amazon-web-services - 运行更新时 Cloudformation 无法检索 DBRootPassword

Question

我面临以下问题，在运行 cfn-init 和 cloudformation 创建所有资源(httpd、phpmyadmin、mariadb)后，我想更新我的数据库并从 s3 导入 dump.sql 文件。但是当我这样做时 cfn-init.log 会抛出错误

cfn-init.log

2020-06-05 08:49:54,491 [INFO] Command 02_download_dumpsql succeeded
download: s3://mybucketXXX/YYYY/dump.sql to ./dump.sql5 KiB/78.5 KiB (825.7 KiB/s) with 1 file(s) remaining
2020-06-05 08:49:54,491 [DEBUG] Running command 03_import_dumpsql
2020-06-05 08:49:54,491 [DEBUG] No test for command 03_import_dumpsql
2020-06-05 08:49:54,502 [ERROR] Command 03_import_dumpsql (mysql -u root --password='${DBRootPassword}' < /tmp/dump.sql) failed
2020-06-05 08:49:54,503 [DEBUG] Command 03_import_dumpsql output: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

2020-06-05 08:49:54,503 [ERROR] Error encountered during build of configure_database: Command 03_import_dumpsql failed
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 542, in run_config
    CloudFormationCarpenter(config, self._auth_config).build(worklog)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/construction.py", line 260, in build
    changes['commands'] = CommandTool().apply(self._config.commands)
  File "/usr/lib/python2.7/site-packages/cfnbootstrap/command_tool.py", line 117, in apply
    raise ToolError(u"Command %s failed" % name)
ToolError: Command 03_import_dumpsql failed
2020-06-05 08:49:54,503 [ERROR] -----------------------BUILD FAILED!------------------------
2020-06-05 08:49:54,504 [ERROR] Unhandled exception during build: Command 03_import_dumpsql failed
Traceback (most recent call last):

元数据

    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          InstallAndRun:
            - install_cfn
            - install_database
            - configure_database
            - install_httpd
        install_cfn:
          files:
            /etc/cfn/cfn-hup.conf:
              content: !Sub |
                [main]
                stack=${AWS::StackId}
                region=${AWS::Region}
                #default is 15min
                #verbose=true
                interval=1
              mode: "000400"
              owner: root
              group: root
            /etc/cfn/hooks.d/cfn-auto-reloader.conf:
              content: !Sub |
                [cfn-auto-reloader-hook]
                triggers=post.update
                path=Resources.EC2Instance.Metadata.AWS::CloudFormation::Init
                action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --configsets InstallAndRun --region ${AWS::Region}
                runas=root
              mode: "000400"
              owner: root
              group: root
          services:
            sysvinit:
              cfn-hup:
                enabled: "true"
                ensureRunning: "true"
                files:
                  - /etc/cfn/cfn-hup.conf
                  - /etc/cfn/hooks.d/cfn-auto-reloader.conf
        install_database:
          packages:
            yum:
              mariadb-server: []
              mariadb: []
          services:
            sysvinit:
              mariadb:
                enabled: "true"
                ensureRunning: "true"
        configure_database:
          commands:
            01_secure_sql_create_db:
              command: !Sub |
                mysql -e "UPDATE mysql.user SET Password=PASSWORD('${DBRootPassword}') WHERE User='root';"
                mysql -e "FLUSH PRIVILEGES;"
                mysql -u root -p${DBRootPassword} -e "DELETE FROM mysql.user WHERE User='';"
                mysql -u root -p${DBRootPassword} -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
                mysql -u root -p${DBRootPassword} -e "DROP DATABASE test;"
                mysql -u root -p${DBRootPassword} -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
                mysql -u root -p${DBRootPassword} -e "FLUSH PRIVILEGES;"
                mysql -u root -p${DBRootPassword} -e "CREATE DATABASE ${DBName} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
                mysql -u root -p${DBRootPassword} -e "create user '${DBUser}'@'%' identified by '${DBPassword}';"
                mysql -u root -p${DBRootPassword} -e "grant all privileges on ${DBName}.* to '${DBUser}'@'%';"
              test: !Sub |
                $(mysql ${DBName} -u root --password='${DBRootPassword}' > /dev/null 2>&1 </dev/null); (( $? !=0))
            02_download_dumpsql:
              cwd: "/tmp"
              command: "aws s3 cp s3://mybucketXXX/YYYY/ ./ --recursive"
            03_import_dumpsql:
              command: "mysql ${DBName} -u root --password='${DBRootPassword}' < /tmp/dump.sql"
              # test: !Sub |
              #   $(mysql ${DBName} -u root --password='${DBRootPassword}' > /dev/null 2>&1 </dev/null); (( $? !=0))
            04_cleanup:
              command: "rm /tmp/dump.sql"
        install_httpd:
          packages:
            yum:
              httpd: []
              php: []
              php-mbstring: []
              php-fpm: []
              php-cli: []
              php-pdo: []
              php-json: []
              php-mysqlnd: []
          files:
            /var/www/html/index.php:
              content: |
                <html>
                  <body>
                    <?php phpinfo(); ?>
                  </body>
                </html>
              mode: "000644"
              owner: apache
              group: apache
          commands:
            01_chmod_httpd:
              command: "usermod -a -G apache ec2-user"
            02_group_ownership:
              command: "chown -R ec2-user:apache /var/www"
            03_set_dir_permissions:
              command: "chmod 2775 /var/www && find /var/www -type d -exec chmod 2775 {} \\;"
            04_set_wr_permissions:
              command: "find /var/www -type f -exec chmod 0664 {} \\;"
            05_httpd_restart:
              command: "systemctl restart httpd"
            06_php_restart:
              command: "systemctl restart php-fpm"
            07_wget_phpmyadmin:
              cwd: "/var/www/html/"
              command: "wget -q https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz"
              test: "[ ! -d phpMyAdmin ]"
            08_unpack:
              cwd: "/var/www/html"
              command: "mkdir phpMyAdmin && tar -xzf phpMyAdmin-latest-all-languages.tar.gz -C phpMyAdmin --strip-components 1"
              test: "[ ! -d /var/www/html/phpMyAdmin ]"
            09_cleanup:
              cwd: "/var/www/html"
              command: "rm phpMyAdmin-latest-all-languages.tar.gz"
              test: "[ -e phpMyAdmin-latest-all-languages.tar.gz ]"
          services:
            sysvinit:
              httpd:
                enabled: "true"
                ensureRunning: "true"
    Properties:
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", "AMZNLNX2"]
      InstanceType: t2.micro
      IamInstanceProfile: !Ref WebAppProfile
      SecurityGroups:
        - !Ref WebserverSecurityGroup
      Tags:
        - Key: Name
          Value: Amazon Linux Web Server
      KeyName: !Ref KeyName
      UserData:
        "Fn::Base64": !Sub |
          #!/bin/bash -ex
          yum -y update
          yum update -y aws-cfn-bootstrap
          amazon-linux-extras enable lamp-mariadb10.2-php7.2 php7.2
          /opt/aws/bin/cfn-init  -v --stack ${AWS::StackName} --resource EC2Instance --configsets InstallAndRun --region ${AWS::Region}
          /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}

看起来 ${DBRootPassword} 是空的，因为当我手动执行它时它可以工作。谢谢。

Answer 1

错误来自此元素:03_import_dumpsql 这是

03_import_dumpsql:
  command: "mysql ${DBName} -u root --password='${DBRootPassword}' < /tmp/dump.sql"

我认为应该是:

03_import_dumpsql:
  command: !Sub "mysql ${DBName} -u root --password='${DBRootPassword}' < /tmp/dump.sql"