目前,阿裡雲資源編排服務(ROS)開始支援彈性網卡功能,ROS的雲資源類型增加了3個新成員,
- ALIYUN::ECS::NetworkInterface 建立彈性網卡
- ALIYUN::ECS::NetworkInterfaceAttachment 綁定彈性網卡
- ALIYUN::ECS::NetworkInterfacePermission
給彈性網卡授權
通過上面的ROS資源類型,靈活地編排彈性網卡,可以将彈性網卡跟其他雲資源編寫成你的ROS模闆,達到你所希望的“一鍵部署”效果
彈性網卡資源類型介紹
我們先看看阿裡雲ROS彈性網卡相關的3個資源類型都提供了什麼能力和怎麼使用。如果你還沒接觸過阿裡雲的資源編排服務,
請戳這裡建立彈性網卡
資源編排抽象了彈性網卡
CreateNetworkInterface接口的能力,一個簡單的建立彈性網卡的模闆如下:
{
"ROSTemplateFormatVersion" : "2015-09-01",
"Resources" : {
"EniInstance": {
"Type": "ALIYUN::ECS::NetworkInterface",
"Properties": {
'VSwitchId': 'vsw-2zetgeiqlemyok9z5j2em',
'SecurityGroupId': 'sg-2ze3yg7oo90ejudett9j',
'NetworkInterfaceName': 'my-eni-name'
'Description': 'eni-name-description'
}
}
},
"Outputs": {
"NetworkInterfaceId": {
"Value" : {"Fn::GetAtt": ["EniInstance", "NetworkInterfaceId"]}
}
}
} 我們可以看出,隻需要定義交換機ID和安全組ID,就可以建立出一塊彈性網卡,當然你也可以指定網卡的名稱和描述資訊。最後通過Outputs标簽傳回建立彈性網卡的ID。
AttachNetworkInterface
接口的能力,一個簡單的綁定彈性網卡的模闆如下:
{
"ROSTemplateFormatVersion" : "2015-09-01",
"Resources" : {
"EniInstance": {
"Type": "ALIYUN::ECS::NetworkInterfaceAttachment",
"Properties": {
'NetworkInterfaceId': 'eni-2zefnmihs8r13tqdeomr',
'InstanceId': 'i-2ze8m2j71rb2m8saw6g6'
}
}
}
} 隻需要指定網卡ID和ECS執行個體ID即可。
授權彈性網卡
資源編排抽象了彈性網卡CreateNetworkInterfacePermission接口的能力,一個簡單的授權彈性網卡的模闆如下:
{
"ROSTemplateFormatVersion" : "2015-09-01",
"Resources" : {
"EniPermissionInstance": {
"Type": "ALIYUN::ECS::NetworkInterfacePermission",
"Properties": {
'AccountId': '1754580903499898',
'NetworkInterfaceId': 'eni-2zehcsxovaeso7ivbgzp'
}
}
},
"Outputs": {
"NetworkInterfacePermissionId": {
"Value" : {"Fn::GetAtt": ["EniPermissionInstance", "NetworkInterfacePermissionId"]}
}
}
} 授權網卡需要指定被授權的網卡ID和授權的使用者ID,通過Outputs标簽傳回授權的ID。
綜合應用場景:建立ECS執行個體并綁定一個彈性網卡
資源編排的彈性網卡能力具體怎麼使用呢?我們先看一個常見的場景:“我們需要在阿裡雲上購買一個ECS,然後綁定一個彈性網卡。”
在不用資源編排模闆的情況下你需要做如下操作:
1、先在ECS執行個體控制台建立一個ECS,中間你還需要:建立VPC,VSwitch,SecurityGroup。
2、切換到彈性網卡頁面,建立彈性網卡,此時必須正确指定第一步驟建立的VPC、VSwitch和SecurityGroup。如果你的VPC數目比較多,你還得切換頁面記下第一步的VPC資訊,以便填寫。
3、在彈性網卡頁面綁定ECS執行個體
再看看使用ROS的方法
1、編寫一個ROS模闆(見附錄)
2、建立stack,填寫建立ECS必要的資訊(如鏡像ID,執行個體規格,區域等)
建立說明:
1、ROS Stack在建立過程中,建立了一個VPC、一個VSwitch、一個SecurityGroup、一個ECS執行個體和一個彈性網卡,并自動地将彈性網卡授權給指定使用者,然後綁定到ECS。填寫少量資訊後,所有操作就不需要人為幹預,一鍵部署。(如圖1)
2、如果中間建立失敗,整個Stack的資源自動復原。
3、我們編寫的ROS模闆可以在儲存,下次可以繼續使用。(如圖2)
整個過程是不是很友善呢!當然,在阿裡雲資源編排産品中,你可以結合你的業務場景,靈活地使用彈性網卡功能,編排你的業務。期待你的分享!
