If you want to complete system configurations or run specific business scripts when you create an Elastic Compute Service (ECS) instance, such as pre-installing NGINX and Docker or modifying the hostname, you can configure the User Data parameter.
Instance user data
Instance user data refers to data that is uploaded to an ECS instance, such as scripts, instructions, and configuration files. You can use instance user data to initialize or configure an ECS instance. For example, the first time an ECS instance is started, the instance automatically uses instance user data to run service startup scripts, install software, and print logs. Instance user data can be automatically run the first time an ECS instance is started. Instance user data in specific formats can also be run each time a Linux ECS instance is started. For more information, see the Formats and running frequencies of instance user data section of this topic.
Limits
The ECS instance for which you want to customize initialization configurations must be deployed in a virtual private cloud (VPC).
The ECS instance for which you want to customize initialization configurations must be created from a public image that runs one of the following operating systems or a custom image that is derived from the public image:
Alibaba Cloud Linux, CentOS, CentOS Stream, Ubuntu, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, openSUSE, Debian, AlmaLinux, Rocky Linux, or Fedora
Windows Server 2008 R2 or later
For retired instance types, I/O optimized instances support instance user data and non-I/O optimized instances do not support instance user data. For more information, see Retired instance families.
Use instance user data when you create an ECS instance
Step 1: Prepare instance user data
During instance initialization, the initialization tool reads instance user data to complete custom configurations. Linux and Windows ECS instances use different initialization tools. Each initialization tool supports multiple instance user data formats. The following section describes the instance user data formats supported by Linux and Windows ECS instances and the running frequencies of instance user data in different formats.
Formats and running frequencies of instance user data
Linux instance
A Linux instance uses the cloud-init component to complete initialization configurations. Different configurations are run based on whether the instance is started for the first time. Specific instances that use early versions of images can also use Upstart jobs to complete initialization configurations.
The instance user data formats supported by the cloud-init component include user-data scripts, cloud-config data, include files, and Gzip compressed content. User-data scripts and cloud-config data can be directly used to configure ECS instances. In addition to the cloud-init component, specific instances that use early versions of images can use Upstart jobs to complete initialization configurations.
For more information about the formats of instance user data, see User data formats of the cloud-init documentation.
If the size of a user-data script, cloud-config data, or include file exceeds 32 KB, we recommend that you select Gzip compressed content as the data format.
If you want to run a user-data script each time an instance is started, we recommend that you select cloud-config data or Upstart job as the data format.
User-data scripts
Overview
After a user-data script is passed to a Linux instance, the script is used as a shell script and is run only once the first time the instance is started.
Running frequency
Instance startup: A user-data script is run only once the first time an ECS instance is started. The script is not run on instance restart.
Operating system replacement: A user-data script is automatically run.
System disk re-initialization: A user-data script is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line starts with a number sign and an exclamation point (
#!).Sample user-data scripts
Run a custom user-data script
#!/bin/sh echo "Hello World. The time is now $(date -R)!" | tee /root/userdata_test.txtThe sample user-data script is run only once the first time an ECS instance is started, and writes the system time to the userdata_test.txt file.
Customize software repository, Domain Name System (DNS) resolution, and time synchronization service configurations for an ECS instance
When you create an ECS instance, you can use a user-data script to customize software repository, DNS resolution, and time synchronization service configurations for the instance. In the following sample code, CentOS Stream 9 is used. Replace the configurations based on your operating system.
ImportantWhen an ECS instance is started, the system configures the default Yellowdog Updater Modified (YUM) repository, Network Time Protocol (NTP) service, and DNS service. You can use instance user data on the instance to change the default YUM repository, NTP service, and DNS service that are configured. Take note of the following items:
If you use a custom YUM repository, Alibaba Cloud stops providing YUM repository support.
If you use a custom NTP service, Alibaba Cloud stops providing time synchronization services.
