Template name
ACS-ECS-RepairImage
Template description
Repairs an image offline based on the image check results. For more information about image check, visit https://www.alibabacloud.com/help/en/ecs/user-guide/overview-18. During the repair process, an Elastic Compute Service (ECS) instance is created based on an Alibaba Cloud Linux image. A snapshot is created for the image to be repaired. A disk is created from the snapshot and attached to the ECS instance. The data disk is repaired offline, and then a new image is created by using the repaired data disk. If the image to be repaired is a public image such as Ubuntu 22.04 64-bit, the image generated by using the repaired data disk is a custom image such as ubuntu_64-bit.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
zoneId | The ID of the zone in which the vSwitch is deployed. | String | Yes | ||
repairImageId | The ID of the image to be repaired. | String | Yes | ||
baseImageId | The ID of the base image. | String | Yes | ||
instanceType | The instance type of the ECS instance. | String | Yes | ||
securityGroupId | The security group ID. | String | Yes | ||
vSwitchId | The vSwitch ID. | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
systemDiskCategory | The category of the system disk. | String | No | cloud_essd | |
repairItems | The items to be repaired. | List | No | assist |
Output parameters
Parameter | Description | Type |
imageId | String |
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateImage",
"ecs:CreateSnapshot",
"ecs:DeleteInstance",
"ecs:DeleteSnapshot",
"ecs:DescribeDisks",
"ecs:DescribeImages",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeSnapshots",
"ecs:InvokeCommand",
"ecs:RebootInstance",
"ecs:RunCommand",
"ecs:RunInstances"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
For more information, see ACS-ECS-RepairImage.yml at GitHub.
Template content
FormatVersion: OOS-2019-06-01
Description:
zh-cn: the description in Chinese
en: Image repair, which is an offline repair of an image based on the results of image check, Please refer to this document for image check https://www.alibabacloud.com/help/en/ecs/user-guide/overview-18
The repair process will first create a repair instance based on the Alibaba cloud Linux image, create a cloud disk snapshot of your image, mount it to the repair instance, repair the data disk offline, and then create a new image of the repaired data disk.
name-en: ACS-ECS-RepairImage
name-zh-cn: the description in Chinese
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: the description in Chinese
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: the description in Chinese
AssociationProperty: ALIYUN::ECS::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
repairImageId:
Type: String
Label:
en: ImageId that needs to be repaired
zh-cn: the description in Chinese
AssociationProperty: ALIYUN::ECS::Image::ImageId
AssociationPropertyMetadata:
RegionId: regionId
SupportedImageOwnerAlias:
- self
OSType: linux
baseImageId:
Type: String
Label:
en: BaseImage
zh-cn: the description in Chinese
Description:
en: (The basic image is used to create a repair instance. You need to select a basic image with the same architecture as the repair target image. For example, the custom image you want to repair is x86_64, please select aliyun_3_X64 image)
zh-cn: the description in Chinese
AllowedValues:
- aliyun_3_x64_20G_alibase_20230727.vhd
- aliyun_3_arm64_20G_alibase_20230731.vhd
instanceType:
Label:
en: InstanceType
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
RegionId: regionId
vSwitchId:
Label:
en: VSwitchId
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
repairItems:
Label:
en: RepairItems
zh-cn: the description in Chinese
Type: List
AllowedValues:
- all
- assist
- aegis
- growpart
- virtio
- selinux
- dhcp
- grub
- fstab
- nvme
- cloudinit
Default: assist
Tasks:
- Name: checkImage
Action: ACS::CheckFor
Description:
en: Check if the image is x86_ 64 or arm64
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DescribeImages
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ repairImageId }}'
DesiredValues:
- x86_64
- arm64
PropertySelector: Images.Image[0].Architecture
Outputs:
architecture:
Type: String
ValueSelector: Images.Image[0].Architecture
snapshotId:
Type: String
ValueSelector: Images.Image[0].DiskDeviceMappings.DiskDeviceMapping[0].SnapshotId
imageName:
Type: String
ValueSelector: Images.Image[0].ImageName
osType:
Type: String
ValueSelector: Images.Image[0].OSType
platform:
Type: String
ValueSelector: Images.Image[0].Platform
bootMode:
Type: String
ValueSelector: Images.Image[0].BootMode
- Name: runInstances
Action: ACS::ExecuteAPI
Description:
en: Creates one ECS instances
zh-cn: the description in Chinese
Properties:
Service: ECS
API: RunInstances
Parameters:
RegionId: '{{ regionId }}'
Amount: 1
ImageId: '{{ baseImageId }}'
InstanceType: '{{ instanceType }}'
