1. 前言
Run Command提供了一個任務(wù)批量下發(fā)的通道婴洼,我們可以通過AWS系統(tǒng)管理器的運行命令功能批量下發(fā)任務(wù)到EC2實例或托管在AWS上的主機吭服。本文主要記錄了使用該運行命令功能,并通過查看虛擬機上的日志跟蹤任務(wù)執(zhí)行的過程心褐。
AWS關(guān)于System Manager Run Command的介紹如下:
借助 AWS Systems Manager Run Command,您可以通過安全方式遠程管理托管實例的配置秒拔。托管實例 是混合環(huán)境中已經(jīng)針對 Systems Manager 配置的任意 Amazon EC2 實例或本地計算機婿脸。利用 Run Command粱胜,您可以自動完成常用管理任務(wù)以及大規(guī)模執(zhí)行臨時配置更改。您可以從 AWS 控制臺狐树、AWS Command Line Interface焙压、AWS Tools for Windows PowerShell或 AWS 開發(fā)工具包使用 Run Command。Run Command 不另外收費抑钟。
管理員使用 Run Command 可以在其托管實例上執(zhí)行以下類型的任務(wù):安裝或引導(dǎo)應(yīng)用程序涯曲,構(gòu)建部署管道,從 Auto Scaling 組終止實例時捕獲日志文件在塔,以及將實例加入 Windows 域等等幻件。
2. 前置條件
- 在AWS上創(chuàng)建好一臺實驗用的虛擬機
- 創(chuàng)建一個角色,授予AmazonEC2RoleforSSM權(quán)限蛔溃,并將該角色綁定到虛擬機上绰沥,參考:SSM權(quán)限配置
- 在虛擬機上安裝SSM代理,參考:安裝和配置 SSM 代理
3. 使用過程記錄
3.1 創(chuàng)建命令文檔
AWS Systems Manager 文檔(SSM 文檔)定義 Systems Manager 對托管實例執(zhí)行的操作贺待。Systems Manager 包括十多個預(yù)先配置的文檔徽曲,可以通過指定在運行時的參數(shù)進行使用。文檔使用 JavaScript Object Notation (JSON) 或 YAML麸塞,并包括您指定的步驟和參數(shù)秃臣。
EC2 System Manager中創(chuàng)建文檔時,有三種類型的文檔
三種SSM文檔類型
- 命令文檔:結(jié)合Run Command使用
- 策略文檔:結(jié)合State Manager使用
- 自動化文檔:結(jié)合Automation使用
為了試用Run Command功能哪工,先創(chuàng)建一個最簡單的命令文檔——執(zhí)行shell命令hostname獲取主機名稱奥此。文檔內(nèi)容,參考SSM文檔語法:
---
schemaVersion: '2.2'
description: Sample document
mainSteps:
- action: aws:runPowerShellScript
name: runPowerShellScript
inputs:
runCommand:
- hostname
創(chuàng)建文檔-選擇命令文檔類型
創(chuàng)建文檔-填寫文檔內(nèi)容
完成創(chuàng)建
3.2 運行命令
3.2.1 配置命令文檔
選擇命令文檔
注意:如果命令文檔類型只支持windows雁比,那么接下來選擇EC2實例時稚虎,非Windows類型的EC2實例會被過濾掉。
填寫命令文檔參數(shù)
3.2.2 配置目標
選擇目標托管實例
命令超時時間章贞、輸出祥绞、通知等保留默認配置非洲。在表單的末尾會根據(jù)當前配置生成與之對應(yīng)的命令行代碼:
命令行代碼
aws ssm send-command --document-name "Gather-OS-Information" --document-version "1" --targets "Key=instanceids,Values=i-0fb5527d1d10e85cd" --parameters '{"Message":["Hello World"]}' --timeout-seconds 600 --max-concurrency "50" --max-errors "0" --region us-east-2
3.2.3 運行結(jié)果
第一次嘗試運行命令失敗
運行命令失敗
查看命令執(zhí)行日志
命令執(zhí)行日志
為什么會使用pwsh這個命令呢鸭限,原來是因為創(chuàng)建命令文檔時,文檔內(nèi)容中指定了插件aws:runPowerShellScript两踏,這個插件是針對Windows環(huán)境的败京,在Linux環(huán)境應(yīng)該使用aws:runShellScript。SSM提供的文檔插件參考:SSM文檔插件
創(chuàng)建新版本的命令文檔梦染,修改文檔插件為aws:runShellScript后再嘗試運行命令赡麦,命令運行成功
命令運行成功
查看命令運行結(jié)果
命令運行結(jié)果
4. 日志采集
2019-03-04 09:56:03 INFO [MessagingDeliveryService] [messageID=aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd] Validating SSM parameters
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] document: 67278003-19bf-4e28-8c80-eea12a2f2910 worker started
2019-03-04 09:56:03 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:03.969Z",
"runId": "",
"runtimeStatusCounts": null
},
"documentStatus": "InProgress",
"documentTraceOutput": "",
"runtimeStatus": null
}
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel: 67278003-19bf-4e28-8c80-eea12a2f2910 found
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] inter process communication started
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] received plugin config message
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] {"DocumentInformation":{"DocumentID":"67278003-19bf-4e28-8c80-eea12a2f2910","CommandID":"67278003-19bf-4e28-8c80-eea12a2f2910","AssociationID":"","InstanceID":"i-0fb5527d1d10e85cd","MessageID":"aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd","RunID":"2019-03-04T09-56-03.952Z","CreatedDate":"2019-03-04T09:56:03.873Z","DocumentName":"Gather-OS-Information","DocumentVersion":"","DocumentStatus":"InProgress","RunCount":0,"ProcInfo":{"Pid":10539,"StartTime":"2019-03-04T09:56:04.053432773Z"},"ClientId":""},"DocumentType":"SendCommand","SchemaVersion":"2.2","InstancePluginsInformation":[{"Configuration":{"Settings":null,"Properties":{"runCommand":["hostname"]},"OutputS3KeyPrefix":"67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd/awsrunShellScript","OutputS3BucketName":"","S3EncryptionEnabled":false,"CloudWatchLogGroup":"","CloudWatchEncryptionEnabled":false,"OrchestrationDirectory":"/var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910/GetHostName","MessageId":"aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd","BookKeepingFileName":"67278003-19bf-4e28-8c80-eea12a2f2910","PluginName":"aws:runShellScript","PluginID":"GetHostName","DefaultWorkingDirectory":"","Preconditions":null,"IsPreconditionEnabled":true,"CurrentAssociations":null,"SessionId":"","ClientId":""},"Name":"aws:runShellScript","Result":{"pluginID":"","pluginName":"","status":"","code":0,"output":null,"startDateTime":"0001-01-01T00:00:00Z","endDateTime":"0001-01-01T00:00:00Z","outputS3BucketName":"","outputS3KeyPrefix":"","error":"","standardOutput":"","standardError":""},"Id":"GetHostName"}],"CancelInformation":{"CancelMessageID":"","CancelCommandID":"","Payload":"","DebugInfo":""},"IOConfig":{"OrchestrationDirectory":"/var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910","OutputS3BucketName":"","OutputS3KeyPrefix":"67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd","CloudWatchConfig":{"LogGroupName":"","LogStreamPrefix":"","LogGroupEncryptionEnabled":false}}}