#!/bin/sh # Modify DNS echo "nameserve 114.114.114.114" | tee /etc/resolv.conf # Modify yum repo and update cp /etc/yum.repos.d/centos.repo /etc/yum.repos.d/centos.repo.bak cp /etc/yum.repos.d/centos-addons.repo /etc/yum.repos.d/centos-addons.repo.bak sed -i "s@http://mirrors.cloud.aliyuncs.com/centos-stream/@https://mirror.stream.centos.org/@g" /etc/yum.repos.d/centos.repo sed -i "s@http://mirrors.cloud.aliyuncs.com/centos-stream/@https://mirror.stream.centos.org/@g" /etc/yum.repos.d/centos-addons.repo yum update -y # Modify NTP Server echo "server ntp1.aliyun.com" | tee /etc/ntp.conf systemctl restart ntpd.serviceNoteReplace
114.114.114.114with the actual DNS server address,https://mirror.stream.centos.orgwith the actual YUM repository address of CentOS Stream, andserver ntp1.aliyun.comwith the actual NTP server address of Alibaba Cloud.You can also use cloud-config data to change the YUM repository. However, cloud-config data is less flexible than user-data scripts and is unsuitable for scenarios in which specific YUM repositories are preconfigured by Alibaba Cloud. We recommend that you use user-data scripts.
Specify an administrator account
By default, Linux instances use the root account as the administrator account. You can use instance user data on an instance to specify another account as the administrator account.
#!/bin/sh useradd test-user echo "test-user ALL=(ALL) NOPASSWD:ALL" | tee -a /etc/sudoers mkdir /home/test-user/.ssh touch /home/test-user/.ssh/authorized_keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRnnUveAis****" | tee -a /home/test-user/.ssh/authorized_keysNoteReplace ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRnnUveAis**** in the preceding code with your actual public key.
If an issue occurs when a user-data script is run, you can run the following common Cloud Assistant command to obtain the error logs: ACS-ECS-UserData-Check-for-linux.sh. If an error message appears in the logs, an error occurred when the script was run. If no error message appears in the logs, no error occurred when the script was run. In this case, check the script from other aspects to identify the cause of the issue. For information about common Cloud Assistant commands, see View and run common commands.
Cloud-config data
Overview
Cloud-init defines a series of functional modules to execute specific tasks and configurations, such as installing software packages and configuring network settings. Cloud-init obtains cloud-config data from vendor data, custom data, and kernel parameters. The cloud-config data determines which modules are involved in tasks and what actions to take. Before you create an ECS instance, you can configure custom cloud-config data by specifying the modules and tasks, and pass the cloud-config data to the instance as instance user data. When the instance is started, cloud-init reads and parses cloud-config data to run the modules as instructed in the configuration file and execute tasks to configure and deploy the instance.
Running frequency
Instance startup: Whether to execute the tasks in the cloud-config data is determined by the running frequency of the modules corresponding to the tasks. For information about the modules, see Modules.
Once-per-instance: A module is run only once the first time an ECS instance is started. For example, modules such as Apt and Set Passwords are configured and run at a frequency of Once-per-instance. The modules are not run on instance restart.
Always: A module is run each time an ECS instance is started. For example, when modules such as Bootcmd and Update Etc Hosts are run at a frequency of Always, the modules are run each time an ECS instance is started.
Operating system replacement: A module is automatically run.
System disk re-initialization: A module is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line starts with
#cloud-config, and the header does not contain spaces.Cloud-config data must follow the Yet Another Markup Language (YAML) syntax.
Sample cloud-config data
Specify a software repository for an ECS instance
In the User Data field for an ECS instance, enter the following content to specify a software repository for the instance. In this example, an Ubuntu image is used to create the ECS instance. If you use another image, replace the configurations in the sample code with the actual configurations for the image.
