跳转到主要内容

Documentation Index

Fetch the complete documentation index at: https://docs.automq.com/llms.txt

Use this file to discover all available pages before exploring further.

背景

AutoMQ Console(早于 8.0 版本)是通过云厂商 Marketplace 分发,通过 AMI 镜像安装。自 8.0 版本开始,AutoMQ Console 通过 Docker 镜像分发和安装。新用户和新环境建议参考 安装 BYOC 控制台 文档前往安装。 本文档介绍已经存在的 BYOC 环境控制台早期版本,如何平滑升级到 8.x 版本。

约束

  • 云厂商: 当前仅 AWS 云厂商环境下支持 8.x 版本,其他云厂商正在适配中,如有需求请参考联系我们文档,联系我们。
  • 确认当前环境内没有使用 AWS 托管的 Prometheus 服务: 如有使用,请联系 AutoMQ 技术人员沟通方案。

升级步骤

整体步骤分为:注册 AutoMQ 账号、确认部署信息、获取升级命令、停止旧版控制台、配置 IAM 权限、执行升级。

1. 注册组织和账号

前往 AutoMQ 官网,注册组织和账号。AutoMQ 官网注册地址是:https://console.automq.cloud/

2. 确认部署信息

确认当前 BYOC 控制台的部署信息,并发送给 AutoMQ 技术人员,用于迁移环境元数据和生成安装命令。需要收集的信息有:
  • 环境 ID
  • 部署地域
  • 部署版本
  • 安装 ID
  • OpsBucket
建议登录 AutoMQ 控制台,前往设置页面查看上述信息。同时需要将新注册的 AutoMQ 组织 ID 告知 AutoMQ 技术人员。

3. 获取升级命令

AutoMQ 技术人员会基于步骤 2 的信息生成当前环境的元信息和升级安装命令,用于后续执行升级。

4. 停止旧版控制台

登录 AutoMQ 控制台所在的 EC2 机器,停止当前环境控制台程序。停止的操作命令如下: 
sudo systemctl stop cmp.service

5. 修改 EC2 元数据访问限制 (可选)

AutoMQ 8.x 版本的控制台是通过 Docker 容器部署,容器内的程序需要访问宿主机 EC2 的元数据服务,并且默认的安装命令 容器采用 Host模式。 如果您期望使用 Bridge 等模式则需要将 EC2 实例的元数据响应跳数限制(HttpPutResponseHopLimit)设置为 2。操作步骤如下:
  1. 登录到 AWS EC2 控制台
  2. 在实例列表中,选中承载 AutoMQ 控制台的 EC2 实例。
  3. 选择 操作 > 实例设置 > 修改实例元数据选项
  4. 在对话框中,将 元数据响应跳数限制 的值从 1 修改为 2
  5. 点击 保存

