使用 Terraform 如何让 EC2 引用 Cloudformation Datomic 实例答案

【问题标题】：Using Terraform how to get EC2 to reference a Cloudformation Datomic instance使用 Terraform 如何让 EC2 引用 Cloudformation Datomic 实例
【发布时间】：2018-03-30 12:51:43
【问题描述】：

鉴于 Datomic Cloudformation 模板（描述为 here 和 here），我可以在 AWS 中部署 Datomic 实例。我也可以使用Terraform 来自动执行此操作。

使用 Terraform，我们如何在 Cloudformation 模板中的那个实例中的实例前面放置一个负载均衡器？

使用 Terraform，我们如何在 Cloudformation 模板中的 Datomic 实例（或负载均衡器）前面放置一个 Route53 域名？

Datomic Cloudformation 模板如下所示：

cf.json

{"Resources":
 {"LaunchGroup":
  {"Type":"AWS::AutoScaling::AutoScalingGroup",
   "Properties":
   {"MinSize":{"Ref":"GroupSize"},
    "Tags":
    [{"Key":"Name",
      "Value":{"Ref":"AWS::StackName"},
      "PropagateAtLaunch":"true"}],
    "MaxSize":{"Ref":"GroupSize"},
    "AvailabilityZones":{"Fn::GetAZs":""},
    "LaunchConfigurationName":{"Ref":"LaunchConfig"}}},
  "LaunchConfig":
  {"Type":"AWS::AutoScaling::LaunchConfiguration",
   "Properties":
   {"ImageId":
    {"Fn::FindInMap":
     ["AWSRegionArch2AMI", {"Ref":"AWS::Region"},
      {"Fn::FindInMap":
       ["AWSInstanceType2Arch", {"Ref":"InstanceType"}, "Arch"]}]},
    "UserData":
    {"Fn::Base64":
     {"Fn::Join":
      ["\n",
       ["exec > >(tee \/var\/log\/user-data.log|logger -t user-data -s 2>\/dev\/console) 2>&1",
        {"Fn::Join":["=", ["export XMX", {"Ref":"Xmx"}]]},
        {"Fn::Join":["=", ["export JAVA_OPTS", {"Ref":"JavaOpts"}]]},
        {"Fn::Join":
         ["=",
          ["export DATOMIC_DEPLOY_BUCKET",
           {"Ref":"DatomicDeployBucket"}]]},
        {"Fn::Join":
         ["=", ["export DATOMIC_VERSION", {"Ref":"DatomicVersion"}]]},
        "cd \/datomic", "cat <<EOF >aws.properties",
        "host=`curl http:\/\/169.254.169.254\/latest\/meta-data\/local-ipv4`",
        "alt-host=`curl http:\/\/169.254.169.254\/latest\/meta-data\/public-ipv4`",
        "aws-dynamodb-region=us-east-1\naws-transactor-role=datomic-aws-transactor-10\naws-peer-role=datomic-aws-peer-10\nprotocol=ddb\nmemory-index-max=256m\nport=4334\nmemory-index-threshold=32m\nobject-cache-max=128m\nlicense-key=\naws-dynamodb-table=your-system-name",
        "EOF", "chmod 744 aws.properties",
        "AWS_ACCESS_KEY_ID=\"${DATOMIC_READ_DEPLOY_ACCESS_KEY_ID}\" AWS_SECRET_ACCESS_KEY=\"${DATOMIC_READ_DEPLOY_AWS_SECRET_KEY}\" aws s3 cp \"s3:\/\/${DATOMIC_DEPLOY_BUCKET}\/${DATOMIC_VERSION}\/startup.sh\" startup.sh",
        "chmod 500 startup.sh", ".\/startup.sh"]]}},
    "InstanceType":{"Ref":"InstanceType"},
    "InstanceMonitoring":{"Ref":"InstanceMonitoring"},
    "SecurityGroups":{"Ref":"SecurityGroups"},
    "IamInstanceProfile":{"Ref":"InstanceProfile"},
    "BlockDeviceMappings":
    [{"DeviceName":"\/dev\/sdb", "VirtualName":"ephemeral0"}]}}},
 "Mappings":
 {"AWSInstanceType2Arch":
  {"m3.large":{"Arch":"64h"},
   "c4.8xlarge":{"Arch":"64h"},
   "t2.2xlarge":{"Arch":"64h"},
   "c3.large":{"Arch":"64h"},
   "hs1.8xlarge":{"Arch":"64h"},
   "i2.xlarge":{"Arch":"64h"},
   "r4.4xlarge":{"Arch":"64h"},
   "m1.small":{"Arch":"64p"},
   "m4.large":{"Arch":"64h"},
   "m4.xlarge":{"Arch":"64h"},
   "c3.8xlarge":{"Arch":"64h"},
   "m1.xlarge":{"Arch":"64p"},
   "cr1.8xlarge":{"Arch":"64h"},
   "m4.10xlarge":{"Arch":"64h"},
   "i3.8xlarge":{"Arch":"64h"},
   "m3.2xlarge":{"Arch":"64h"},
   "r4.large":{"Arch":"64h"},
