1. 前言
Run Command提供了一个任务批量下发的通道,我们可以通过AWS系统管理器的运行命令功能批量下发任务到EC2实例或托管在AWS上的主机。本文主要记录了使用该运行命令功能,并通过查看虚拟机上的日志跟踪任务执行的过程。
AWS关于System Manager Run Command的介绍如下:
借助 AWS Systems Manager Run Command,您可以通过安全方式远程管理托管实例的配置。托管实例 是混合环境中已经针对 Systems Manager 配置的任意 Amazon EC2 实例或本地计算机。利用 Run Command,您可以自动完成常用管理任务以及大规模执行临时配置更改。您可以从 AWS 控制台、AWS Command Line Interface、AWS Tools for Windows PowerShell或 AWS 开发工具包使用 Run Command。Run Command 不另外收费。
管理员使用 Run Command 可以在其托管实例上执行以下类型的任务:安装或引导应用程序,构建部署管道,从 Auto Scaling 组终止实例时捕获日志文件,以及将实例加入 Windows 域等等。
2. 前置条件
- 在AWS上创建好一台实验用的虚拟机
- 创建一个角色,授予AmazonEC2RoleforSSM权限,并将该角色绑定到虚拟机上,参考:SSM权限配置
- 在虚拟机上安装SSM代理,参考:安装和配置 SSM 代理
3. 使用过程记录
3.1 创建命令文档
AWS Systems Manager 文档(SSM 文档)定义 Systems Manager 对托管实例执行的操作。Systems Manager 包括十多个预先配置的文档,可以通过指定在运行时的参数进行使用。文档使用 JavaScript Object Notation (JSON) 或 YAML,并包括您指定的步骤和参数。
EC2 System Manager中创建文档时,有三种类型的文档
三种SSM文档类型
- 命令文档:结合Run Command使用
- 策略文档:结合State Manager使用
- 自动化文档:结合Automation使用
为了试用Run Command功能,先创建一个最简单的命令文档——执行shell命令hostname获取主机名称。文档内容,参考SSM文档语法:
---
schemaVersion: '2.2'
description: Sample document
mainSteps:
- action: aws:runPowerShellScript
name: runPowerShellScript
inputs:
runCommand:
- hostname
创建文档-选择命令文档类型
创建文档-填写文档内容
完成创建
3.2 运行命令
3.2.1 配置命令文档
选择命令文档
注意:如果命令文档类型只支持windows,那么接下来选择EC2实例时,非Windows类型的EC2实例会被过滤掉。
填写命令文档参数
3.2.2 配置目标
选择目标托管实例
命令超时时间、输出、通知等保留默认配置。在表单的末尾会根据当前配置生成与之对应的命令行代码:
命令行代码
aws ssm send-command --document-name "Gather-OS-Information" --document-version "1" --targets "Key=instanceids,Values=i-0fb5527d1d10e85cd" --parameters '{"Message":["Hello World"]}' --timeout-seconds 600 --max-concurrency "50" --max-errors "0" --region us-east-2
3.2.3 运行结果
第一次尝试运行命令失败
运行命令失败
查看命令执行日志
命令执行日志
为什么会使用pwsh这个命令呢,原来是因为创建命令文档时,文档内容中指定了插件aws:runPowerShellScript,这个插件是针对Windows环境的,在Linux环境应该使用aws:runShellScript。SSM提供的文档插件参考:SSM文档插件
创建新版本的命令文档,修改文档插件为aws:runShellScript后再尝试运行命令,命令运行成功
命令运行成功
查看命令运行结果
命令运行结果
4. 日志采集
2019-03-04 09:56:03 INFO [MessagingDeliveryService] [messageID=aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd] Validating SSM parameters
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] document: 67278003-19bf-4e28-8c80-eea12a2f2910 worker started
2019-03-04 09:56:03 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:03.969Z",
"runId": "",
"runtimeStatusCounts": null
},
"documentStatus": "InProgress",
"documentTraceOutput": "",
"runtimeStatus": null
}
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel: 67278003-19bf-4e28-8c80-eea12a2f2910 found
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] inter process communication started
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] received plugin config message
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] {"DocumentInformation":{"DocumentID":"67278003-19bf-4e28-8c80-eea12a2f2910","CommandID":"67278003-19bf-4e28-8c80-eea12a2f2910","AssociationID":"","InstanceID":"i-0fb5527d1d10e85cd","MessageID":"aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd","RunID":"2019-03-04T09-56-03.952Z","CreatedDate":"2019-03-04T09:56:03.873Z","DocumentName":"Gather-OS-Information","DocumentVersion":"","DocumentStatus":"InProgress","RunCount":0,"ProcInfo":{"Pid":10539,"StartTime":"2019-03-04T09:56:04.053432773Z"},"ClientId":""},"DocumentType":"SendCommand","SchemaVersion":"2.2","InstancePluginsInformation":[{"Configuration":{"Settings":null,"Properties":{"runCommand":["hostname"]},"OutputS3KeyPrefix":"67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd/awsrunShellScript","OutputS3BucketName":"","S3EncryptionEnabled":false,"CloudWatchLogGroup":"","CloudWatchEncryptionEnabled":false,"OrchestrationDirectory":"/var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910/GetHostName","MessageId":"aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd","BookKeepingFileName":"67278003-19bf-4e28-8c80-eea12a2f2910","PluginName":"aws:runShellScript","PluginID":"GetHostName","DefaultWorkingDirectory":"","Preconditions":null,"IsPreconditionEnabled":true,"CurrentAssociations":null,"SessionId":"","ClientId":""},"Name":"aws:runShellScript","Result":{"pluginID":"","pluginName":"","status":"","code":0,"output":null,"startDateTime":"0001-01-01T00:00:00Z","endDateTime":"0001-01-01T00:00:00Z","outputS3BucketName":"","outputS3KeyPrefix":"","error":"","standardOutput":"","standardError":""},"Id":"GetHostName"}],"CancelInformation":{"CancelMessageID":"","CancelCommandID":"","Payload":"","DebugInfo":""},"IOConfig":{"OrchestrationDirectory":"/var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910","OutputS3BucketName":"","OutputS3KeyPrefix":"67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd","CloudWatchConfig":{"LogGroupName":"","LogStreamPrefix":"","LogGroupEncryptionEnabled":false}}}
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] Running plugin aws:runShellScript
