This topic describes how to use CloudOps Orchestration Service (OOS) to create or update an image for an Elastic Compute Service (ECS) instance.
Background information
You may often need to update the software of your ECS instances, such as updating the backend service version or installing security patches. You can use the Create or Update Images feature of OOS to facilitate software updates. OOS allows you to create an image from an existing ECS instance or update an image.
Procedure
Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, choose Automated Task > Common O&M Tasks. On the Common O&M Tasks page, click Create or Update Images.
Click Create.
On the Create Task Create or Update Images page, select Create Image from Existing Instance or Update Image. In this example, Create Image from Existing Instance is selected.
In the General Settings section, enter a name in the New Image Name field.
Set the Permissions parameter to Use Existing Permissions of Current Account or Specify RAM Role and Use Permissions Granted to This Role.
In this example, Specify RAM Role and Use Permissions Granted to This Role is specified and OOSServiceRole is selected as the RAM role. If no RAM roles are available, create a RAM role for OOS. For more information, see the "Use RAM to grant permissions to OOS" topic. You can directly click View Authorization Policies and Manual Authorization to configure permissions by using RAM. For more information about the required policy, see the following JSON scripts.
Policy for permissions required to create an image from an existing instance:
{ "Version": "1", "Statement": [ { "Action": [ "ecs:CreateImage", "ecs:DescribeImages", "ecs:ModifyImageSharePermission", "ecs:CopyImage", "ecs:RunCommand", "ecs:DescribeInvocationResults", "ecs:DescribeRegions", "ecs:DescribeInstances", "ecs:DescribeInvocations" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "ess:ModifyScalingConfiguration" ], "Resource": "*", "Effect": "Allow" }, { "Action": "oos:*", "Resource": "*", "Effect": "Allow" }, { "Action": "ram:PassRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "acs:Service": "oos.aliyuncs.com" } } } ] }
Policy for permissions required to update an image:
{ "Version": "1", "Statement": [ { "Action": "oos:*", "Resource": "*", "Effect": "Allow" }, { "Action": "ram:PassRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "acs:Service": "oos.aliyuncs.com" } } }, { "Action": [ "ecs:RunCommand", "ecs:RunInstances", "ecs:StopInstance", "ecs:DescribeRegions", "ecs:DeleteInstance", "ecs:CreateImage", "ecs:DescribeImages", "ecs:ModifyImageSharePermission", "ecs:CopyImage", "ecs:RebootInstance", "ecs:DescribeInvocationResults", "ecs:InstallCloudAssistant", "ecs:DescribeCloudAssistantStatus", "ecs:DescribeInstances", "ecs:DescribeInvocations" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "ess:ModifyScalingConfiguration" ], "Resource": "*", "Effect": "Allow" } ] }
In the Select Instances section, select the ECS instance.
In the Send Remote Commands section, configure the Command Type parameter.
In this example, the Command Type parameter is set to Linux Shell.
Click Create.
On the Task Execution Management page, you can view the created execution. If the execution is created and in the Running state, the image is being created or updated.
To view more information about the execution, click Details in the Actions column. On the page that appears, click the Log tab in the output section to view the logs of the execution.