理论和基本架构在上一篇已经做了说明,这一篇直接来看看具体的脚本实现吧。首先来看看前面10个步骤的实现。
-
创建EC2-S3的Role,这个Role是分配给EC2虚拟机的,这样他们创建之后自动就有权限访问S3的内容。
-
创建VPC网络
-
创建VPC的2个子网,位于不同的AZ
-
创建Internet网关
-
配置路由表
-
创建并配置EC2的Security Group,确保80和22端口可用
-
创建高可用的MariaDB数据库
-
配置数据库的Security Group,确保3306端口可用
-
创建S3 Bucket 并配置Policy
-
创建CloudFront分布点,绑定S3 Bucket
-
准备WordPress的配置文档
-
准备Virtualhost的配置文档
-
上传配置文档到S3 Bucket中
-
配置Bash Shell脚本,包括LAMP,WordPress,AWS,Crontab和S3同步等等
-
创建EC2虚拟机,指定14步创建的BootStrap命令
-
更新DNS记录,指向该虚拟机
-
初始化WordPress界面
-
确认无误之后生成镜像文件
-
配置ELB
-
更新DNS记录到ELB的地址
-
配置Launch Configuration
-
配置Auto Scaling
0步, 首先我需要一个管理账号能登录到AWS
1
2
3
4
5
6
|
import-module
AWSPowerShell
get-module
AWSPowershell
#Create account from IAM, download user accesskey and secretkey
#Generate, list and delete profile
Set-AWSCredentials
-AccessKey AKIAJA11SDE5SXVHRQ -SecretKey Pc528Dw2/qwzOo4Pe421p2N618H+yFv1S7JVsBJ2M -StoreAs myprofile
Initialize-AWSDefaults -ProfileName myprofile -Region ap-southeast-2
|
1. 接下来创建一个EC2-S3的role
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# 设置 Trust Relationship
$policy1
=
@"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
"@
New-IAMRole
-RoleName
"EC2-S3"
-AssumeRolePolicyDocument
$policy1
#设置 S3的访问权限
$policy2
=
@"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
"@
Write-IAMRolePolicy
-PolicyDocument
$policy2
-RoleName
"EC2-S3"
-PolicyName
"allows3"
|
2. 创建VPC
1
2
3
|
#创建一个新的VPC
New-EC2Vpc
-CidrBlock 10.2.0.0/16
|
3. 创建VPC下的子网
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#创建两个子网,位于不同AZ
$vpcid
=
get-ec2vpc
|
Where-Object
{
$_
.Cidrblock
-eq
"10.2.0.0/16"
} | select -ExpandProperty vpcid
New-EC2Subnet
-CidrBlock 10.2.1.0/24 -VpcId
$vpcid
-AvailabilityZone ap-southeast-2a
New-EC2Subnet
-CidrBlock 10.2.2.0/24 -VpcId
$vpcid
-AvailabilityZone ap-southeast-2b
Edit-EC2SubnetAttribute -SubnetId subid1 -MapPublicIpOnLaunch
$true
Edit-EC2SubnetAttribute -SubnetId sbuid2 -MapPublicIpOnLaunch
$true
$subid1
=
Get-EC2Subnet
|
Where-Object
{
$_
.CidrBlock
-eq
"10.2.1.0/24"
} | select -ExpandProperty SubnetId
#添加tag注释
$tag
=
new-object
Amazon.EC2.Model.Tag -Property @{key=
"Name"
;value=
"Sydney"
}
New-EC2Tag
-Resource
$subid1
-Tag
$tag
$subid2
=
Get-EC2Subnet
|
Where-Object
{
$_
.CidrBlock
-eq
"10.2.2.0/24"
} | select -ExpandProperty SubnetId
$tag2
=
new-object
Amazon.EC2.Model.Tag -Property @{key=
"Name"
;value=
"Melbourne"
}
New-EC2Tag
-Resource
$subid2
-Tag
$tag2
#允许自动匹配公网IP
Edit-EC2SubnetAttribute -SubnetId
$subid1
-MapPublicIpOnLaunch
$true
Edit-EC2SubnetAttribute -SubnetId
$subid2
-MapPublicIpOnLaunch
$true
|
4. 创建网关
1
2
3
4
5
6
7
8
|
#创建Internet网关
if
((
Get-EC2InternetGateway
|
Where-Object
{
$_
.Attachments[0]
-eq
$null
} | measure).count
-eq
0){
New-EC2InternetGateway
}
$igwid
=
Get-EC2InternetGateway
|
Where-Object
{
$_
.Attachments[0]
-eq
$null
} | select -ExpandProperty internetGateWayId
$tagigw
=
new-object
Amazon.EC2.Model.Tag -Property @{key=
"Name"
;value=
"AU"
}
new-EC2tag
-Resource
$igwid
-Tag
$tagigw
Get-EC2InternetGateway
$igwid
|Add
-EC2InternetGateway -VpcId
$vpcid
|
5. 配置VPC的路由表
1
2
3
4
5
6
|
#配置路由表
#RouteTable
#New-EC2RouteTable -VpcId $vpcid
$routetable
=
Get-EC2RouteTable
|
Where-Object
{
$_
.VpcId
-eq
$vpcid
}
#Add new Route
New-EC2Route
-DestinationCidrBlock
"0.0.0.0/0"
-GatewayId
$igwid
-RouteTableId
$routetable
.RouteTabl
|
6. 配置一个EC2的安全组,开放22和80端口,这样用户可以远程管理和访问博客
1
2
3
4
5
6
7
8
9
10
11
12
13
|
#6.配置SecurityGroup和端口 SSH,HTTP,MySql
New-EC2SecurityGroup
-GroupName WordPress -Description