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] aws:runShellScript started with configuration {<nil> map[runCommand:[hostname]] 67278003-19bf-4e28-8c80-eea12a2f2910/i-0fb5527d1d10e85cd/awsrunShellScript false false /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/document/orchestration/67278003-19bf-4e28-8c80-eea12a2f2910/GetHostName aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd 67278003-19bf-4e28-8c80-eea12a2f2910 aws:runShellScript GetHostName map[] true [] }
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] Unexpected 'TimeoutSeconds' value <nil> received. Setting 'TimeoutSeconds' to default value 3600
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] [pluginName=aws:runShellScript] 'TimeoutSeconds' value should be between 5 and 172800. Setting 'TimeoutSeconds' to default value 3600
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] Sending plugin GetHostName completion message
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] document execution complete
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] sending document complete response...
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] [DataBackend] stopping ipc worker...
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] requested shutdown, prepare to stop messaging
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 requested close
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 closed
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] ipc channel closed, stop messaging worker
2019-03-04 09:56:04 INFO [ssm-document-worker] [67278003-19bf-4e28-8c80-eea12a2f2910] document worker closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply 67057dcf-ab40-40a1-a3ed-ad287d12d723 was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "67057dcf-ab40-40a1-a3ed-ad287d12d723",
ReplyStatus: "QUEUED"
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel: 67278003-19bf-4e28-8c80-eea12a2f2910 not found, creating a new file channel...
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] inter process communication started
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] requested terminate messaging worker, destroying the channel
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 requested close
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] Executer closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] sending reply for plugin update: GetHostName
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] sending document: 67278003-19bf-4e28-8c80-eea12a2f2910 complete response
2019-03-04 09:56:04 INFO [MessagingDeliveryService] received plugin: GetHostName result from Processor
2019-03-04 09:56:04 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:04.086Z",
"runId": "",
"runtimeStatusCounts": {
"Success": 1
}
},
"documentStatus": "InProgress",
"documentTraceOutput": "",
"runtimeStatus": {
"GetHostName": {
"status": "Success",
"code": 0,
"name": "aws:runShellScript",
"output": "ip-172-31-47-223.us-east-2.compute.internal\n",
"startDateTime": "2019-03-04T09:56:04.071Z",
"endDateTime": "2019-03-04T09:56:04.077Z",
"outputS3BucketName": "",
"outputS3KeyPrefix": "",
"standardOutput": "ip-172-31-47-223.us-east-2.compute.internal\n",
"standardError": ""
}
}
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] [OutOfProcExecuter] [67278003-19bf-4e28-8c80-eea12a2f2910] channel /var/lib/amazon/ssm/i-0fb5527d1d10e85cd/channels/67278003-19bf-4e28-8c80-eea12a2f2910 closed
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply 52560d86-c2b9-499e-980c-7c32f567a452 was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "52560d86-c2b9-499e-980c-7c32f567a452",
ReplyStatus: "QUEUED"
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] command: aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd complete
2019-03-04 09:56:04 INFO [MessagingDeliveryService] Sending reply {
"additionalInfo": {
"agent": {
"lang": "en-US",
"name": "amazon-ssm-agent",
"os": "",
"osver": "1",
"ver": ""
},
"dateTime": "2019-03-04T09:56:04.161Z",
"runId": "",
"runtimeStatusCounts": {
"Success": 1
}
},
"documentStatus": "Success",
"documentTraceOutput": "",
"runtimeStatus": {
"GetHostName": {
"status": "Success",
"code": 0,
"name": "aws:runShellScript",
"output": "ip-172-31-47-223.us-east-2.compute.internal\n",
"startDateTime": "2019-03-04T09:56:04.071Z",
"endDateTime": "2019-03-04T09:56:04.077Z",
"outputS3BucketName": "",
"outputS3KeyPrefix": "",
"standardOutput": "ip-172-31-47-223.us-east-2.compute.internal\n",
"standardError": ""
}
}
}
2019-03-04 09:56:04 INFO [MessagingDeliveryService] [EngineProcessor] execution of aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd is over. Removing interimState from current folder
2019-03-04 09:56:04 INFO [MessagingDeliveryService] SendReply Response{
Description: "Reply ed0685af-f1a1-40cd-b1b0-d09dc10ccd3a was successfully sent.",
MessageId: "aws.ssm.67278003-19bf-4e28-8c80-eea12a2f2910.i-0fb5527d1d10e85cd",
ReplyId: "ed0685af-f1a1-40cd-b1b0-d09dc10ccd3a",
ReplyStatus: "QUEUED"
}