6. 创建并配置 IAM Role

客户前往 AWS IAM 控制台(https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/roles),为 AutoMQ 控制台创建新的 IAM Role,并授予必要的云资源操作权限。8.x 版本后 AutoMQ 控制台需要获取创建数据面集群的 IAM Role 权限,即后续由 AutoMQ 控制台管理各个数据面集群运行所需的 IAM 权限和角色。 操作流程是,前往 IAM 控制台创建一个自定义 IAM Policy,然后创建 IAM Role,选择服务类型为 EC2,分配刚才的 IAM Policy。接着前往 EC2 控制台修改当前控制台所在的 EC2 实例,修改绑定的 Role。 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "BasicIamCheckPermissions",
      "Effect": "Allow",
      "Action": [
        "iam:GetPolicy",
        "iam:ListRoles",
        "iam:GetInstanceProfile",
        "iam:ListInstanceProfilesForRole",
        "iam:GetRole",
        "iam:GetRolePolicy",
        "iam:ListRolePolicies",
        "iam:ListAttachedRolePolicies",
        "iam:GetPolicyVersion",
        "iam:GetUser",
        "iam:GetUserPolicy",
        "iam:ListUserPolicies",
        "iam:ListAttachedUserPolicies"
      ],
      "Resource": "*"
    },
    {
      "Sid": "OpsBucketManagePermissions",
      "Effect": "Allow",
      "Action": [
        "s3:GetLifecycleConfiguration",
        "s3:PutLifecycleConfiguration",
        "s3:ListBucket",
        "s3:PutBucketTagging",
        "s3:GetBucketPolicy",
        "s3:CreateBucket",
        "s3:PutBucketPolicy"
      ],
      "Resource": "arn:aws:s3:::{Replace with your truly OpsBucket}"
    },
    {
      "Sid": "OpsBucketOperationPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::{Replace with your truly OpsBucket}/*"
    },
    {
      "Sid": "DataBucketManagePermissions",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetLifecycleConfiguration",
        "s3:CreateBucket",
        "s3:PutBucketTagging",
        "s3:DeleteBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "*"
    },
    {
      "Sid": "DataBucketObjectCleanPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AutoScalingServiceRolePermissions",
      "Effect": "Allow",
      "Action": "iam:CreateServiceLinkedRole",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "iam:AWSServiceName": "autoscaling.amazonaws.com"
        }
      }
    },
    {
      "Sid": "Ec2InstanceProfilePassPermissions",
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "iam:PassedToService": "ec2.amazonaws.com*"
        }
      }
    },
    {
      "Sid": "Ec2AndAutoscalingReadAndCreatePermissions",
      "Effect": "Allow",
      "Action": [
        "ssm:GetParameters",
        "s3:ListAllMyBuckets",
        "route53:ListHostedZones",
        "route53:ListHostedZonesByName",
        "route53:ListHostedZonesByVpc",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:CreateAutoScalingGroup",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeInstanceTypeOfferings",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpcEndpoints",
        "ec2:DescribeSubnets",
        "ec2:DescribeImages",
        "ec2:DescribeKeyPairs",
        "ec2:CreateKeyPair",
        "ec2:DescribeVolumes",
        "ec2:CreateVolume",
        "ec2:DescribeSecurityGroups",
        "ec2:CreateSecurityGroup",
        "ec2:DescribeSecurityGroupRules",
        "ec2:DescribeLaunchTemplates",
        "ec2:DescribeLaunchTemplateVersions",
        "ec2:CreateLaunchTemplateVersion",
        "ec2:CreateLaunchTemplate",
        "ec2:ModifyLaunchTemplate",
        "ec2:DeleteLaunchTemplate",
        "ec2:DescribeTags",
        "ec2:CreateTags",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceAttribute",
        "ec2:RunInstances"
      ],
      "Resource": "*"
    },
    {
      "Sid": "Ec2AndAutoscalingOperationPermissions",
      "Effect": "Allow",
      "Action": [
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:DeleteVolume",
        "ec2:DeleteKeyPair",
        "ec2:TerminateInstances",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:DeleteSecurityGroup",
        "autoscaling:AttachInstances",
        "autoscaling:DetachInstances",
        "autoscaling:SuspendProcesses",
        "autoscaling:ResumeProcesses",
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:DeleteAutoScalingGroup",
        "ec2:StopInstances",
        "ec2:RebootInstances"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:ResourceTag/automqVendor": "automq"
        }
      }
    },
    {
      "Sid": "EksReadPermissions",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "route53:ListHostedZones",
        "route53:ListHostedZonesByName",
        "route53:ListHostedZonesByVpc",
        "eks:ListClusters",
        "eks:DescribeCluster",
        "eks:ListNodegroups",
        "eks:DescribeNodegroup",
        "eks:ListAccessEntries",
        "eks:DescribeAccessEntry",
        "eks:ListAssociatedAccessPolicies",
        "elasticloadbalancing:DescribeTargetGroups"
      ],
      "Resource": "*"
    },
    {
      "Sid": "ClusterRoleManagementPermissions",
      "Effect": "Allow",
      "Action": [
        "iam:ListOpenIDConnectProviders",
        "iam:GetOpenIdConnectProvider",
        "iam:GetPolicy",
        "iam:CreatePolicy",
        "iam:TagPolicy",
        "iam:CreatePolicyVersion",
        "iam:GetPolicyVersion",
        "iam:AttachRolePolicy",
        "iam:DetachRolePolicy",
        "iam:DeletePolicy",
        "iam:ListRoles",
        "iam:GetRole",
        "iam:CreateRole",
        "iam:TagRole",
        "iam:DeleteRole",
        "iam:ListRolePolicies",
        "iam:ListAttachedRolePolicies",
        "iam:ListPolicyVersions",
        "iam:DeletePolicyVersion",
        "iam:ListInstanceProfilesForRole",
        "iam:GetInstanceProfile",
        "iam:CreateInstanceProfile",
        "iam:AddRoleToInstanceProfile",
        "iam:RemoveRoleFromInstanceProfile",
        "iam:DeleteInstanceProfile"
      ],
      "Resource": "*"
    },
    {
      "Sid": "Route53ManagementPermissions",
      "Effect": "Allow",
      "Action": [
        "route53:GetHostedZone",
        "route53:ListResourceRecordSets",
        "route53:ChangeResourceRecordSets",
        "route53:CreateHostedZone",
        "route53:DeleteHostedZone",
        "route53:ChangeTagsForResource"
      ],
      "Resource": "*"
    },
    {
      "Sid": "NfsReadAndCreatePermissions",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRouteTables",
        "ec2:DescribeNetworkInterfaceAttribute",
        "ec2:DescribeNetworkInterfaces",
        "ec2:CreateNetworkInterface",
        "fsx:TagResource",
        "fsx:DescribeVolumes",
        "fsx:CreateVolume",
        "fsx:DescribeStorageVirtualMachines",
        "fsx:CreateStorageVirtualMachine",
        "fsx:DescribeFileSystems",
        "fsx:CreateFileSystem",
        "elasticfilesystem:CreateFileSystem",
        "elasticfilesystem:DescribeFileSystems",
        "elasticfilesystem:CreateMountTarget",
        "elasticfilesystem:DescribeMountTargets",
        "elasticfilesystem:DescribeMountTargetSecurityGroups",
        "elasticfilesystem:TagResource"
      ],
      "Resource": "*"
    },
    {
      "Sid": "NfsOperationPermissions",
      "Effect": "Allow",
      "Action": [
        "ec2:DeleteNetworkInterface",
        "fsx:UpdateVolume",
        "fsx:DeleteVolume",
        "fsx:DeleteStorageVirtualMachine",
        "fsx:UpdateFileSystem",
        "fsx:DeleteFileSystem",
        "elasticfilesystem:UpdateFileSystem",
        "elasticfilesystem:DeleteFileSystem",
        "elasticfilesystem:DeleteMountTarget"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:ResourceTag/automqVendor": "automq"
        }
      }
    },
    {
      "Sid": "Ec2PricingPermissions",
      "Effect": "Allow",
      "Action": [
        "pricing:DescribeServices",
        "pricing:GetAttributeValues",
        "pricing:GetProducts"
      ],
      "Resource": "*"
    }
  ]
}