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] Running plugin aws:runShellScript
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] aws:runShellScript started with configuration {<nil> map[runCommand:[hostname]] 67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd/awsrunShellScript false false /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910/GetHostName aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd 67278003-19bf-4e28-8c80-eea12a2f2910 aws:runShellScript GetHostName map[] true [] }
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] Unexpected 'TimeoutSeconds' value <nil> received. Setting 'TimeoutSeconds' to default value 3600
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] 'TimeoutSeconds' value should be between 5 and 172800. Setting 'TimeoutSeconds' to default value 3600
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] Sending plugin GetHostName completion message
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] document execution complete
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] sending document complete response...
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] stopping ipc worker...
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] requested shutdown, prepare to stop messaging
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 requested close
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 closed
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] ipc channel closed, stop messaging worker
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] document worker closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply 67057dcf-ab40-40a1-a3ed-ad287d12d723 was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "67057dcf-ab40-40a1-a3ed-ad287d12d723",
ReplyStatus: "QUEUED"
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel: 67278003-19bf-4e28-8c80-eea12a2f2910 not found, creating a new file channel...
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] inter process communication started
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] requested terminate messaging worker, destroying the channel
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 requested close
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] Executer closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] sending reply for plugin update: GetHostName
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] sending document: 67278003-19bf-4e28-8c80-eea12a2f2910 complete response
2019-03-04 09:56:04 INFO [MessagingDeliveryService] received plugin: GetHostName result from Processor
2019-03-04 09:56:04 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:04.086Z",
"runId": "",
"runtimeStatusCounts": {
"Success": 1
}
},
"documentStatus": "InProgress",
"documentTraceOutput": "",
"runtimeStatus": {
"GetHostName": {
"status": "Success",
"code": 0,
"name": "aws:runShellScript",
"output": "ip-172-31-47-223.us-east-2.compute.internal\n",
"startDateTime": "2019-03-04T09:56:04.071Z",
"endDateTime": "2019-03-04T09:56:04.077Z",
"outputS3BucketName": "",
"outputS3KeyPrefix": "",
"standardOutput": "ip-172-31-47-223.us-east-2.compute.internal\n",
"standardError": ""
}
}
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply 52560d86-c2b9-499e-980c-7c32f567a452 was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "52560d86-c2b9-499e-980c-7c32f567a452",
ReplyStatus: "QUEUED"
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] command: aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd complete
2019-03-04 09:56:04 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:04.161Z",
"runId": "",
"runtimeStatusCounts": {
"Success": 1
}
},
"documentStatus": "Success",
"documentTraceOutput": "",
"runtimeStatus": {
"GetHostName": {
"status": "Success",
"code": 0,
"name": "aws:runShellScript",
"output": "ip-172-31-47-223.us-east-2.compute.internal\n",
"startDateTime": "2019-03-04T09:56:04.071Z",
"endDateTime": "2019-03-04T09:56:04.077Z",
"outputS3BucketName": "",
"outputS3KeyPrefix": "",
"standardOutput": "ip-172-31-47-223.us-east-2.compute.internal\n",
"standardError": ""
}
}
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] execution of aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd is over. Removing interimState from current folder
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply ed0685af-f1a1-40cd-b1b0-d09dc10ccd3a was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "ed0685af-f1a1-40cd-b1b0-d09dc10ccd3a",
ReplyStatus: "QUEUED"
}
