All Products
Search

This Product

    :Automatically release secondary ENIs that have EIPs for ECS instances

    Document Center

    :Automatically release secondary ENIs that have EIPs for ECS instances

    Last Updated:Jun 13, 2024

    The lifecycle hook feature of Auto Scaling allows you to perform custom operations on Elastic Compute Service (ECS) instances before they are stopped. This gives you an opportunity to release secondary elastic network interfaces (ENIs) that have elastic IP addresses (EIPs) for ECS instances. If you combine the lifecycle hook feature and a CloudOps Orchestration Service (OOS) template, you can further simplify the process of releasing secondary ENIs that have EIPs for ECS instances.

    Prerequisites

    • A scaling group is created and is in the Enabled state.

    • Your scaling group contains ECS instances to which secondary ENIs that have EIPs are attached.

    • A RAM role is created for CloudOps Orchestration Service (OOS). The trusted entity of the RAM role must be Alibaba Cloud Service, the trusted service must be CloudOps Orchestration Service, and the RAM role must have the permissions to perform operations on the OOS template. For more information, see Use RAM to grant permissions to OOS.

      Note

      In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.

    Background information

    If your scaling group contains ECS instances to which secondary ENIs that have EIPs are attached, Auto Scaling is designed not to release the EIPs when deleting the ECS instances. You can combine the lifecycle hook feature and an OOS template to automate the simultaneous release of the secondary ENIs and EIPs.

    Procedure

    In this example, the ACS-ESS-LifeCycleDetachNetworkInterfaceAndDeleteEip public template is used to show how to automate the process of simultaneously releasing secondary ENIs and EIPs for ECS instances.

    Step 1: Grant a RAM role the permissions on OOS

    You must have the permissions to execute OOS templates. The ACS-ESS-LifeCycleDetachNetworkInterfaceAndDeleteEip template includes ECS, Auto Scaling, and EIP resources that are required to perform O&M tasks.

    1. Log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Roles.

    3. Find OOSServiceRole and click Grant Permission in the Actions column.

      Add the required permissions for the OOSServiceRole RAM role that is assumed by OOS to complete the authorization.

    4. In the Grant Permission panel, configure Resource Scope and Policy. After you complete the configuration, click Grant permissions.

      The following table describes the settings that are used in this example. Any parameters not covered in the following table default to their predefined settings.

      Parameter

      Description

      Resource Scope

      Set the value to Account.

      Policy

      Select the following system policies: AliyunECSFullAccess, AliyunESSFullAccess, and AliyunEIPFullAccess.

    Step 2: Create a lifecycle hook for scale-in purposes and trigger a scale-in event

    1. Log on to the Auto Scaling console.

    2. In the left-side navigation pane, click Scaling Groups.

    3. In the top navigation bar, select the region where Auto Scaling is activated.

    4. Find a scaling group and use one of the following methods to go to the scaling group details page:

      • Click the ID of the scaling group in the Scaling Group Name/ID column.

      • Click Details in the Actions column.

    5. Create a lifecycle hook.

      1. In the upper part of the scaling group details page, click the Lifecycle Hook tab.

      2. Click Create Lifecycle Hook.

      3. Configure parameters based on your business requirements and click OK.

        The following table describes the settings that are used in this example. Any parameters not covered in the following table default to their predefined settings.

        Parameter

        Description

        Name

        Enter ESSHookForDeleteNicAndEip.

        Scaling Activity

        Select Scale-in Event.

        Timeout Period

        Configure Timeout Period based on your business requirements. In this example, set the value to 300. Unit: seconds.

        Note

        The timeout period is the period of time during which you can perform custom operations on instances. If the timeout period is shorter than the period of time that is required to perform custom operations, the operations may fail. We recommend that you estimate the period of time that is required to perform custom operations on instances and configure Timeout Period based on your estimates.

        Default Execution Policy

        Select Continue.

        Send Notification When Lifecycle Hook Takes Effect

        Configure the following parameters for the template:

        • Select OOS Template.

        • Select Public Templates.

        • Select ACS-ESS-LifeCycleDetachNetworkInterfaceAndDeleteEip.

        In the ACS-ESS-LifeCycleDetachNetworkInterfaceAndDeleteEip public template, set OOSAssumeRole to OOSServiceRole. In Step 1, OOSServiceRole is granted the permissions on the ECS, Auto Scaling, and EIP resources. OOS obtains the preceding permissions after it assumes the RAM role.

    6. Trigger a scale-in event.

      In this example, a scale-in event is manually triggered by executing a scaling rule. You can also trigger scale-in events by using scheduled or event-triggered tasks.

      Note

      If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.

      1. In the upper part of the page that appears, click the Scaling Rules and Event-triggered Tasks tab.

      2. On the Scaling Rules tab, click Create Scaling Rule.

      3. In the Create Scaling Rule dialog box, configure parameters based on your business requirements and click OK.

        The following table describes the settings that are used in this example. Any parameters not covered in the following table default to their predefined settings.

        Parameter

        Description

        Rule Name

        Enter Delete1.

        Rule Type

        Select Simple Scaling Rule.

        Operation

        Set the value to Remove 1 Instances.

      4. On the Scaling Rules tab, find Delete1 and click Execute in the Actions column.

      5. In the Execute Scaling Rule message, click OK.

      After the scaling rule is executed, Auto Scaling removes one ECS instance from the scaling group. However, the ECS instance enters the Pending Remove state because of the ESSHookForDeleteNicAndEip lifecycle hook that is in effect. During the timeout period of the lifecycle hook, Auto Scaling notifies OOS to execute the O&M tasks that are defined in the ACS-ESS-LifeCycleDetachNetworkInterfaceAndDeleteEip public template.

    7. Check whether the execution result meets your expectations.

      You can go to the Network Interfaces page to check whether the ENI exists and the Elastic IP Addresses page to check whether the EIP exists. If the ENI and the EIP do not exist, the release is successful.

      If the ECS instance is removed from the scaling group but the ENI or the EIP still exists, you can go to the OOS console to check the execution of the O&M tasks.

    Step 3: (Optional) View the OOS execution

    1. Log on to the OOS console.

    2. In the left-side navigation pane, choose Automated Tasks > Task Execution Management.

    3. Find the execution task by time and click Details in the Actions column.

    4. On the execution details page that appears, view the related information.

      For example, in the Basic Information section, you can view the execution ID and status. In the Execution Steps and Results section, you can click a task node to view the execution details. For more information, see View the details of an execution.

      Note

      If the execution fails, an error message is displayed on the execution details page.

    Common errors and troubleshooting

    If you fail to execute an O&M task, troubleshoot the issue based on the error message in the execution result. The following section describes the common error messages and solutions:

    • Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.

      Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the OOSServiceRole RAM role. Before OOS can manage the resources that are declared in the OOS template, you must grant the required permissions to the RAM role.

    • Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.

      Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the OOSServiceRole RAM role. Before OOS can manage the resources that are declared in the OOS template, you must grant the required permissions to the RAM role.

    • Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.

      Solution: Check whether the timeout period of the lifecycle hook is sufficient for the O&M task specified in the OOS template to complete.