windows - Cloudformation CFN-Init Windows Powershell 问题
问题描述
在通过 Cloudformation 启动堡垒主机时,我们在 CFN-Init 中传递多个 Powershell 命令时遇到问题。
安装 Windows 功能的第一个命令正在运行,但第二个命令(以及后续命令)未运行。我们已经尝试了基本的“echo hello> file.txt”,但它不起作用。我们已经尝试使用反斜杠来转义引号。在这一点上,我们不知所措。
这是资源
BastionServer:
Type: AWS::EC2::Instance
Metadata:
AWS::Cloudformation::Init:
configSets:
config:
- setup
- installADDS
- finalize
setup:
files:
c:\cfn\cfn-hup.conf:
content: !Sub |
[main]
stack=${AWS::StackId}
region=${AWS::Region}
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
triggers=post.update
path=Resources.BastionServer.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets full_install --region ${AWS::Region}
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\cfn\hooks.d\cfn-auto-reloader.conf
installADDS:
commands:
1-install-prereqs:
command: powershell.exe -Command "Install-WindowsFeature RSAT-AD-Powershell RSAT-ADDS-Tools; "
waitAfterCompletion: '0'
2-create-user:
command: powershell.exe -ExecutionPolicy Bypass -Command "New-ADUser -Name '${DomainAdminUser}' -UserPrincipalName '${DomainAdminUser}'@'{$DomainDNSName}' -AccountPassword (ConvertTo-SecureString ${DomainAdminPassword} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
finalize:
1-signal-success:
command: powershell.exe -Command "Write-AWSQuickStartStatus"
waitAfterCompletion: '0'
Properties:
ImageId:
Fn::FindInMap:
- "AWSAMIRegionMap"
- Ref: "AWS::Region"
- "WS2016FULLBASE"
InstanceType: t2.medium
SsmAssociations:
-
DocumentName:
Ref: "SSMDoc"
KeyName: !Ref 'KeyPair'
UserData: !Base64
Fn::Join:
- ''
- - "<script>\n"
- 'cfn-init.exe -v -c config -s '
- !Ref 'AWS::StackId'
- ' -r BastionServer'
- ' --region '
- !Ref 'AWS::Region'
- "\n"
- "</script>\n"
解决方案
假设您将所需的变量(DomainAdminUser、DomainDNSName 和 DomainAdminPassword)作为模板中的参数传递,那么您只需要利用内部替换函数,以便 CloudFormation 知道用什么替换您的变量:
installADDS:
commands:
1-install-prereqs: ...
2-create-user:
command: !Sub >-
powershell.exe -ExecutionPolicy Bypass -Command
"New-ADUser -Name '${DomainAdminUser}' -UserPrincipalName '${DomainAdminUser}'@'${DomainDNSName}' -AccountPassword (ConvertTo-SecureString ${DomainAdminPassword} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
为了帮助进行故障排除,您可以将脚本保存在 Bastion 上,以查看替换是否按预期工作:
installADDS:
files:
'C:\cfn\scripts\CreateUser.ps1':
content: !Join
- ''
- - "New-ADUser -Name '${"
- !Ref DomainAdminUser
- "}' -UserPrincipalName '${"
- !Ref DomainAdminUser
- "}'@'${"
- !Ref DomainDNSName
- "}' -AccountPassword (ConvertTo-SecureString ${"
- !Ref DomainAdminPassword
- "} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
commands:
1-install-prereqs: ...
2-create-user:
command: >-
powershell.exe -ExecutionPolicy Bypass -Command
C:\cfn\scripts\CreateUser.ps1
推荐阅读
- python-3.x - KeyError:'id'烧瓶/Python
- ruby - 当 Hash 的默认值设置为 Hash 时,它给出了意外的输出
- javascript - Vue子组件属性不起作用
- python - 将 pandas join 中的列后缀转换为 MultiIndex
- ios - 从任何类型向下转换为特定类型
- java - 使用 byteBuddy 检测 Java 系统类
- angular - Angular ContentChildren(Component) 获取任何类型
- javascript - Javascript从输入中获取工作日名称
- windows-services - 如何为 Windows 编写一个空白的服务二进制文件?
- matlab - 在 MATLAB 2018a Ubuntu 16.04 中配置 mex