#cloud-config apt: preserve_sources_list: false disable_suites: - $RELEASE-updates - backports - $RELEASE - mysuite primary: - arches: - amd64 - i386 - default uri: http://us.archive.ubuntu.com/ubuntuConfigure automatic installation for the NGINX service
In the User Data field for an ECS instance, enter the following content to allow the instance to automatically install the NGINX service:
#cloud-config packages: - nginx runcmd: - systemctl start nginx.serviceSpecify a hostname
In the User Data field for an ECS instance, enter the following content to specify a hostname for the instance:
#cloud-config hostname: my-instance fqdn: my-instance.localdomainAllow a custom script to automatically run
In the User Data field for an ECS instance, enter the following content to allow a shell script to automatically run each time the instance is started:
#cloud-config bootcmd: - echo "Hello World. The time is now $(date -R)!" | tee /root/userdata_test.txt
Include files
Overview
An include file contains one or more links to user-data scripts or cloud-config data. Each link occupies a separate line. When an ECS instance is started, cloud-init reads and parses the links one by one. If an error occurs when cloud-init reads a link, cloud-init stops reading the remaining links.
NoteYou can use Alibaba Cloud Object Storage Service (OSS) to upload user-data scripts or cloud-config data to an ECS instance, obtain links, and specify the validity period of links. For more information, see Get started by using the OSS console.
Running frequency
Instance startup: The running frequency varies based on the content to which a link is directed. For example, if a link is directed to a user-data script, the script is run only once the first time an ECS instance is started. If the link is directed to cloud-config data, the running frequency of cloud-config data prevails.
Operating system replacement: An include file is automatically run.
System disk re-initialization: An include file is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line starts with
#include, and the header does not contain spaces.Sample include file
#include https://ecs-image-test.oss-cn-hangzhou.aliyuncs.com/userdata/myscript.shIn this example, the include file contains a link to a user-data script, and the script is run only once the first time an ECS instance is started.
NoteIf you use an include file or Gzip compressed content, use a storage service to upload the script, obtain the script link, and specify the validity period of the link. We recommend that you use Alibaba Cloud OSS. For more information, see Get started by using the OSS console.
Gzip compressed content
Overview
If the size of a user-data script, cloud-config data, or an include file exceeds 32 KB, you can use Gzip to compress the content in an include file in the
.gzformat, generate a corresponding link, and then pass the include file to an ECS instance. Cloud-init automatically decompresses the Gzip compressed content. The result of running the decompressed content is the same as the result of running uncompressed content that is directly passed to an ECS instance.NoteYou can also use Alibaba Cloud OSS to upload user-data scripts or cloud-config data to an ECS instance, obtain links, and specify the validity period of links. For more information, see Get started by using the OSS console.
Running frequency
Instance startup: The running frequency varies based on the script type and module type. For example, if a link is directed to Gzip compressed content that is a user-data script, the Gzip compressed content is run only once the first time an ECS instance is started.
Operating system replacement: Gzip compressed content is automatically run.
System disk re-initialization: Gzip compressed content is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line starts with
#include, and the header does not contain spaces.Sample code for Gzip compressed content
#include https://ecs-image-test.oss-cn-hangzhou.aliyuncs.com/userdata/myscript.gzIn this example, an include file contains a link to Gzip compressed content that is a user-data script. After cloud-init reads the user-data script that is Gzip compressed, the script is automatically decompressed and run only once the first time an ECS instance is started.
Upstart jobs
To use an Upstart job on an ECS instance, install the Upstart service on the instance. The instance must run one of the following operating systems: CentOS 6, Ubuntu 10, Ubuntu 12, Ubuntu 14, Debian 6, and Debian 7.
Overview
Upstart is an event-driven initialization system. An Upstart job is a configuration file that defines when to start or stop and how to run a service or task. An Upstart job file has a file extension of .conf and is located in the /etc/init/ directory.
Running frequency
Instance startup: An Upstart job is automatically run each time an ECS instance is started.
Operating system replacement: An Upstart job is automatically run.
