从Docker Elastic Beanstalk容器中获取Elasticache地址
我正在尝试有弹性beanstalk自动提供一个elasticache实例。 我想弄清楚如何我可以在我的docker环境中在运行时访问caching实例的地址。 我正在运行python(在gevent上)。
这是我的.ebextensions中的configuration文件:
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {Ref : AWSEBSecurityGroup} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 MyCacheSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "Lock cache down to webserver access only" SecurityGroupIngress : - IpProtocol : "tcp" FromPort : Fn::GetOptionSetting: OptionName : "CachePort" DefaultValue: "6379" ToPort : Fn::GetOptionSetting: OptionName : "CachePort" DefaultValue: "6379" SourceSecurityGroupName: Ref: "AWSEBSecurityGroup" MyElastiCache: Type: "AWS::ElastiCache::CacheCluster" Properties: CacheNodeType: Fn::GetOptionSetting: OptionName : "CacheNodeType" DefaultValue : "cache.t1.micro" NumCacheNodes: Fn::GetOptionSetting: OptionName : "NumCacheNodes" DefaultValue : "1" Engine: Fn::GetOptionSetting: OptionName : "Engine" DefaultValue : "redis" VpcSecurityGroupIds: - Fn::GetAtt: - MyCacheSecurityGroup - GroupId option_settings: "aws:elasticbeanstalk:customoption": CacheNodeType : cache.t1.micro NumCacheNodes : 1 Engine : redis CachePort : 6379 Outputs: ElastiCache: Description : "ID of ElastiCache Cache Cluster with Redis Engine" Value : Ref : "MyElastiCache" files: /etc/nginx/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | # HTTPS Server server { listen 443; server_name localhost; ssl on; ssl_certificate /etc/pki/tls/certs/server.crt; ssl_certificate_key /etc/pki/tls/certs/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; location / { proxy_pass http://docker; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } /tmp/elasticache.env: mode: "000444" content: | export ELASTICACHE_CONFIGURATION_ENDPOINT="'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Address"]}':'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Port"]}'" option_settings: - option_name: ELASTICACHE_DATA_FILE value: /var/app/elasticache container_commands: copy_crt: command: cp .ebextensions/server.crt /etc/pki/tls/certs/server.crt copy_key: command: cp .ebextensions/server.key /etc/pki/tls/certs/server.key 我遵循这里的指南: http : //docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-environment-resources-elasticache.html#customize-environment-resources-elasticache-defaultvpc 。 并增加了对使用我们的tls证书的支持。
我的问题是,不能从docker实例访问/tmp/elasticache.env文件。 有没有更好的方式来获得弹性authentication?
如果您已经拥有ElastiCache端点,则可以使用应用程序部署钩子将其注入到Docker容器环境variables中:
files: "/opt/elasticbeanstalk/hooks/appdeploy/pre/02injectdockerfile.sh": mode: "000755" content: | . /opt/elasticbeanstalk/hooks/common.sh EB_CONFIG_APP_CURRENT=$(/opt/elasticbeanstalk/bin/get-config container -k app_deploy_dir) cd $EB_CONFIG_APP_CURRENT echo "ENV ELASTICACHE_CONFIGURATION_ENDPOINT \"'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Address"]}':'{"Fn::GetAtt": ["MyElastiCache", "ConfigurationEndpoint.Port"]}'\"" >> Dockerfile
在https://stackoverflow.com/a/32458281/3427434 (在选项#2部分)中查看更多详细信息。