compute-nest-best-practice/opensource/neo4j/single.yaml (468 lines of code) (raw):

ROSTemplateFormatVersion: '2015-09-01' Description: zh-cn: 一键部署Neo4j图数据库至ECS,含实例类型选择、存储配置、自定义安全组与公网访问控制,及自动脚本安装Java环境与Neo4j配置。 en: One-click deployment of Neo4j graph database to Elastic Compute Service (ECS), encompassing instance type selection, storage configuration, customization of security groups, and public network access control, along with automated script execution for installing Java environment and configuring Neo4j. # 参数配置 Parameters: PayType: Type: String Label: en: ECS Instance Charge Type zh-cn: 付费类型 Default: PostPaid AllowedValues: - PostPaid - PrePaid AssociationProperty: ChargeType AssociationPropertyMetadata: LocaleKey: InstanceChargeType PayPeriodUnit: Type: String Label: en: Pay Period Unit zh-cn: 购买资源时长周期 Default: Month AllowedValues: - Month - Year AssociationProperty: PayPeriodUnit AssociationPropertyMetadata: Visible: Condition: Fn::Not: Fn::Equals: - ${PayType} - PostPaid PayPeriod: Type: Number Description: en: When the resource purchase duration is Month, the value of Period ranges from 1 to 9, 12, 24, 36, 48, or 60. <br><b><font color='red'> When ECS instance types are PrePaid valid </b></font> zh-cn: 当购买资源时长为Month时,Period取值:1~9 <br><b><font color='red'>当ECS实例类型为PrePaid有效</b></font> Label: en: Period zh-cn: 购买资源时长 Default: 1 AllowedValues: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 AssociationProperty: PayPeriod AssociationPropertyMetadata: Visible: Condition: Fn::Not: Fn::Equals: - ${PayType} - PostPaid ZoneId: Type: String AssociationProperty: ALIYUN::ECS::Instance::ZoneId Label: en: VSwitch Availability Zone zh-cn: 交换机可用区 VpcId: AssociationProperty: ALIYUN::ECS::VPC::VPCId Type: String Description: en: Please search the ID starting with (vpc-xxx) from console-Virtual Private Cloud zh-cn: 现有虚拟专有网络的实例ID Label: en: VPC ID zh-cn: 专有网络VPC实例ID VSwitchId: AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId AssociationPropertyMetadata: VpcId: ${VpcId} ZoneId: ${ZoneId} Type: String Description: en: Instance ID of existing business network switches, console-Virtual Private Cloud-VSwitches under query zh-cn: 现有业务网络交换机的实例ID Label: en: VSwitch ID zh-cn: 交换机实例ID AutoCreateSecurityGroup: Type: Boolean Default: true Label: zh-cn: 自动创建安全组 en: auto create security group SecurityGroupId: Type: String AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId AssociationPropertyMetadata: VpcId: ${VpcId} Visible: Condition: Fn::Equals: - ${AutoCreateSecurityGroup} - false Default: '' Description: en: Please search the business security group ID starting with(sg-xxx)from console-ECS-Network & Security zh-cn: 现有业务安全组的实例ID Label: en: Business Security Group ID zh-cn: 业务安全组ID EcsInstanceType: Type: String Label: en: Instance Type zh-cn: 实例类型 AssociationProperty: ALIYUN::ECS::Instance::InstanceType AssociationPropertyMetadata: ZoneId: ${ZoneId} InstanceChargeType: ${InstanceChargeType} SystemDiskSize: Default: 40 Type: Number Description: zh-cn: 系统盘大小, 取值范围:[40, 500], 单位:GB。 en: 'System disk size of each node, range of values: 40-500, units: GB.' MinValue: 40 MaxValue: 500 Label: zh-cn: 系统盘空间 en: System Disk Space DataDiskSize: Default: 40 Type: Number Description: zh-cn: 数据盘大小, 取值范围:[40, 500], 单位:GB。 