使用 Digital Ocean,我能够在启动它之前设置一个完全限定的域名,我非常怀念 AWS EC2 的这个功能。
目前我手动进入新开始的Ubuntu 16.04 LTS实例和:
sudo hostnamectl set-hostname myhost.example.com
sudo vim /etc/hosts
并附myhost.example.com
加到127.0.0.1
行- 可选如果我想解决它,请转到 Route 53 面板并进行设置
- 然后运行 chef 脚本。
我是不是漏掉了什么技巧?我没看到什么53 号公路/EC2整合。
答案1
如果仅设置主机名(不使用 Route53),则可以使用云初始化用户数据中的配置
#cloud-config
hostname: mynode
fqdn: mynode.example.com
manage_etc_hosts: true
答案2
您可以使用控制台和/或 API 的用户数据功能来提供将在首次启动时执行的 bash 脚本。此脚本可以设置主机名、创建 DNS 记录以及您想要的任何其他操作。
答案3
这实际上是对亨德利的评论的回复,看到这种脚本的例子会很好,显然我需要更多的业力或其他东西来添加评论。
我必须完成这项工作,以便我可以设置 EC2 实例的主机名并创建 DNS 记录,然后我可以使用主机网络模式在此 ECS 上运行 rabbitmq(这意味着 ECS 任务具有与底层 EC2 实例相同的网络和主机名)所以我可以通过重新启动底层基础设施来保留 rabbitmq 主机名(并设置下面未显示的内核参数)
这是我的脚本,它对我有用(我这么说,但它尚未经过全面测试。我会报告的)
#!/bin/bash
# A script to be copied into the user data of the EC2 instances to UPSERT the CNAME
set -euf -o pipefail
# We first need to install some software and update everything.
yum update -y
yum install jq -y
yum install unzip -y
# install the AWS cli which requires checking against a key.
# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
cat > /tmp/aws-public-key << EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG
ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx
PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G
TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz
gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk
C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG
94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO
lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG
fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG
EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX
XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB
tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4WIQT7
Xbd/1cEYuAURraimMQrMRnJHXAUCXYKvtQIbAwUJB4TOAAULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRCmMQrMRnJHXJIXEAChLUIkg80uPUkGjE3jejvQSA1aWuAM
yzy6fdpdlRUz6M6nmsUhOExjVIvibEJpzK5mhuSZ4lb0vJ2ZUPgCv4zs2nBd7BGJ
MxKiWgBReGvTdqZ0SzyYH4PYCJSE732x/Fw9hfnh1dMTXNcrQXzwOmmFNNegG0Ox
au+VnpcR5Kz3smiTrIwZbRudo1ijhCYPQ7t5CMp9kjC6bObvy1hSIg2xNbMAN/Do
ikebAl36uA6Y/Uczjj3GxZW4ZWeFirMidKbtqvUz2y0UFszobjiBSqZZHCreC34B
hw9bFNpuWC/0SrXgohdsc6vK50pDGdV5kM2qo9tMQ/izsAwTh/d/GzZv8H4lV9eO
tEis+EpR497PaxKKh9tJf0N6Q1YLRHof5xePZtOIlS3gfvsH5hXA3HJ9yIxb8T0H
QYmVr3aIUes20i6meI3fuV36VFupwfrTKaL7VXnsrK2fq5cRvyJLNzXucg0WAjPF
RrAGLzY7nP1xeg1a0aeP+pdsqjqlPJom8OCWc1+6DWbg0jsC74WoesAqgBItODMB
rsal1y/q+bPzpsnWjzHV8+1/EtZmSc8ZUGSJOPkfC7hObnfkl18h+1QtKTjZme4d
H17gsBJr+opwJw/Zio2LMjQBOqlm3K1A4zFTh7wBC7He6KPQea1p2XAMgtvATtNe
YLZATHZKTJyiqA==
=vYOk
-----END PGP PUBLIC KEY BLOCK-----
EOF
gpg --import /tmp/aws-public-key
# Download the latest x86 cli zip
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
# and the Signature
curl -o "/tmp/awscliv2.sig" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip.sig"
# and verify
gpg --verify /tmp/awscliv2.sig /tmp/awscliv2.zip
# unzip install and test
cd /tmp
unzip /tmp/awscliv2.zip
./aws/install
aws --version
# The hostname should be set to the right thing, but may need a while to come up
# so set up a retry loop
Hostname='foo' # Initialise this outside the loop
MatchTest='.internal' # facile test we have a valid AWS .internal fqdn
Zone='Z0###1XAOQT59R52D' # Test
for i in {1..7}
do
Hostname=$(hostname -f)
[[ "$Hostname" == *"$MatchTest" ]] && break || sleep 3
done
echo "Hostname: $Hostname"
if ! [[ "$Hostname" == *"$MatchTest" ]]
then
echo "Hostname: $Hostname doesn't match $MatchTest" && exit 1
fi
echo "Hostname: $Hostname"
# so now we need to UPSERT the CNAME
# this next variable needs to be correctly set for each one of the launch templates.
# i.e. rabbita, rabbitb or rabbitc
cnhost='rabbitx'
comment="Updating CNAME record for the underlying EC2 instance for Test-$cnhost"
action='UPSERT'
name="$cnhost.test"
record='CNAME'
ttl=60
jsonCNAME=$( jq -n \
--arg value "$Hostname" \
--arg comment "$comment" \
--arg name "$name" \
--arg action "$action" \
--arg record "$record" \
--arg ttl "$ttl" \
'{Comment: $comment,
Changes: [
{
Action: $action,
ResourceRecordSet: {
Name: $name,
Type: $record,
TTL: $ttl|tonumber,
ResourceRecords: [
{
Value: $value
}
],
}
}
]
}')
echo "JSON: $jsonCNAME"
aws route53 change-resource-record-sets --hosted-zone-id $Zone --change-batch <<< echo "$jsonCNAME"
# So that's the CNAME set up so now we need to set the hostname to match it
hostname "$cnhost.test"
要成功运行此操作,EC2 实例启动时的角色需要访问 route53 以将记录插入私有区域“测试”,这是一个安全问题,应以某种方式缓解。
我在编写此脚本时发现的一个注意事项是,当此脚本运行时,并非所有 ENV 都按预期设置。特别是 HOME 未设置,因此您需要明确说明路径。我选择使用 /tmp,但我猜 /root 可能比某些人更可取。
循环主机名 -f 并测试它是否符合我们的期望可能是多余的。