By Anish Nath, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
Alibaba Cloud Elastic Compute Service (ECS) instance metadata provides data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into several categories.
Make sure you have a valid Alibaba Cloud account to try out this experiment. You'll also need an Alibaba Cloud ECS instance to follow this tutorial.
Note:
ECS Metadata URL
ECS Instances access the metadata service at http://100.100.100.200/ .
To retrieve a list of supported versions for the ECS metadata API, make a GET request to the following URI
root@webserver-01:~# curl http://100.100.100.200/
2016-01-01
At present only one version of metadata service is available i.e 2016-01-01, if the new version is added in the Alibaba Metadata service then you will be noticing more new version folder.
windows users can use PowerShell cmdlets to retrieve the URI. For example, if you are running version 3.0 or later of PowerShell, use the following cmdlet:
PS C:\> Invoke-RestMethod -uri http://100.100.100.200/latest/meta-data/
To view latest version of all available service use the below command.
root@webserver-01:~# curl http://100.100.100.200/latest/
meta-data
user-data
dynamic
Retrieve Latest Metadata
To view all latest categories of instance metadata from within a running instance, use the following URI:
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/
dns-conf/
eipv4
hostname
image-id
instance-id
instance/
mac
network-type
network/
ntp-conf/
owner-account-id
private-ipv4
region-id
serial-number
source-address
sub-private-ipv4-list
vpc-cidr-block
vpc-id
vswitch-cidr-block
vswitch-id
The above example gets the top-level metadata items of the running ECS instance. For more information about each of these items refer Alibaba Docs.
Retrieve ECS hostname
This example shows the my ECS instance hostname is webserver-01
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/hostname
webserver-01
Retrieve public EIP of the ECS Instance
EIP are logically associated with the instance and it will not show up in the interface, in order to retrieve the EIP use the following URI
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/eipv4
47.88.57.195
Retrieve Private IP of the ECS instance
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/private-ipv4
172.20.240.104
Retrieve NTP servers of the ECS Instance
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/ntp-conf/ntp-servers
ntp1.aliyun.com
ntp1.cloud.aliyuncs.com
ntp10.cloud.aliyuncs.com
ntp11.cloud.aliyuncs.com
ntp12.cloud.aliyuncs.com
ntp2.aliyun.com
ntp2.cloud.aliyuncs.com
ntp3.aliyun.com
ntp3.cloud.aliyuncs.com
ntp4.aliyun.com
ntp4.cloud.aliyuncs.com
ntp5.aliyun.com
ntp5.cloud.aliyuncs.com
ntp6.aliyun.com
ntp6.cloud.aliyuncs.com
ntp7.cloud.aliyuncs.com
ntp8.cloud.aliyuncs.com
ntp9.cloud.aliyuncs.com
Retrieve Gateway information the ECS Instance
root@webserver-01:~# mac=`http://100.100.100.200/latest/meta-data/network/interfaces/macs/`
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/gateway
172.20.255.253
Retrieve Primary IP address the ECS Instance
If the ECS is having multiple IP's this query will be useful to determine the primary ip address of the ECS instance.
root@webserver-01:~# mac=`http://100.100.100.200/latest/meta-data/network/interfaces/macs/`
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/primary-ip-address
172.20.240.104
Retrieve DNS server information of the ECS Instance
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/dns-conf/nameservers
100.100.2.136
100.100.2.138
Retrieve Region Information
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/region-id
us-west-1
Retrieve ECS instance Type
This example shows the my ECS instance is using ecs.t5-lc2m1.nano flavor.
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/instance/instance-type
ecs.t5-lc2m1.nano
Retrieve Latest User Data
Alibaba Cloud instance metadata can be used to access user data that you specified when launching your ECS instance.
root@webserver-01:~# curl http://100.100.100.200/latest/user-data
#! /bin/sh
echo "Hello World. The time is now $(date -R)!" | tee /root/output10.txtroot@webserver-01:
To retrieve dynamic data from within a running instance, use the following URI:
root@webserver-01:~# curl http://100.100.100.200/latest/dynamic/
instance-identity
The instance-identity document is generated when the ECS instance is launched,
Retrieve instance-identity signature (PKCS7), use the following URI
root@webserver-01:~# curl http://100.100.100.200/latest/dynamic/instance-identity/pkcs7
MIIB6QYJKoZIhvcNAQcCoIIB2jCCAdYCAQExCzAJBgUrDgMCGgUAMCUGCSqGSIb3DQEHAaAYBBZ7Imluc3RhbmNlLXR5cGUiOm51bGx9MYIBmzCCAZcCAQEwdDBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duAgRmZtGHMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAJs01WyFhI+7ZvCcClDofR/8uxrAgAlgDPiiQ1dCqPEZ9zt/l9A5y9SNmuTp66O4i5PBsa46YCl+CnACVDFdAV80sEk2fs/I8wD5niPOdOis/7j49nihFiIfRT7xAoB32HE4Lc+BiZs04s+Turp1J9mSuZF5Lh6g/abHfyU69ckJpWBDhHk/jBWTHK1gfB8miM8n6YQ4NY2R+Y/nHTrP7AHtmvFybodnD6/tefplrHlyhSx7s1Dd/baZcBDPVkkkbSUGL3BCGnbQyt4BTBiv88kfIhOxOJs4uCTaVnX7HhjOKaOQTVzJ4ASJwyjUh0rrFl2b1l+eHQotF7njwsdIysg==
Verify the instance-id
The instance-identity can be verified by using the OpenSSL commands, for this you will be needing the public certificate of Alibaba cloud.