(圖1)
(圖2)
附錄:ROS模闆(建立一個ECS并綁定一個彈性網卡)
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "One VPC, VSwitch, security group, ECS instance, and route. The user needs to specify the image ID.",
"Parameters": {
"ImageId": {
"Default": "centos_7",
"Type": "String",
"Description": "Image Id, represents the image resource to startup the ECS instance, <a href='#/product/cn-shenzhen/list/imageList' target='_blank'>View image resources</a>"
},
"InstanceType": {
"Type": "String",
"Description": "The ECS instance type, <a href='#/product/cn-shenzhen/list/typeList' target='_blank'>View instance types</a>",
"Default": "ecs.sn1ne.large"
},
"AccountId":{
"Type": "String",
"Description": "The account id"
},
"ZoneId": {
"Type": "String",
"Description": "The available zone, <a href='#/product/cn-shenzhen/list/zoneList' target='_blank'>View available zones</a>"
},
"SecurityGroupName": {
"Type": "String",
"Description": "The security group name",
"Default": "my-sg-name"
},
"NetworkInterfaceName": {
"Type": "String",
"Description": "The Network interface name",
"Default": "my-eni-name"
},
"VpcName": {
"Type": "String",
"Description": "The VPC name",
"MinLength": 2,
"MaxLength": 128,
"ConstraintDescription": "[2, 128] English or Chinese letters",
"Default": "my-vpc-name"
},
"IoOptimized": {
"AllowedValues": [
"none",
"optimized"
],
"Description": "IO optimized, optimized is for the IO optimized instance type",
"Type": "String",
"Default": "optimized"
},
"SystemDiskCategory": {
"AllowedValues": [
"cloud",
"cloud_efficiency",
"cloud_ssd"
],
"Description": "System disk category: average cloud disk(cloud), efficient cloud disk(cloud_efficiency) or SSD cloud disk(cloud_ssd)",
"Type": "String",
"Default": "cloud_ssd"
},
"VpcCidrBlock": {
"Type": "String",
"AllowedValues": [
"192.168.0.0/16",
"172.16.0.0/12",
"10.0.0.0/8"
],
"Default": "10.0.0.0/8"
},
"VSwitchCidrBlock": {
"Type": "String",
"Description": "The VSwitch subnet which must be within VPC",
"Default": "10.0.10.0/24"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": {
"Ref": "VpcCidrBlock"
},
"VpcName": {
"Ref": "VpcName"
}
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": {
"Ref": "VSwitchCidrBlock"
},
"ZoneId": {
"Ref": "ZoneId"
},
"VpcId": {
"Fn::GetAtt": [
"Vpc",
"VpcId"
]
}
}
},
"WebServer": {
"Type": "ALIYUN::ECS::Instance",
"Properties": {
"ImageId": {
"Ref": "ImageId"
},
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"VpcId": {
"Fn::GetAtt": [
"Vpc",
"VpcId"
]
},
"VSwitchId": {
"Ref": "VSwitch"
},
"IoOptimized": {
"Ref": "IoOptimized"
},
"SystemDisk_Category": {
"Ref": "SystemDiskCategory"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"SecurityGroupName": {
"Ref": "SecurityGroupName"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"ENI": {
"Type": "ALIYUN::ECS::NetworkInterface",
"Properties": {
"VSwitchId": {
"Ref": "VSwitch"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"NetworkInterfaceName": {
"Ref": "NetworkInterfaceName"
}
}
},
"EniAttach": {
"Type": "ALIYUN::ECS::NetworkInterfaceAttachment",
"Properties": {
"NetworkInterfaceId": {
"Ref": "ENI"
},
"InstanceId": {
"Ref": "WebServer"
}
}
},
"EniPermissionInstance": {
"Type": "ALIYUN::ECS::NetworkInterfacePermission",
"Properties": {
"AccountId": {
"Ref":"AccountId"
},
"NetworkInterfaceId": {
"Ref": "ENI"
},
"Permission": "InstanceAttach"
}
}
},
"Outputs": {
"InstanceId": {
"Value": {
"Fn::GetAtt": [
"WebServer",
"InstanceId"
]
}
},
"PublicIp": {
"Value": {
"Fn::GetAtt": [
"WebServer",
"PublicIp"
]
}
},
"SecurityGroupId": {
"Value": {
"Fn::GetAtt": [
"SecurityGroup",
"SecurityGroupId"
]
}
},
"VpcId": {
"Value": {
"Fn::GetAtt": [
"Vpc",
"VpcId"
]
}
},
"VSwitchId": {
"Value": {
"Fn::GetAtt": [
"VSwitch",
"VSwitchId"
]
}
},
"NetworkInterfaceId": {
"Value": {
"Fn::GetAtt": [
"ENI",
"NetworkInterfaceId"
]
}
},
"NetworkInterfacePermissionId": {
"Value": {
"Fn::GetAtt": [
"EniPermissionInstance",
"NetworkInterfacePermissionId"
]
}
}
}
}