Template name
ACS-ECS-UpdateAndCopyImage
Template description
Updates an Elastic Compute Service (ECS) image and clones the ECS image to other regions.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
sourceImageId | The ID of the source image. | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
zoneId | The ID of the zone in which the vSwitch is deployed. | String | No | "" | |
targetImageName | The name of the new ECS image. | String | No | UpdateImage_from_{{sourceImageId}}on{{ACS::ExecutionId}} | |
instanceType | The instance type of the ECS instance. | String | No | ecs.g5.large | Regular expression for string verification: ecs.[A-Za-z0-9.-]*. |
whetherCreateVpc | Specifies whether to create a virtual private cloud (VPC). | Boolean | No | False | |
vpcCidrBlock | The IPv4 CIDR block of the VPC. | String | No | 192.168.0.0/16 | |
vSwitchCidrBlock | The CIDR block of the vSwitch. | String | No | 192.168.1.0/24 | |
securityGroupId | The security group ID. | String | No | "" | |
vSwitchId | The vSwitch ID. | String | No | "" | |
internetMaxBandwidthOut | The public bandwidth. | Number | No | 0 | |
ramRoleName | The Resource Access Management (RAM) role attached to the ECS instance. | String | No | "" | |
systemDiskCategory | The category of the system disk. | String | No | cloud_essd | |
tags | The tags of the image. | Json | No | [] | |
commandType | The type of the Cloud Assistant command. | String | No | RunShellScript | |
commandContent | The Cloud Assistant command to be run on the ECS instance. | String | No | echo hello | |
timeout | The timeout period. | Number | No | 600 | |
targetRegionIds | The ID of the destination region. | List | No | [] | |
accountIds | The IDs of Alibaba Cloud accounts with which you want to share the image. | List | No | [] | |
scalingConfigurationIds | The ID of the scaling configuration to be modified. | List | No | [] | |
launchTemplateNames | The names of the instance launch templates to be updated. | List | No | [] | |
rateControl | The rate control settings. | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 5} | |
OOSAssumeRole | The RAM role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
Parameter | Description | Type |
updatedImageId | String | |
imageIdAndRegion | List |
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CopyImage",
"ecs:CreateImage",
"ecs:CreateLaunchTemplateVersion",
"ecs:DeleteInstance",
"ecs:DeleteLaunchTemplateVersion",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeImages",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeLaunchTemplateVersions",
"ecs:DescribeLaunchTemplates",
"ecs:DescribeRegions",
"ecs:InstallCloudAssistant",
"ecs:ModifyImageSharePermission",
"ecs:ModifyLaunchTemplateDefaultVersion",
"ecs:RebootInstance",
"ecs:RunCommand",
"ecs:RunInstances",
"ecs:StopInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ess:ModifyScalingConfiguration"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
For more information, see ACS-ECS-UpdateAndCopyImage.yml at GitHub.
Template content
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS-ECS-UpdateAndCopyImage
name-zh-cn: the description in Chinese
en: Updates an existing ECS image via ECS Cloud Assistant then creates an ECS image and copy new image
zh-cn: the description in Chinese
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: the description in Chinese
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: the description in Chinese
Default: ''
AssociationProperty: ALIYUN::ECS::Instance::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
targetImageName:
Label:
en: TargetImageName
zh-cn: the description in Chinese
Type: String
Description:
en: <p class="p">Note:</p> <ul class="ul"> <li class="li">Length is 2~128 English or Chinese characters</li> <li class="li"><font color='red'>must start with big or small letters or Chinese, not http:// and https://. </font></li> <li class="li">Can contain numbers, colons (:), underscores (_), or dashes (-). </li> </ul>
zh-cn: the description in Chinese </li> </ul>
