ACS-ECS-BulkyApplyPatchBaseline - CloudOps Orchestration Service

模板名稱

ACS-ECS-BulkyApplyPatchBaseline 批量在ECS執行個體中配置補丁基準

立即執行

模板描述

批量在ECS執行個體中配置補丁基準

模板類型

自動化

所有者

Alibaba Cloud

輸入參數

參數名稱	描述	類型	是否必填	預設值	約束
targets	目標執行個體	Json	是
regionId	地區ID	String	否	{{ ACS::RegionId }}
resourceType	資源類型	String	否	ALIYUN::ECS::Instance
action	配置補丁基準的方式	String	否	install
whetherCreateSnapshot	是否為系統硬碟建立快照	Boolean	否	False
retentionDays	快照保留天數	Number	否	7
rebootIfNeed	是否重啟	Boolean	否	False
rateControl	任務執行的並發比率	Json	否	{‘Mode’: ‘Concurrency’, ‘MaxErrors’: 0, ‘Concurrency’: 10}
OOSAssumeRole	OOS扮演的RAM角色	String	否	“”
timeout	ECS執行個體中執行命令的逾時時間	Number	否	7200

輸出參數

參數名稱	描述	類型
commandOutput		String

執行此模板需要的權限原則

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CreateSnapshot",
                "ecs:DescribeCloudAssistantStatus",
                "ecs:DescribeDisks",
                "ecs:DescribeInstances",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:DescribeManagedInstances",
                "ecs:DescribeSnapshots",
                "ecs:RebootInstance",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ecd:CreateSnapshot",
                "ecd:DescribeCloudAssistantStatus",
                "ecd:DescribeDesktops",
                "ecd:DescribeInvocations",
                "ecd:DescribeSnapshots",
                "ecd:RebootDesktops",
                "ecd:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:ListInstancePatchStates"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

詳情

ACS-ECS-BulkyApplyPatchBaseline詳情

模板內容

FormatVersion: OOS-2019-06-01
Description:
  name-en: ACS-ECS-BulkyApplyPatchBaseline
  name-zh-cn: 批量在ECS執行個體中配置補丁基準
  en: Bulky apply patch baseline on ECS instance
  zh-cn: 批量在ECS執行個體中配置補丁基準
Parameters:
  regionId:
    Label:
      en: RegionId
      zh-cn: 地區ID
    AssociationProperty: RegionId
    Type: String
    Default: '{{ ACS::RegionId }}'
  resourceType:
    Type: String
    Label:
      en: ResourceType
      zh-cn: 資源類型
    AssociationPropertyMetadata:
      LocaleKey: TargetResourceType
    AllowedValues:
      - ALIYUN::ECS::Instance
      - ALIYUN::ECS::ManagedInstance
      - ALIYUN::ECD::Desktop
    Default: ALIYUN::ECS::Instance
  targets:
    Label:
      en: TargetInstance
      zh-cn: 目標執行個體
    Type: Json
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: resourceType
      RegionId: regionId
  action:
    Label:
      en: Action
      zh-cn: 配置補丁基準的方式
    Type: String
    AllowedValues:
      - install
      - scan
    Default: install
    AssociationPropertyMetadata:
      LocaleKey: OOSPatchExecuteType
  whetherCreateSnapshot:
    Label:
      en: WhetherCreateSnapshot
      zh-cn: 是否為系統硬碟建立快照
    Type: Boolean
    Default: false
    AssociationPropertyMetadata:
      Visible:
        Condition:
            Fn::Equals:
              - '${action}'
              - install
  retentionDays:
    Label:
      en: RetentionDays
      zh-cn: 快照保留天數
    Type: Number
    MinValue: 1
    MaxValue: 65536
    Default: 7
    AssociationPropertyMetadata:
      Visible:
        Condition:
            Fn::Equals:
              - '${whetherCreateSnapshot}'
              - true
  rebootIfNeed:
    Label:
      en: RebootIfNeed
      zh-cn: 是否重啟
    Type: Boolean
    Default: false
    AssociationPropertyMetadata:
      Visible:
        Condition:
            'Fn::Equals':
              - '${action}'
              - install
  rateControl:
    Label:
      en: RateControl
      zh-cn: 任務執行的並發比率
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
  timeout:
    Label:
      en: Timeout
      zh-cn: ECS執行個體中執行命令的逾時時間
    Type: Number
    Default: 7200
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: 擷取ECS執行個體
    Action: ACS::SelectTargets
    Properties:
      RegionId: '{{ regionId }}'
      ResourceType: '{{ resourceType }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: applyPatchBaseline
    Description:
      en: Apply patch baseline on ECS instance
      zh-cn: 在ECS執行個體中配置補丁基準
    Action: ACS::ECS::ApplyPatchBaseline
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECS::Instance
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
      retentionDays: '{{ retentionDays }}'
      rebootIfNeed: '{{ rebootIfNeed }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
  - Name: applyPatchBaselineOnManagedInstance
    Description:
      en: Apply patch baseline on ECS managed instance
      zh-cn: 在ECS受管理的執行個體中配置補丁基準
    Action: ACS::ECS::ApplyPatchBaselineOnMangedInstance
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECS::ManagedInstance
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
  - Name: applyPatchBaselineOnECDInstance
    Description:
      en: Apply patch baseline on ECD instance
      zh-cn: 在ECD執行個體中配置補丁基準
    Action: ACS::ECD::ApplyPatchBaseline
    When:
      Fn::Equals:
        - '{{ resourceType }}'
        - ALIYUN::ECD::Desktop
    Properties:
      regionId: '{{ regionId }}'
      desktopId: '{{ ACS::TaskLoopItem }}'
      action: '{{ action }}'
      rebootIfNeed: '{{ rebootIfNeed }}'
      whetherCreateSnapshot: '{{ whetherCreateSnapshot }}'
      timeout: '{{ timeout }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
      Outputs:
        commandOutputs:
          AggregateType: Fn::ListJoin
          AggregateField: commandOutput
    Outputs:
      commandOutput:
        Type: String
        ValueSelector: commandOutput
Outputs:
  commandOutput:
    Type: String
    Value:
      Fn::If:
        - Fn::Equals:
            - '{{ resourceType }}'
            - ALIYUN::ECS::Instance
        - '{{ applyPatchBaseline.commandOutputs }}'
        - Fn::If:
            - Fn::Equals:
                - '{{ resourceType }}'
                - ALIYUN::ECS::ManagedInstance
            - '{{ applyPatchBaselineOnManagedInstance.commandOutputs }}'
            - '{{ applyPatchBaselineOnECDInstance.commandOutputs }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - action
          - whetherCreateSnapshot
          - retentionDays
          - rebootIfNeed
          - timeout
        Label:
          default:
            zh-cn: 配置參數
            en: Configure Parameters
      - Parameters:
          - regionId
          - resourceType
          - targets
        Label:
          default:
            zh-cn: 選擇執行個體
            en: Select Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: 進階選項
            en: Control Options