AWS CloudFormation堆栈失败,错误地接收到0成功信号(S)出1
问题描述:
我AWS CloudFormation模板失败,出现错误:AWS CloudFormation堆栈失败,错误地接收到0成功信号(S)出1
Received 0 SUCCESS signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement
我想我的WaitConditionHandles设置不正确(或者EC2实例没有发送一个),但不知道如何解决这个问题。
似乎在AWS中正确创建了一切(ASG,EC2实例)。
我用下面的CloudFormation模板:
AWSTemplateFormatVersion: "2010-09-09"
Description: "Auto Scaling Group"
Outputs:
AsgArn:
Value: !Ref "AutoScalingGroup"
AsgMinSize:
Description: "The minimum size of the Auto Scaling Group"
Value: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
Parameters:
Ami:
Description: "Base AMI"
Type: "AWS::EC2::Image::Id"
EnvironmentName:
Description: "The environment name"
Type: "String"
HighAvailabilityFlag:
Description: "Flag used to set the minimum and maximum size of the Auto Scaling Group"
Default: false
Type: "String"
AllowedValues: [ "true", "false" ]
KeyPairName:
Description: "Name of EC2 key pair for logging in to the instances"
Type: "String"
SecurityGroupIds:
Description: "The IDs of security groups that are permitted access to EC2 instances"
Type: "String"
Subnets:
Description: "Subnets to associate with the ASG"
Type: "List<AWS::EC2::Subnet::Id>"
VersionToDeploy:
Description: "Version to deploy"
Type: "String"
VpcId:
Description: "The ID of the VPC"
Type: "AWS::EC2::VPC::Id"
Mappings:
HighAvailability:
MinSize:
"false": 1
"true": 2
MaxSize:
"false": 1
"true": 4
Resources:
InstanceProfile:
Properties:
Path: "/"
Roles:
- !Ref "InstanceRole"
Type: "AWS::IAM::InstanceProfile"
InstanceRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: "Allow"
Principal:
Service:
- ec2.amazonaws.com
Version: "2012-10-17"
Path: "/"
Type: "AWS::IAM::Role"
Policy:
Properties:
PolicyDocument:
Statement:
- Action:
- cloudformation:DescribeStacks
- ec2:Describe*
Effect: "Allow"
Resource: "*"
Version: "2012-10-17"
PolicyName: "Service"
Roles:
- !Ref "InstanceRole"
Type: "AWS::IAM::Policy"
AutoScalingGroup:
Properties:
HealthCheckGracePeriod: 300
MetricsCollection:
- Granularity: "1Minute"
HealthCheckType: "ELB"
LaunchConfigurationName: !Ref "LaunchConfiguration"
MaxSize: !FindInMap [ "HighAvailability", "MaxSize", !Ref "HighAvailabilityFlag" ]
MinSize: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
VPCZoneIdentifier: !Ref "Subnets"
CreationPolicy:
ResourceSignal:
Count: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
Timeout: "PT5M"
UpdatePolicy:
AutoScalingRollingUpdate:
MinInstancesInService: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
PauseTime: "PT5M"
WaitOnResourceSignals: true
Type: "AWS::AutoScaling::AutoScalingGroup"
LaunchConfiguration:
Properties:
AssociatePublicIpAddress: true
IamInstanceProfile: !Ref "InstanceProfile"
ImageId: !Ref "Ami"
InstanceType: "t2.micro"
KeyName: !Ref "KeyPairName"
SecurityGroups: !Split [ ",", !Join [ ",", [ !Ref "SecurityGroupIds" ] ] ]
UserData:
Fn::Base64:
cfn-init.exe -v -s "AWS::StackName" --region "AWS::Region"
cfn-signal.exe -e 0 !Ref "WindowsServerWaitHandle"
Type: "AWS::AutoScaling::LaunchConfiguration"
WindowsServerWaitHandle:
Type: "AWS::CloudFormation::WaitConditionHandle"