Default: 'UpdateImage_from_{{sourceImageId}}_on_{{ACS::ExecutionId}}'
sourceImageId:
Label:
en: SourceImageId
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Image::ImageId'
AssociationPropertyMetadata:
RegionId: regionId
instanceType:
Label:
en: InstanceType
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
AllowedPattern: ecs\.[A-Za-z0-9\.\-]*
Default: 'ecs.g5.large'
whetherCreateVpc:
Type: Boolean
Label:
en: WhetherCreateVpc
zh-cn: the description in Chinese
Default: false
vpcCidrBlock:
Type: String
Label:
en: VPC CIDR IPv4 Block
zh-cn: the description in Chinese
Description:
zh-cn: the description in Chinese
en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
Default: 192.168.0.0/16
AssociationProperty: ALIYUN::VPC::VPC::CidrBlock
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- true
vSwitchCidrBlock:
Type: String
Label:
en: VSwitch CIDR Block
zh-cn: the description in Chinese
Description:
zh-cn: the description in Chinese
en: Must belong to the subnet segment of VPC
Default: 192.168.1.0/24
AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock
AssociationPropertyMetadata:
VpcCidrBlock: vpcCidrBlock
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- true
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: the description in Chinese
Type: String
Default: ''
AssociationProperty: 'ALIYUN::ECS::SecurityGroup::SecurityGroupId'
AssociationPropertyMetadata:
RegionId: regionId
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- false
vSwitchId:
Label:
en: VSwitchId
zh-cn: the description in Chinese
Type: String
Default: ''
AssociationProperty: 'ALIYUN::VPC::VSwitch::VSwitchId'
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- false
internetMaxBandwidthOut:
Type: Number
Label:
zh-cn: the description in Chinese
en: Internet Max Bandwidth Out
Description:
zh-cn: the description in Chinese
en: no public ip if zero
Default: 0
MinValue: 0
MaxValue: 100
ramRoleName:
Label:
en: RamRoleName
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::RAM::Role
Default: ''
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
tags:
Label:
en: Tags
zh-cn: the description in Chinese
Type: Json
AssociationProperty: Tags
AssociationPropertyMetadata:
ShowSystem: false
Default: []
commandType:
Label:
en: CommandType
zh-cn: the description in Chinese
Type: String
AllowedValues:
- RunBatScript
- RunPowerShellScript
- RunShellScript
Default: RunShellScript
commandContent:
Label:
en: CommandContent
zh-cn: the description in Chinese
Type: String
AssociationProperty: Code
Default: 'echo hello'
timeout:
Label:
en: Timeout
zh-cn: the description in Chinese
Type: Number
Default: 600
targetRegionIds:
Label:
en: TargetRegionIds
zh-cn: the description in Chinese
Type: List
AllowedValues:
- all-regions
- cn-beijing
- cn-qingdao
- cn-zhangjiakou
- cn-huhehaote
- cn-hangzhou
- cn-shanghai
- cn-shenzhen
- cn-chengdu
- cn-hongkong
- cn-heyuan
- cn-wulanchabu
- ap-northeast-1
- ap-southeast-1
- ap-southeast-2
- ap-southeast-3
- ap-southeast-5
- ap-south-1
- us-east-1
- us-west-1
- eu-west-1
- me-east-1
- eu-central-1
Default: []
accountIds:
Label:
en: AccountIds
zh-cn: the description in Chinese
Type: List
Default: []
scalingConfigurationIds:
Description:
en: <font color='red'><b>Must correspond to the selected region</b></font>
zh-cn: the description in Chinese
Label:
en: ScalingConfigurationIds
zh-cn: the description in Chinese
Type: List
Default: []
launchTemplateNames:
Description:
en: <font color='red'><b>Must correspond to the selected region</b></font>
zh-cn: the description in Chinese
Label:
en: LaunchTemplateNames
zh-cn: the description in Chinese
Type: List
Default: []
rateControl:
Label:
en: RateControl
zh-cn: the description in Chinese
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 5
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: the description in Chinese
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: createStack
Action: 'ACS::ExecuteAPI'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Create a resource stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: CreateStack
Parameters:
