Use OOS to create and update a custom image - CloudOps Orchestration Service

To ensure the security of your custom images, it is crucial to update them at the earliest opportunity. This includes installing the latest operating system patches, upgrading middleware, and installing the most recent versions of third-party software in images. You can use the public template provided by CloudOps Orchestration Service (OOS) for automatic image updates. This helps reduce O&M costs.

Solution

OOS provides a public template for you to update custom images. After you create executions based on the template, OOS automatically updates your images. To use OOS to update a custom image, you need to only select a source image to be updated, specify the required parameters such as the shell command for updating a Linux instance image, and then click Create Execution. No extra tools are required for image updates by using OOS. In addition, you do not need to manually create, log on to, edit, or release Elastic Compute Service (ECS) instances, or configure environment variables or AccessKey pairs. OOS also allows you to create custom templates to schedule automatic image updates or update multiple images in batches.

Comparison of different methods for creating and updating a custom image

Method	Requirement	Advantage	Disadvantage
Create and update a custom image by using OOS	You need to only activate OOS. No other tool is required.	This method is secure, reliable, and officially recommended. The operations are performed online. No installation is required. OOS provides a public template with built-in code. No AccessKey pair is required. OOS allows you to create and use custom templates. OOS provides a visualized execution process. OOS supports batch and scheduled operations.	None.
Create a custom image by using a snapshot Create a custom image by using an ECS instance	No other tool is required.	This method provides easy and convenient operations in the ECS console.	You need to manually create instances and snapshots. The procedure is complicated, error-prone, and inefficient.
Create a custom image by using Packer	Packer must be installed.	Packer is an open source tool that is supported by various cloud service providers.	You need to install and maintain Packer. You need to write code.

Procedure

Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, choose Automated Task > Public Template.
In the Update Image section, click Create Execution.
On the Create Task page, configure the parameters in the Basic Information step. Then, click Next Step: Parameter Settings.
In the Parameter Settings step, configure the parameters.
- In the Select Origin Image section, specify the source image to be updated.
- In the Image Configure section, specify the name and tags of the new image after the update.
- In the ECS Instance Configure section, specify the type and specifications of the temporary ECS instance to be used for the image update.
- In the Update Image Configuration section, specify the update method, command type, and command script.
- In the Control Options section, Use Existing Permissions of Current Account is selected by default, which indicates that OOS uses the permissions granted to the current account. If a RAM role is specified, OOS assumes this role to perform O&M tasks.

Click Next Step: OK. In the OK step, check the high-risk operations and click Create.
In the left-side navigation pane, choose Automated Task > Task Execution Management. On the Task Execution Management page, find the execution that you created. If the execution is in the Running state, the image update is in progress.
Wait until the execution is in the Success state. This indicates that the image is updated. You can view the ID of the new image on the execution details page.
To view the image update process, click Details in the Actions column of the created execution. On the Execution Logs tab, you can view the progress and status of the execution.

Appendix 1: Public template and logic

The public template ACS-ECS-UpdateImage contains the following code:

FormatVersion: OOS-2019-06-01
Description: Updates an existing ECS image via ECS Cloud Assistant then creates a
  ECS image.
Parameters:
  sourceImageId:
    Description: The image ID for the ECS instances, centos_6_10_64_20G_alibase_20190326.vhd,
      for example.
    Type: String
    AllowedPattern: '[A-Za-z0-9_\-\.]*'
    MinLength: 1
    MaxLength: 40
  instanceType:
    Description: The instance type for the ECS instances, ecs.g5.large, for example.
    Type: String
    AllowedPattern: ecs\.[A-Za-z0-9\.\-]*
    MinLength: 1
    MaxLength: 30
  securityGroupId:
    Description: The security group ID for the ECS instances, sg-xxxxxxxxxxxxxxxxxxxx,
      for example.
    Type: String
    AllowedPattern: sg-[A-Za-z0-9]*
    MinLength: 1
    MaxLength: 30
  vSwitchId:
    Description: The virtual switch ID for the ECS instances, vsw-xxxxxxxxxxxxxxxxxxxx,
      for example.
    Type: String
    AllowedPattern: vsw-[A-Za-z0-9]*
    MinLength: 1
    MaxLength: 30
  commandContent:
    Description: The content of command.
    Type: String
  commandType:
    Description: The type of command to run in ECS instance.
    Type: String
    AllowedValues:
    - RunBatScript
    - RunPowerShellScript
    - RunShellScript
    MinLength: 1
    MaxLength: 30
  targetImageName:
    Description: The name of image.
    Type: String
    AllowedPattern: '[A-Za-z0-9\-_]*'
    MinLength: 1
    MaxLength: 30
  OOSAssumeRole:
    Description: The RAM role to be assumed by OOS.
    Type: String
    Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: checkNewImageName
  Action: ACS::CheckFor
  Description: Check image name is available.
  Properties:
    Service: ECS
    API: DescribeImages
    Parameters:
      ImageName: '{{ targetImageName }}'
    DesiredValues:
    - 0
    PropertySelector: TotalCount
- Name: runInstances
  Action: ACS::ECS::RunInstances
  Description: Create a ECS instance for the cloud assistant.
  Properties:
    imageId: '{{ sourceImageId }}'
    instanceType: '{{ instanceType }}'
    securityGroupId: '{{ securityGroupId }}'
    vSwitchId: '{{ vSwitchId }}'
  Outputs:
    instanceId:
      ValueSelector: instanceIds[0]
      Type: String
- Name: installCloudAssistant
  Action: ACS::ECS::InstallCloudAssistant
  Description: Install cloud assostant for ECS instance.
  OnError: deleteInstance
  Properties:
    instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
  Action: ACS::ECS::RunCommand
  Description: Run command on ECS instance.
  OnError: deleteInstance
  Properties:
    commandContent: '{{ commandContent }}'
    commandType: '{{ commandType }}'
    instanceId: '{{ runInstances.instanceId }}'
- Name: stopInstance
  Action: ACS::ECS::StopInstance
  Description: Stops the ECS instance by the instance ID.
  Properties:
    instanceId: '{{ runInstances.instanceId }}'
- Name: createImage
  Action: ACS::ECS::CreateImage
  Description: Create image with the specified image name and instance ID.
  OnError: deleteInstance
  Properties:
    imageName: '{{ targetImageName }}'
    instanceId: '{{ runInstances.instanceId }}'
  Outputs:
    imageId:
      ValueSelector: imageId
      Type: String
- Name: deleteInstance
  Action: ACS::ExecuteAPI
  Description: Deletes the ECS instance by the instance ID.
  Properties:
    Service: ECS
    API: DeleteInstance
    Risk: Normal
    Parameters:
      InstanceId: '{{ runInstances.instanceId }}'
      Force: true
Outputs:
  imageId:
    Type: String
    Value: '{{ createImage.imageId }}'

The template executes the following tasks in sequence:

Check whether the name of the new image is valid.
Create and run a temporary ECS instance. The instance is created based on the parameters that you specify. This indicates that the image used by the instance is the source image to be updated and the attributes of the instance are defined based on the specified parameters.
Install the Cloud Assistant client on the temporary ECS instance if the client is not installed.
Run the Cloud Assistant commands for the image update on the temporary ECS instance, and wait until the commands are run.
Disable the temporary ECS instance.
Create an image for the temporary ECS instance and wait until the creation is complete.
Release the temporary ECS instance.