WindowsServerWaitCondition:
DependsOn: "AutoScalingGroup"
Properties:
Handle: !Ref "WindowsServerWaitHandle"
Timeout: "1800"
Count: 0
Type: "AWS::CloudFormation::WaitCondition"
我设置我的AMI发送WindowsIsReady信号,但如果我浏览到AWS :: CloudFormation :: WaitConditionHandle URL下CloudFormation资源我一旦EC2实例创建我看到正在产生一些日志文件
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
<AWSAccessKeyId>AKIAJQ6E5IXWPESGTUJQ</AWSAccessKeyId>
<StringToSign>
GET 1488841082 /cloudformation-waitcondition-ap-southeast-2/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A250658028269%3Astack/Service-dev-AutoScalingGroup/2a327830-01f7-11e7-8ce9-50fa57536cfe/WindowsServerWaitHandle
</StringToSign>
<SignatureProvided>9RdPNU/v5HQ7Cb0wah7IT8EV9S4=</SignatureProvided>
<StringToSignBytes>
47 45 54 0a 0a 0a 31 34 38 38 38 34 31 30 38 32 0a 2f 63 6c 6f 75 64 66 6f 72 6d 61 74 69 6f 6e 2d 77 61 69 74 63 6f 6e 64 69 74 69 6f 6e 2d 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 32 2f 61 72 6e 25 33 41 61 77 73 25 33 41 63 6c 6f 75 64 66 6f 72 6d 61 74 69 6f 6e 25 33 41 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 32 25 33 41 32 35 30 36 35 38 30 32 38 32 36 39 25 33 41 73 74 61 63 6b 2f 53 49 53 41 64 61 70 74 65 72 53 65 72 76 69 63 65 2d 64 65 76 2d 41 75 74 6f 53 63 61 6c 69 6e 67 47 72 6f 75 70 2f 32 61 33 32 37 38 33 30 2d 30 31 66 37 2d 31 31 65 37 2d 38 63 65 39 2d 35 30 66 61 35 37 35 33 36 63 66 65 2f 57 69 6e 64 6f 77 73 53 65 72 76 65 72 57 61 69 74 48 61 6e 64 6c 65
</StringToSignBytes>
<RequestId>1D4DBFE8471C3AB9</RequestId>
<HostId>
Rc1Vkf20t3Wyvk5nwqVLDynRB22csnBuoh2qkzsmT0//nEK/3O34InVxQoDJ1/lgH6Bap+rAjOM=
</HostId>
</Error>
:
UserdataEx得到这个错误ecution.log
2017/03/05 05:54:47Z: Userdata execution begins
2017/03/05 05:54:47Z: Zero or more than one <persist> tag was not provided
2017/03/05 05:54:47Z: Unregistering the persist scheduled task
2017/03/05 05:54:50Z: Zero or more than one <runAsLocalSystem> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <script> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <powershell> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <powershellArguments> tag was not provided
2017/03/05 05:54:50Z: Userdata execution done
WindowsIsReadyToConsole.log
2017/03/03 04:46:27Z: Sending "Windows is Ready" message to console is scheduled successfully
2017/03/05 05:54:27Z: Sending windows is ready message started
2017/03/05 05:54:28Z: Opening COM port handle to write to the console
2017/03/05 05:54:30Z: Serial Port in use. Waiting for Serial Port...
2017/03/05 05:54:48Z: Message: Windows is Ready to use
2017/03/05 05:54:48Z: Sending windows is ready message done
答
我删除了所有引用AWS::CloudFormation::WaitConditionHandle
和AWS::CloudFormation::WaitCondition
有我的UserData
脚本问题:
- 脚本需要
<script>
标签被执行 - 的命令没有正确的参数
- 变量未被正确注入(例如
${AWS::StackName}
)
结果是:
UserData:
"Fn::Base64":
!Sub |
<script>
cfn-init.exe -v --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
cfn-signal.exe -e 0 --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
</script>
答
你缺少你的IAM角色的PolicyDocument
的- cloudformation:SignalResource
行动。发送信号需要此权限。
感谢asnwer @spg。这似乎并没有解决这个问题。 – Nicholas