InstanceName: 'image_repair_please_no_delete'
SecurityGroupId: '{{ securityGroupId }}'
VSwitchId: '{{ vSwitchId }}'
InternetMaxBandwidthIn: 200
InternetMaxBandwidthOut: 0
SystemDiskCategory: '{{ systemDiskCategory }}'
DataDisk:
- SnapshotId: '{{ checkImage.snapshotId }}'
DiskName: 'image_repair_{{ checkImage.snapshotId }}'
Category: '{{ systemDiskCategory }}'
InstanceChargeType: PostPaid
Outputs:
instanceId:
Type: String
ValueSelector: InstanceIdSets.InstanceIdSet[0]
- Name: untilInstanceReady
Action: ACS::WaitFor
Description:
en: Waits for the created instances to be Running status
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DescribeInstances
Parameters:
RegionId: '{{ regionId }}'
InstanceIds:
- '{{ runInstances.instanceId }}'
DesiredValues:
- Running
PropertySelector: Instances.Instance[0].Status
- Name: checkForCreatedDiskReady
Action: ACS::CheckFor
Description:
en: Checks the disk status Available
zh-cn: the description in Chinese
OnError: stopInstances
Properties:
Service: ECS
API: DescribeDisks
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
DesiredValues:
- In_use
PropertySelector: Disks.Disk[0].Status
Outputs:
diskSN:
Type: String
ValueSelector: Disks.Disk[0].SerialNumber
diskId:
Type: String
ValueSelector: Disks.Disk[0].DiskId
- Name: runCommandOpenselinux
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: the description in Chinese
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandContent: sed -i s/^SELINUX=.*/SELINUX=permissive/g /etc/selinux/config
commandType: RunShellScript
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: rebootInstance
Action: ACS::ECS::RebootInstance
Description:
en: Reboot Instance
zh-cn: the description in Chinese
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::InvokeCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: the description in Chinese
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandId: 'ACS-ECS-ImageRepair-for-linux.sh'
parameters:
Fn::Join:
- ''
- - '{"repairitems":'
- '"'
- Fn::Join:
- ' '
- '{{repairItems}}'
- '"'
- ',"disk_serial":"'
- '{{checkForCreatedDiskReady.diskSN}}'
- '"}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: waitDiskFlush
Action: ACS::Sleep
Description:
en: Waiting for IO flash disk
zh-cn: the description in Chinese
Properties:
Duration: 1M
- Name: createSnapshot
Action: ACS::ECS::CreateSnapshot
Description:
en: Mount a data disk for the created ECS instance
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
snapshotName: 'image_repair_{{ checkForCreatedDiskReady.diskId }}'
diskId: '{{ checkForCreatedDiskReady.diskId }}'
retentionDays: 1
Outputs:
snapshotId:
Type: String
ValueSelector: snapshotId
- Name: createImage
Action: ACS::ExecuteAPI
Description:
en: Creates image
zh-cn: the description in Chinese
OnError: deleteSnapshot
OnSuccess: deleteInstance
Properties:
Service: ECS
API: CreateImage
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
ImageName:
Fn::Join:
- '_'
- - 'repaired'
- '{{ checkImage.imageName }}'
- Fn::FormatUTCTime:
- '{{ACS::CurrentUTCTime}}'
- '%Y%m%d%H%M%S'
DetectionStrategy: Standard
Platform:
Fn::Select:
- '{{ checkImage.platform }}'
- Aliyun: Aliyun
Anolis: Anolis
CentOS: CentOS
Ubuntu: Ubuntu
SUSE: SUSE
Debian: Debian
OpenSUSE: OpenSUSE
Red Hat: RedHat
Kylin: Kylin
UOS: UOS
Fedora: Fedora
CentOS Stream: CentOS Stream
AlmaLinux: AlmaLinux
Rocky Linux: Rocky Linux
Customized Linux: Customized Linux
Others Linux: Others Linux
BootMode: '{{ checkImage.bootMode }}'
Architecture: '{{ checkImage.architecture }}'
Outputs:
imageId:
Type: String
ValueSelector: ImageId
- Name: deleteSnapshot
Action: ACS::ExecuteAPI
Description:
en: Deletes the Snapshot
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
Service: ECS
API: DeleteSnapshot
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
Force: true
- Name: stopInstances # After the remote command fails to be run, wait for one minute before you release the created snapshot. Otherwise, the error "IncorrectInstanceStatus.Initializing" is reported. The one-minute protection feature is enabled for Alibaba Cloud instances. To delete a new instance, you must wait 60 seconds after the instance is created.
Action: ACS::Sleep
Description:
en: Waiting for instance initialization to complete
zh-cn: the description in Chinese
Properties:
Duration: 1M
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DeleteInstance
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
imageId:
Type: String
Value: '{{ createImage.imageId }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- repairImageId
- baseImageId
Label:
default:
zh-cn: the description in Chinese
en: Select Image
- Parameters:
- zoneId
- instanceType
- securityGroupId
- vSwitchId
- systemDiskCategory
Label:
default:
zh-cn: the description in Chinese
en: ECS Instance Configure
- Parameters:
- repairItems
Label:
default:
zh-cn: the description in Chinese
en: Run Command