System disk re-initialization: An Upstart job is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line starts with
#upstart-job, and the header does not contain spaces.Sample Upstart job
#upstart-job description "upstart test" start on runlevel [2345] #Starts at run levels 2, 3, 4, and 5. stop on runlevel [!2345] #Stops at run levels other than 2, 3, 4, and 5. exec echo "Hello World. The time is now $(date -R)!" | tee /root/output.txtThe sample Upstart job returns a message that contains a timestamp when the system runs at the specified run level and adds the message to the
/root/output.txtfile. The Upstart job stops when the system runs at a run level that is different from the preceding specified run levels.
Windows instance
A Windows instance uses the Plugin_Main_CloudinitUserData plug-in of the Vminit component to run instance user data scripts. The plug-in is run only once the first time the instance is started. The plug-in supports batch and PowerShell scripts.
Batch scripts
Running frequency
Instance startup: A batch script is run only once the first time an ECS instance is started. The script is not run on instance restart.
Operating system replacement: A batch script is automatically run.
System disk re-initialization: A batch script is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line is
[bat], and the header does not contain spaces.Only half-width characters can be entered.
The path to which the instance user data is written cannot be
C:\Users. Otherwise, the instance user data fails to be run.NoteIn the Windows operating system, the user configuration files and data are stored in the
C:\Usersdirectory and its subdirectories by default. You can access the directory and its subdirectories only after you log on to the operating system. You have not logged on to the operating system when the operating system runs the user data in the initialization stage. Data cannot be written to theC:\Usersdirectory or its subdirectories in the stage.
Sample batch script
Run a custom script
[bat] echo "bat test" > C:\userdata_test.txtIn this example, the batch script is run only once the first time an ECS instance is started and writes
"bat test"to the userdata_test.txt file.
PowerShell scripts
Running frequency
Instance startup: A PowerShell script is run only once the first time an ECS instance is started. The script is not run on instance restart.
Operating system replacement: A PowerShell script is automatically run.
System disk re-initialization: A PowerShell script is automatically run.
ImportantA script is not automatically run in the following scenarios:
If you use a custom image to replace the operating system of the source ECS instance from which the custom image was created, the system determines that the instance is not started for the first time and does not run the script.
If you use a custom image to create an ECS instance, the system disk of the instance stores data. When you initialize the system disk, the system determines that the instance is not started for the first time and does not run the script.
Format
The first line is
[powershell], and the header does not contain spaces.Only half-width characters can be entered.
The path to which the instance user data is written cannot be
C:\Users. Otherwise, the instance user data fails to be run.NoteIn the Windows operating system, the user configuration files and data are stored in the
C:\Usersdirectory and its subdirectories by default. You can access the directory and its subdirectories only after you log on to the operating system. You have not logged on to the operating system when the operating system runs the user data in the initialization stage. Data cannot be written to theC:\Usersdirectory or its subdirectories in the stage.
Sample PowerShell script
Run a custom script
[powershell] write-output "powershell test" | Out-File C:\userdata_test.txtIn this example, the PowerShell script is run only once the first time an ECS instance is started and writes
powershell testto the userdata_test.txt file.
Step 2: Use the prepared instance user data when you create an ECS instance
Create an ECS instance in the ECS console
On the Custom Launch tab of the ECS instance buy page, expand the Advanced Settings(Optional) section. In the User Data field, enter the instance user data.
ImportantIf you select Enter Base64 Encoded Information, make sure that the instance user data is encoded in Base64 and does not exceed 32 KB in size before Base64 encoding. If you clear Enter Base64 Encoded Information, the system automatically encodes the instance user data in Base64.
Create an ECS instance by calling an API operation
If you create an ECS instance by calling the RunInstances or CreateInstance operation, specify the
UserDataparameter.
Step 3: Check whether the instance user data can be run as expected
Check whether a custom script can be run as expected based on the content of the script. In this example, the following user-data script is passed to a Linux instance:
#!/bin/sh
echo "Hello World. The time is now $(date -R)!" | tee /root/userdata_test.txtThe sample user-data script is run only once the first time the ECS instance is started, and writes the system time to the userdata_test.txt file. To check whether the script can be run as expected, run the cat userdata_test.txt command. The following command output indicates that the system time is written to the userdata_test.txt file.
