Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Alibaba Cloud ECS Metadata, User Data, and Dynamic Data

Alibaba Cloud ECS Metadata, User Data, and Dynamic Data

In this article, we will learn how to retrieve Alibaba Cloud ECS instance metadata to better understand and manage our servers.

By Anish Nath, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Alibaba Cloud Elastic Compute Service (ECS) instance metadata provides data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into several categories.

Before You Begin

Make sure you have a valid Alibaba Cloud account to try out this experiment. You'll also need an Alibaba Cloud ECS instance to follow this tutorial.

Note:

  1. The metadata is only applicable for VPC-Connected instances.
  2. Any Manual change in the instance information will not reflect in the instance metadata.
  3. Metadata can only be accessed http GET method.

Alibaba Cloud ECS Metadata

ECS Metadata URL

ECS Instances access the metadata service at http://100.100.100.200/ .

To retrieve a list of supported versions for the ECS metadata API, make a GET request to the following URI

root@webserver-01:~# curl http://100.100.100.200/
2016-01-01

At present only one version of metadata service is available i.e 2016-01-01, if the new version is added in the Alibaba Metadata service then you will be noticing more new version folder.

windows users can use PowerShell cmdlets to retrieve the URI. For example, if you are running version 3.0 or later of PowerShell, use the following cmdlet:

PS C:\> Invoke-RestMethod -uri http://100.100.100.200/latest/meta-data/

To view latest version of all available service use the below command.

root@webserver-01:~# curl  http://100.100.100.200/latest/
meta-data
user-data
dynamic

Retrieve Latest Metadata

To view all latest categories of instance metadata from within a running instance, use the following URI:

root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/
dns-conf/
eipv4
hostname
image-id
instance-id
instance/
mac
network-type
network/
ntp-conf/
owner-account-id
private-ipv4
region-id
serial-number
source-address
sub-private-ipv4-list
vpc-cidr-block
vpc-id
vswitch-cidr-block
vswitch-id

The above example gets the top-level metadata items of the running ECS instance. For more information about each of these items refer Alibaba Docs.

Retrieve ECS hostname

This example shows the my ECS instance hostname is webserver-01

root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/hostname
webserver-01

Retrieve public EIP of the ECS Instance

EIP are logically associated with the instance and it will not show up in the interface, in order to retrieve the EIP use the following URI

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/eipv4
47.88.57.195

Retrieve Private IP of the ECS instance

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/private-ipv4 
172.20.240.104

Retrieve NTP servers of the ECS Instance

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/ntp-conf/ntp-servers
ntp1.aliyun.com
ntp1.cloud.aliyuncs.com
ntp10.cloud.aliyuncs.com
ntp11.cloud.aliyuncs.com
ntp12.cloud.aliyuncs.com
ntp2.aliyun.com
ntp2.cloud.aliyuncs.com
ntp3.aliyun.com
ntp3.cloud.aliyuncs.com
ntp4.aliyun.com
ntp4.cloud.aliyuncs.com
ntp5.aliyun.com
ntp5.cloud.aliyuncs.com
ntp6.aliyun.com
ntp6.cloud.aliyuncs.com
ntp7.cloud.aliyuncs.com
ntp8.cloud.aliyuncs.com
ntp9.cloud.aliyuncs.com

Retrieve Gateway information the ECS Instance

root@webserver-01:~# mac=`http://100.100.100.200/latest/meta-data/network/interfaces/macs/`
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/gateway
172.20.255.253

Retrieve Primary IP address the ECS Instance

If the ECS is having multiple IP's this query will be useful to determine the primary ip address of the ECS instance.

root@webserver-01:~# mac=`http://100.100.100.200/latest/meta-data/network/interfaces/macs/`
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/primary-ip-address
172.20.240.104

Retrieve DNS server information of the ECS Instance

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/dns-conf/nameservers
100.100.2.136
100.100.2.138