The public cert.cer file
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEZmbRhzANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdV
bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
MB4XDTE4MDIyMzAxMjkzOFoXDTM4MDIxODAxMjkzOFowbDEQMA4GA1UEBhMHVW5r
bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIJwy5sbZDiNyX4mvdP32pqM
YMK4k7+5lRnVR2Fky/5uwyGSPbddNXaXzwEm+u4wIsJiaAN3OZgJpYIoCGik+9lG
5gVAIr0+/3rZ61IbeVE+vDenDd8g/m/YIdYBfC2IbzgS9EVGAf/gJdtDODXrDfQj
Fk2rQsvpftVOUs3Vpl9O+jeCQLoRbZYm0c5v7jP/L2lK0MjhiywPF2kpDeisMtnD
/ArkSPIlg1qVYm3F19v3pa6ZioM2hnwXg5DibYlgVvsIBGhvYqdQ1KosNVcVGGQa
HCUuVGdS7vHJYp3byH0vQYYygzxUJT2TqvK7pD57eYMN5drc7e19oyRQvbPQ3kkC
AwEAAaMhMB8wHQYDVR0OBBYEFAwwrnHlRgFvPGo+UD5zS1xAkC91MA0GCSqGSIb3
DQEBCwUAA4IBAQBBLhDRgezd/OOppuYEVNB9+XiJ9dNmcuHUhjNTnjiKQWVk/YDA
v+T2V3t9yl8L8o61tRIVKQ++lDhjlVmur/mbBN25/UNRpJllfpUH6oOaqvQAze4a
nRgyTnBwVBZkdJ0d1sivL9NZ4pKelJF3Ylw6rp0YMqV+cwkt/vRtzRJ31ZEeBhs7
vKh7F6BiGCHL5ZAwEUYe8O3akQwjgrMUcfuiFs4/sAeDMnmgN6Uq8DFEBXDpAxVN
sV/6Hockdfinx85RV2AUwJGfClcVcu4hMhOvKROpcH27xu9bBIeMuY0vvzP2VyOm
DoJeqU7qZjyCaUBkPimsz/1eRod6d4P5qxTj
-----END CERTIFICATE-----
The Instance-identity verification process.
curl 100.100.100.200/latest/dynamic/instance-identity/document > document
echo "-----BEGIN CERTIFICATE-----" > signature
curl 100.100.100.200/latest/dynamic/instance-identity/pkcs7 >> signature
echo "" >> signature
echo "-----END CERTIFICATE-----" >> signature
openssl smime -verify -in signature -inform PEM -content document -certfile cert.cer -noverify > /dev/null
Verification successful
This verification process guarantees that this ECS instances are running on the Alibaba cloud environment.
In this example, we are going to troubleshoot 404 Not found error resulted during the http get request on accessing public-keys metadata.
This error means that this property was not set during the ECS launch.
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/public-keys
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
To fix these Issues first query whether the desired property public-keys is available on the ECS instance or not by looking up the root directory structure, use the following URI to know
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data
dns-conf/
eipv4
hostname
image-id
instance-id
instance/
mac
network-type
network/
ntp-conf/
owner-account-id
private-ipv4
region-id
serial-number
source-address
sub-private-ipv4-list
vpc-cidr-block
vpc-id
vswitch-cidr-block
vswitch-id
As shown the above output the public-keys metadata information is not available. I need to add this information on the ECS instance.
What I did is, I stopped the instance and bind my SSH public key to this ECS instance id and then restarted the instance to get metadata updated. After the restart the public-keys metadata information is available.
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/ | grep public-keys
public-keys/
So now if I want to retrieve my SSH public key information, I can query
root@webserver-01:~# curl http://100.100.100.200/latest/meta-data/public-keys/0/openssh-key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPl50yi2544OHoZVApUhFhWxrv1jGrc+WCXxLBNCzBrtt1Fc5olqnL/9wcYuHXuniHMJuGSLTzErSdbvqR8rn9HqZSdpwP9Blg0r5JE0a/+ZbIQb5/QMJcHbGYluNY/sRgj/tJSq2l+uS4yaiFPqurKoFhkYWWgDrhMfaY5awZDux90aAwjXjXPnmV4xITF5dUEIr9+oYe2kzK3uH7xbbL7emJRiN43C/9WBlPVSHJ6PrRkBzVYMXL3KWQxeLtjZXjcPq7KhytzgFOKc/m1xMb07txCVHm3onrccbOKw12jnGcc1Fego0QKrwRhclrWNzJ0GiYDcOjEVPE6yX9xlAB
Advanced OpenSSH Features to Harden Access to Your Alibaba Cloud ECS
2,599 posts | 764 followers
FollowIain Ferguson - February 17, 2022
Alibaba Container Service - December 18, 2024
Alibaba Container Service - August 25, 2020
Alibaba EMR - July 19, 2021
Alibaba Cloud Native - March 6, 2024
Alibaba Clouder - October 10, 2018
2,599 posts | 764 followers
FollowElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreAPI Gateway provides you with high-performance and high-availability API hosting services to deploy and release your APIs on Alibaba Cloud products.
Learn MoreAlibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.
Learn MoreMore Posts by Alibaba Clouder