模板名稱
ACS-ECS-RepairImage 修複鏡像
模板描述
鏡像修複, 鏡像修複是基於鏡像檢測的結果對鏡像進行離線修複, 關於鏡像檢測 https://help.aliyun.com/zh/ecs/user-guide/overview-18, 修複流程會首先基於Alibaba cloud linux鏡像建立一台修複執行個體,將您的鏡像的快照建立雲端硬碟掛載到修複執行個體上,離線修複資料盤,然後將修複後的資料盤建立新的鏡像。 一些限制 1)當您的鏡像的系統類別型是如ubuntu 22.04 64位等公用鏡像系統類別型時,修複後產生的鏡像類型會是如ubuntu_64位自訂鏡像系統類別型。
模板類型
自動化
所有者
Alibaba Cloud
輸入參數
參數名稱 | 描述 | 類型 | 是否必填 | 預設值 | 約束 |
zoneId | 交換器可用性區域 | String | 是 | ||
repairImageId | 修複鏡像ID | String | 是 | ||
baseImageId | 基礎鏡像 | String | 是 | ||
instanceType | 執行個體類型 | String | 是 | ||
securityGroupId | 安全性群組 | String | 是 | ||
vSwitchId | 交換器 | String | 是 | ||
regionId | 地區ID | String | 否 | {{ ACS::RegionId }} | |
systemDiskCategory | 系統硬碟的雲端硬碟種類 | String | 否 | cloud_essd | |
repairItems | 修複專案 | List | 否 | assist |
輸出參數
參數名稱 | 描述 | 類型 |
imageId | String |
執行此模板需要的權限原則
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateImage",
"ecs:CreateSnapshot",
"ecs:DeleteInstance",
"ecs:DeleteSnapshot",
"ecs:DescribeDisks",
"ecs:DescribeImages",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeSnapshots",
"ecs:InvokeCommand",
"ecs:RebootInstance",
"ecs:RunCommand",
"ecs:RunInstances"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
詳情
模板內容
FormatVersion: OOS-2019-06-01
Description:
zh-cn: 鏡像修複, 鏡像修複是基於鏡像檢測的結果對鏡像進行離線修複, 關於鏡像檢測 https://help.aliyun.com/zh/ecs/user-guide/overview-18,
修複流程會首先基於Alibaba cloud linux鏡像建立一台修複執行個體,將您的鏡像的快照建立雲端硬碟掛載到修複執行個體上,離線修複資料盤,然後將修複後的資料盤建立新的鏡像。
一些限制 1)當您的鏡像的系統類別型是如ubuntu 22.04 64位等公用鏡像系統類別型時,修複後產生的鏡像類型會是如ubuntu_64位自訂鏡像系統類別型。
en: Image repair, which is an offline repair of an image based on the results of image check, Please refer to this document for image check https://www.alibabacloud.com/help/en/ecs/user-guide/overview-18
The repair process will first create a repair instance based on the Alibaba cloud Linux image, create a cloud disk snapshot of your image, mount it to the repair instance, repair the data disk offline, and then create a new image of the repaired data disk.