Retrieve Region Information

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/region-id
us-west-1

Retrieve ECS instance Type

This example shows the my ECS instance is using ecs.t5-lc2m1.nano flavor.

root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/instance/instance-type
ecs.t5-lc2m1.nano

Retrieve Latest User Data

Alibaba Cloud instance metadata can be used to access user data that you specified when launching your ECS instance.

root@webserver-01:~# curl http://100.100.100.200/latest/user-data
#! /bin/sh
echo "Hello World. The time is now $(date -R)!" | tee /root/output10.txtroot@webserver-01:

Retrieving Dynamic Data

To retrieve dynamic data from within a running instance, use the following URI:

root@webserver-01:~# curl  http://100.100.100.200/latest/dynamic/
instance-identity

The instance-identity document is generated when the ECS instance is launched,

Retrieve instance-identity signature (PKCS7), use the following URI

root@webserver-01:~# curl  http://100.100.100.200/latest/dynamic/instance-identity/pkcs7
MIIB6QYJKoZIhvcNAQcCoIIB2jCCAdYCAQExCzAJBgUrDgMCGgUAMCUGCSqGSIb3DQEHAaAYBBZ7Imluc3RhbmNlLXR5cGUiOm51bGx9MYIBmzCCAZcCAQEwdDBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duAgRmZtGHMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAJs01WyFhI+7ZvCcClDofR/8uxrAgAlgDPiiQ1dCqPEZ9zt/l9A5y9SNmuTp66O4i5PBsa46YCl+CnACVDFdAV80sEk2fs/I8wD5niPOdOis/7j49nihFiIfRT7xAoB32HE4Lc+BiZs04s+Turp1J9mSuZF5Lh6g/abHfyU69ckJpWBDhHk/jBWTHK1gfB8miM8n6YQ4NY2R+Y/nHTrP7AHtmvFybodnD6/tefplrHlyhSx7s1Dd/baZcBDPVkkkbSUGL3BCGnbQyt4BTBiv88kfIhOxOJs4uCTaVnX7HhjOKaOQTVzJ4ASJwyjUh0rrFl2b1l+eHQotF7njwsdIysg==

Verify the instance-id

The instance-identity can be verified by using the OpenSSL commands, for this you will be needing the public certificate of Alibaba cloud.

The public cert.cer file

-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEZmbRhzANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdV
bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
MB4XDTE4MDIyMzAxMjkzOFoXDTM4MDIxODAxMjkzOFowbDEQMA4GA1UEBhMHVW5r
bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIJwy5sbZDiNyX4mvdP32pqM
YMK4k7+5lRnVR2Fky/5uwyGSPbddNXaXzwEm+u4wIsJiaAN3OZgJpYIoCGik+9lG
5gVAIr0+/3rZ61IbeVE+vDenDd8g/m/YIdYBfC2IbzgS9EVGAf/gJdtDODXrDfQj
Fk2rQsvpftVOUs3Vpl9O+jeCQLoRbZYm0c5v7jP/L2lK0MjhiywPF2kpDeisMtnD
/ArkSPIlg1qVYm3F19v3pa6ZioM2hnwXg5DibYlgVvsIBGhvYqdQ1KosNVcVGGQa
HCUuVGdS7vHJYp3byH0vQYYygzxUJT2TqvK7pD57eYMN5drc7e19oyRQvbPQ3kkC
AwEAAaMhMB8wHQYDVR0OBBYEFAwwrnHlRgFvPGo+UD5zS1xAkC91MA0GCSqGSIb3
DQEBCwUAA4IBAQBBLhDRgezd/OOppuYEVNB9+XiJ9dNmcuHUhjNTnjiKQWVk/YDA
v+T2V3t9yl8L8o61tRIVKQ++lDhjlVmur/mbBN25/UNRpJllfpUH6oOaqvQAze4a
nRgyTnBwVBZkdJ0d1sivL9NZ4pKelJF3Ylw6rp0YMqV+cwkt/vRtzRJ31ZEeBhs7
vKh7F6BiGCHL5ZAwEUYe8O3akQwjgrMUcfuiFs4/sAeDMnmgN6Uq8DFEBXDpAxVN
sV/6Hockdfinx85RV2AUwJGfClcVcu4hMhOvKROpcH27xu9bBIeMuY0vvzP2VyOm
DoJeqU7qZjyCaUBkPimsz/1eRod6d4P5qxTj
-----END CERTIFICATE-----