If an issue occurs when a user-data script is run, you can run the following common Cloud Assistant command to obtain the error logs: ACS-ECS-UserData-Check-for-linux.sh. If an error message appears in the logs, an error occurred when the script was run. If no error message appears in the logs, no error occurred when the script was run. In this case, check the script from other aspects to identify the cause of the issue. For information about common Cloud Assistant commands, see View and run common commands.
Other operations
View the instance user data of an existing ECS instance
After instance user data is passed to an ECS instance, you can view the instance user data by using the metadata service, in the ECS console, or by calling an API operation.
View instance user data by using the metadata service (security hardening mode)
Linux instance
TOKEN=`curl -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds:180"` curl -H "X-aliyun-ecs-metadata-token: $TOKEN" http://100.100.100.200/latest/user-dataWindows instance
$token = Invoke-RestMethod -Headers @{"X-aliyun-ecs-metadata-token-ttl-seconds" = "180"} -Method PUT -Uri http://100.100.100.200/latest/api/token Invoke-RestMethod -Headers @{"X-aliyun-ecs-metadata-token" = $token} -Method GET -Uri http://100.100.100.200/latest/user-data
In the preceding example, the validity period of the token is 180 seconds. You can change the validity period based on your business scenario.
In this example, the security hardening mode of the metadata service is used to obtain metadata. For more information about how to obtain metadata by using the metadata service, see Obtain information about an ECS instance, such as instance attributes, by using instance metadata.
For more information about metadata, see Obtain instance metadata.
View instance user data in the ECS console
Make sure that the ECS instance is in the Stopped state.
ImportantIf the ECS instance is billed by using the pay-as-you-go billing method and resides in a VPC, we recommend that you select Standard Mode in the Stop Mode section when you stop the instance. If you select Economical Mode, the computing resources (vCPUs and memory) of the instance are recycled. As a result, the instance may fail to be restarted due to insufficient resources. For more information, see Economical mode.
On the Instance page, choose
> Instance Settings > Set User Data. In the User Data field of the dialog box that appears, view the instance user data that you configured.
Query instance user data by calling an API operation
To query the instance user data of an ECS instance, you can call the DescribeUserData operation. For more information, see DescribeUserData.
Modify the instance user data of an existing ECS instance
To modify the instance user data of an existing ECS instance, perform the following steps in the ECS console:
Make sure that the ECS instance is in the Stopped state.
ImportantIf the ECS instance is billed by using the pay-as-you-go billing method and resides in a VPC, we recommend that you select Standard Mode in the Stop Mode section when you stop the instance. If you select Economical Mode, the computing resources (vCPUs and memory) of the instance are recycled. As a result, the instance may fail to be restarted due to insufficient resources. For more information, see Economical mode.
On the Instance page, choose
> Instance Settings > Set User Data. In the Set User Data dialog box, enter instance user data in the User Data field. Then, click Confirm.
After you modify the instance user data of an existing ECS instance, whether the instance user data is run after the instance is started is determined by the format and running frequency of the instance user data. You must identify your requirements before you modify the instance user data. For more information, see the Formats and running frequencies of instance user data section of this topic.
References
You can use the Instance User Data feature of Auto Scaling to automatically run configured scripts or commands on multiple ECS instances on instance startup. This ensures consistent ECS instance configurations and simplifies O&M. For more information, see Use the Instance User Data feature to automatically configure ECS instances.
If you want a service or a script to rapidly recover when the service or script is interrupted due to an issue such as a program exception, instance restart, or power failure, use the Cloud Assistant plug-in named
ecs-tool-servicekeepalive. For more information, see Automatic service restoration.For information about how to manage instance initialization configurations, see Manage instance initialization configurations.