本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
数据生命周期管理器前脚本和后期脚本的其他用例
除了使用前置和后置脚本自动生成应用程序一致性快照外,您还可以同时或单独使用前置和后置脚本,以在创建快照之前或之后自动执行其他管理任务。例如:
-
创建快照之前使用前置脚本来应用补丁。这可以帮助您在应用每周或每月定期软件更新后创建快照。
注意
如果您选择仅运行前置脚本,则默认情况下会启用默认创建崩溃一致性快照。
-
创建快照后使用后置脚本应用补丁。这可以帮助您在应用每周或每月定期软件更新之前创建快照。
其他用例入门
本节介绍将前置和/或后置脚本用于应用程序一致性快照以外的用例中时需要执行的步骤。
为前置和/或后置脚本准备目标实例
-
在目标实例上安装SSM代理(如果尚未安装)。如果您的目标实例上已经安装了SSM代理,请跳过此步骤。
-
(Linux 实例)在适用于 Linux 的亚马逊EC2实例上手动安装SSM代理
-
(Windows 实例)在适用于 Windows 的亚马逊EC2实例上手动安装SSM代理
-
-
确保SSM代理正在运行。有关更多信息,请参阅检查SSM代理状态和启动代理。
-
为亚马逊EC2实例设置 Systems Manager。有关更多信息,请参阅Amazon Systems Manager 用户指南中的为亚马逊EC2实例设置 Systems Manager。
您必须创建一个SSM命令文档,其中包含要运行的命令的前脚本和/或后置脚本。
您可以使用下面的空SSM文档模板创建文档,并在相应的SSM文档部分中添加前脚本和后脚本命令。
请注意以下几点:
-
您有责任确保SSM文档针对您的工作负载执行正确和必要的操作。
-
该SSM文档必须包含必填字段
allowedValues
,包括pre-script
post-script
、和dry-run
。Amazon Data Lifecycle Manager 将根据这些部分的内容在您的实例上执行命令。如果您的SSM文档没有这些部分,那么 Amazon Data Lifecycle Manager 会将其视为执行失败。
###===============================================================================### # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # Permission is hereby granted, free of charge, to any person obtaining a copy of this # software and associated documentation files (the "Software"), to deal in the Software # without restriction, including without limitation the rights to use, copy, modify, # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ###===============================================================================### schemaVersion: '2.2' description: SSM Document Template for Amazon Data Lifecycle Manager Pre/Post script feature parameters: executionId: type: String default: None description: (Required) Specifies the unique identifier associated with a pre and/or post execution allowedPattern: ^(None|[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})$ command: # Data Lifecycle Manager will trigger the pre-script and post-script actions during policy execution. # 'dry-run' option is intended for validating the document execution without triggering any commands # on the instance. The following allowedValues will allow Data Lifecycle Manager to successfully # trigger pre and post script actions. type: String default: 'dry-run' description: (Required) Specifies whether pre-script and/or post-script should be executed. allowedValues: - pre-script - post-script - dry-run mainSteps: - action: aws:runShellScript description: Run Database freeze/thaw commands name: run_pre_post_scripts precondition: StringEquals: - platformType - Linux inputs: runCommand: - | #!/bin/bash ###===============================================================================### ### Error Codes ###===============================================================================### # The following Error codes will inform Data Lifecycle Manager of the type of error # and help guide handling of the error. # The Error code will also be emitted via AWS Eventbridge events in the 'cause' field. # 1 Pre-script failed during execution - 201 # 2 Post-script failed during execution - 202 # 3 Auto thaw occurred before post-script was initiated - 203 # 4 Pre-script initiated while post-script was expected - 204 # 5 Post-script initiated while pre-script was expected - 205 # 6 Application not ready for pre or post-script initiation - 206 ###===============================================================================### ### Global variables ###===============================================================================### START=$(date +%s) # For testing this script locally, replace the below with OPERATION=$1. OPERATION={{ command }} # Add all pre-script actions to be performed within the function below execute_pre_script() { echo "INFO: Start execution of pre-script" } # Add all post-script actions to be performed within the function below execute_post_script() { echo "INFO: Start execution of post-script" } # Debug logging for parameters passed to the SSM document echo "INFO: ${OPERATION} starting at $(date) with executionId: ${EXECUTION_ID}" # Based on the command parameter value execute the function that supports # pre-script/post-script operation case ${OPERATION} in pre-script) execute_pre_script ;; post-script) execute_post_script ;; dry-run) echo "INFO: dry-run option invoked - taking no action" ;; *) echo "ERROR: Invalid command parameter passed. Please use either pre-script, post-script, dry-run." exit 1 # return failure ;; esac END=$(date +%s) # Debug Log for profiling the script time echo "INFO: ${OPERATION} completed at $(date). Total runtime: $((${END} - ${START})) seconds."
注意
如果出现以下情况,则需要执行此步骤:
-
您可以创建或更新使用自定义角色的启用前/后脚本的快照策略。IAM
-
使用命令行创建或更新使用默认值的启用前置/后置脚本的快照策略。
如果您使用控制台创建或更新启用脚本前/后脚本的快照策略,该策略使用默认角色管理快照(AWSDataLifecycleManagerDefaultRole),请跳过此步骤。在这种情况下,我们会自动将AWSDataLifecycleManagerSSMFullAccess策略附加到该角色。
您必须确保您在策略中使用的IAM角色授予 Amazon Data Lifecycle Manager 执行在该策略所针对的实例上运行预脚本和发布脚本所需的SSM操作的权限。
Amazon Data Lifecycle Manager 提供了包含所需权限的托管策略 (AWSDataLifecycleManagerSSMFullAccess)。您可以将此策略附加到您的管理快照的IAM角色上,以确保该策略包含权限。
重要
使用前脚本和后置脚本时, AWSDataLifecycleManagerSSMFullAccess 托管策略使用aws:ResourceTag
条件键来限制对特定SSM文档的访问。要允许 Amazon Data Lifecycle Manager 访问SSMSSM文档,您必须确保您的文档带有标签DLMScriptsAccess:true
。
或者,您可以手动创建自定义策略或将所需权限直接分配给您使用的IAM角色。您可以使用 AWSDataLifecycleManagerSSMFullAccess 托管策略中定义的相同权限,但是,aws:ResourceTag
条件密钥是可选的。如果您决定不使用该条件键,则无需为SSM文档添加标签DLMScriptsAccess:true
。
使用以下方法之一将AWSDataLifecycleManagerSSMFullAccess策略添加到您的IAM角色。