创建比较花时间,大概有个10分钟左右,所以写了个循环不断检查是否创建完毕。$status=Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty DBInstanceStatus
write-host "Initializing Mariad DB, Please wait..." -NoNewline
while ($status -ne "available"){
write-host "." -NoNewline
Start-Sleep -Seconds 1
$status=Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty DBInstanceStatus
}
write-host "RDS is Ready"
8.然后为了确保他能够被我的WordPress 服务器访问,我还得打开3306端口#Configure Security Group of DB
$ip3=New-Object Amazon.EC2.Model.IpPermission
$ip3.IpProtocol="tcp"
$ip3.FromPort=3306
$ip3.ToPort=3306
$ip3.IpRange.Add("0.0.0.0/0")
Get-EC2SecurityGroup | Where-Object{$_.GroupId -eq $rdssgid} | Grant-EC2SecurityGroupIngress -IpPermission @($ip3)
9.接下来配置S3 Bucket和相关的Policy,这个Bucket的目的有2个,第一个是为了所有的EC2实例有一样的WordPress和Vhosts的配置文件;第二个是为了和EC2实例的本地目录同步保存所有的图片,类似的功能WordPress有很多插件可以做到,不过这里用脚本实现了
#创建S3 Bucket
New-S3Bucket -BucketName yuanliwordpress -Region ap-southeast-2
Get-S3Bucket -BucketName yuanliwordpress
允许该Bucket里面的uploads文件夹具有公共可读的权限,这个文件夹后面会用来保存WordPress里面的图片
$policy3=@"
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPem",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::yuanliwordpress/uploads/*",
"Principal": "*"
} ]
} "@
Write-S3BucketPolicy -BucketName yuanliwordpress -Policy $policy3
Get-S3BucketPolicy -BucketName yuanliwordpress
10. 然后给这个S3创建一个CDN的分布点,这样子从全球任何区域访问我的博客 速度都会很快了。
#配置S3和CloudFront
$origin = New-Object Amazon.CloudFront.Model.Origin
$origin.DomainName="yuanliwordpress.s3.amazonaws.com"
$origin.id="S3-yuanliwordpress"
$origin.S3OriginConfig = New-Object Amazon.CloudFront.Model.S3OriginConfig
$origin.S3OriginConfig.OriginAccessIdentity = ""
$cfd=New-CFDistribution `
-DistributionConfig_Enabled $true `
-DistributionConfig_Comment "Test distribution" `
-Origins_Item $origin `
-Origins_Quantity 1 `
-DistributionConfig_CallerReference wordpresstest `
-DefaultCacheBehavior_TargetOriginId $origin.Id `
-ForwardedValues_QueryString $true `
-Cookies_Forward all `
-WhitelistedNames_Quantity 0 `
-TrustedSigners_Enabled $false `
-TrustedSigners_Quantity 0 `
-DefaultCacheBehavior_ViewerProtocolPolicy allow-all `
-DefaultCacheBehavior_MinTTL 1000 `
-DistributionConfig_PriceClass "PriceClass_All" `
-CacheBehaviors_Quantity 0 `
-Aliases_Quantity 0
页:
[1]