   "c4.xlarge":{"Arch":"64h"},
   "t2.medium":{"Arch":"64h"},
   "t2.xlarge":{"Arch":"64h"},
   "c4.large":{"Arch":"64h"},
   "c3.2xlarge":{"Arch":"64h"},
   "m4.2xlarge":{"Arch":"64h"},
   "i3.2xlarge":{"Arch":"64h"},
   "m2.2xlarge":{"Arch":"64p"},
   "c4.2xlarge":{"Arch":"64h"},
   "cc2.8xlarge":{"Arch":"64h"},
   "hi1.4xlarge":{"Arch":"64p"},
   "m4.4xlarge":{"Arch":"64h"},
   "i3.16xlarge":{"Arch":"64h"},
   "r3.4xlarge":{"Arch":"64h"},
   "m1.large":{"Arch":"64p"},
   "m2.4xlarge":{"Arch":"64p"},
   "c3.4xlarge":{"Arch":"64h"},
   "r3.large":{"Arch":"64h"},
   "c4.4xlarge":{"Arch":"64h"},
   "r3.xlarge":{"Arch":"64h"},
   "m2.xlarge":{"Arch":"64p"},
   "r4.16xlarge":{"Arch":"64h"},
   "t2.large":{"Arch":"64h"},
   "m3.xlarge":{"Arch":"64h"},
   "i2.4xlarge":{"Arch":"64h"},
   "r4.8xlarge":{"Arch":"64h"},
   "i3.large":{"Arch":"64h"},
   "r3.8xlarge":{"Arch":"64h"},
   "c1.medium":{"Arch":"64p"},
   "r4.2xlarge":{"Arch":"64h"},
   "i2.8xlarge":{"Arch":"64h"},
   "m3.medium":{"Arch":"64h"},
   "r3.2xlarge":{"Arch":"64h"},
   "m1.medium":{"Arch":"64p"},
   "i3.4xlarge":{"Arch":"64h"},
   "m4.16xlarge":{"Arch":"64h"},
   "i3.xlarge":{"Arch":"64h"},
   "r4.xlarge":{"Arch":"64h"},
   "c1.xlarge":{"Arch":"64p"},
   "t1.micro":{"Arch":"64p"},
   "c3.xlarge":{"Arch":"64h"},
   "i2.2xlarge":{"Arch":"64h"},
   "t2.small":{"Arch":"64h"}},
  "AWSRegionArch2AMI":
  {"ap-northeast-1":{"64p":"ami-eb494d8c", "64h":"ami-81f7cde6"},
   "ap-northeast-2":{"64p":"ami-6eb66a00", "64h":"ami-f594489b"},
   "ca-central-1":{"64p":"ami-204bf744", "64h":"ami-5e5be73a"},
   "us-east-2":{"64p":"ami-5b42643e", "64h":"ami-896c4aec"},
   "eu-west-2":{"64p":"ami-e52d3a81", "64h":"ami-55091e31"},
   "us-west-1":{"64p":"ami-97cbebf7", "64h":"ami-442a0a24"},
   "ap-southeast-1":{"64p":"ami-db1492b8", "64h":"ami-3e90165d"},
   "us-west-2":{"64p":"ami-daa5c6ba", "64h":"ami-cb5030ab"},
   "eu-central-1":{"64p":"ami-f3f02b9c", "64h":"ami-d564bcba"},
   "us-east-1":{"64p":"ami-7f5f1e69", "64h":"ami-da5110cc"},
   "eu-west-1":{"64p":"ami-66001700", "64h":"ami-77465211"},
   "ap-southeast-2":{"64p":"ami-32cbdf51", "64h":"ami-66647005"},
   "ap-south-1":{"64p":"ami-82126eed", "64h":"ami-723c401d"},
   "sa-east-1":{"64p":"ami-afd7b9c3", "64h":"ami-ab9af4c7"}}},
 "Parameters":
 {"InstanceType":
  {"Description":"Type of EC2 instance to launch",
   "Type":"String",
   "Default":"c3.large"},
  "InstanceProfile":
  {"Description":"Preexisting IAM role \/ instance profile",
   "Type":"String",
   "Default":"datomic-aws-transactor-10"},
  "Xmx":
  {"Description":"Xmx setting for the JVM",
   "Type":"String",
   "AllowedPattern":"\\d+[GgMm]",
   "Default":"2625m"},
  "GroupSize":
  {"Description":"Size of machine group",
   "Type":"String",
   "Default":"1"},
  "InstanceMonitoring":
  {"Description":"Detailed monitoring for store instances?",
   "Type":"String",
   "Default":"true"},
  "JavaOpts":
  {"Description":"Options passed to Java launcher",
   "Type":"String",
   "Default":""},
  "SecurityGroups":
  {"Description":"Preexisting security groups.",
   "Type":"CommaDelimitedList",
   "Default":"datomic"},
  "DatomicDeployBucket":
  {"Type":"String",
   "Default":"deploy-a0dbc565-faf2-4760-9b7e-29a8e45f428e"},
  "DatomicVersion":{"Type":"String", "Default":"0.9.5561.50"}},
 "Description":"Datomic Transactor Template"}