7. 安装 docker 并启动 AutoMQ 控制台

在执行升级命令前,请先确保您的环境中已经安装并启动了 Docker。 
# 安装 docker
sudo yum install docker -y

# 启动 docker 服务
sudo systemctl start docker

# 设置 docker 开机自启
sudo systemctl enable docker
复制第三步展示的升级安装命令,直接启动新版本的 AutoMQ 控制台。一个示例的 Docker 运行命令如下: 
sudo docker run -d -v /home/admin:/root \
  -p 8080:8080 \
  -e CLOUD_PROVIDER=aws \
  -e REGION=ap-northeast-1 \
  -e OPS_BUCKET=automq-ops-xxxx \
  -e CONSOLE_INITIAL_USER=admin \
  -e CONSOLE_INITIAL_PASSWORD=admin \
  -e CLIENT_ID=env-xxxx \
  -e CLIENT_SECRET=xxx \
  xxx/automq/automq_byoc_console:xxxx
观察到Docker 容器正常运行,且 8080 端口正常联通,即可浏览器访问 AutoMQ 控制台服务。

8. 复制安装 ID,更新 License

由于 8.x版本更换了安装介质和启动方式,因此新版本的安装 ID 会发生变化。登录新版本控制台后,会提示 License 失效,此时复制控制台页面展示的安装 ID,联系 AutoMQ 技术人员更新信息,即可进入新版本控制台。
提示:在升级过程中,控制台提示 License 失效,这并不会影响集群的正常运行。您只需联系 AutoMQ 技术人员,录入新的安装 ID 即可使 License 生效。