从快照自动配置aws ebs卷
ebs-snatcher的Python项目详细描述
自动为实例提供并附加aws ebs卷
安装
运行pip install ebs-snatcher,或python ./setup.py
目的
这个工具允许aws实例充分地自我配置或接管ebs 用于数据存储的卷。它是为了支持有状态的数据库实例而创建的。 它应该能够在使用 从最近的状态开始,而不是从头开始。
过程
ebs-snatcher将尝试以最小的 考虑到两个实例都必须位于 相同的可用区域。适当的卷和快照由 标记键值对,这样不同类型的卷可以由 多次调用程序。
按优先顺序,可以选择:
- 继续使用已连接到实例的所有卷
- 从合适的快照创建一个新卷,并将其附加
- 从头开始创建一个新卷,并将其附加
识别卷和快照
只有当卷和快照与集合匹配时,才会考虑使用它们 由--volume-id-tag和^{tt5}指定的标记的$ 分别是争论。它们采用key=value对的形式,并且可以 多次指定,在这种情况下,条件组合在和中 时尚。
不能用于选择的额外标记可以用 --volume-extra-tags(也采用key=value格式)。
附件设备选择
配置卷后,需要将其附加到实例并 在操作系统中分配了设备名。所需的名称可以是 用--attach-device参数指定,或者可以将其设置为auto 从aws默认值/dev/sdf(先前的设备是“保留的”)开始 例如存储卷)。
如果由于名称已在使用而导致附件尝试失败,并且 匹配已知的Linux磁盘名(/dev/(sd|xvd)[a-z]+),中的下一个名称 将按字母顺序选择并重试顺序。序列开始于:
sda, sdb, ..., sdz, sdaa, ..., sdaz, sdba, ...
创建卷
卷创建设置作为命令行参数公开,对应于 aws api参数,还有一些观察:
- encrypt和kmskeyid选项组合到 --encrypt-kms-key-id参数。如果它将启用加密,并且 忽略它将禁用它
- 从快照创建卷时,将忽略卷大小,因为 卷的大小将始终与快照的大小相同
输出
当没有发现错误时,命令将退出状态0,并打印JSON。 stdout中的文档,至少包含以下键:
| volume_id: | ID of the EBS volume that has been attached to the instance |
|---|---|
| attached_device: | |
| Path of the device assigned to the volume. Note that this might not match exactly the device name visible inside the instance. For example, modern Linux kernel versions use ^{tt15}$ even if ^{tt16}$ is specified | |
| result: | One of ^{tt17}$, ^{tt18}$ or ^{tt19}$, indicating the change in volume state (or lack thereof) |
| src_snapshot_id: | |
| Contains the snapshot ID used to provision the volume it ^{tt20}$ is ^{tt19}$. Is ^{tt22}$ otherwise, or if the volume was created from scratch |
在这两种情况下,日志消息都被打印到stderr。
IAM权限
列出卷、快照和实例、创建卷和 要使ebs-snatcher工作,必须将卷附加到实例。 它们应该被授予使用iam角色的实例。最简单的策略允许 完全访问所有这些操作。处理起来容易得多,但是 宽泛:
{"Version":"2012-10-17","Statement":[{"Sid":"EBSSnatcherAll","Action":["ec2:DescribeInstances","ec2:DescribeSnapshots","ec2:DescribeVolumes","ec2:CreateVolume","ec2:AttachVolume"],"Effect":"Allow","Resource":"*"}]}
可以确保所有托管卷和实例都选择了 标记,只要这些相同的标记被传递给ebs-snatcher。 下面是实现这一目标的示例策略。使用前,请更换:
- db-volume-type和cassandra带有卷所需的标记
- db-instance-type和cassandra带有实例所需的标记 (必须已分配)
- <REGION>和<ACCOUNT-ID>以及您自己的AWS帐户信息
{"Version":"2012-10-17","Statement":[{"Sid":"EBSSnatcherDescribe","Action":["ec2:DescribeInstances","ec2:DescribeSnapshots","ec2:DescribeVolumes"],"Effect":"Allow","Resource":"*"},{"Sid":"EBSSnatcherCreateVolume","Action":["ec2:CreateVolume"],"Condition":{"StringEquals":{"aws:RequestTag/db-volume-type":"cassandra"}},"Effect":"Allow","Resource":"*"},{"Sid":"EBSSnatcherCreateVolumeTags","Action":["ec2:CreateTags"],"Condition":{"StringEquals":{"ec2:CreateAction":"CreateVolume"}},"Effect":"Allow","Resource":"arn:aws:ec2:<REGION>:<ACCOUNT-ID>:volume/*"},{"Sid":"EBSSnatcherAttachVolumeVolume","Action":["ec2:AttachVolume"],"Condition":{"StringEquals":{"ec2:ResourceTag/db-volume-type":"cassandra"}},"Effect":"Allow","Resource":"arn:aws:ec2:<REGION>:<ACCOUNT-ID>:volume/*"},{"Sid":"EBSSnatcherAttachVolumeInstance","Action":["ec2:AttachVolume"],"Effect":"Allow","Condition":{"StringEquals":{"ec2:ResourceTag/db-instance-type":"cassandra"}},"Resource":"arn:aws:ec2:<REGION>:<ACCOUNT-ID>:instance/*"}]}
未来的增强功能
- 生成最小值所有IAM政策的程序化
- 从本地元数据存储中提取实例信息(不需要 说明说明权限)
用法
usage: ebs-snatcher [-h] --instance-id ID --volume-id-tag KEY=VALUE
--volume-size GB --snapshot-search-tag KEY=VALUE
--attach-device PATH|auto [--volume-extra-tag KEY=VALUE]
[--encrypt-kms-key-id KEY-ID] [--volume-type TYPE]
[--volume-iops COUNT]
Automatically provision AWS EBS volumes from snapshots
optional arguments:
-h, --help show this help message and exit
--instance-id ID Instance ID to attach volumes to
--volume-id-tag KEY=VALUE
Tag used to identify desired volumes. Will be used to
search currently attached volumes to determine if a
new one is needed and applied to new volumes. Can be
provided multiple times, in which case tags will be
combined as an AND condition.
--volume-size GB Size to assign to newly created volumes, in GBs.
--snapshot-search-tag KEY=VALUE
Tag used to identify snapshots to create new volumes
from.Can be provided multiple times, in which case
tags will be combined as an AND condition.
--attach-device PATH|auto
Name of device to use when attaching a volume, such as
"/dev/sdb". Can also be set to "auto", in which case
sequential device names starting from /dev/sdb will be
tried until attaching succeeeds
--volume-extra-tag KEY=VALUE
Extra tags to be applied to newly create volumes, but
which are not used for identification .
--encrypt-kms-key-id KEY-ID
Enable encryption and use the given KMS key ID for
newly created volumes
--volume-type TYPE Volume type to use for newly created volumes
--volume-iops COUNT Number of provisioned I/O operations to assign to
newly created volumes. Make sure to choose an
appropriate volume type to match.
许可证(MIT)
Copyright (C) 2017 Cobli Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
欢迎加入QQ群-->: 979659372