RegionId: '{{ regionId }}'
StackName: 'OOS-{{ACS::ExecutionId}}'
TimeoutInMinutes: 10
DisableRollback: false
Parameters:
- ParameterKey: ZoneId
ParameterValue: '{{ zoneId }}'
- ParameterKey: VpcCidrBlock
ParameterValue: '{{ vpcCidrBlock }}'
- ParameterKey: VSwitchCidrBlock
ParameterValue: '{{ vSwitchCidrBlock }}'
TemplateBody: |
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
VpcCidrBlock:
Type: String
VSwitchCidrBlock:
Type: String
Resources:
EcsVpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock:
Ref: VpcCidrBlock
VpcName:
Ref: ALIYUN::StackName
EcsVSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId
VpcId:
Ref: EcsVpc
CidrBlock:
Ref: VSwitchCidrBlock
EcsSecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: EcsVpc
Outputs:
SecurityGroupId:
Value:
Ref: EcsSecurityGroup
VSwitchId:
Value:
Ref: EcsVSwitch
Outputs:
StackId:
Type: String
ValueSelector: StackId
- Name: untilStackReady
Action: 'ACS::WaitFor'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Wait for the stack status CREATE_COMPLETE
zh-cn: the description in Chinese
OnError: deleteStack
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
DesiredValues:
- CREATE_COMPLETE
StopRetryValues:
- CREATE_FAILED
- CHECK_FAILED
- ROLLBACK_FAILED
- ROLLBACK_COMPLETE
- CREATE_ROLLBACK_COMPLETE
PropertySelector: Status
Outputs:
securityGroupId:
Type: String
ValueSelector: 'Outputs[0].OutputValue'
vSwitchId:
Type: String
ValueSelector: 'Outputs[1].OutputValue'
- Name: runInstances
Action: ACS::ECS::RunInstances
Description:
en: Create a ECS instance with source image
zh-cn: the description in Chinese
OnError: deleteStack
Properties:
regionId: '{{ regionId }}'
imageId: '{{ sourceImageId }}'
instanceType: '{{ instanceType }}'
securityGroupId:
Fn::If:
- Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
- '{{ untilStackReady.securityGroupId }}'
- '{{ securityGroupId }}'
vSwitchId:
Fn::If:
- Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
- '{{ untilStackReady.vSwitchId }}'
- '{{ vSwitchId }}'
internetMaxBandwidthOut: '{{ internetMaxBandwidthOut }}'
ramRoleName: '{{ ramRoleName }}'
systemDiskCategory: '{{ systemDiskCategory }}'
Outputs:
instanceId:
ValueSelector: instanceIds[0]
Type: String
- Name: installCloudAssistant
Action: ACS::ECS::InstallCloudAssistant
Description:
en: Install cloud assistant for ECS instance
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
commandContent: '{{ commandContent }}'
commandType: '{{ commandType }}'
instanceId: '{{ runInstances.instanceId }}'
timeout: '{{ timeout }}'
- Name: stopInstance
Action: ACS::ECS::StopInstance
Description:
en: Stops the ECS instance
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: createImage
Action: ACS::ECS::CreateImage
Description:
en: Create new image with the specified image name and instance ID
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
tags: '{{tags}}'
imageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
imageId:
ValueSelector: imageId
Type: String
- Name: deleteInstanceAfterUpdateImageSuccessfully
Action: ACS::ExecuteAPI
Description:
en: Release the instance after updating the image successfully
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DeleteInstance
Risk: Normal
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
- Name: deleteStack
Action: 'ACS::ExecuteApi'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Delete the stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: DeleteStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{ createStack.StackId }}'
- Name: queryAllAvailableRegions
Action: 'ACS::ExecuteAPI'
Description:
en: View all available regions
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DescribeRegions
Parameters:
RegionId: '{{ regionId }}'
Outputs:
regionIds:
Type: List
ValueSelector: >-
Regions.Region[]|.RegionId|select([scan("{{regionId}}|test")]|length<1)
allRegionsChosen:
Type: String
ValueSelector: '.|{{targetRegionIds}}|sort|.[0]'
- Name: whetherCloneToAllRegions
Action: 'ACS::Choice'
Description:
en: Choose next task by targetRegionIds Chosen
zh-cn: the description in Chinese