samples/cf-template.properties

#################################################################
# AWS instance and group settings
#################################################################

# required
# AWS instance type. See http://aws.amazon.com/ec2/instance-types/ for
# a list of legal instance types.
aws-instance-type=c3.large

# required, see http://docs.amazonwebservices.com/general/latest/gr/rande.html#ddb_region
aws-region=us-east-1

# required
# Enable detailed monitoring of AWS instances.
aws-instance-monitoring=true

# required
# Set group size >1 to create a standby pool for High Availability.
aws-autoscaling-group-size=1

# required, default = 70% of AWS instance RAM
# Passed to java launcher via -Xmx
java-xmx=

#################################################################
# Java VM options
#
# If you set the java-opts property, it will entirely replace the
# value used by bin/transactor, which you should consult as a
# starting point if you are configuring GC.
#
# Note that the single-quoting is necessary due to the whitespace
# between options.
#################################################################
# java-opts='-XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly'

#################################################################
# security settings
#
# You must specify at least one of aws-ingress-grops or
# aws-ingress-cidrs to allows peers to connect!
#################################################################
# required
# The transactor needs to run in a security group that opens the
# transactor port to legal peers. If you specify a security group,
# `bin/transactor ensure-cf ...` will ensure that security group
# allows ingress on the transactor port.
aws-security-group=datomic

# Comma-delimited list of security groups. Security group syntax:
#    group-name or aws-account-id:group-name
aws-ingress-groups=datomic

# Comma-delimited list of CIDRS.
# aws-ingress-cidrs=0.0.0.0/0

#################################################################
# datomic deployment settings
#################################################################
# required, default = VERSION number of Datomic you deploy from
# Which Datomic version to run.
datomic-version=

# required
# download Datomic from this bucket on startup. You typically will not change this.
datomic-deploy-s3-bucket=some-value