name-en: ACS-ECS-RepairImage
name-zh-cn: 修複鏡像
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地區ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: 交換器可用性區域
AssociationProperty: ALIYUN::ECS::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
repairImageId:
Type: String
Label:
en: ImageId that needs to be repaired
zh-cn: 修複鏡像ID
AssociationProperty: ALIYUN::ECS::Image::ImageId
AssociationPropertyMetadata:
RegionId: regionId
SupportedImageOwnerAlias:
- self
OSType: linux
baseImageId:
Type: String
Label:
en: BaseImage
zh-cn: 基礎鏡像
Description:
en: (The basic image is used to create a repair instance. You need to select a basic image with the same architecture as the repair target image. For example, the custom image you want to repair is x86_64, please select aliyun_3_X64 image)
zh-cn: <font color='red'>基礎鏡像用來建立修複執行個體, 您需要選擇和修複目標鏡像同架構的基礎鏡像, 如您要修複的自訂鏡像是x86_64鏡像,請選擇 aliyun_3_x64 鏡像</font>
AllowedValues:
- aliyun_3_x64_20G_alibase_20230727.vhd
- aliyun_3_arm64_20G_alibase_20230731.vhd
instanceType:
Label:
en: InstanceType
zh-cn: 執行個體類型
Type: String
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: 安全性群組
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
RegionId: regionId
vSwitchId:
Label:
en: VSwitchId
zh-cn: 交換器
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: 系統硬碟的雲端硬碟種類
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
repairItems:
Label:
en: RepairItems
zh-cn: 修複專案
Type: List
AllowedValues:
- all
- assist
- aegis
- growpart
- virtio
- selinux
- dhcp
- grub
- fstab
- nvme
- cloudinit
Default: assist
Tasks:
- Name: checkImage
Action: ACS::CheckFor
Description:
en: Check if the image is x86_ 64 or arm64
zh-cn: 檢查鏡像是否為x86_64或arm64
Properties:
Service: ECS
API: DescribeImages
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ repairImageId }}'
DesiredValues:
- x86_64
- arm64
PropertySelector: Images.Image[0].Architecture
Outputs:
architecture:
Type: String
ValueSelector: Images.Image[0].Architecture
snapshotId:
Type: String
ValueSelector: Images.Image[0].DiskDeviceMappings.DiskDeviceMapping[0].SnapshotId
imageName:
Type: String
ValueSelector: Images.Image[0].ImageName
osType:
Type: String
ValueSelector: Images.Image[0].OSType
platform:
Type: String
ValueSelector: Images.Image[0].Platform
bootMode:
Type: String
ValueSelector: Images.Image[0].BootMode
- Name: runInstances
Action: ACS::ExecuteAPI
Description:
en: Creates one ECS instances
zh-cn: 建立一個ECS執行個體
Properties:
Service: ECS
API: RunInstances
Parameters:
RegionId: '{{ regionId }}'
Amount: 1
ImageId: '{{ baseImageId }}'
InstanceType: '{{ instanceType }}'
InstanceName: 'image_repair_please_no_delete'
SecurityGroupId: '{{ securityGroupId }}'
VSwitchId: '{{ vSwitchId }}'
InternetMaxBandwidthIn: 200
InternetMaxBandwidthOut: 0
SystemDiskCategory: '{{ systemDiskCategory }}'
DataDisk:
- SnapshotId: '{{ checkImage.snapshotId }}'
DiskName: 'image_repair_{{ checkImage.snapshotId }}'
Category: '{{ systemDiskCategory }}'
InstanceChargeType: PostPaid
Outputs:
instanceId:
Type: String
ValueSelector: InstanceIdSets.InstanceIdSet[0]
- Name: untilInstanceReady
Action: ACS::WaitFor
Description:
en: Waits for the created instances to be Running status
zh-cn: 等待建立的執行個體進入運行中狀態
Properties:
Service: ECS
API: DescribeInstances
Parameters:
RegionId: '{{ regionId }}'
InstanceIds:
- '{{ runInstances.instanceId }}'
DesiredValues:
- Running
PropertySelector: Instances.Instance[0].Status
- Name: checkForCreatedDiskReady
Action: ACS::CheckFor
Description:
en: Checks the disk status Available
zh-cn: 檢測雲端硬碟的狀態是否為可用的
OnError: stopInstances
Properties:
Service: ECS
API: DescribeDisks
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