The Instance-identity verification process.

curl 100.100.100.200/latest/dynamic/instance-identity/document > document

echo "-----BEGIN CERTIFICATE-----" > signature

curl 100.100.100.200/latest/dynamic/instance-identity/pkcs7 >> signature

echo "" >> signature

echo "-----END CERTIFICATE-----" >> signature

openssl smime -verify -in signature -inform PEM -content document -certfile cert.cer -noverify > /dev/null
Verification successful

This verification process guarantees that this ECS instances are running on the Alibaba cloud environment.

Troubleshooting

In this example, we are going to troubleshoot 404 Not found error resulted during the http get request on accessing public-keys metadata.

This error means that this property was not set during the ECS launch.

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/public-keys
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 - Not Found</title>
 </head>
 <body>
  <h1>404 - Not Found</h1>
 </body>
</html>

To fix these Issues first query whether the desired property public-keys is available on the ECS instance or not by looking up the root directory structure, use the following URI to know

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data
dns-conf/
eipv4
hostname
image-id
instance-id
instance/
mac
network-type
network/
ntp-conf/
owner-account-id
private-ipv4
region-id
serial-number
source-address
sub-private-ipv4-list
vpc-cidr-block
vpc-id
vswitch-cidr-block
vswitch-id

As shown the above output the public-keys metadata information is not available. I need to add this information on the ECS instance.

What I did is, I stopped the instance and bind my SSH public key to this ECS instance id and then restarted the instance to get metadata updated. After the restart the public-keys metadata information is available.

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/ |  grep public-keys
public-keys/

So now if I want to retrieve my SSH public key information, I can query

root@webserver-01:~# curl  http://100.100.100.200/latest/meta-data/public-keys/0/openssh-key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPl50yi2544OHoZVApUhFhWxrv1jGrc+WCXxLBNCzBrtt1Fc5olqnL/9wcYuHXuniHMJuGSLTzErSdbvqR8rn9HqZSdpwP9Blg0r5JE0a/+ZbIQb5/QMJcHbGYluNY/sRgj/tJSq2l+uS4yaiFPqurKoFhkYWWgDrhMfaY5awZDux90aAwjXjXPnmV4xITF5dUEIr9+oYe2kzK3uH7xbbL7emJRiN43C/9WBlPVSHJ6PrRkBzVYMXL3KWQxeLtjZXjcPq7KhytzgFOKc/m1xMb07txCVHm3onrccbOKw12jnGcc1Fego0QKrwRhclrWNzJ0GiYDcOjEVPE6yX9xlAB
Computing Tech Share Resource Management ECS Metadata
1 1 0
Share on

Read previous post:

Creating and Attaching a Block Storage Disk onto an ECS

Read next post:

Advanced OpenSSH Features to Harden Access to Your Alibaba Cloud ECS

Alibaba Clouder

2,599 posts | 762 followers

You may also like

Comments

Alibaba Clouder

2,599 posts | 762 followers

Related Products

  • ECS(Elastic Compute Service)

    Elastic and secure virtual cloud servers to cater all your cloud hosting needs.

    Learn More

  • API Gateway

    API Gateway provides you with high-performance and high-availability API hosting services to deploy and release your APIs on Alibaba Cloud products.

    Learn More

  • Function Compute

    Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.

    Learn More

More Posts by Alibaba Clouder

See All