【问题讨论】：

对于我们这些还没有 Datomic 并且不想下载它的人：您能否粘贴您在 AWS 部署说明中生成的 CloudFormation 模板的内容？跨度>
你能复制/粘贴这个文件config/samples/cf-template.properties，以便我们了解它的cfn模板是如何工作的
@birryree cf.json 是该过程生成的最终模板。
@BMW 好的，samples/cf-template.properties 在里面。

标签： amazon-web-services devops terraform datomic

【解决方案1】：

除非你不能轻易避免它，否则我不建议将 Cloudformation 与 Terraform 混合使用，因为它会让做很多事情变得很痛苦。通常情况下，我只推荐它用于 Cloudformation 覆盖资源而不是 Terraform 的罕见情况。

如果您确实需要这样做，您应该很幸运，因为您的 Cloudformation 模板会在您的实例中向自动缩放组添加一个标签，您可以使用该标签将负载均衡器链接到自动缩放组并拥有实例在创建时将自身附加到负载均衡器（并在删除时分离）。

不幸的是，Cloudformation 模板不会简单地输出自动缩放组名称，因此您可能需要在两个单独的 terraform apply 操作中执行此操作（可能将配置保存在单独的文件夹中）。

假设您的 Cloudformation 堆栈是这样的：

resource "aws_cloudformation_stack" "datomic" {
  name = "datomic-stack"
...
}

然后一个最小的例子看起来像这样：

data "aws_autoscaling_groups" "datomic" {
  filter {
    name = "key"
    values = ["AWS::StackName"]
  }

  filter {
    name = "value"
    values = ["datomic-stack"]
  }
}

resource "aws_lb_target_group" "datomic" {
  name     = "datomic-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = "${var.vpc_id}"
}

resource "aws_lb" "datomic" {
  name            = "datomic-lb"
  internal        = false
  security_groups = ["${var.security_group_id}"]
  subnets         = ["${var.subnet_id"]
}

resource "aws_autoscaling_attachment" "asg_attachment" {
  autoscaling_group_name = "${data.aws_autoscaling_groups.datomic.names[0]}"
  alb_target_group_arn   = "${aws_alb_target_group.datomic.arn}"
}


resource "aws_lb_listener" "datomic" {
  load_balancer_arn = "${aws_lb.datomic.arn}"
  port              = "80"
  protocol          = "HTTP"

  default_action {
    target_group_arn = "${aws_lb_target_group.datomic.arn}"
    type             = "forward"
  }
}

上述配置将找到由 Cloudformation 模板创建的自动缩放组，然后将其附加到一个应用程序负载均衡器，该负载均衡器侦听 HTTP 流量并将 HTTP 流量转发到 Datomic 实例。

从这里将 Route53 记录添加到负载均衡器很简单，但由于您的实例位于自动缩放组中，因此您无法轻松地为这些实例添加 Route53 记录（并且可能不需要）。

【讨论】：

我认为这非常接近我需要的解决方案。但是我遇到了一个奇怪的 terraform 配置错误（请参阅 pastebin.com/SXn8h7hz）...
对，没有点击它返回一个 ASG 列表。在您的情况下，我希望它只返回单个元素的列表，所以您只需要 data.aws_autoscaling_groups.datomic.names[0]
不错！ i) 我确实使用了在这里找到的解决方法：github.com/hashicorp/terraform/issues/11210。这似乎奏效了。 autoscaling_group_name = "${element(concat(data.aws_autoscaling_groups.datomic.names, list("")), 1)}"。 ii）虽然弹出了更多错误。看起来那些数据过滤器没有找到 ASG (pastebin.com/UQEQ34Qf)。因此，只需排除故障即可。
深入挖掘后，我意识到（并且应该记住）受祝福的 Datomic CF 模板不允许您将 Datomic CF 资源部署到现有 VPC 中。因此，在我们添加任何额外资源（aws_alb_target_group、aws_alb、aws_autoscaling_attachment 或 aws_alb_listener 等）之前，我们就已经束手无策了。
那么，根据我在答案中的开场评论，不要使用 Cloudformation 模板吗？没有什么有趣/聪明的东西是你不能直接在 Terraform 中做的。