en: 'System disk size of each node, range of values: 40-500, units: GB.' MinValue: 40 MaxValue: 500 Label: zh-cn: 数据盘空间 en: Data Disk Space AllocatePublicIp: Default: false Type: Boolean Label: zh-cn: 开启公网IP en: allocate public ip InternetMaxBandwidthOut: Default: 0 Type: Number Label: zh-cn: 流量公网带宽 en: Internet Max Bandwidth Out MinValue: 0 MaxValue: 100 Description: zh-cn: 取值范围0-100, 0为不开公网ip en: no public ip if zero AssociationPropertyMetadata: Visible: Condition: Fn::Equals: - ${AllocatePublicIp} - true InternetChargeType: Default: PayByTraffic Type: String Label: zh-cn: 流量付费类型 en: Internet Charge Type AllowedValues: - PayByBandwidth - PayByTraffic AssociationPropertyMetadata: LocaleKey: InternetChargeType Visible: Condition: Fn::Equals: - ${AllocatePublicIp} - true InstancePassword: NoEcho: true Type: String Description: en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in) zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号) AllowedPattern: '[0-9A-Za-z\_\-\&:;''<>,=%`~!@#\(\)\$\^\*\+\|\{\}\[\]\.\?\/]+$' Label: en: Instance Password zh-cn: 实例密码 ConstraintDescription: en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in) zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号) MinLength: 8 MaxLength: 30 AssociationProperty: ALIYUN::ECS::Instance::Password Conditions: IfAutoCreateSecurityGroup: Fn::Equals: - Ref: AutoCreateSecurityGroup - true IfAllocatePublicIp: Fn::Equals: - Ref: AllocatePublicIp - true # 资源配置 Resources: EcsSecurityGroup: Type: ALIYUN::ECS::SecurityGroup Condition: IfAutoCreateSecurityGroup Properties: SecurityGroupName: Ref: ALIYUN::StackName VpcId: Ref: VpcId # 只开放访问外网的规则 SecurityGroupEgress: - PortRange: '-1/-1' Priority: 1 IpProtocol: all DestCidrIp: 0.0.0.0/0 NicType: intranet SecurityGroupIngress: Fn::If: - IfAllocatePublicIp - - PortRange: 7474/7474 Priority: 1 SourceCidrIp: 0.0.0.0/0 IpProtocol: tcp NicType: internet - Ref: ALIYUN::NoValue # 定义waitCondition和waitConditionHandle来等待跳板机命令执行完毕部署成功 WaitCondition: Type: ALIYUN::ROS::WaitCondition Properties: Count: 1 Handle: Ref: WaitConditionHandle Timeout: 300 WaitConditionHandle: Type: ALIYUN::ROS::WaitConditionHandle EcsInstanceGroup: Type: ALIYUN::ECS::InstanceGroup Properties: ZoneId: Ref: ZoneId # 实例名 InstanceName: Fn::Join: - '-' - - Ref: ALIYUN::StackName - '[1,4]' IoOptimized: optimized # 付费类型 InstanceChargeType: Ref: PayType PeriodUnit: Ref: PayPeriodUnit Period: Ref: PayPeriod # 网络配置 VpcId: Ref: VpcId VSwitchId: Ref: VSwitchId SecurityGroupId: Fn::If: - IfAutoCreateSecurityGroup - Ref: EcsSecurityGroup - Ref: SecurityGroupId # 磁盘类型和大小 SystemDiskCategory: cloud_essd SystemDiskSize: Ref: SystemDiskSize DiskMappings: - Category: cloud_essd Size: Ref: DataDiskSize MaxAmount: 1 # 镜像 ImageId: centos_7 # 实例类型 InstanceType: Ref: EcsInstanceType Password: Ref: InstancePassword AllocatePublicIP: Ref: AllocatePublicIp InternetMaxBandwidthOut: Fn::If: - IfAllocatePublicIp - Ref: InternetMaxBandwidthOut - 0 InternetChargeType: Ref: InternetChargeType # 启动脚本 # cloud-init执行用户命令 # /var/log/cloud-init.log /var/log/cloud-init-output.log 可以看到执行日志 # /var/lib/cloud/instance/scripts/part-001 为具体的脚本 可以sh 执行来排查问题 UserData: Fn::Sub: - | #!/bin/bash # 挂盘到/data cat >> /root/InitDataDisk.sh << "EOF" #!/bin/bash echo "p n p w " | fdisk -u /dev/vdb EOF /bin/bash /root/InitDataDisk.sh rm -f /root/InitDataDisk.sh mkfs -t ext4 /dev/vdb1 cp /etc/fstab /etc/fstab.bak mkdir /data echo `blkid /dev/vdb1 | awk '{print $2}' | sed 's/\\\"//g'` /data ext4 defaults 0 0 >> /etc/fstab mount -a mkdir /opt/java # 这里配置安装脚本 # 安装java wget '{{ computenest::file::jdk17 }}' tar xvf jdk-17_linux-x64_bin.tar.gz && rm -f jdk-17_linux-x64_bin.tar.gz mv jdk-17.0.6 /opt/ ln -s /opt/jdk-17.0.6 /usr/local/java echo 'export JAVA_HOME=/usr/local/java' >> /etc/profile echo 'export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar' >> /etc/profile echo 'export PATH=$JAVA_HOME/bin:$PATH' >> /etc/profile source /etc/profile ln -s /usr/local/java/bin/java /usr/local/bin/java # neo4j groupadd neo4j useradd -g neo4j neo4j -s /bin/bash mkdir -p /data/neo4j chown -R neo4j:neo4j /data/neo4j wget '{{ computenest::file::neo4j }}' tar xvf neo4j-community-5.4.0-unix.tar.gz && rm neo4j-community-5.4.0-unix.tar.gz mv neo4j-community-5.4.0 /opt/ ln -s /opt/neo4j-community-5.4.0 /opt/neo4j ln -s /opt/neo4j/conf /etc/neo4j mv /opt/neo4j/conf/neo4j.conf /opt/neo4j/conf/neo4j.conf.tmpl cat >> /opt/neo4j/conf/neo4j.conf << "EOF" server.directories.data=/data/neo4j/data server.directories.logs=/data/neo4j/logs server.directories.import=import server.default_listen_address=0.0.0.0 server.bolt.enabled=true server.bolt.listen_address=:7687 server.bolt.advertised_address=:7687 server.http.enabled=true server.http.listen_address=:7474 server.http.advertised_address=:7474 server.https.enabled=false server.jvm.additional=-XX:+UseG1GC server.jvm.additional=-XX:-OmitStackTraceInFastThrow server.jvm.additional=-XX:+AlwaysPreTouch server.jvm.additional=-XX:+UnlockExperimentalVMOptions server.jvm.additional=-XX:+TrustFinalNonStaticFields server.jvm.additional=-XX:+DisableExplicitGC server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024 server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256 server.jvm.additional=-XX:+UnlockDiagnosticVMOptions server.jvm.additional=-XX:+DebugNonSafepoints server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED server.jvm.additional=-Dlog4j2.disable.jmx=true server.windows_service_name=neo4j EOF chown -R neo4j:neo4j /opt/neo4j-community-5.4.0 chown -R neo4j:neo4j /opt/neo4j cat >> /lib/systemd/system/neo4j.service << "EOF" [Unit] Description=Neo4j Graph Database After=network-online.target Wants=network-online.target [Service] ExecStart=/opt/neo4j/bin/neo4j console Restart=on-abnormal User=neo4j Group=neo4j Environment="NEO4J_CONF=/opt/neo4j/conf" "NEO4J_HOME=/opt/neo4j" LimitNOFILE=60000 TimeoutSec=120 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable neo4j systemctl start neo4j systemctl status neo4j # 执行成功回调WaitCondition结束waitCondition的等待 ${CurlCli} -d "{\"Data\" : \"Success\", \"status\" : \"SUCCESS\"}" # 获取到waitConditionHandle的地址放到 ${CurlCli}变量里 - CurlCli: Fn::GetAtt: - WaitConditionHandle - CurlCli RegionId: Ref: ALIYUN::Region # 定义输出 Outputs: # 将内网ip做为http返回的地址显示在控制台 PrivateEndpoint: Description: zh-cn: 内网IP地址 en: Private IP Addresses Value: Fn::Sub: - http://${ServerAddress}:7474 - ServerAddress: Fn::Select: - 0 - Fn::GetAtt: - EcsInstanceGroup - PrivateIps # 将公网ip做为http返回的地址显示在控制台 PublicEndpoint: Condition: IfAllocatePublicIp Description: zh-cn: 对外暴露的公网IP地址 en: Public IP Addresses Value: Fn::Sub: - http://${ServerAddress}:7474 - ServerAddress: Fn::Select: - 0 - Fn::GetAtt: - EcsInstanceGroup - PublicIps # 安装路径 InstallPath: Description: zh-cn: 安装路径 en: Install Path Value: /opt/neo4j DefaultUserInfo: Description: zh-cn: 默认用户信息 en: default user info Value: 'username:neo4j password:neo4j' Metadata: ALIYUN::ROS::Interface: # 分组信息 ParameterGroups: - Parameters: - PayType - PayPeriodUnit - PayPeriod Label: default: en: PayType Configuration zh-cn: 付费类型配置 - Parameters: - ZoneId Label: default: zh-cn: 可用区配置 en: Zone Configuration - Parameters: - VpcId - VSwitchId - AutoCreateSecurityGroup - SecurityGroupId Label: default: zh-cn: 选择已有基础资源配置 en: Choose existing Infrastructure Configuration - Parameters: - EcsInstanceType - SystemDiskSize - DataDiskSize - InstancePassword Label: default: en: Instance Configuration zh-cn: ECS实例配置 - Parameters: - AllocatePublicIp - InternetChargeType - InternetMaxBandwidthOut Label: default: en: Network Configurate zh-cn: ECS网络配置