"WordPress Security Group"
-VpcId
$vpcid
$ip1
=
new-object
Amazon.EC2.Model.IpPermission
$ip1
.IpProtocol=
"tcp"
$ip1
.FromPort=22
$ip1
.ToPort=
"22"
$ip1
.IpRange=
"0.0.0.0/0"
$ip2
=
New-Object
Amazon.EC2.Model.IpPermission
$ip2
.IpProtocol=
"tcp"
$ip2
.FromPort=80
$ip2
.ToPort=80
$ip2
.IpRange.Add(
"0.0.0.0/0"
)
Get-EC2SecurityGroup
|
Where-Object
{
$_
.GroupName
-eq
"WordPress"
} | Grant-EC2SecurityGroupIngress -IpPermission @(
$ip1
,
$ip2
)
|
7. 然后创建一个高可用的MariaDB,为了简单起见,数据库名字,用户名,密码都设为wordpress,注意我这里专门记录了这个数据库实例的ID号码,这个是为了后面配置WordPress需要的。
1
2
3
4
5
6
|
#创建RDS MultipleAZ
New-RDSDBInstance
-AllocatedStorage 5 -DBInstanceIdentifier
"wordpress"
-MasterUsername
"wordpress"
-MasterUserPassword
"wordpress"
`
-AutoMinorVersionUpgrade
$true
-CopyTagsToSnapshot
$false
-DBInstanceClass
"db.t2.micro"
`
-DBName
"wordpress"
-Engine
"mariadb"
-MultiAZ
$true
$rdssgid
=(
Get-RDSDBInstance
-DBInstanceIdentifier
"wordpress"
| select -ExpandProperty vpcSecurityGroups).vpcsecuritygroupid
|
因为创建比较花时间,大概有个10分钟左右,所以写了个循环不断检查是否创建完毕。
1
2
3
4
5
6
7
8
|
$status
=
Get-RDSDBInstance
-DBInstanceIdentifier
"wordpress"
| select -ExpandProperty DBInstanceStatus
write-host
"Initializing Mariad DB, Please wait..."
-NoNewline
while
(
$status
-ne
"available"
){
write-host
"."
-NoNewline
Start-Sleep
-Seconds 1
$status
=
Get-RDSDBInstance
-DBInstanceIdentifier
"wordpress"
| select -ExpandProperty DBInstanceStatus
}
write-host
"RDS is Ready"
|
8. 然后为了确保他能够被我的WordPress 服务器访问,我还得打开3306端口
1
2
3
4
5
6
7
|
#Configure Security Group of DB
$ip3
=
New-Object
Amazon.EC2.Model.IpPermission
$ip3
.IpProtocol=
"tcp"
$ip3
.FromPort=3306
$ip3
.ToPort=3306
$ip3
.IpRange.Add(
"0.0.0.0/0"
)
Get-EC2SecurityGroup
|
Where-Object
{
$_
.GroupId
-eq
$rdssgid
} | Grant-EC2SecurityGroupIngress -IpPermission @(
$ip3
)
|
9. 接下来配置S3 Bucket和相关的Policy,这个Bucket的目的有2个,第一个是为了所有的EC2实例有一样的WordPress和Vhosts的配置文件;第二个是为了和EC2实例的本地目录同步保存所有的图片,类似的功能WordPress有很多插件可以做到,不过这里用脚本实现了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#创建S3 Bucket
New-S3Bucket
-BucketName yuanliwordpress -Region ap-southeast-2
Get-S3Bucket
-BucketName yuanliwordpress
#允许该Bucket里面的uploads文件夹具有公共可读的权限,这个文件夹后面会用来保存WordPress里面的图片
$policy3
=
@"
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPem",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::yuanliwordpress/uploads/*",
"Principal": "*"
}
]
}
"@
Write-S3BucketPolicy
-BucketName yuanliwordpress -Policy
$policy3
Get-S3BucketPolicy
-BucketName yuanliwordpress
|
10. 然后给这个S3创建一个CDN的分布点,这样子从全球任何区域访问我的博客 速度都会很快了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
#配置S3和CloudFront
$origin
=
New-Object
Amazon.CloudFront.Model.Origin
$origin
.DomainName=
"yuanliwordpress.s3.amazonaws.com"
$origin
.id=
"S3-yuanliwordpress"
$origin
.S3OriginConfig =
New-Object
Amazon.CloudFront.Model.S3OriginConfig
$origin
.S3OriginConfig.OriginAccessIdentity = "
"
$cfd=New-CFDistribution `
-DistributionConfig_Enabled $true `
-DistributionConfig_Comment "
Test distribution
" `
-Origins_Item $origin `
-Origins_Quantity 1 `
-DistributionConfig_CallerReference wordpresstest `
-DefaultCacheBehavior_TargetOriginId $origin.Id `
-ForwardedValues_QueryString $true `
-Cookies_Forward all `
-WhitelistedNames_Quantity 0 `
-TrustedSigners_Enabled $false `
-TrustedSigners_Quantity 0 `
-DefaultCacheBehavior_ViewerProtocolPolicy allow-all `
-DefaultCacheBehavior_MinTTL 1000 `
-DistributionConfig_PriceClass "
PriceClass_All" `
-CacheBehaviors_Quantity 0 `
-Aliases_Quantity 0
|