DesiredValues:
- In_use
PropertySelector: Disks.Disk[0].Status
Outputs:
diskSN:
Type: String
ValueSelector: Disks.Disk[0].SerialNumber
diskId:
Type: String
ValueSelector: Disks.Disk[0].DiskId
- Name: runCommandOpenselinux
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在執行個體中運行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandContent: sed -i s/^SELINUX=.*/SELINUX=permissive/g /etc/selinux/config
commandType: RunShellScript
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: rebootInstance
Action: ACS::ECS::RebootInstance
Description:
en: Reboot Instance
zh-cn: 重啟執行個體
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::InvokeCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: 在執行個體中運行命令
OnError: stopInstances
Properties:
regionId: '{{ regionId }}'
commandId: 'ACS-ECS-ImageRepair-for-linux.sh'
parameters:
Fn::Join:
- ''
- - '{"repairitems":'
- '"'
- Fn::Join:
- ' '
- '{{repairItems}}'
- '"'
- ',"disk_serial":"'
- '{{checkForCreatedDiskReady.diskSN}}'
- '"}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
invocationOutput:
Type: String
ValueSelector: invocationOutput
- Name: waitDiskFlush
Action: ACS::Sleep
Description:
en: Waiting for IO flash disk
zh-cn: 等待IO落盤
Properties:
Duration: 1M
- Name: createSnapshot
Action: ACS::ECS::CreateSnapshot
Description:
en: Mount a data disk for the created ECS instance
zh-cn: 為雲端硬碟建立一個快照
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
snapshotName: 'image_repair_{{ checkForCreatedDiskReady.diskId }}'
diskId: '{{ checkForCreatedDiskReady.diskId }}'
retentionDays: 1
Outputs:
snapshotId:
Type: String
ValueSelector: snapshotId
- Name: createImage
Action: ACS::ExecuteAPI
Description:
en: Creates image
zh-cn: 用快照建立鏡像
OnError: deleteSnapshot
OnSuccess: deleteInstance
Properties:
Service: ECS
API: CreateImage
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
ImageName:
Fn::Join:
- '_'
- - 'repaired'
- '{{ checkImage.imageName }}'
- Fn::FormatUTCTime:
- '{{ACS::CurrentUTCTime}}'
- '%Y%m%d%H%M%S'
DetectionStrategy: Standard
Platform:
Fn::Select:
- '{{ checkImage.platform }}'
- Aliyun: Aliyun
Anolis: Anolis
CentOS: CentOS
Ubuntu: Ubuntu
SUSE: SUSE
Debian: Debian
OpenSUSE: OpenSUSE
Red Hat: RedHat
Kylin: Kylin
UOS: UOS
Fedora: Fedora
CentOS Stream: CentOS Stream
AlmaLinux: AlmaLinux
Rocky Linux: Rocky Linux
Customized Linux: Customized Linux
Others Linux: Others Linux
BootMode: '{{ checkImage.bootMode }}'
Architecture: '{{ checkImage.architecture }}'
Outputs:
imageId:
Type: String
ValueSelector: ImageId
- Name: deleteSnapshot
Action: ACS::ExecuteAPI
Description:
en: Deletes the Snapshot
zh-cn: 釋放建立的快照
OnError: deleteInstance
Properties:
Service: ECS
API: DeleteSnapshot
Parameters:
RegionId: '{{ regionId }}'
SnapshotId: '{{ createSnapshot.snapshotId }}'
Force: true
- Name: stopInstances #遠程命令執行失敗後等待1分鐘再釋放,否則報錯“IncorrectInstanceStatus.Initializing”(ECS工程師:阿里雲的執行個體有一分鐘保護機制,剛建立的執行個體需要在60s之後才能刪除。)
Action: ACS::Sleep
Description:
en: Waiting for instance initialization to complete
zh-cn: 等待保護機制失效
Properties:
Duration: 1M
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance
zh-cn: 釋放建立的ECS執行個體
Properties:
Service: ECS
API: DeleteInstance
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
imageId:
Type: String
Value: '{{ createImage.imageId }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- repairImageId
- baseImageId
Label:
default:
zh-cn: 選擇鏡像
en: Select Image
- Parameters:
- zoneId
- instanceType
- securityGroupId
- vSwitchId
- systemDiskCategory
Label:
default:
zh-cn: 執行個體規格
en: ECS Instance Configure
- Parameters:
- repairItems
Label:
default:
zh-cn: 發送遠程命令
en: Run Command