Properties:
DefaultTask: copyImage
Choices:
- When:
'Fn::Equals':
- all-regions
- '{{ queryAllAvailableRegions.allRegionsChosen }}'
NextTask: copyImageToAllRegions
- Name: copyImage
Action: 'ACS::ECS::CopyImage'
OnSuccess: whetherToShareImage
OnError: 'ACS::END'
Description:
en: Copy image to regions chosen
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
imageId: '{{ createImage.imageId }}'
targetRegionId: '{{ ACS::TaskLoopItem }}'
targetImageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
Loop:
Items: '{{ targetRegionIds }}'
RateControl: '{{ rateControl }}'
Outputs:
imageIdsWithRegion:
AggregateType: 'Fn::ListJoin'
AggregateField: imageIdWithRegion
Outputs:
imageIdWithRegion:
ValueSelector: '.|(.imageId),"{{ ACS::TaskLoopItem }}"'
Type: List
- Name: copyImageToAllRegions
Action: 'ACS::ECS::CopyImage'
Description:
en: Copy image to all available regions
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
imageId: '{{ createImage.imageId }}'
targetRegionId: '{{ ACS::TaskLoopItem }}'
targetImageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
Loop:
Items: '{{ queryAllAvailableRegions.regionIds }}'
RateControl: '{{ rateControl }}'
Outputs:
imageIdsWithRegion:
AggregateType: 'Fn::ListJoin'
AggregateField: imageIdWithRegion
Outputs:
imageIdWithRegion:
ValueSelector: '.|(.imageId),"{{ ACS::TaskLoopItem }}"'
Type: List
- Name: whetherToShareImage
Action: 'ACS::Choice'
Description:
en: Choose next task by accountIds
zh-cn: the description in Chinese
Properties:
DefaultTask: shareImage
Choices:
- When:
'Fn::Equals':
- []
- '{{ accountIds }}'
NextTask: modifyScalingConfiguration
- Name: shareImage
Action: 'ACS::ExecuteAPI'
Description:
en: Shares a custom image to other Alibaba Cloud accounts
zh-cn: the description in Chinese
Properties:
Service: ECS
API: ModifyImageSharePermission
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ createImage.imageId }}'
AddAccount: '{{ accountIds }}'
- Name: modifyScalingConfiguration
Action: 'ACS::ExecuteAPI'
OnError: ACS::NEXT
Description:
en: Modify scaling configuration
zh-cn: the description in Chinese
Properties:
Service: ESS
API: ModifyScalingConfiguration
Parameters:
RegionId: '{{ regionId }}'
ScalingConfigurationId: '{{ ACS::TaskLoopItem }}'
ImageId: '{{ createImage.imageId }}'
Loop:
Items: '{{ scalingConfigurationIds }}'
- Name: updateLaunchTemplate
Action: 'ACS::ECS::UpdateLaunchTemplate'
OnSuccess: ACS::END
Description:
en: Update instance launch template
zh-cn: the description in Chinese
Properties:
regionId: '{{ ACS::RegionId }}'
imageId: '{{ createImage.imageId }}'
launchTemplateName: '{{ ACS::TaskLoopItem }}'
Loop:
Items: '{{ launchTemplateNames }}'
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance after updating the image failure
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DeleteInstance
Risk: Normal
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
updatedImageId:
Type: String
Value: '{{ createImage.imageId }}'
imageIdAndRegion:
Type: List
Value:
'Fn::If':
- 'Fn::Equals':
- all-regions
- '{{ queryAllAvailableRegions.allRegionsChosen }}'
- '{{ copyImageToAllRegions.imageIdsWithRegion }}'
- '{{ copyImage.imageIdsWithRegion }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- zoneId
- sourceImageId
Label:
default:
zh-cn: the description in Chinese
en: Select Origin Image
- Parameters:
- targetImageName
- tags
Label:
default:
zh-cn: the description in Chinese
en: Image Configure
- Parameters:
- instanceType
- whetherCreateVpc
- vpcCidrBlock
- vSwitchCidrBlock
- securityGroupId
- vSwitchId
- internetMaxBandwidthOut
- systemDiskCategory
- ramRoleName
Label:
default:
zh-cn: the description in Chinese
en: ECS Instance Configure
- Parameters:
- commandType
- commandContent
- timeout
Label:
default:
zh-cn: the description in Chinese
en: Run Command
- Parameters:
- targetRegionIds
- accountIds
Label:
default:
zh-cn: the description in Chinese
en: Copy Image
- Parameters:
- scalingConfigurationIds
- launchTemplateNames
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: the description in Chinese
en: Control Options